we recently got the Problem that one Link between one of our 6509 with SUP720 and one 7606 with RSP720 got fully utilized because of an DDoS attack.
The attack was very short und not that heavy, but big enough to fill the 1G Connection between the two devices.
The big problem here was that we lost routing between the two devices.
The 7606 is one of our corerouter running BGP and OSPF. It have one 10G transitlink to an uplink provider and two 10G Interface to adjacent core-router.
We use OSPF as routing protocol between these two devices.
At the moment of the attack/ fully utilization we noticed that the devices lost its OSPF neighbors associated to that link, I assume that the Hello Packets did not get through the link...
The 6509 of course have an second uplink to another corerouter (1G/OSPF) so the following happened:
The first link got full and after some time the OSPF neighbor was lost. The traffic went to the second link (not really surprising) so the first link got its OSPF neighbor back to lost it afterwards because of the full link.
That was some nice flapping.
So my questions:
Maybe i´m completly wrong and there is some "built in priorization"?
(Routed interfaces with /30 transfernetworks, so nothing special)
Is there an (easy) way to protect the links in the core/distribution area against this Problem?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.