[GTER] Socorro! 3.1Mpps UDP len 34-46 matando Juniper/MX5-T-DC
Diogo Montagner
diogo.montagner at gmail.com
Sat Nov 22 22:38:59 -02 2014
Outro commando que mostra as filas em direção à RE:
show system queues
{master}
admin at BNG-960-F> show system queues | match int
output interface bytes max packets max drops
arpintrq 0 0 3000 0 0
spppintrq 0 0 25000 0 0
tnpintrq 0 0 1250000 0 0
tagintrq 0 0 200000 0 0
{master}
admin at BNG-960-F>
./diogo -montagner
JNCIE-SP 0x41A
2014-11-23 8:35 GMT+08:00 Diogo Montagner <diogo.montagner at gmail.com>:
> Outro processo para monitor é:
>
> 12 root 1 -20 -139 0K 16K WAIT 20:30 0.00% swi7: clock
> sio
>
> ./diogo -montagner
> JNCIE-SP 0x41A
>
> 2014-11-23 8:35 GMT+08:00 Diogo Montagner <diogo.montagner at gmail.com>:
>
>> show system processes
>>
>> procure por algo semelhante a isto:
>>
>> 19 root 1 -68 -187 0K 16K WAIT 188:41 0.15% irq11:
>> em0 em1 em2* <<< irá mostar alta utilizacao
>>
>> verifique se a arp storm não está vindo pela interface fxp.
>>
>>
>>
>> ./diogo -montagner
>> JNCIE-SP 0x41A
>>
>> 2014-11-23 8:10 GMT+08:00 Rubens Kuhl <rubensk at gmail.com>:
>>
>>> 2014-11-22 21:57 GMT-02:00 Diogo Montagner <diogo.montagner at gmail.com>:
>>>
>>> > Se o problema é CPU e o interrupt está alto, você pode estar sofrendo
>>> de um
>>> > ataque de arp em alguma interface.
>>> >
>>> > Procure por arp storm.
>>> >
>>> > Talvez show ddos-protection protocols violations irá mostrar algo.
>>> >
>>>
>>> E de comandos de PFE, quais dariam uma luz nisto ?
>>>
>>> show pfe statistics traffic
>>>
>>> Ou algo como
>>> show interfaces ge-5/0 |match index:
>>> (ver o index)
>>>
>>> request pfe execute target tfeb0 command "show jnh ifd xxx stream" ?
>>>
>>>
>>>
>>> Rubens
>>> --
>>> gter list https://eng.registro.br/mailman/listinfo/gter
>>>
>>
>>
>
More information about the gter
mailing list