[GTER] IX-SP - OSPF (89)

Kivio Braga kiviobraga at gmail.com
Mon Dec 12 01:49:49 -02 2016 

​Srs,


            Seria normal tipo de protocolo (89) OSPFv2 ficar vagando na
vlan do ATM IPv4 do IX-SP ?

kivio at XXXX-MX80-IXSP# run monitor traffic interface ae1.XXXX size 1500
no-resolve detail matching "ip proto 89"

Address resolution is OFF.
Listening on ae1.XXXX, capture size 1500 bytes

01:22:56.642733  In IP (tos 0xc0, ttl   1, id 12322, offset 0, flags
[none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: OSPFv2,
Hello, length 44
    Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
    Options [External]
      Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
      Designated Router 187.16.223.84

01:23:06.667047  In IP (tos 0xc0, ttl   1, id 12755, offset 0, flags
[none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: OSPFv2,
Hello, length 44
    Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
    Options [External]
      Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
      Designated Router 187.16.223.84


Estou questionando... por que além de capturar este tipo de pacote dentro
IX-SP.. estou sofrendo com proteção de uma caixa da Juniper, aparentemente
ela esta recebendo umas pancadas... Estou procurando um norte a seguir, e
acabei batendo nesta situação:

run show ddos-protection protocols ospf
statistics
Packet types: 1, Received traffic: 1, Currently violated: 1

Protocol Group: OSPF

  Packet type: aggregate
    System-wide information:
      Aggregate bandwidth is being violated!
    No. of FPCs currently receiving excess traffic: 1
    No. of FPCs that have received excess traffic:  1
    Violation first detected at: 2016-12-12 01:29:22 BRST
    Violation last seen at:      2016-12-12 01:34:28 BRST
    Duration of violation: 00:05:06 Number of violations: 1725
      Received:  1575865             Arrival rate:     0 pps
      Dropped:   1222164             Max arrival rate: 57387 pps


jddosd[1725]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for
protocol/exception OSPF:aggregate has returned to normal. Its allowed
bandwith was exceeded at fpc 0 for 409 times, from 2016-12-12 01:41:03 BRST
to 2016-12-12 01:41:12 BRST



--
Kívio Fernandes Braga

More information about the gter mailing list