[GTER] IX-SP - OSPF (89)

André Carlim andre at stubnet.info
Mon Dec 12 10:20:08 -02 2016 

Eu também estou recebendo pacotinhos OSPFv2 desse cidadão, ele não 
poderia ter OSPF ativado na interface dele.

---

Atenciosamente,
André Carlim
StubNetwork

Em 2016-12-12 01:49, Kivio Braga escreveu:
> ​Srs,
> 
> 
>             Seria normal tipo de protocolo (89) OSPFv2 ficar vagando na
> vlan do ATM IPv4 do IX-SP ?
> 
> kivio at XXXX-MX80-IXSP# run monitor traffic interface ae1.XXXX size 1500
> no-resolve detail matching "ip proto 89"
> 
> Address resolution is OFF.
> Listening on ae1.XXXX, capture size 1500 bytes
> 
> 01:22:56.642733  In IP (tos 0xc0, ttl   1, id 12322, offset 0, flags
> [none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: 
> OSPFv2,
> Hello, length 44
>     Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
>     Options [External]
>       Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
>       Designated Router 187.16.223.84
> 
> 01:23:06.667047  In IP (tos 0xc0, ttl   1, id 12755, offset 0, flags
> [none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: 
> OSPFv2,
> Hello, length 44
>     Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
>     Options [External]
>       Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
>       Designated Router 187.16.223.84
> 
> 
> Estou questionando... por que além de capturar este tipo de pacote 
> dentro
> IX-SP.. estou sofrendo com proteção de uma caixa da Juniper, 
> aparentemente
> ela esta recebendo umas pancadas... Estou procurando um norte a seguir, 
> e
> acabei batendo nesta situação:
> 
> run show ddos-protection protocols ospf
> statistics
> Packet types: 1, Received traffic: 1, Currently violated: 1
> 
> Protocol Group: OSPF
> 
>   Packet type: aggregate
>     System-wide information:
>       Aggregate bandwidth is being violated!
>     No. of FPCs currently receiving excess traffic: 1
>     No. of FPCs that have received excess traffic:  1
>     Violation first detected at: 2016-12-12 01:29:22 BRST
>     Violation last seen at:      2016-12-12 01:34:28 BRST
>     Duration of violation: 00:05:06 Number of violations: 1725
>       Received:  1575865             Arrival rate:     0 pps
>       Dropped:   1222164             Max arrival rate: 57387 pps
> 
> 
> jddosd[1725]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic 
> for
> protocol/exception OSPF:aggregate has returned to normal. Its allowed
> bandwith was exceeded at fpc 0 for 409 times, from 2016-12-12 01:41:03 
> BRST
> to 2016-12-12 01:41:12 BRST
> 
> 
> 
> --
> Kívio Fernandes Braga
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter

More information about the gter mailing list