[GTER] IX-SP - OSPF (89)
Douglas Fischer
fischerdouglas at gmail.com
Mon Dec 12 11:11:32 -02 2016
Mais que isso!
Isso deveria estar sendo filtrado na entrada da interface dele...
Mesmo que ele tivesse anunciando RIP ou IPX.
Esses pacotes não deveriam estar vazando para o resto do ATM.
2016-12-12 10:20 GMT-02:00 André Carlim <andre at stubnet.info>:
> Eu também estou recebendo pacotinhos OSPFv2 desse cidadão, ele não poderia
> ter OSPF ativado na interface dele.
>
> ---
>
> Atenciosamente,
> André Carlim
> StubNetwork
>
>
> Em 2016-12-12 01:49, Kivio Braga escreveu:
>
>> Srs,
>>
>>
>> Seria normal tipo de protocolo (89) OSPFv2 ficar vagando na
>> vlan do ATM IPv4 do IX-SP ?
>>
>> kivio at XXXX-MX80-IXSP# run monitor traffic interface ae1.XXXX size 1500
>> no-resolve detail matching "ip proto 89"
>>
>> Address resolution is OFF.
>> Listening on ae1.XXXX, capture size 1500 bytes
>>
>> 01:22:56.642733 In IP (tos 0xc0, ttl 1, id 12322, offset 0, flags
>> [none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: OSPFv2,
>> Hello, length 44
>> Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
>> Options [External]
>> Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
>> Designated Router 187.16.223.84
>>
>> 01:23:06.667047 In IP (tos 0xc0, ttl 1, id 12755, offset 0, flags
>> [none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: OSPFv2,
>> Hello, length 44
>> Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
>> Options [External]
>> Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
>> Designated Router 187.16.223.84
>>
>>
>> Estou questionando... por que além de capturar este tipo de pacote dentro
>> IX-SP.. estou sofrendo com proteção de uma caixa da Juniper, aparentemente
>> ela esta recebendo umas pancadas... Estou procurando um norte a seguir, e
>> acabei batendo nesta situação:
>>
>> run show ddos-protection protocols ospf
>> statistics
>> Packet types: 1, Received traffic: 1, Currently violated: 1
>>
>> Protocol Group: OSPF
>>
>> Packet type: aggregate
>> System-wide information:
>> Aggregate bandwidth is being violated!
>> No. of FPCs currently receiving excess traffic: 1
>> No. of FPCs that have received excess traffic: 1
>> Violation first detected at: 2016-12-12 01:29:22 BRST
>> Violation last seen at: 2016-12-12 01:34:28 BRST
>> Duration of violation: 00:05:06 Number of violations: 1725
>> Received: 1575865 Arrival rate: 0 pps
>> Dropped: 1222164 Max arrival rate: 57387 pps
>>
>>
>> jddosd[1725]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for
>> protocol/exception OSPF:aggregate has returned to normal. Its allowed
>> bandwith was exceeded at fpc 0 for 409 times, from 2016-12-12 01:41:03
>> BRST
>> to 2016-12-12 01:41:12 BRST
>>
>>
>>
>> --
>> Kívio Fernandes Braga
>> --
>> gter list https://eng.registro.br/mailman/listinfo/gter
>>
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
--
Douglas Fernando Fischer
Engº de Controle e Automação
More information about the gter
mailing list