[GTER] IX-SP - OSPF (89)

Douglas Fischer fischerdouglas at gmail.com
Mon Dec 12 11:11:32 -02 2016 

Mais que isso!
Isso deveria estar sendo filtrado na entrada da interface dele...

Mesmo que ele tivesse anunciando RIP ou IPX.
Esses pacotes não deveriam estar vazando para o resto do  ATM.

2016-12-12 10:20 GMT-02:00 André Carlim <andre at stubnet.info>:

> Eu também estou recebendo pacotinhos OSPFv2 desse cidadão, ele não poderia
> ter OSPF ativado na interface dele.
>
> ---
>
> Atenciosamente,
> André Carlim
> StubNetwork
>
>
> Em 2016-12-12 01:49, Kivio Braga escreveu:
>
>> ​Srs,
>>
>>
>>             Seria normal tipo de protocolo (89) OSPFv2 ficar vagando na
>> vlan do ATM IPv4 do IX-SP ?
>>
>> kivio at XXXX-MX80-IXSP# run monitor traffic interface ae1.XXXX size 1500
>> no-resolve detail matching "ip proto 89"
>>
>> Address resolution is OFF.
>> Listening on ae1.XXXX, capture size 1500 bytes
>>
>> 01:22:56.642733  In IP (tos 0xc0, ttl   1, id 12322, offset 0, flags
>> [none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: OSPFv2,
>> Hello, length 44
>>     Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
>>     Options [External]
>>       Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
>>       Designated Router 187.16.223.84
>>
>> 01:23:06.667047  In IP (tos 0xc0, ttl   1, id 12755, offset 0, flags
>> [none], proto: OSPF (89), length: 64) 187.16.223.84 > 224.0.0.5: OSPFv2,
>> Hello, length 44
>>     Router-ID 172.24.0.1, Backbone Area, Authentication Type: none (0)
>>     Options [External]
>>       Hello Timer 10s, Dead Timer 40s, Mask 255.255.248.0, Priority 1
>>       Designated Router 187.16.223.84
>>
>>
>> Estou questionando... por que além de capturar este tipo de pacote dentro
>> IX-SP.. estou sofrendo com proteção de uma caixa da Juniper, aparentemente
>> ela esta recebendo umas pancadas... Estou procurando um norte a seguir, e
>> acabei batendo nesta situação:
>>
>> run show ddos-protection protocols ospf
>> statistics
>> Packet types: 1, Received traffic: 1, Currently violated: 1
>>
>> Protocol Group: OSPF
>>
>>   Packet type: aggregate
>>     System-wide information:
>>       Aggregate bandwidth is being violated!
>>     No. of FPCs currently receiving excess traffic: 1
>>     No. of FPCs that have received excess traffic:  1
>>     Violation first detected at: 2016-12-12 01:29:22 BRST
>>     Violation last seen at:      2016-12-12 01:34:28 BRST
>>     Duration of violation: 00:05:06 Number of violations: 1725
>>       Received:  1575865             Arrival rate:     0 pps
>>       Dropped:   1222164             Max arrival rate: 57387 pps
>>
>>
>> jddosd[1725]: DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for
>> protocol/exception OSPF:aggregate has returned to normal. Its allowed
>> bandwith was exceeded at fpc 0 for 409 times, from 2016-12-12 01:41:03
>> BRST
>> to 2016-12-12 01:41:12 BRST
>>
>>
>>
>> --
>> Kívio Fernandes Braga
>> --
>> gter list    https://eng.registro.br/mailman/listinfo/gter
>>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>



-- 
Douglas Fernando Fischer
Engº de Controle e Automação

More information about the gter mailing list