nanog mailing list archives

Re: 92 Byte ICMP Blocking Problem

From: Richard J.Sears <rsears () adnc com>
Date: Fri, 12 Sep 2003 11:49:08 -0700


So, the choice is to go from dCEF to CEF or to not block the 92 byte
packets at all....anyone have an idea as to which is the better route to
take..?

 - Richard

On Fri, 12 Sep 2003 10:59:54 -0700
"Matt Ploessel" <matt.ploessel () foundstone com> wrote:

See http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml


The policy-routing solutions works great in small routers (26xx, 17xx)

and in 7200s. In 7500s it seems OK *UNLESS* dCEF is enabled, then it 
does what you saw. I'm assuming it's dropping 92-byte TCP packets as 
well as the ICMP echoes. You can see 1-packet flows of mail getting 
dropped.

Notice that the workaround cannot be used on GSRs because it causes 
packets to be punted to the CPU... this is as bad a news as that it 
doesn't work right on dCEF because we use GSRs or 7500s with dCEF 
where the network is really busy.


- Matt Ploessel

-----Original Message-----
From: Richard J.Sears [mailto:rsears () adnc com] 
Sent: Friday, September 12, 2003 10:43 AM
To: Nanog
Subject: 92 Byte ICMP Blocking Problem

We started blocking 92 Byte ICMP packets on our ingress points on our
core backbone routers.

This was a recommendation from Cisco to help mitigate the 
effects of the
Nachi worm.

Since then, we have been hammered with customer complaints concerning
the inability to talk to mail servers and ssh to their 
servers, as well
as other weird network issues, all centering around the time 
we started
blocking 92 Byte ICMP packets.

Has anyone else seen this, and if so, is the only resolution 
to stop the
blockage of 92 Byte ICMP Packets..?

Thanks

Richard



******************************************
Richard J. Sears
Vice President         
American Digital Network                          
----------------------------------------------------
rsears () adnc com
http://www.adnc.com
----------------------------------------------------
858.576.4272 - Phone
858.427.2401 - Fax
----------------------------------------------------

I fly because it releases my mind 
from the tyranny of petty things . . 


"Work like you don't need the money, love like you've
never been hurt and dance like you do when nobody's
watching."

Current thread:

Re: 92 Byte ICMP Blocking Problem, (continued)
- Re: 92 Byte ICMP Blocking Problem Chris Adams (Sep 12)
  - Re: 92 Byte ICMP Blocking Problem Steven M. Bellovin (Sep 12)
    - Re: 92 Byte ICMP Blocking Problem Chris Adams (Sep 12)
    - Re: 92 Byte ICMP Blocking Problem William Devine, II (Sep 12)
    - Re: 92 Byte ICMP Blocking Problem james (Sep 12)
    - Re: 92 Byte ICMP Blocking Problem Steve Carter (Sep 12)
    - Re: 92 Byte ICMP Blocking Problem jlewis (Sep 13)
    - RE: 92 Byte ICMP Blocking Problem John Souvestre (Sep 13)
  - Re: 92 Byte ICMP Blocking Problem Richard J . Sears (Sep 12)
    - Re: 92 Byte ICMP Blocking Problem Chris Adams (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Richard J . Sears (Sep 12)
- Re: 92 Byte ICMP Blocking Problem Mark Vevers (Sep 13)
- RE: 92 Byte ICMP Blocking Problem Mark Segal (Sep 15)