TCP session disconnection caused by Code Red?
Blaz Zupan
blaz at amis.net
Tue Aug 7 04:40:02 UTC 2001
> > It's not the packets per second that seems to kill them, its
> > the amount of arp cache and sessions (figure 600 packets per second,
> > each packet to a different host...Thats a lot of sessions in 5 minutes)
>
> Curious, in that case consider null routing unused blocks, perhaps take
> the opportunity to improve on subnet and vlan distribution to help the
> null routing.
That's exactly the case. All the unused IP addresses are nullrouted and most
of the traffic was destined for the nullrouted addresses. I don't think a lot
of arp activity was going on.
Blaz Zupan, Medinet d.o.o, Trzaska 85, SI-2000 Maribor, Slovenia
E-mail: blaz at amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325
More information about the NANOG
mailing list