North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: TCP session disconnection caused by Code Red?

  • From: Blaz Zupan
  • Date: Tue Aug 07 00:42:19 2001

> > It's not the packets per second that seems to kill them, its
> > the amount of arp cache and sessions (figure 600 packets per second,
> > each packet to a different host...Thats a lot of sessions in 5 minutes)
> Curious, in that case consider null routing unused blocks, perhaps take
> the opportunity to improve on subnet and vlan distribution to help the
> null routing.

That's exactly the case. All the unused IP addresses are nullrouted and most
of the traffic was destined for the nullrouted addresses. I don't think a lot
of arp activity was going on.

Blaz Zupan,  Medinet d.o.o, Trzaska 85, SI-2000 Maribor, Slovenia
E-mail: [email protected], Tel: +386-2-320-6320, Fax: +386-2-320-6325