|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: FW: TNT issues "workaround"
Ive been watching mine and finally see this error *Mar 19 14:48:53.951 UTC: %SYS-2-MALLOCFAIL: Memory allocation of 2708 bytes failed from 0x603FE6C0, alignment 0 Pool: Processor Free: 6402796 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "ISDN L2 Process", ipl= 0, pid= 94 -Traceback= 603FC690 603FDC90 603FE6C8 60102990 600A84A8 600A8D34 *Mar 19 14:48:54.635 UTC: %SYS-2-CFORKMEM: Process creation of Async tty Reset failed (no memory). -Process= "Serial Background", ipl= 0, pid= 8 -Traceback= 6040D2A4 60414AEC 606B03C4 606B06A0 600704C4 Im doing b) blocking all echo/echo-reply coming in from dial-up users (i.e. apply an input acl to your virtual-template and/or group-async interfaces). But it doesn't seem to stop it from locking up. Ive been killing users as I see users with the worm , This is on a cisco as5300 by the way. Whats the command to disable route cache? John Lord([email protected]) It Manager AllTurbo Internet Services Inc 410-213-9388 Office www.allturbo.com -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Saturday, August 23, 2003 6:43 PM To: Ross Chandler Cc: John Lord; [email protected] Subject: Re: FW: TNT issues "workaround" On Sat, 23 Aug 2003, Ross Chandler wrote: > > I seem to be having the same or similar problems with my Cisco boxes > > also , they either reboot or the pris hang , users get busy's but no > > one is logged in at all , when I do a show isdn status it shows b > > channels in use but no one on, the only way to fix is reboot the box > > , and it seems to be timed , everyday at 1400 and 2200 hours , since > > Monday anybody body heard of ciscos acting funny this week? > > Perhaps your fast switching route cache is filling up memory. If > you're willing to risk it enable CEF on all interfaces. Some of the older cisco access-servers don't even support CEF. The cisco failures seem to be memory starvation/fragmentation issues caused by out of control route-cache growth caused by the nachi worm's attempt to ping so many different hosts so quickly while looking for systems to spread to. You can work around the issue by: a) using policy routing to pass all dialup traffic through a route-map that sends 92 byte echo/echo-reply packets to null0. b) blocking all echo/echo-reply coming in from dial-up users (i.e. apply an input acl to your virtual-template and/or group-async interfaces). c) disabling route caching on the egress interface of the access server. I'm doing a mix of a (on the access-servers that this works on) and b where a doesn't work...and tested c this morning and found it appears to work. ---------------------------------------------------------------------- Jon Lewis *[email protected]*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|