On Saturday 08 December 2007, John Summerfield wrote: > This http://www.cisco.com/warp/public/707/21.html has a section on Flood > Management. Read it, it doesn't apply to many on this list. One thing even this document misses about high-end cisco routers is that you do want to throttle pings to the loopback interface; it is possible to overload a Cisco 12012's GRP, for instance, with high-rate pings from a high speed interface interface (I've done that to ours through an OC12 SRP/DPT connection, but the OC3 I have to the Internet isn't quite big enough to do it). The distributed nature of that beast (and the 7500 series, as well as the 6500/7600 series) means the router is handling at times a hundred or a thousand times the bandwidth that the CPU on the route processor could handle. Well, essentially anything that would force a dCEF platform to drop to process switching on a >OC3 interface would do, but pinging the loopback is pretty close (which is why the loopbacks typically have tight ACL's and QoS setups to prevent RP CPU overload). But the same is true for many of the layer 2 Catalysts when pinging the management port (sc0); a SupIII or IIIG on a Catalyst 5500, for instance, can be brought to its knees by hitting hard on sc0 (CPU overload on a layer 2 catalyst can really wreak havoc with spanning tree, which can pull your entire layer 2 network down hard when BPDU's get missed). On Linux, you're not likely to bring a box to its knees with pings, even on Gigabit interfaces, because the box's throughput isn't typically large enough to allow it. However, I've found that the preemptive kernel (the PlanetCCRMA low latency one was what I tested) on my Dell 640m can be easily brought to its knees with any high interrupt load; the stock kernel doesn't exhibit this behavior. -- Lamar Owen Chief Information Officer Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu
