SPA122 Kernel Panic

Kanogwaith · ‎10-09-2018

Hi everyone,

I am networking engineer in ISP in Russia, and we have a trouble with SPA122s. Historically we have ring topology on access layer, that is why sometimes it storms. Anyway, some of our customers connected by SPA122, and its WAN-port has a VLAN tag. But when storm appears, we are losing access to most of all ATAs. I have replayed this situation on stand and watched SPA122's output from UART. (It is the same as in file included, the log in file is quite old, but nothing changed since 2014). I tried to test all versions of firmware and hardware revisions, and found that all of them has that problem. Now I do not have any ideas what to do. In Cisco Russian Community I have found that the problem is common and it did not solved yet.

I will be much appreciated if someone tells anything or suggest any decision. Unfortynately, changing topology is

impossible now, so I need any other decision. Choosing unique VLAN for each ATA is also unpleasant.

Ask me, if you need any information and details.

Dan Lukes · ‎10-09-2018

[17180063.752000] swapper: page allocation failure. order:0, mode:0x20

SPA122 is just out of memory ...

[17180063.752000] [<b4168d5c>] (ip3912_alloc_new_rx_skb+0x0/0x120) from [<b4169f88>] (ip3912_poll+0x230/0x4b4)

... because packets are arriving faster that kernel can process them.

[17180063.788000] ip3912: Allocating new skb in RX IRQ handler failed, losing one DMA descriptor for eth0!
[17180063.796000] ip3912: Unable to alloc memory for new RX skbs, eth HW stopped. You have to manually restart (down-up) eth0.

RX DMA slot with no buffer is useless. Once all DMA slots are lost, network cart can receive no packet anymore.

SPA122 is simple/cheap device with low memory and not so much computing power. It can't withstand DoS attacks and is unsuitable to be used in unfriendly environment. It's not full-sized firewall suitable to guard a network. Packet storm just must not reach it.

Some switches can limit number of packets, so you can block storm on the switch the storm source is connected to, or where SPA122 is connected to. Otherwise, SPA122 needs to be hidden behind a firewall suitable to block DoS attacks so they will not reach SPA122.

Well, you can try to contact Cisco SMB Support and open the case.

But I have my own question related to yours one:

watched SPA122's output from UART

Where's an UART on SPA122 and how I can connect to it ?

If there is a description available somewhere on WWW, you need not to copy content here - just disclose URL. I can read it even if текст написан на русском языке

Kanogwaith · ‎10-11-2018

this one was made by my colleague and I do not know what is inside :)soldering-iron can be useful

Here it is, sometimes there are pins, sometimes there are holes. I have DIY USB-UART cable and serial console on my Linux PC, baudrate 115200.

Dan Lukes · ‎10-11-2018

this one was made by my colleague and I do not know what is inside :)

It's clear - it's converter serial TTL 3.3V <->USB.

Thanks for the info.

Kanogwaith · ‎10-11-2018

Also, this can be useful too for getting root access if you need

https://hk.saowen.com/a/ee35e4b975dd7bb374d6584deefac38bd35c2a11704e2354ba6879e6e060bec2