09-24-2007 09:27 PM - edited 03-03-2019 06:54 PM
I work at an Internet Service Provider. One of our clients has his gateway as one of the subinterfaces in our router.
int fa0/0.421
encapsulation dot1q 421
ip address
this ip is routed via ospf
These days since two days one amazing thing is happening. Even when I shut his subinterface or his access port in the switch, or he power offs all the devices at his premises physically his network show amazing bandwidth consumption in our Bandwidth Manager. He has been allocated 256/256 K dedicated bandwidth but the whole bandwidth gets choked even when the devices are physically shut !!!!!!!!!!!!!! I let him use global bandwidth as to see how much it might hit , his network was demanding 10.5 MB!!!!!!!!!!!!! What is this ?????? I had to throttle the rule to 80/80 bits per second to control it !!!!!!!!!!!!!!! Is it the case of IP spoofing ????? How is the network consuming bandwidth when it is physically shut or power off ???? I dont see anything in the log. Our client has a Fortigate 100A 2.80 Firewall in his premises.
Help !!!!!!!!!!! Never experienced like this in my 2 years Network Engineering Career!!!!!!
09-24-2007 10:32 PM
Altough there is not too much info, I think that there might be another interface somewhere in the network that was configured for vlan 421. The traffic that you see could be due to the OSPF having found an alternative path via this vlan and is routing or load balancing traffic over it.
You should check your routing tables and verify the vlan configuration in the PE-CPE part of the network.
regards,
Leo
09-24-2007 11:48 PM
Thanks Leo,
I did solve my problem after I issued access lists in egress and ingress filter and generating the log to see what is going on. I found one Malaysian Communications' ip sending me unneccessary traffic (echo-reply), I have blocked the ip and reported to abuse@thatisp.com and things have got normal.
Regarding your answer I am still confused because without that 421 vlan propagating( or being trunked ) does simply getting associated with another sub interface does it ???? Because my bandwidth manager here assigns /monitors bandwidth based on subnet. Even if i assign same vlan 421 to another subinterface in another subnet will there be such confusion to the Bandwidth manager ????? Because Bandwidth manager monitors based on IP address not on VLAN isnt it ??????
09-26-2007 06:33 AM
Hi,
Always secure internet routers. Refer to the links..
Non-BGP
http://www.cymru.com/Documents/secure-ios-template.html
BGP
http://www.cymru.com/Documents/secure-bgp-template.html
NSA Guide
http://www.nsa.gov/snac/downloads_all.cfm
..and also keep their IOS up-to-date.
Regards,
Dandy
09-26-2007 10:24 PM
Thanks a lot Dandy,
I will surely take into account your advise
Bsnta
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide