Showing results for 
Search instead for 
Did you mean: 

Routing Protocols and fully utilized links

Hi there,

we recently got the Problem that one Link between one of our 6509 with SUP720 and one 7606 with RSP720 got fully utilized because of an DDoS attack.

The attack was very short und not that heavy, but big enough to fill the 1G Connection between the two devices.

The big problem here was that we lost routing between the two devices.

The 7606 is one of our corerouter running BGP and OSPF. It have one 10G transitlink to an uplink provider and two 10G Interface to adjacent core-router.

We use OSPF as routing protocol between these two devices.

At the moment of the attack/ fully utilization we noticed that the devices lost its OSPF neighbors associated to that link, I assume that the Hello Packets did not get through the link...

The 6509 of course have an second uplink to another corerouter (1G/OSPF) so the following happened:

The first link got full and after some time the OSPF neighbor was lost. The traffic went to the second link (not really surprising) so the first link got its OSPF neighbor back to lost it afterwards because of the full link.

That was some nice flapping.

So my questions:

Maybe i´m completly wrong and there is some "built in priorization"?

(Routed interfaces with /30 transfernetworks, so nothing special)

Is there an (easy) way to protect the links in the core/distribution area against this Problem?

Maybe some QoS?

(But i dont know whether I want QoS in that area)

Maybe some storm-control (OSPF = Multicast)?

(But wouldnt help with BGP...)

Other ideas?

Thanks and greetings


Everyone's tags (3)
CreatePlease to create content
Ask the Expert- Webex Hybrid Services Solutions