May 2013Jimmy Halimjhalim10@gmail.com
ž This is the continuation of the Broadcastand Multicast Storm Control in InternetExchange topic that I shared in March20...
ž Unicast packets with unknowndestination MAC addressesž The packets will travel to all members inthe same VLANž Create...
ž Causes 99% high CPU in the Line Cardwhere the attack comes fromž VPLS CPU protection in Brocade is notprotectingž The...
ž Drops the unknown unicast packets inhardwarež Tested successfully can reduce the 99%CPU down to 1%!!ž Record down any...
ž Helps to identify the source of BUM attackž Shows the source attack port and the relatedsource and destination MAC add...
ž We still able to drop unknown unicastpackets in hardware without enablinglogging to syslogž We just need to remove the...
For sharing/question/discussion:jhalim10@gmail.com
Unknown Unicast Storm Control in Internet Exchange
Unknown Unicast Storm Control in Internet Exchange
Unknown Unicast Storm Control in Internet Exchange
Upcoming SlideShare
Loading in...5
×

Unknown Unicast Storm Control in Internet Exchange

479

Published on

This presentation is the continuation of the presentation that I shared in March 2013 about Broadcast and Multicast Storm control in IX.

Hopefully this presentation finalises the BUM storm control in Internet Exchange.

Feel free to discuss and share!!

Thanks,
Jimmy

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
479
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Unknown Unicast Storm Control in Internet Exchange

  1. 1. May 2013Jimmy Halimjhalim10@gmail.com
  2. 2. ž This is the continuation of the Broadcastand Multicast Storm Control in InternetExchange topic that I shared in March2013ž This presentation hopefully finalizes theBUM (Broadcast, Unkown Unicast, andMulticast) storm protection in InternetExchangež This is for discussion and sharingpurposes
  3. 3. ž Unicast packets with unknowndestination MAC addressesž The packets will travel to all members inthe same VLANž Creates security concern in InternetExchange platform since all membersare sharing the same VLAN
  4. 4. ž Causes 99% high CPU in the Line Cardwhere the attack comes fromž VPLS CPU protection in Brocade is notprotectingž The unknown unicast limit threshold inBrocade is not protectingž The 99% CPU causes packet losses to/from the participants that reside in sameLine Card with the attacker
  5. 5. ž Drops the unknown unicast packets inhardwarež Tested successfully can reduce the 99%CPU down to 1%!!ž Record down any packets that are deniedby incoming L2 access list to syslogž This will fasten the troubleshootingduring BUM attack
  6. 6. ž Helps to identify the source of BUM attackž Shows the source attack port and the relatedsource and destination MAC addressž The logging can be very noisy•  Cisco devices send the periodic L2 related packetsto the specified destination MAC address•  These packets are categorized as unknown unicastsince the destination MAC address is not owned byany participants in the same VPLS VLAN
  7. 7. ž We still able to drop unknown unicastpackets in hardware without enablinglogging to syslogž We just need to remove the deny any anystatement at the end of the access-listž We need to use other monitoring toolslike MRTG, INMON, or others to identifythe source of BUM attacks
  8. 8. For sharing/question/discussion:jhalim10@gmail.com

×