CPU CMTS uBR10K | docsis.org

You are here

CPU CMTS uBR10K

7 posts / 0 new
Last post
flavio.mali
CPU CMTS uBR10K
AttachmentSize
Image icon CMTS_ARA.JPG49.56 KB
Image icon CMTS_SJO.JPG39.35 KB
Image icon CMTS_TUB.JPG40.44 KB

Hi there

that Sunday there was a very strange event. out of nowhere the CPU consumption of 3 different CMTS in 3 different cities increased by around 15%. any idea or has anyone been there?

mbowe
perhaps check the output of

perhaps check the output of "show proc cpu sort"

flavio.mali
CPU CMTS

how it came to a halt this morning. I don’t know, maybe some external scanning of the ip´s of our AS or something like that. if it happens again I will collect more data.

thank you.

File attachments: 
flavio.mali
new data

I managed to get more data when the CPU increased. I took the logging and found that some arp spoof problem starts. my bundle settings are from the attached file. any recommendations?

thank you.

mbowe
1/ On the bundle I would also

1/ On the bundle I would also add
"ip verify unicast reverse-path"
It wont help with this particular issue, but it is a good way to block junk traffic coming in from customers

2/ For this issue, contact the customer and get them to turn proxy-arp off on their router.
They wont be doing it on purpose, it will almost certainly be an accidental thing.

3/ I see you are using "cable source-verify dhcp". Normally that command would be paired up with "no cable arp".
You might want to do some more reading on that topic.
If you do "show arp", do you see tons of IPs with that same MAC ?

flavio.mali
MAC

OK! from what I saw are only 2 ip. one from cpe and the other from cable modem, the mac that appears in both is MAC = 0000.0002.0202. I will request a technical visit on the spot to check. thank you for the tips.

schg
arp

I'd like to add something to point 3/:
this whole ARP related security configuration should look like this:


ip verify unicast reverse-path
cable source-verify dhcp
no cable arp
ip local-proxy-arp
no cable proxy-arp

The command ip local-proxy-arp makes the CMTS lie to the customer about his neighbors routers MAC-adress.
This helps to prevent stealing the MAC-address of your neighbors router.

Log in or register to post comments