On Sat, 25 Jan 2003, Freedman David wrote:

Anybody here on list using Extreme products (Summit/Alpine/Blackdiamond)?

We extensively use extreme networks products in our core, distribution and access. The roadrunner chipset units (Summit24/48) (used mainly for access) dies if you try to put more than say 5 megabit/s of this flood thru it. A lot of purely route-cache products does this, I've talked to people with the same experience with Enterasys units etc. We had a few of those killed off by customers infected and buying 10 megabit/s from us. On the other hand, our inferno chipset units (BDs with MSM64i, Summit48i etc) with EW 6.2.2b56 code handled this just fine. One unit which was directly connected to the customer which tried to put 10 megabit/s of flood thru it complained with some errors but there was never any problems logging into the unit, checking to see where the traffic was from etc. I was able to disable the customers vlan from the customer port and everything went back to normal.

Extreme are apparently assembling an "advisory TAC" on this, from our point of view, since we use the devices to do l3 aggregation (for colo and such) we've used an ACL to try and combat the offending traffic, but its not doing much good.....

I just did: create access-list block1434 udp destination any ip-port 1434 source any ip-port any deny ports any Bingo, dropping several kpps of traffic thru the switch (BD with MSM64i) hands down, no problemo. I am quite happy with how the I-chipset boxen handled the situation, since they are also route cache based I feared they would really get struck badly but I have seen no such problems. -- Mikael Abrahamsson email: swmike@swm.pp.se