92 Byte ICMP Blocking Problem

Richard_J_Sears1 · September 12, 2003, 5:42pm

We started blocking 92 Byte ICMP packets on our ingress points on our
core backbone routers.

This was a recommendation from Cisco to help mitigate the effects of the
Nachi worm.

Since then, we have been hammered with customer complaints concerning
the inability to talk to mail servers and ssh to their servers, as well
as other weird network issues, all centering around the time we started
blocking 92 Byte ICMP packets.

Has anyone else seen this, and if so, is the only resolution to stop the
blockage of 92 Byte ICMP Packets..?

Thanks

Richard

Chris_Adams3 · September 12, 2003, 5:52pm

Once upon a time, Richard J.Sears <rsears@adnc.com> said:

Since then, we have been hammered with customer complaints concerning
the inability to talk to mail servers and ssh to their servers, as well
as other weird network issues, all centering around the time we started
blocking 92 Byte ICMP packets.

Has anyone else seen this, and if so, is the only resolution to stop the
blockage of 92 Byte ICMP Packets..?

Yes. As soon as we put the policy route map in place, we had some
people unable to talk via SSH, SMTP, or POP3. It was random: one person
here in the office couldn't SSH to a particular server. He could SSH to
other servers, and the rest of us could SSH to the server he could not.
We had similar experiences with SMTP and POP3. When we took the policy
route map back out, the problems went away.

This is with IOS 12.0(25)S1 on a 7513 doing dCEF. We put the policy
route map on the FE interface linking this router to the POP core
router; this router has MC-T3 interfaces and ethernets to Ascend TNTs
and such. The intent was to stop the 92 byte ICMP echos from reaching
the Ascend TNTs, since several of them were rebooting constantly.

Richard_J_Sears1 · September 12, 2003, 6:41pm

Hi Chris,

We were having the same exact problem with 4 TNTs that we have. In the
end, we shut off ip-route-cache on the TNTs and that fixed the problem
with them.

Richard

Chris_Adams3 · September 12, 2003, 6:47pm

Once upon a time, Richard J.Sears <rsears@adnc.com> said:

We were having the same exact problem with 4 TNTs that we have. In the
end, we shut off ip-route-cache on the TNTs and that fixed the problem
with them.

We were only seeing it on some of our TNTs for some reason. I didn't
turn the route cache completely off, but I did limit the size, and that
solved it for us.