[technique] Incident : VLAN FranceIX 4032 sature 15h43-16h15

Mar 19 Aou 11:54:45 CEST 2014

Bonjour,

J'ai rétabli le VLAN 4032 vers minuit apres les messages d'explication
du NOC France IX (probable bug quelque part dans un equipement France
IX, le support des vendeurs est dessus), toutes les sessions BGP
FranceIX sont remontées sauf 2 donc la plupart des membres de FranceIX
ont aussi remonté leur port.

Le VLAN 4032 n'est maintenant plus propagé entre TLS00 et Myrys
ce qui devrait limiter j'espere l'impact du prochain incident
de ce type (idem pour 4031 et bientot le reste des VLAN d'interco
exterieurs).

Sincèrement,

Laurent

Le Monday 18 August 2014 à 16:35 +0200, Laurent GUERBY a écrit :
> Bonjour,
> 
> Vers 15h43 (13h43 TTC) le port du VLAN France-IX 4032 sur notre switch a
> TLS00 s8 (24) s'est mis a recevoir jusqu'a 1 million de paquet par
> seconde et jusqu'a 800 Mbit/s de traffic :
> 
> http://pano.tetaneutral.net/data/bw/vlan-4032-franceix-20140818-bw.png
> http://pano.tetaneutral.net/data/bw/vlan-4032-franceix-20140818-pps.png
> 
> Via tcpdump ci-apres nous recevions du traffic non broadcast mais pas
> destiné a notre MAC. Comme le lien gigabit entre TLS00 et Myrys prolonge
> ce VLAN cela a perturbé le traffic sur une partie du reseau
> tetaneutral.net (hebergement Myrys, radio Toulouse).
> 
> Nous avons donc pris la decision de couper le VLAN 4032 sur le port 24
> du switch s8 ce qui a rétabli la situation vers 16h15, merci a Mehdi
> pour son intervention sur le switch.
> 
> Sincérement,
> 
> Laurent
> 
> PS: notre MAC sur France-IX est 00:01:2e:2b:d2:07 
> 
> tcpdump sur une interface avec VLAN 4032 taggué
> 10:23:22.250924 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8121 > 37.49.236.229.179: S 2214955205:2214955205(0) win 65000 <mss 1460>
> 10:23:22.254295 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8121 > 37.49.236.229.179: S 2214955205:2214955205(0) win 65000 <mss 1460>
> 10:23:22.257017 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8223 > 37.49.236.229.179: S 2254946222:2254946222(0) win 65000 <mss 1460>
> 10:23:22.260102 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8052 > 37.49.236.229.179: S 2234955820:2234955820(0) win 65000 <mss 1460>
> 10:23:22.262470 84:b5:9c:05:39:fb > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 82: vlan 4032, p 0, ethertype IPv4, 37.49.236.227.56340 > 37.49.236.229.179: S 1897614667:1897614667(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 2170881914 0,sackOK,eol>
> 10:23:22.264140 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8052 > 37.49.236.229.179: S 2234955820:2234955820(0) win 65000 <mss 1460>
> 10:23:22.267894 00:0c:db:ff:0f:00 > 00:16:3e:56:4e:09, ethertype 802.1Q (0x8100), length 114: vlan 4032, p 0, ethertype IPv4, 213.246.61.65 > 37.49.236.54: ICMP echo request, id 14663, seq 3305, length 76
> 10:23:22.270947 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8227 > 37.49.236.229.179: S 2219954762:2219954762(0) win 65000 <mss 1460>
> 10:23:22.271538 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8097 > 37.49.236.229.179: S 2295220216:2295220216(0) win 65000 <mss 1460>
> 10:23:22.248985 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8153 > 37.49.236.229.179: S 2224951352:2224951352(0) win 65000 <mss 1460>
> 10:23:22.249203 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8023 > 37.49.236.229.179: S 2176201340:2176201340(0) win 65000 <mss 1460>
> 10:23:22.249591 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8052 > 37.49.236.229.179: S 2234955820:2234955820(0) win 65000 <mss 1460>
> 10:23:22.249851 84:b5:9c:05:39:fb > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 82: vlan 4032, p 0, ethertype IPv4, 37.49.236.227.61297 > 37.49.236.229.179: S 3582620762:3582620762(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 2170581570 0,sackOK,eol>
> 10:23:22.250137 84:b5:9c:05:39:fb > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 82: vlan 4032, p 0, ethertype IPv4, 37.49.236.227.62528 > 37.49.236.229.179: S 1990506780:1990506780(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 2170426569 0,sackOK,eol>
> 10:23:22.250464 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8122 > 37.49.236.229.179: S 2198206289:2198206289(0) win 65000 <mss 1460>
> 10:23:22.250809 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8067 > 37.49.236.229.179: S 2188196351:2188196351(0) win 65000 <mss 1460>
> 10:23:22.251048 00:0c:db:ff:0f:00 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 64: vlan 4032, p 0, ethertype IPv4, 37.49.236.10.8089 > 37.49.236.229.179: S 2278474383:2278474383(0) win 65000 <mss 1460>
> 10:23:22.251423 6c:9c:ed:04:2f:44 > 90:e2:ba:4e:21:7b, ethertype 802.1Q (0x8100), length 102: vlan 4032, p 0, ethertype IPv4, 212.83.129.111 > 37.49.237.14: ICMP echo request, id 21120, seq 10, length 64
> 10:23:22.251804 84:b5:9c:05:39:fb > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 82: vlan 4032, p 0, ethertype IPv4, 37.49.236.227.62528 > 37.49.236.229.179: S 1990506780:1990506780(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 2170426569 0,sackOK,eol>
> 10:23:22.252187 6c:9c:ed:04:2f:44 > 00:19:e8:ea:9e:90, ethertype 802.1Q (0x8100), length 102: vlan 4032, p 0, ethertype IPv4, 212.83.129.111 > 37.49.236.229: ICMP echo request, id 21108, seq 3, length 64
> 10:23:22.252457 00:11:92:bd:cf:19 > 00:30:48:8a:86:89, ethertype 802.1Q (0x8100), length 66: vlan 4032, p 0, ethertype IPv4, 37.49.236.82.36709 > 37.49.236.55.179: S 3635381382:3635381382(0) win 16384 <mss 1460,sackOK,eol>
> 