Memory leaks in IOS software – example


Here’s one example why you should isolate your test infrastructure from your office network.

Person A responsible for the server infrastructure enables link aggregation on uplink server ports without telling the network admin. This causes the switch to wonder on which port mac address 0000.1111.2222 actually is because server sends traffic on all 4 ports.

Oct 13 15:00:58: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.1111.2222 in vlan 11 is flapping between port Gi0/25 and port Gi0/34

After a few hours, the switch gets tired and refuses incoming aaa calls because of how some lazy programmer built this function.

AAA unable to create UID for incoming calls due to insufficient processor memory.

That’s it, we’re cut off from our switch because we didn’t enable any security mechanism (alarms, memory preservation features etc.).


This example is due to a bug. Some smart programmer decided that macflaps should be within the same function as AAA, therefore memory taken by macflaps goes into the Auth Manager bucket. Therefore, the more mac flaps, the less memory is left for AAA. Brilliant.





Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:


Komentujesz korzystając z konta Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Połączenie z %s

%d blogerów lubi to: