Troubleshooting Proxy ARP - BGP Neighbor flapping

Se recibe un reporte por parte de un cliente donde menciona que hay intermitencia en la conexión de los vecinos en BGP. Al entrar al equipo, se observa errores de overruns en la LAN y CRC en una de las interfaces hacia USA con BGP (la Serial1/0).

Serial1/0 is up, line protocol is up 
  Hardware is DSXPNM Serial
  Description: DS3 IPL UFLP
  Internet address is 10.10.1.2/30
  MTU 4470 bytes, BW 44210 Kbit, DLY 200 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP, CDPCP, crc 16, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 02:39:38
  Input queue: 0/75/0/182 (size/max/drops/flushes); Total output drops: 49
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  30 second input rate 11000 bits/sec, 16 packets/sec
  30 second output rate 33000 bits/sec, 21 packets/sec
     256807 packets input, 84275711 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 3 giants, 0 throttles
     1084 input errors, 1084 CRC, 376 frame, **135 overrun**, 0 ignored, 300 abort
     265883 packets output, 35076293 bytes, 0 underruns
     0 output errors, 0 collisions, 37 interface resets
     0 output buffer failures, 0 output buffers swapped out
     3 carrier transitions

Si se hace ping hacia una de las dos WAN hay intermitencia.

Se detecta que el 100% de CPU se dispara por el proceso ARP Input y IP Input (mostrado en el sh processes cpu sorted). Hay un ataque desde la LAN hacia el router, ocasionando que haya pérdida de paquetes, por ende intermitencias con ICMP (ping), las sesiones BGP se caen, etc.

Router_Panama#**sh processes cpu sorted**
CPU utilization for five seconds: **99%**/42%; one minute: 89%; five minutes: 69%
 PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process 
  **18     4498404    267359      16825 35.42% 25.88% 22.23%   0 ARP Input**        
 102     1181892    995365       1187 14.48% 16.39% 10.18%   0 IP Input         
 123      339096    779730        434  4.74%  6.97%  3.84%   0 DHCPD Receive    
  43      144024     11928      12074  1.22%  1.23%  1.23%   0 Per-Second Jobs  
  39       29016    175949        164  0.32%  0.17%  0.18%   0 Net Background   
   6        4028     18201        221  0.08%  0.08%  0.04%   0 Pool Manager   

Router_Panama#sh processes cpu history 
Router_Panama   09:11:29 PM Wednesday Aug 5 2009 UTC

                       55555888889999999999999999999999999999999
    222222222222222222200000999999999988888888888888888888888888
100                              *******************************
 90                         ************************************
 80                         ************************************
 70                         ************************************
 60                         ************************************
 50                    *****************************************
 40                    *****************************************
 30                    *****************************************
 20                    *****************************************
 10                    *****************************************
   0....5....1....1....2....2....3....3....4....4....5....5....6
             0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)
        1 1 1  1 11         11  1   1  1  111               1   
    999909090990900999999999009909990990990009999999999999990999
    998909090990900899999899009909990990990009989999998898990999
100 *#*******************#**********************************#*#*
 90 *#****#*************##*#***************************#**#*#*#*
 80 *#****#*************##*#***********#*****#*****#***#**#*#*#*
 70 ##*##*#******#******##*#****#******#*#**##*****#*###**#*#*#*
 60 ##*##*#****#*#******##*#*#**#*****##*#####*****#*###*##*#*#*
 50 ##*###############*#######*#########################*##*####
 40 ############################################################
 30 ############################################################
 20 ############################################################
 10 ############################################################
   0....5....1....1....2....2....3....3....4....4....5....5....6
             0    5    0    5    0    5    0    5    0    5    0
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%
    11                                                                      
    00                                                                      
    00                                                                      
100 **                                                                      
 90 **                                                                      
 80 **                                                                      
 70 #*                                                                      
 60 #*                                                                      
 50 ##                                                                      
 40 ##                                                                      
 30 ##                                                                      
 20 ##                                                                      
 10 ##                                                                      
   0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
             0    5    0    5    0    5    0    5    0    5    0    5    0  
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%

Router_Panama# 

Router_Panama#**sh ip bgp summary** 
BGP router identifier 10.120.0.253, local AS number 65527
BGP table version is 12, main routing table version 12
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 28 bytes of memory
BGP using 448 total bytes of memory
BGP activity 4/3 prefixes, 11/10 paths, scan interval 60 secs
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
**10.10.1.1       4 65527     950     960        0    0    0 00:01:11 Active**
**10.10.10.1      4 65527     983    1001        0    0    0 00:04:57 Active**
Universal_Fidelity_Panama#

Solución:
Colocando shutdown a la interfaz LAN donde recibe los ataques el router normaliza. Fue requerido desconectar la PC que estaba realizando el ataque.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License