Interesting scenario here; I have two DIA circuits. One from Lumen, another from Comcast. Comcast is sending me 300+Mbps worth of SIP traffic that is destined for other Comcast IPs. These DIAs do not have any BGP on them. My rules were permitting the traffic(We were just forwarding it back out the Comcast or Lumen based on load balancing rules), but as soon as I threw a policy in to drop it, they stopped sending me traffic. If I allow it again, takes about 30 minutes and then the SIP traffic starts up again and slowly increases in 15Mbps chunks. This is a new install from Comcast(Activated last week). No devices are behind these firewalls yet.
Here are some of the destinations for the SIP traffic
//redacted//
They're all in that //redacted// block....
Anyone here with Comcast enterprise support? Support so far has been worthless.
Image of the bandwidth graph on that circuit: https://i.imgur.com/gXw4ElG.png
EDIT: Got it sorted out. This circuit has a statically routed /27 that was added but never conveyed to me. All of those IPs are part of that /27. So my firewall was 'passing it along' and creating a giant loop which is why the traffic steadily increased overtime.
Interesting! Learn something new everyday.
No comments:
Post a Comment