Thanks to everyone who responded. It turns out it was a very simple case of
us executing a very effective DOS against ourselves. A combination of one of
our Network monitoring devices run amuck and trying to ping a box that no
longer exists (through the firewall) and a little bit of circular routing,
conspired against us. With no change in firewall hardware, software or
policies our utilization went from in excess of 60% (multi-cpu) to down
around 5%. And all through-put problems have disappeared. I have to say that
I'm a little embarrassed that we didn't catch it sooner, but I thought I
should let the list know anyway.
Bill
> From: [EMAIL PROTECTED] (Brett Lymn)
> Date: Wed, 19 Jul 2000 14:11:14 +0930 (CST)
> To: [EMAIL PROTECTED] (William J Husler)
> Cc: [EMAIL PROTECTED]
> Subject: Re: [FW1] too many interfaces (was: Large number of Static Routes
>
> According to William J Husler:
>>
>>
>> I checked. We have two processors and 1GB RAM in this box. SAR indicates
>> that we are using 60% or less, but throughput still sucks and we have
>> occasional packet loss. The packet loss is not predictable or reliably
>> reproducible.
>
> Mmmmm infrastructure - check that both the Sun and the switch agree on
> port speed and duplex. Turn off auto-negotiate on the switch if you
> can, sometimes they can decide to renegotiate the connection at the
> most awkward of moments....
>
> --
>
============================================================================
==> =
> Brett Lymn, Computer Systems Administrator, BAE SYSTEMS
>
============================================================================
==> =
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
