Input firewall seems to be the right answer. Not updating.
On Tue, Apr 11, 2023 at 6:59 PM Alex Kessler
wrote:
> Been experiencing this bug for years while running NAT and connection
> tracking. Rebooting every few months while running v6 latest. Does v7
> have any known fixes to resolve thes
I believe we have one in the data center that has this issue.
It’s just unacceptable to be honest. Seems like the solution is to replace it I
guess.
Tyson Burris, President
Internet Communications Inc.
739 Commerce Dr.
Franklin, IN 46131
Office # 317-738-0320
Cell/Direct # 317-412-1540
Online:
Its a known hardware issue with connection tracking enabled and hardware
offload. It has a hard limit to the number of connections it supports
that is pretty low. Its high enough you won't notice till you get
significant traffic, but low enough it is a common issue. The fix is to
turn off conne
Exactly this below.
We used 1072 units as core Edge/BGP and OSPF/MPLS only, no connection tracking.
We upgraded from 1072 to 2116 units v7 on all edge units and 2004 v7 on all
core units and also all access units using connection tracking. The 2004 units
are great little processors of traffic,
Then why did mine have a kernel panic when there is no connection
tracking? Why is it solved with significantly more traffic and only
changing the firewall?
On Wed, Apr 12, 2023 at 11:46 AM Trey Scarborough wrote:
> Its a known hardware issue with connection tracking enabled and hardware
> offl
What software are you using to create the diagrams?
For securing to the backplane, are you tapping the holes?
On Tue, Apr 11, 2023 at 9:01 PM Jaime Solorza wrote:
>
> Finally got relays!! We should have it wrapped by tomorrow before noon...we
> have tested all the connections from PLC to term
Autocad...
Yes..we use thread making bit and small screws to secure din rail and wire
duct..
On Wed, Apr 12, 2023, 11:07 AM Matt wrote:
> What software are you using to create the diagrams?
>
> For securing to the backplane, are you tapping the holes?
>
>
> On Tue, Apr 11, 2023 at 9:01 PM Jaime
What needs changed with the firewall?
On 4/12/2023 9:27 AM, Josh Luthman wrote:
Input firewall seems to be the right answer. Not updating.
On Tue, Apr 11, 2023 at 6:59 PM Alex Kessler
wrote:
Been experiencing this bug for years while running NAT and
connection tracking. Rebooting
About 10Gbps seems to be the choke point. Infuriating actually.
On Wed, Apr 12, 2023 at 12:13 PM Trey Scarborough wrote:
> Its a known hardware issue with connection tracking enabled and hardware
> offload. It has a hard limit to the number of connections it supports that
> is pretty low. Its h
OSPF will also kill the system and force a watchdog reboot. If I remove a
a long time link between routers sure enough the router will reboot itself
a couple days later. Anything OSPF when it comes to removing existing
rules (if you have enough going on) it will die.
On Wed, Apr 12, 2023 at 1:0
We had this same issue. Replacing it with a CCR2216 didn't fix the problem. We
ended up going to Juniper MX204's and A10 CGNAT boxes for NAT.
Christopher Tyler
Senior Network Engineer
Total Highspeed Internet Solutions
+1 417-851-1107 ext 9002
ch...@totalhighspeed.net
[cid:29915cb0-80fd-4b9
That’s a nice setup with the MX204 and A10.
Since we upgraded to like 20+ CCR2004 units running V7 and 5 CCR2216 units we
have had no issues with our edge, core and access network running CGNAT.
We separate roles on separate hardware so each major site has local CGNAT on
one 2004 for access, and
Dropping ***ALL*** input except what you need to access the router from
good hosts.
It doesn't matter if the service is listening or not, firewall it. It
doesn't matter if you've restricted IPs on the service, firewall it.
On Wed, Apr 12, 2023 at 2:30 PM Alex Kessler
wrote:
> What needs change
What labels are those for the cables?
On 4/11/2023 8:59 PM, Jaime Solorza wrote:
Finally got relays!! We should have it wrapped by tomorrow before
noon...we have tested all the connections from PLC to terminal
blocks...we will fire it tomorrow before we take to job site and land
it in enclos
Brady
On Wed, Apr 12, 2023, 4:09 PM Trey Scarborough wrote:
> What labels are those for the cables?
>
> On 4/11/2023 8:59 PM, Jaime Solorza wrote:
> > Finally got relays!! We should have it wrapped by tomorrow before
> > noon...we have tested all the connections from PLC to terminal
> > blocks.
I think the fw open can cause reboots but it will still reboot with
connection tracking enabled. Try going to v7 7.8 you can always go back
later.
On Wed, Apr 12, 2023, 12:37 PM Josh Luthman
wrote:
> Dropping ***ALL*** input except what you need to access the router from
> good hosts.
>
> It doe
16 matches
Mail list logo
