Hi Adam,
So, the symptoms are high latency from internal network to Inside of
ASA's interface?
And during this problem, the switch appears to be re-establishing the
OSPF neighbor?
It wasn't clear to me if you were also seeing packet loss or not.
A suggestion to narrow down some things:
If the 29
[mailto:john.kougou...@gmail.com]
Sent: Saturday, February 01, 2014 4:30 PM
To: Adam Greene
Cc: cisco-nsp@puck.nether.net NSP
Subject: Re: [c-nsp] ASA5520 latency & OSPF drops
Hi,
since you don't lose the OSPF session between 5520 and 2921, I would say
that this is not related to ASA CPU, DoS from Int
>
> Any other ideas welcome.
>
> Sounds like people's thoughts are tending toward DoS ...
>
> Thanks,
> Adam
>
>
> -Original Message-
> From: Octavio Alvarez [mailto:alvar...@alvarezp.ods.org]
> Sent: Saturday, February 01, 2014 1:24 PM
> To: Adam Gree
and because it's wrong to make statements without documentation:
http://geant3.archive.geant.net/service/edupert/Resources/Documents/Firewall_Performance_TIP2013.pdf
that's a 'highend' 5585x dying with just 1Mpps
Alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
The ASA can be brought to its knees by small packets with not a very large
PPS... its the ring buffer system it uses. Which brings to mind the current
flavour du jour of ddos, that of NTP amplification. I'd do a span of your
2950G links to eg a Linux box with tcpdump and get a pretty picture of
On 01/02/2014 19:39, Adam Greene wrote:
> We generally have about 40Mbps pumping through the unit.
it's the packet count that causes high cpu load, not the bps throughput.
Nick
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.n
On 01/02/2014 19:33, Adam Greene wrote:
> Unfortunately, have not yet found the right MIB to monitor CPU utilization,
> and the issue is sporadic, so it is hard to get cpu stats manually when it
> is happening.
no need. Just monitor the packet count in and out of the box from the
switch that it c
-
From: Octavio Alvarez [mailto:alvar...@alvarezp.ods.org]
Sent: Saturday, February 01, 2014 1:24 PM
To: Adam Greene
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA5520 latency & OSPF drops
On 02/01/2014 08:27 AM, Adam Greene wrote:
> Every so often (it started three months ago, abou
start monitoring multicast, too.
-Original Message-
From: Nick Hilliard [mailto:n...@foobar.org]
Sent: Saturday, February 01, 2014 12:46 PM
To: Adam Greene; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA5520 latency & OSPF drops
On 01/02/2014 16:27, Adam Greene wrote:
> Every
On 02/01/2014 08:27 AM, Adam Greene wrote:
> Every so often (it started three months ago, about once per month, now it's
> about once per week, but it's not regular), we're getting very high latency
> on pings from our Internal Network to the ASA5520, and the OSPF adjacency
> between the 3750 and
On 01/02/2014 16:27, Adam Greene wrote:
> Every so often (it started three months ago, about once per month, now it's
> about once per week, but it's not regular), we're getting very high latency
> on pings from our Internal Network to the ASA5520, and the OSPF adjacency
> between the 3750 and the
Hi,
We are having a problem with high latency and OSPF drops on an ASA5520.
The portion of our network in question is connected as follows:
Internal Network---3750---2950G---ASA5520---2950G---2921---External World
The two 2950G's shown above are actually the same device; we are us
12 matches
Mail list logo
