[nsp] Pix 6.3(3) and UDP issues
Scott Morris
swm at emanon.com
Wed Sep 24 13:42:50 EDT 2003
Kinda cool actually, but I'm seeing the exact same thing. Granted,
26,000 of the connections were to one particular host in Australia who
really doesn't have much business looking for my DNS anyway... But not
killing the connections is still a bad thing. :)
I had not noticed the problem previously with 6.3(1), so it may not need
to be a downgrade to 6.2, but I'll be testing that out!
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm at emanon.com/smorris at ipexpert.net
http://www.ipexpert.net
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Olav Langeland
Sent: Wednesday, September 24, 2003 12:36 PM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Pix 6.3(3) and UDP issues
We upgraded to 6.3(3) on our Pixes last week, and immediately saw a huge
increase in reported connections. The problem seemed to be UDP port 53
(DNS) sessions that would not timeout. The connection count increased
slowly but steadily, and today the CPU went skyhigh and we were forced
to downgrade to 6.2 which had proven to be stable. We checked around a
bit, and heard other stories about which was more or less the same, with
users forced to downgrade. We are a hosting company with fairly large
scale DNS and shared Web so UDP traffic is high.
Has anyone had the same issues/problems? Pix 6.3(1) is most likely our
next step, until we get a confirmed new version or a workaround.
olav langeland - active isp - olav.langeland at no.spam.activeisp.com
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list