[nsp] Pix 6.3(3) and UDP issues
Terry Grace
tgrace at tgrace.com
Wed Sep 24 16:10:00 EDT 2003
Disabling dns fixup fixed it for us.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Morris
Sent: Wednesday, September 24, 2003 1:43 PM
To: 'Olav Langeland'; cisco-nsp at puck.nether.net
Subject: RE: [nsp] Pix 6.3(3) and UDP issues
Kinda cool actually, but I'm seeing the exact same thing. Granted, 26,000
of the connections were to one particular host in Australia who really
doesn't have much business looking for my DNS anyway... But not killing the
connections is still a bad thing. :)
I had not noticed the problem previously with 6.3(1), so it may not need to
be a downgrade to 6.2, but I'll be testing that out!
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIS, et al. IPExpert CCIE Program Manager IPExpert Sr. Technical
Instructor swm at emanon.com/smorris at ipexpert.net
http://www.ipexpert.net
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Olav Langeland
Sent: Wednesday, September 24, 2003 12:36 PM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Pix 6.3(3) and UDP issues
We upgraded to 6.3(3) on our Pixes last week, and immediately saw a huge
increase in reported connections. The problem seemed to be UDP port 53
(DNS) sessions that would not timeout. The connection count increased slowly
but steadily, and today the CPU went skyhigh and we were forced to downgrade
to 6.2 which had proven to be stable. We checked around a bit, and heard
other stories about which was more or less the same, with users forced to
downgrade. We are a hosting company with fairly large scale DNS and shared
Web so UDP traffic is high.
Has anyone had the same issues/problems? Pix 6.3(1) is most likely our next
step, until we get a confirmed new version or a workaround.
olav langeland - active isp - olav.langeland at no.spam.activeisp.com
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list