[c-nsp] FWSM shun counters followup

[Jeff Fitzwater]

This is a followup of my  previous question about FWSM "show shun  
statistics" and the counter value being only 64K.


I sent the problem to CISCO tech which returned the following  
response...

----------

> I have confirmed with our developers that the hit count is a two  
> byte counter in the NPs so the limit is actually 64K. Currently we
> do not have a way to increase it beyond that.

---------

My followup question to the list is....

On an ASA or PIX is the counter larger than 64K, 2 bytes?   In reading  
a CISCO book on ASA PIX and FWSM, they show an example that has a host  
counter value of 21277328 which is clearly over 64K.


I am guessing that maybe a PIX or ASA has a larger counter.    If the  
FWSM truly only has 64k, which is what I see on my FWSM running 4.02,  
this is almost useless especially when counter wraps multiple times or  
even wraps to the same value (unlikely as that may be).   We do some  
calculations on the counter to determine how long to keep the shun in  
place, but as we found out it is only 64K which with certain scans  
hits 64k quickly and wraps.



Does anybody see the same problem or can you confirm the counter size  
on PIX ASA or FWSM?


Thanks for any help.




Jeff Fitzwater
OIT Network Systems
Princeton University