[c-nsp] Thousands of tcp sessions stuck in TIMEWAIT

Keegan Holley keegan.holley at sungard.com
Sun May 15 20:26:08 EDT 2011


On Sun, May 15, 2011 at 10:17 AM, Dobbins, Roland <rdobbins at arbor.net>wrote:

> On May 15, 2011, at 7:49 PM, Joe Freeman wrote:
>
> > I about to the point where I'm going to create a TCL script and use the
> event scheduler just to clear the TIMEWAIT sessions every 12 hours or s
>
>
> It would probably be a good idea to use NetFlow or some other traffic
> classification mechanism to get some visibility into the traffic targeting
> the box, first.
>


I would agree with netflow with the addition of an old fashioned packet
capture.  If you see rst packets for the sessions that are in TIMEWAIT then
it could be a bug.  If they just are opened but do not close then you could
be being DDOS'd.  Do you recognize the source IP's of the traffic?  I'm not
that familiar with webvpn, but is there an idle timer that you could
configure?  Seems more effective than clearing the sessions periodically.


More information about the cisco-nsp mailing list