[c-nsp] ASA5520 latency & OSPF drops

Adam Greene maillist at webjogger.net
Sat Feb 1 14:33:15 EST 2014


Nick, thanks. Connection count has not exceeded 31504 in the last 18 months,
and the ASA 5520 supports up to 280,000 I believe.

Unfortunately, have not yet found the right MIB to monitor CPU utilization,
and the issue is sporadic, so it is hard to get cpu stats manually when it
is happening.

The only clue I have so far is that during the issues, RAM utilization
increases from about 290M to about 308M. These values are still quite low,
though.

You're right, it may be a DoS, I just wonder what kind, with these
characteristics. Unicast packets are quite low during the events ... I will
start monitoring multicast, too.


-----Original Message-----
From: Nick Hilliard [mailto:nick at foobar.org] 
Sent: Saturday, February 01, 2014 12:46 PM
To: Adam Greene; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA5520 latency & OSPF drops

On 01/02/2014 16:27, Adam Greene wrote:
> Every so often (it started three months ago, about once per month, now 
> it's about once per week, but it's not regular), we're getting very 
> high latency on pings from our Internal Network to the ASA5520, and 
> the OSPF adjacency between the 3750 and the ASA5520 is dropping. The 
> issue was lasting about 60 seconds each time up to this morning, when it
lasted about 3 hours. Ugh!

check "show cpu detailed" and "show conn count" on the ASA.  If either of
these are very high, you could be experiencing a denial of service attack.

Nick





More information about the cisco-nsp mailing list