[c-nsp] ASA5520 latency & OSPF drops
Adam Greene
maillist at webjogger.net
Sat Feb 1 14:39:24 EST 2014
Octavio,
> What about pings from the external world to the ASA?
These appear normal, since the ASA5520---2921 OSPF session is not dropping.
> Also, I'd increase logging verbosity to a Syslog server with an interface
connected to each side of the ASA.
Good idea.
> And I'd also be prepared to do a packet capture on both sides of the ASA
for the next time it happens.
Tough since they occur so sporadically, and up to now have been relatively
brief. I wonder if there is some way to trigger a capture upon a specific
event occurring. Or maybe will we just have to keep tons of logs which roll
over, and hope we catch something. We generally have about 40Mbps pumping
through the unit. That's a lot of data, and a fast rollover.
> You mention spares (I assume cold spares) but also OSPF, do you have your
devices HA?
Yes, cold spares. Devices are not HA. I have seen posts about OSPF failing
in 8.2 when the active host of a failover pair fails, due to a bug, but that
doesn't seem to be our case here as far as I can tell.
Any other ideas welcome.
Sounds like people's thoughts are tending toward DoS ...
Thanks,
Adam
-----Original Message-----
From: Octavio Alvarez [mailto:alvarezp at alvarezp.ods.org]
Sent: Saturday, February 01, 2014 1:24 PM
To: Adam Greene
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA5520 latency & OSPF drops
On 02/01/2014 08:27 AM, Adam Greene wrote:
> Every so often (it started three months ago, about once per month, now
> it's about once per week, but it's not regular), we're getting very
> high latency on pings from our Internal Network to the ASA5520, and
> the OSPF adjacency between the 3750 and the ASA5520 is dropping. The
> issue was lasting about 60 seconds each time up to this morning, when it
lasted about 3 hours. Ugh!
>
> Pings from the Internal Network to the 3750 and 2950G are fine.
What about pings from the external world to the ASA?
ALso, I'd increase logging verbosity to a Syslog server with an interface
connected to each side of the ASA.
And I'd also be prepared to do a packet capture on both sides of the ASA for
the next time it happens.
You mention spares (I assume cold spares) but also OSPF, do you have your
devices HA?
More information about the cisco-nsp
mailing list