[c-nsp] ASA5520 latency & OSPF drops
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sat Feb 1 16:16:43 EST 2014
The ASA can be brought to its knees by small packets with not a very large PPS... its the ring buffer system it uses. Which brings to mind the current flavour du jour of ddos, that of NTP amplification. I'd do a span of your 2950G links to eg a Linux box with tcpdump and get a pretty picture of what's passing through. .. or being blocked/dropped
Alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the cisco-nsp
mailing list