[c-nsp] ASA5520 latency & OSPF drops

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Sat Feb 1 16:16:43 EST 2014

The ASA can be brought to its knees by small packets with not a very large PPS... its the ring buffer system it uses. Which brings to mind the current flavour du jour of ddos, that of NTP amplification.  I'd do a span of your 2950G links to eg a Linux box with tcpdump and get a pretty picture of what's passing through. .. or being blocked/dropped

Sent from my Android device with K-9 Mail. Please excuse my brevity.

More information about the cisco-nsp mailing list