ICMP through the PIX

Unanswered Question
Jul 3rd, 2007


I am doing pre-deployment testing for 7.2 on a PIX535. I started pumping engineered ICMP traffic from IXIA at 75MB and 64 frame size just for traffic flow validation (allowed via ACL). For some reason, the CPU spiked to 99%. I was under the impression that every echo-request/echo-reply from the IXIA is considered as one session thus really busy-ing up the PIX CPU. When I checked the PIX, there were only 2 connections.

Does anybody have any idea?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Tue, 07/03/2007 - 14:17

it could be anything internally or externally, look at the firewall logs and see if you have multiple denies with high tcp ports for inbound traffic.

did you do " show conn " and verified in fact you have just 2 connections? if just two connections can you track these internal connections?

espmolina Thu, 07/05/2007 - 05:19

"show conn" does show 2 connections and is coming from the IXIA to remote destination. I was thinking that it probably is the limitation of the PIX. I am pumping 148,800 frames per seconds of ICMPs and every one of those frames will go through the PIX CPU. Does anybody know what is the pps limitation of the PIX535? I have a VAC+ installed on the PIX.


JORGE RODRIGUEZ Thu, 07/05/2007 - 13:13

can you post a short text from the pix logs on the icmps, sounds like DoS , does the logs shows the icmps allowed or icmp unreachable..

can you indentify the connectios comming from the IXIA, it could be a host on that end sending spam..


This Discussion