07-03-2007 11:11 AM - edited 03-11-2019 03:39 AM
Hello.
I am doing pre-deployment testing for 7.2 on a PIX535. I started pumping engineered ICMP traffic from IXIA at 75MB and 64 frame size just for traffic flow validation (allowed via ACL). For some reason, the CPU spiked to 99%. I was under the impression that every echo-request/echo-reply from the IXIA is considered as one session thus really busy-ing up the PIX CPU. When I checked the PIX, there were only 2 connections.
Does anybody have any idea?
Thanks.
Sping
07-03-2007 02:17 PM
it could be anything internally or externally, look at the firewall logs and see if you have multiple denies with high tcp ports for inbound traffic.
did you do " show conn " and verified in fact you have just 2 connections? if just two connections can you track these internal connections?
07-05-2007 05:19 AM
"show conn" does show 2 connections and is coming from the IXIA to remote destination. I was thinking that it probably is the limitation of the PIX. I am pumping 148,800 frames per seconds of ICMPs and every one of those frames will go through the PIX CPU. Does anybody know what is the pps limitation of the PIX535? I have a VAC+ installed on the PIX.
Thanks.
07-05-2007 01:13 PM
can you post a short text from the pix logs on the icmps, sounds like DoS , does the logs shows the icmps allowed or icmp unreachable..
can you indentify the connectios comming from the IXIA, it could be a host on that end sending spam..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide