Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can I disable DoS protection on CSS ?

Can I disable DoS protection on CSS 11000 ?

My application generates flow, which CSS estimates as DoS and it probably closes this sessions (I see this in statistics).

5 REPLIES
Cisco Employee

Re: Can I disable DoS protection on CSS ?

no - you can't disable the dos feature or even tune it.

What is particular about your application ?

Do you have asymetric routing ?

This is often the cause of CSS detecting dos attack.

Gilles.

New Member

Re: Can I disable DoS protection on CSS ?

This is not asymmetric routingu problem.

I am sure that, this is application problem , but I have question, how long CSS blocks flow from source, which detected as source DoS?

Krzysztof

Cisco Employee

Re: Can I disable DoS protection on CSS ?

the CSS does not block.

It just RST the current flow for which it detected the attack.

New Member

Re: Can I disable DoS protection on CSS ?

I do have assymetric routing and this DoS detection is killing me. If it cannot be turned off, what is the work-around?

Bronze

Re: Can I disable DoS protection on CSS ?

Hi Chad,

the only solution to this is avoiding asymetic routing if possible. This can be either done by source-natting VIP traffic via the CSS or pointing the servers-GW/return path for those clientrequests towards the CSS.

All possible solutions for avoiding asymetric routing are depending on the whole setup of the network and not that easy to answer and the above mentioned soltions possibilities are only examples.

Kind Regards,

Joerg

366
Views
0
Helpful
5
Replies