Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSCul00198 - IPS sensorApp and40;AnalysisEngine

I am not sure how many people are out there that had outages due to this bug, but we had 2 major sites down for about 55 minutes as 2 diffeent sets of  FWs were repeatedly failing back and forth during this time. Also it is not listed as affected software version, but we are running 7.1(7)E4 on our IPS'.

My biggest question is what type of testing was done by Cisco before releassing/pushing this signature updated (s749) ? I have noticed that there were issues with signature s601 release as well that were not caught during the pre-release testing, so what is Cisco going to do to improve the testing process ?

3 REPLIES
Cisco Employee

CSCul00198 - IPS sensorApp and40;AnalysisEngine

Piyush, I apologize for the problems you've experienced. 

We do extensive unit testing on each individual signature.  This includes accuracy testing, false positive testing, DFA analysis, static analysis and testing on various live networks.  We also test each signature update, verifying the upgrade/downgrade mechanisms, impact to performance, memory, internal statistics, signature accuracy, false positives and again install the signature update on sensors in various live environments.  This signature update passed all these tests and gave no indication that there was a problem.

Obviously, in this situation, this was not enough.  An interaction between a signature and a traffic mix that we did not experience during testing resulted in the problem you experienced.  As soon as we realized we had a problem, we pulled S749 from the software download site, root caused the problem, and have subsequently released S750.

In response to this problem, we are adding additional checks to detect the root issue in future testing, enhancing our suite of static analysis tests, and looking to enhance our live testing.

New Member

CSCul00198 - IPS sensorApp and40;AnalysisEngine

running yesterday in exactly the same problem....made a TAC case and voilla! Also we didn't see the problem before running signature 749 on 7.1(6)E4.. so it seems be a kind of software version mix that this problem is occurring.

New Member

CSCul00198 - IPS sensorApp and40;AnalysisEngine

Yes we also had this problem as well and it took down our infrastructre for a few hours since it did not affect all of our ASA's we could not pin point it right away.   http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCul00198

494
Views
5
Helpful
3
Replies
CreatePlease login to create content