Firewall Wizards mailing list archives
Re: PIX 535: High CPU, High-Latency
From: "David Swafford" <dswafford () alterhighschool org>
Date: Thu, 12 Oct 2006 10:17:32 -0400
I know it's a different device, but on a router it can cause loss of traffic. We had a problem where I work recently, where the router was so overwhelmed due to the fact that we had turned it into a firewall by having extensive acls on all inbound and outbound traffic, it just stopped accepting traffic entirely, in this case the cpu was staying around the 70-90% range. It would go in intermittent drops, working fine for a while and then dropping all traffic for about 2-3 minutes while it recovered. In our case we exhausted the cpu and memory,though it was a much smaller device, a cisco 2620 router. ____________________________________________________ David A. Swafford, Network Engineer Information Technology Team Archbishop Alter High School EC-Council Certified Ethical Hacker A Cisco Systems, Inc., Certified Network Associate (CCNA) and a CompTIA Network+ and Security+ Certified Professional
matthew.stansel () yale edu 10/11/2006 1:37:14 pm >>>
Has anyone discovered and a reliable source of information regarding performance or operational parameters for Cisco PIX firewalls? That is, acceptable limits for the various resources utilized, CPU, memory, interface saturation, etc. Specifically, what are the impacts of high CPU utilization on this platform? What are the implications of CPU levels exceeding 80-90%. Many thanks, Matthew -- ________________________________________ Matthew A. Stansel Office of Information Security, ITS Yale University 100 Church St. South, Ste. 107 New Haven CT 06519 Land: 203.737.5260 Mobile: 203.623.3747 matthew.stansel () yale edu HIPAA notice: The information contained in this message may be privileged and confidential. If you are NOT the intended recipient, please notify the sender immediately with a copy to hipaa.security () yale edu and destroy this message. Please be aware that email communication can be intercepted in transmission or misdirected. Your use of email to communicate protected health information to us indicates that you acknowledge and accept the possible risks associated with such communication. Please consider communicating any sensitive information by telephone, fax or mail. If you do not wish to have your information sent by email, please contact the sender immediately. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX 535: High CPU, High-Latency Matthew Stansel (Oct 12)
- Re: PIX 535: High CPU, High-Latency David Swafford (Oct 12)
- Re: PIX 535: High CPU, High-Latency Eduardo Tongson (Oct 12)
- <Possible follow-ups>
- Re: PIX 535: High CPU, High-Latency Horvath, Kevin M. (Oct 12)