«

This is somewhat of an update/continuation of the following thread:

http://groups.google.com/group/comp....51510dbb485122

Basic rundown is that the 'ip inspect' functionality on a 2811 ISR
(12.4) starts at 500/400 connections before it starts dropping and
resetting communication. I upped this 500/400 default value to
2000/1900 and everything was fixed and worked for about 3 months. I get
another call today with the same symptoms and sure enough:

----
ISR-001#show ip inspect stat
Packet inspection statistics [process switch:fast switch]
tcp packets: [24753726:469573947]
udp packets: [119628550:270177156]
ftp packets: [449452:0]
Interfaces configured for inspection 1
Session creations since subsystem startup or last reset 25632398
Current session counts (estab/half-open/terminating) [235:3:0]
Maxever session counts (estab/half-open/terminating) [2347:299:62]
Last session created 00:00:00
Last statistic reset never
Last session creation rate 4455
Last half-open session total 3
Half-open session count or session creation rate exceeded
----

'Last session creation rate 4455' is the key here. So I bump the limit
up to 5000/4900. CPU on this device is between 25-35% util. throughout
the day on a 4mbit uplink. Question is, (and for any discussion as
well) how much will this thing take? I'll keep on upping the
connection threshold until the CPU gets high enough to upgrade the
device but any other ideas would be appreciated. I know 'ip inspect' is
supposed to make processing faster by not parsing through the ACLs for
every connection but does this become innefficient at any point?

Thanks for your thoughts!