Pounding an ISR

Discussion in 'Cisco' started by amattina@layer8group.com, Nov 6, 2006.

  1. Guest

    This is somewhat of an update/continuation of the following thread:

    http://groups.google.com/group/comp...reation rate exceeded&rnum=2#8e51510dbb485122

    Basic rundown is that the 'ip inspect' functionality on a 2811 ISR
    (12.4) starts at 500/400 connections before it starts dropping and
    resetting communication. I upped this 500/400 default value to
    2000/1900 and everything was fixed and worked for about 3 months. I get
    another call today with the same symptoms and sure enough:

    ----
    ISR-001#show ip inspect stat
    Packet inspection statistics [process switch:fast switch]
    tcp packets: [24753726:469573947]
    udp packets: [119628550:270177156]
    ftp packets: [449452:0]
    Interfaces configured for inspection 1
    Session creations since subsystem startup or last reset 25632398
    Current session counts (estab/half-open/terminating) [235:3:0]
    Maxever session counts (estab/half-open/terminating) [2347:299:62]
    Last session created 00:00:00
    Last statistic reset never
    Last session creation rate 4455
    Last half-open session total 3
    Half-open session count or session creation rate exceeded
    ----

    'Last session creation rate 4455' is the key here. So I bump the limit
    up to 5000/4900. CPU on this device is between 25-35% util. throughout
    the day on a 4mbit uplink. Question is, (and for any discussion as
    well) how much will this thing take? I'll keep on upping the
    connection threshold until the CPU gets high enough to upgrade the
    device but any other ideas would be appreciated. I know 'ip inspect' is
    supposed to make processing faster by not parsing through the ACLs for
    every connection but does this become innefficient at any point?

    Thanks for your thoughts!
     
    , Nov 6, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    2
    Views:
    1,288
  2. newbies
    Replies:
    1
    Views:
    4,757
    www.BradReese.Com
    Jul 22, 2005
  3. Mr Corbett
    Replies:
    0
    Views:
    562
    Mr Corbett
    Oct 13, 2005
  4. Mr Corbett

    ISR 1801W & wireless workstations

    Mr Corbett, Oct 26, 2005, in forum: Cisco
    Replies:
    0
    Views:
    436
    Mr Corbett
    Oct 26, 2005
  5. DCS
    Replies:
    0
    Views:
    1,264
Loading...

Share This Page