Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
0
Helpful
1
Replies

FWSM with contexts - Broadcast storm impact CPU

feliperodero
Level 1
Level 1

‎12-21-2011 10:51 PM - edited ‎03-11-2019 03:05 PM

Hi,

we have a FWSM (4.1(5)) configured with several contexts.

Last day we had a broadcast storm in one VLAN connected to one FWSM context and all contexts were impacted with loss of service.

We could check that CPU in impacted context went to 50 - 60 % but in fact service allocated in other contexts were impacted.

We have Resource Class implemented, but there is nothing about CPU usage (only connections, xlates, .... ).

Any idea about how to protect contexts against a broadcast storm or high CPU usage in one context ?

Thanks a lot

Felipe

Labels:
0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎12-22-2011 06:10 AM

Hi Felipe,

Unfortunately, the FWSM's CPU is not virtualized across contexts like the conn tables, xlate tables, etc are. High CPU caused by traffic in one context will indeed affect traffic on other contexts on the same physical firewall, which is a limitation of the architecture.

-Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card