Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
1
Replies

PIX handling high volume of fragmented packets

scothartman
Level 1
Level 1

‎12-23-2002 01:23 PM - edited ‎02-20-2020 10:27 PM

Background:

PIX 525-UR running v6.2(2)

being hit by high volume of fragmented udp packets

(around 80+ Mbps)

cpu usage overing around 88%

traffic is being dropped by rule

about 10 Mbps is legit traffic

The firewall is holding it's own but I was wondering if anyone has any suggestions on some added streamlining that can be done while other avenues are looked at for a more permanent approach. (I'm already working other ways such as ISP, etc.)

Currently all unneeded fixups are off, logging is scaled back, interfaces are all 100/full.

I've seen these things push more traffic than this with less impact on the cpu but this is mostly small, fragmented packets. I'm aware that we are already approaching fastE limits so I'm not really looking to boost much more throughput, simply wondering if I can take some strain off the cpu.

Any insights would be appreciated.

Thanks,

Scot

0 Helpful
1 Reply 1

scothartman
Level 1
Level 1

‎12-23-2002 04:12 PM

Follow-up,

Looked at my graphs again. Volume is actually around 60 Mbps, not 80. So, theoretically it should be able to push more than it is. Still hovering around 85-89% on the cpu.

Scot

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card