Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
0
Helpful
1
Replies

Dropping packets while Downloading

mskhalsa
Level 1
Level 1

‎10-25-2010 09:17 AM - edited ‎03-04-2019 10:15 AM

Hi All,

I have several 871 routers running IOS version c870-advipservicesk9-mz.124-9.T1.bin

They have been running great for a long time but recently they all started dropping packets while downloading items from any website. For example Symantec Liveupdate will start but stop after few hundred kb is downloaded, same is true for downloads from CNET, microsoft, etc.

While trying to figure out what was the cause we narrowed it down to this command:

ip inspect name SDM_HIGH appfw SDM_HIGH

And here are the details for this inspect rule:

appfw policy-name SDM_HIGH
  application im aol
    service default action reset alarm
    service text-chat action reset alarm
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action reset alarm
    service text-chat action reset alarm
    server deny name messenger.hotmail.com
    server deny name gateway.messenger.hotmail.com
    server deny name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action reset alarm
  application im yahoo
    service default action reset alarm
    service text-chat action reset alarm
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
    audit-trail on

Now the only thing that I see that can cause the issue is the inspection of HTTP traffic, however nothing on the routers has changed so I am not sure why the packets are dropping.

Any help with this would be much appreciated.

Thanks,

Mandeep

Labels:
0 Helpful
1 Reply 1

gephelps
Cisco Employee
Cisco Employee

‎11-05-2010 09:25 AM

You mention narrowing it down to a specific command. When the command is enabled do you see interface drops or high cpu while the downloads are in progress?

How are you determining packet loss? When a download stops, is it only the single session which is affected or all user traffic?

If these routers have bene in service with no config changes, then what has changed? Are you pushing more traffic through the routers than you used to?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card