Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I recently upgraded on of our L4 units to an 11503. Following the upgrade (identical configurations, only interface numbers changing etc) the 11503 is sitting on 100% cpu pretty much constantly. - Everything works, but the box is flat-out.It's very...
I'm having intermittent issues with DNS resolution where clients aim at a VIP for DNS, with requests farmed off to a cluster of resolvers. There is also a fairly vanilla group config for the VIP address and the services.Things generally work okay, b...
I'm currently using a CSS to provide redundancy across some nat-t VPN RAS sessions to some VPN concentrators (in different geographical areas) This works fine, but because I have to create content rules for both UDP 500 and UDP 4500 traffic, I'm con...
Doing a threat-risk on pix-pix LAN based failover with authentication and stateful options. On the failover LAN link itself I'm seeing EGP(8) and SCSP(105) unicast traffic whilst on the actual failover interfaces I only see SCSP. This makes sense g...
We are looking to acquire a SCA to use in conjunction with our CSS11000's. One issue that has come up is the use of sorry-servers should the SCA fail. One of the suggestions that has been made is that we could use the destination web server on 443 a...
Gilles,Yep, I accept that there are more scripts in use than I like. It doesn't explain why a newer (larger) L4 switch is running at sustained higher CPU than the older model it replaced.Any reasons you can think of?
Gilles,Around 100, mostly http script, some dns, and a handful of mail.The unit only has an SCM presentHere's output from some fairly typical cpuhog queries. Checking CPU HogTID Name Milliseconds--- ---- ----...
Hi Zach,Yes to HSRP/VRRP only on that segment. The L2 switch that the CSS connects to on that segment also filters bpdus on the CSS port.There have been no changes to config during the swapover, (other than interface numberings)It stood out because ...
Zach,There's no sign of any connection issues under load.No interface errorsBucketloads of multicast traffic on one particular interface. This is an interface that connects to a pair of routers (running hsrp) and the switch also runs vrrp to its par...
Zach,Nope, nothing in logs Running 7.40.0.04No to the web interface, console onlyA couple of spurious hits in show dos, (it's logically behind some IPS kit) nothing of any consequence.Sorry, can't post the config (angry-looking ITSM looking over my s...
