Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   















      :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] FYI: 7200/nbar crash


  • To: <ioz@internet.org.za>
  • Subject: [inet-admins] FYI: 7200/nbar crash
  • From: "Dmitri Kalintsev" <dek@hades.uz>
  • Date: Fri, 21 Sep 2001 10:43:30 +1000
  • Delivered-to: inet-adm-outgoing@frog.east.ru
  • Delivered-to: inet-admins@info.east.ru

For those who have NBAR enabled on their 7200's.

SY,
--
 CCNP, CCDP (R&S)                          Dmitri E. Kalintsev
 CDPlayer@irc               Network Architect @ connect.com.au
 dek @ connect.com.au    phone: +61 3 9674 3913 fax: 9251 3666
 http://-UNAVAIL-         UIN:7150410  mobile: +61 414 821 382

----- Original Message -----
From: "[censored]" <[censored]@cisco.com>
Sent: 21 Sep 2001 10:30
Subject: 7200/nbar crash


> Hi Dmitri
>
>
> It might be:-
>
>
> CSCdv06207 NBAR access-lists may cause a bus error on a c7200
>
> This has been made worse by nimda.
>
>
> Here is the release note:-
>
> ---------------------------------------------------------------------
>   Configuring Network-Based Application Recognition and Access Control
> Lists on
>   a Cisco7200 may cause a bus error. This happens when a stateful
> session closes
>   at exactly the same time that the system tries to timeout the same
> flow. The
>   only known workaround for this problem is to use `ip nbar resources #
> # #'
>   command to extend the time until the system will try to timeout an unused
>   flow. For example : `ip nbar resources 600 1000 50' will make the system
>   wait 10 minutes (600 seconds) until it tries to clean up a flow. The
> longer
>   delay will make it vanishingly unlikely that a RST or FIN packet will
> arrive
>   at the same time.
> ---------------------------------------------------
>
>
> In internal cisco maling lists - the following has been suggested
>
>  >I would do the following :  ( make sure you have enough memory )
>  >
>  >ip nbar resources 600 2000 200
>
>
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121l
imit/121e/121e2/nbar2e.htm#xtocid297938>
>


=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on http://info.east.ru/rus/inetadm.html



 




Copyright © Lexa Software, 1996-2009.