Date: Sun, 2 Sep 2001 03:54:03 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Joe Clarke" <marcus@marcuscom.com>, "Chip" <chip@wiegand.org> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: replacing a cisco router with a fbsd box Message-ID: <009f01c1339d$941264c0$1401a8c0@tedm.placo.com> In-Reply-To: <20010901135855.A54990-100000@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke > >I realize I'm coming in a bit late on this, but I work for Cisco TAC, and >can say that with the recent Code Red thing, our NAT has seen a lot of >work. There have been bugs filed to be sure. I hope that you fix the one where the Cisco NAT doesen't tear down the address map as soon as the connection is closed. I saw that one on a 1005 running early 12.0 code when someone asked us why they could Telnet into a JetDirect card from the Internet that in reality had a private network number. Turned out they were telnetting into the overload number on a nat pool on the 1005. I never did get around to writing that one up because I figured it was an obvious hole that would be caught, but if your interested I'll dig up the particulars. Offloading NAT from a >router with a small amount of RAM will improve packet flow to be sure. In >fact, if you're experiencing lock-ups, I'd try that. It may help you >isolate the problem. FreeBSD's NAT is pretty good for most standard >protocols. I've found it's relatively easy to add support to. > But it doesen't so the DNS trick that you guys do which is very useful. :-( >Also, if you do find yourself having to reload, see if you're getting any >tracebacks. Do a show ver or show stack, and see what you can see. Those >memory addresses can be useful for tracking down bugs. > He was saying that when the router got hosed that they had to power-cycle which I take it to mean the device froze. It sounds suspiciously like flakey hardware to me. Maybe someone upgraded the ram with some random PC memory they had lying around? Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009f01c1339d$941264c0$1401a8c0>