From owner-freebsd-questions Sun Sep 2 3:54:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 268DE37B401 for ; Sun, 2 Sep 2001 03:54:15 -0700 (PDT) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f82As3X01096; Sun, 2 Sep 2001 03:54:03 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Joe Clarke" , "Chip" Cc: Subject: RE: replacing a cisco router with a fbsd box Date: Sun, 2 Sep 2001 03:54:03 -0700 Message-ID: <009f01c1339d$941264c0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 In-Reply-To: <20010901135855.A54990-100000@shumai.marcuscom.com> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke > >I realize I'm coming in a bit late on this, but I work for Cisco TAC, and >can say that with the recent Code Red thing, our NAT has seen a lot of >work. There have been bugs filed to be sure. I hope that you fix the one where the Cisco NAT doesen't tear down the address map as soon as the connection is closed. I saw that one on a 1005 running early 12.0 code when someone asked us why they could Telnet into a JetDirect card from the Internet that in reality had a private network number. Turned out they were telnetting into the overload number on a nat pool on the 1005. I never did get around to writing that one up because I figured it was an obvious hole that would be caught, but if your interested I'll dig up the particulars. Offloading NAT from a >router with a small amount of RAM will improve packet flow to be sure. In >fact, if you're experiencing lock-ups, I'd try that. It may help you >isolate the problem. FreeBSD's NAT is pretty good for most standard >protocols. I've found it's relatively easy to add support to. > But it doesen't so the DNS trick that you guys do which is very useful. :-( >Also, if you do find yourself having to reload, see if you're getting any >tracebacks. Do a show ver or show stack, and see what you can see. Those >memory addresses can be useful for tracking down bugs. > He was saying that when the router got hosed that they had to power-cycle which I take it to mean the device froze. It sounds suspiciously like flakey hardware to me. Maybe someone upgraded the ram with some random PC memory they had lying around? Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message