Guest

Preview Tool

Cisco Bug: CSCul64097 - ZBFW: SYN cookie counter problem in case 624547733

Last Modified

Dec 11, 2015

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

15.2(4)S

Description (partial)

Symptom:
ZBFW SYN cookie counter shows positive number although the real number of half open sessions have dropped to zero. 

Since the counter is used to trigger SYN cookie once it is over the configured limit, this is causing the SYN cookie protection to always kick in regardless of the real situation, which drags down the network performance.

Conditions:
SYN cookie feature needs to be configured, and it is configured to protect per VRF or global number of half open sessions.

The counter error only happens under some race condition which needs particular and supposedly high traffic load to trigger
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.