On Fri, Mar 29, 2002 at 09:59:58AM +0100, Harald Welte wrote: > > > b) Why does it occure primarily with the Cisco Content Switch. The > > numbers were much lower > > before utilising the content switch! So the CSS is ACK flooding! Is > > there a strange > > interaction between the CSS and netfilter? > > I have no Idea. I don't even know the Cisco product you are talking about.
Harald, if your suspicion about ACK storms (externally triggered by some random attacker) are correct, then the CSS may have nothing to do with it, except having been in operation only when a stronger / longer ACK storm was active. In other words: a mere coincidence. The Cisco Content Switch is a glorified LocalDirector, as fas as I know. The usual per-TCP-connection loadbalancing, similar to linuxvirtualserver.org. We have the "sister product", IOS SLB on Catalyst 6xxx switches (also Cisco), in operation against a large number of conntracking servers, and no specific problems due to SLB or conntracking on the servers. best regards Patrick
