No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fault, USG5530 was unable to stop UDP flood atack

Publication Date:  2013-07-30 Views:  103 Downloads:  0
Issue Description
USG 5530 V300R001C00SPC900 received a UDP flood atack  on wan interface. Soon session table exhausted and this affect firewall performance.

Alarm Information
Logs warn us that session table was full.
Handling Process
Re-adjust udp-flood defend parameters as below to 20kps

[USG5500]firewall defend udp-flood interface g8/0/0 max-rate 20000

then, the result

Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors
Cellular0/1/0               down  up(s)       0%     0%          0          0
Eth-Trunk0                  up    up          3%     9%          0          0
  GigabitEthernet0/0/1      up    up          2%    14%          0          0
  GigabitEthernet0/0/2      up    up          8%     7%          0          0
  GigabitEthernet0/0/3      up    up          1%     5%          0          0
  GigabitEthernet0/0/4      up    up       0.66%     9%          0          0
GigabitEthernet0/0/0        up    up       0.01%  0.01%          0          0
GigabitEthernet0/0/5        down  down        0%     0%          0          0
GigabitEthernet0/0/6        down  down        0%     0%          0          0
GigabitEthernet0/0/7        down  down        0%     0%          0          0
GigabitEthernet0/0/8        down  down        0%     0%          0          0
GigabitEthernet8/0/0        up    up         31%     1%          0          0  \\\ flood on G8/0/0 see the load
GigabitEthernet8/0/1        down  down        0%     0%          0          0
NULL0                       up    up(s)       0%     0%          0          0
[USG5500-diagnose]dis cpu
[USG5500-diagnose]dis health
16:13:50  2013/07/17
Slot          CPU Usage     Memory Usage (Total)
-----------------------------------------------------
0 MPU(Master)  22%           50%         4096MB    \\\\\ stable
[USG5500-diagnose]dis fire s t
16:13:58  2013/07/17
Current Total Sessions : 8766

Root Cause
we check the configuration - customer used default value for max-rate 400kps
firewall defend udp-flood interface GigabitEthernet8/0/0 max-rate 400000
Suggestions
adjust parameters according to network traffic volume.

END