Many of you folks may have noticed it but if you try to do a continues ping to your Cisco CUCM (5.X or above), you may notice that every 6th ping is being dropped. It only happens when you ping from Switch or Router or any device that sends ping packets at faster rate. You may not face the same issue when you ping from a normal PC.
The reason is the firewall policy on CUCM that rate-limits the ping packet just to protect CUCM from ICMP based attacked. You can view the firewall policy using this command.
admin:utils firewall ipv4 list
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 10/sec burst 5 LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `ping flood '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 10/sec burst 5 LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `ping flood '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
So next time you see it, just don't be scared. There is nothing wrong with the server or the NIC!!
No comments:
Post a Comment