https://community.cisco.com/t5/network-security/asa-5550-interface-problems/m-p/957699#M940957 <P>Hi guys,</P><P></P><P>I have 2 firewalls ASA5550 in failover mode, in the data sheet says that maximum throughput is 1.2G, but when the outside firewall traffic comes up to 750Mb, i start to have a lot of problems, like packet drops. When the traffic arrives at 800Mb the firewall stop to process the outside failover packets, and drop all packets in the outside interface.</P><P></P><P>Here are the show interface command:</P><P></P><P>Interface GigabitEthernet0/0 "outside", is up, line protocol is up</P><P> Hardware is i82546GB rev03, BW 1000 Mbps</P><P> Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)</P><P> MAC address 001a.e2ea.e674, MTU 1500</P><P> IP address xxx.xxx.xxx.xxx, subnet mask xxx.xxx.xxx.xxx</P><P> 47486821698 packets input, 3893958800868 bytes, 19892367 no buffer</P><P> Received 16876 broadcasts, 0 runts, 0 giants</P><P> 0 input errors, 0 CRC, 0 frame, 62954747 overrun, 0 ignored, 0 abort</P><P> 0 L2 decode drops</P><P> 81891090643 packets output, 108809258427982 bytes, 3695 underruns</P><P> 0 output errors, 0 collisions</P><P> 0 late collisions, 0 deferred</P><P> input queue (curr/max blocks): hardware (0/0) software (0/0)</P><P> output queue (curr/max blocks): hardware (1/511) software (0/0)</P><P> Traffic Statistics for "outside":</P><P> 47485878509 packets input, 2841926097278 bytes</P><P> 81891094335 packets output, 107330895810065 bytes</P><P> 89951783 packets dropped</P><P> 1 minute input rate 17131 pkts/sec, 1077743 bytes/sec</P><P> 1 minute output rate 29928 pkts/sec, 38704909 bytes/sec</P><P> 1 minute drop rate, 36 pkts/sec</P><P> 5 minute input rate 17847 pkts/sec, 1059781 bytes/sec</P><P> 5 minute output rate 31439 pkts/sec, 41073382 bytes/sec</P><P> 5 minute drop rate, 36 pkts/sec</P><P></P><P>The overrun and no buffer are to high. It's possible that the ASA5550 has the maximum real throughput less than 800Mb?</P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 12:17:49 GMT alexbonatti 2019-03-11T12:17:49Z https://community.cisco.com/t5/network-security/asa-5550-interface-problems/m-p/957699#M940957 <P>Hi guys,</P><P></P><P>I have 2 firewalls ASA5550 in failover mode, in the data sheet says that maximum throughput is 1.2G, but when the outside firewall traffic comes up to 750Mb, i start to have a lot of problems, like packet drops. When the traffic arrives at 800Mb the firewall stop to process the outside failover packets, and drop all packets in the outside interface.</P><P></P><P>Here are the show interface command:</P><P></P><P>Interface GigabitEthernet0/0 "outside", is up, line protocol is up</P><P> Hardware is i82546GB rev03, BW 1000 Mbps</P><P> Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)</P><P> MAC address 001a.e2ea.e674, MTU 1500</P><P> IP address xxx.xxx.xxx.xxx, subnet mask xxx.xxx.xxx.xxx</P><P> 47486821698 packets input, 3893958800868 bytes, 19892367 no buffer</P><P> Received 16876 broadcasts, 0 runts, 0 giants</P><P> 0 input errors, 0 CRC, 0 frame, 62954747 overrun, 0 ignored, 0 abort</P><P> 0 L2 decode drops</P><P> 81891090643 packets output, 108809258427982 bytes, 3695 underruns</P><P> 0 output errors, 0 collisions</P><P> 0 late collisions, 0 deferred</P><P> input queue (curr/max blocks): hardware (0/0) software (0/0)</P><P> output queue (curr/max blocks): hardware (1/511) software (0/0)</P><P> Traffic Statistics for "outside":</P><P> 47485878509 packets input, 2841926097278 bytes</P><P> 81891094335 packets output, 107330895810065 bytes</P><P> 89951783 packets dropped</P><P> 1 minute input rate 17131 pkts/sec, 1077743 bytes/sec</P><P> 1 minute output rate 29928 pkts/sec, 38704909 bytes/sec</P><P> 1 minute drop rate, 36 pkts/sec</P><P> 5 minute input rate 17847 pkts/sec, 1059781 bytes/sec</P><P> 5 minute output rate 31439 pkts/sec, 41073382 bytes/sec</P><P> 5 minute drop rate, 36 pkts/sec</P><P></P><P>The overrun and no buffer are to high. It's possible that the ASA5550 has the maximum real throughput less than 800Mb?</P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 12:17:49 GMT https://community.cisco.com/t5/network-security/asa-5550-interface-problems/m-p/957699#M940957 alexbonatti 2019-03-11T12:17:49Z https://community.cisco.com/t5/network-security/asa-5550-interface-problems/m-p/957700#M940958 <HTML><HEAD></HEAD><BODY><P>Usually the overrun packets means that the interface is handling more traffic than what it can so it is getting overwhelmed with traffic.</P></BODY></HTML> Fri, 14 Mar 2008 22:24:45 GMT https://community.cisco.com/t5/network-security/asa-5550-interface-problems/m-p/957700#M940958 allanc_16 2008-03-14T22:24:45Z https://community.cisco.com/t5/network-security/asa-5550-interface-problems/m-p/957701#M940959 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Overruns just means that the interface is receiving more traffic than the one it can handle so you should take a look to the device connected to that interface.</P><P></P><P>On the other hand, did you clear the counters before getting those outputs? Otherwise, those counters are since the firewall is up.</P><P></P><P>In addition to the mentioned above, drops is not synonym of issues. Drops can also be caused due to policies you have in the configuration such as ACLs, inspections, etc.</P></BODY></HTML> Sun, 16 Mar 2008 02:33:28 GMT https://community.cisco.com/t5/network-security/asa-5550-interface-problems/m-p/957701#M940959 jojuarez 2008-03-16T02:33:28Z