CIsco 891-K9 OoO queue overflow - Cisco Community

767

Views

0

Helpful

1

Replies

Cisco 891-K9 router, very basic config, minimal firewall in place.

I keep getting warnings in the log:

Dropping TCP Segment:xxxx is out-of-order... Reason:TCP reassembly queue overflow....

I have increased the size of the ooo queue etc. as follows (increased incrementally up to this point...):

parameter-map type ooo global

tcp reassembly timeout 10

tcp reassembly queue length 128

tcp reassembly memory limit 6144

but I am still getting the same errors in the log. The frequency of them has decreased, but there are still well over 150/day. Anyone have any ideas on where I should go from here?

Thanks!

1 Reply 1

Hello Joel,

Receiving OOO packets it's an issue out of your box, you should not receive this, you should contact your ISP if they are comming from the outside,

Anyway try the following :

ip inspect tcp reassembly

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i2.html#wp1063773

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card