Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
1
Replies

ASA 5505 performance Issue?

ifabrizio
Level 1
Level 1

‎05-24-2012 03:33 AM - edited ‎03-11-2019 04:10 PM

Dear All,

I have installed a 5505 base license, configured to work in trasparent mode, between two server a Ecommerce sever and a Oracle Db.

The server is not administrated by me. The person that is the administrator coplain that sice i installed the Asa there are a slow response from same not well know application...

I check the Asa status:

sh cpu usage

CPU utilization for 5 seconds = 16%; 1 minute: 12%; 5 minutes: 11%

inside:

       received (in 1296713.630 secs):

               543160569 packets       80152388444 bytes

               1 pkts/sec     61000 bytes/sec

       transmitted (in 1296713.630 secs):

               941060390 packets       1069868441265 bytes

               0 pkts/sec     825001 bytes/sec

     1 minute input rate 100 pkts/sec, 31563 bytes/sec

     1 minute output rate 92 pkts/sec, 18290 bytes/sec

     1 minute drop rate, 0 pkts/sec

     5 minute input rate 59 pkts/sec, 20647 bytes/sec

     5 minute output rate 60 pkts/sec, 14287 bytes/sec

     5 minute drop rate, 0 pkts/sec

outside:

       received (in 1296713.640 secs):

               942479443 packets       1069979938069 bytes

               1 pkts/sec     825001 bytes/sec

       transmitted (in 1296713.640 secs):

              543181244 packets       80152174398 bytes

               1 pkts/sec     61000 bytes/sec

     1 minute input rate 100 pkts/sec, 18681 bytes/sec

     1 minute output rate 109 pkts/sec, 33032 bytes/sec

     1 minute drop rate, 2 pkts/sec

     5 minute input rate 63 pkts/sec, 14515 bytes/sec

     5 minute output rate 60 pkts/sec, 20729 bytes/sec

     5 minute drop rate, 2 pkts/sec

_internal_loopback:

       received (in 1296743.620 secs):

               1 packets       28 bytes

               0 pkts/sec     0 bytes/sec

       transmitted (in 1296743.620 secs):

               1 packets       28 bytes

               0 pkts/sec     0 bytes/sec

     1 minute input rate 0 pkts/sec, 0 bytes/sec

     1 minute output rate 0 pkts/sec, 0 bytes/sec

     1 minute drop rate, 0 pkts/sec

     5 minute input rate 0 pkts/sec, 0 bytes/sec

     5 minute output rate 0 pkts/sec, 0 bytes/sec

     5 minute drop rate, 0 pkts/sec

Ethernet0/1:

       received (in 1296769.140 secs):

               543168148 packets       92322250239 bytes

               1 pkts/sec     71001 bytes/sec

       transmitted (in 1296769.140 secs):

               941067280 packets       1086937797634 bytes

               0 pkts/sec     838000 bytes/sec

     1 minute input rate 73 pkts/sec, 31415 bytes/sec

     1 minute output rate 67 pkts/sec, 14296 bytes/sec

     1 minute drop rate, 0 pkts/sec

     5 minute input rate 59 pkts/sec, 21606 bytes/sec

     5 minute output rate 59 pkts/sec, 15317 bytes/sec

     5 minute drop rate, 0 pkts/sec

Ethernet0/7:

       received (in 1296788.090 secs):

               942558786 packets       1087112892477 bytes

               1 pkts/sec     838000 bytes/sec

       transmitted (in 1296788.090 secs):

               543191502 packets       92324964890 bytes

               1 pkts/sec     71003 bytes/sec

     1 minute input rate 102 pkts/sec, 20126 bytes/sec

     1 minute output rate 109 pkts/sec, 40918 bytes/sec

     1 minute drop rate, 0 pkts/sec

     5 minute input rate 63 pkts/sec, 15646 bytes/sec

     5 minute output rate 60 pkts/sec, 21956 bytes/sec

     5 minute drop rate, 0 pkts/sec

parmamon# sh perfmon

PERFMON STATS:                     Current      Average

Xlates                                0/s          0/s

Connections                           6/s          3/s

TCP Conns                             4/s          1/s

UDP Conns                             1/s          1/s

URL Access                            0/s          0/s

URL Server Req                        0/s          0/s

TCP Fixup                             0/s          0/s

TCP Intercept Established Conns       0/s          0/s

TCP Intercept Attempts                0/s          0/s

TCP Embryonic Conns Timeout           0/s          0/s

HTTP Fixup                            0/s          0/s

FTP Fixup                             0/s          0/s

AAA Authen                            0/s          0/s

AAA Author                            0/s          0/s

AAA Account                           0/s          0/s

VALID CONNS RATE in TCP INTERCEPT:    Current      Average

                                       N/A         53.85%

parmamon# sh blocks

SIZE   MAX   LOW   CNT

     0   400   393   400

     4   100     99     99

   80   100     75   100

   256   200   187   195

1550   6374   6341   6371

2048   1200   1170   1200

2560   264   264   264

4096   100   100   100

8192   100   100   100

16384   100   100   100

65536     16     16     16

The only thing that I notice on the sh block is that the 16384 blocks has a low value, if i have understand well

When the CNT column hits zero, the ASA attempts to  allocate more blocks, up to a maximum of 8192. If no more blocks are  available, the PIX drops the packet. It could determinate the application slow response?

Best regards,

Igor.

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-24-2012 06:48 AM

Hello,

Please post the configuration and the server Ip address.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card