Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2455
Views
10
Helpful
8
Replies

ASA 5545 Overrun on Interface Inside

Go to solution
oyindamola15
Level 1
Level 1

‎11-02-2015 07:17 AM - edited ‎03-11-2019 11:49 PM

The only thing that changed the network was traffic.

Our traffic almost doubled and the inside interface had input error = overrun. The counter was increasing in real time.

Implementing flow control with the default values solved the problem.
Really easy to turn flow control on.

Interface config mode
(config-if) flowcontrol send on

We will be replacing the ASA with a 5555 that should be able to handle the traffic.

Fingers crossed.

Has anyone had interesting experiences with overrun or underrun on ASA interfaces?
How did it impact your end users and how did you resolve the issue?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-02-2015 11:26 PM

Hi there,

If enabling the Flow control resolved the issue then it means it is more of micro traffic burst which causing those overruns. When traffic comes faster than what ASA descriptor ring could process then traffic is being dropped on FIFO queue level.

Try calcultating if you are not oversubscribing the ASA. replacing ASA with ASA5555 might resolve the isuse. However if the issue is more of micro burst traffic, then ASA5555 might also get this issue.

Use link below to understanding the troubleshooting you could perform :

https://supportforums.cisco.com/document/47506/asa-oversubscription-interface-errors-troubleshooting

Hope it helps.

Regards,

Akshay Rastogi

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-02-2015 11:26 PM

Hi there,

If enabling the Flow control resolved the issue then it means it is more of micro traffic burst which causing those overruns. When traffic comes faster than what ASA descriptor ring could process then traffic is being dropped on FIFO queue level.

Try calcultating if you are not oversubscribing the ASA. replacing ASA with ASA5555 might resolve the isuse. However if the issue is more of micro burst traffic, then ASA5555 might also get this issue.

Use link below to understanding the troubleshooting you could perform :

https://supportforums.cisco.com/document/47506/asa-oversubscription-interface-errors-troubleshooting

Hope it helps.

Regards,

Akshay Rastogi

0 Helpful

Go to solution
oyindamola15
Level 1
Level 1
In response to Akshay Rastogi

‎11-03-2015 05:45 AM

Hi Akshay,

Thank you for the detailed reponse.

I eventually opened a case with Cisco TAC. We may be oversubsribing the ASA.

It had a throughput of 1.1Gbps out of 1.5Gbps that it should be able to support.

The Engineer stated traffic burst as the cause of the issue. Enabling flow control solved the problem on the inside interface but the outside interface in now experiencing overruns as well.

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to oyindamola15

‎11-03-2015 05:45 AM

Hi there,

1.1 out of 1.5 gbps is close to oversubscription and micro burst could make it worse. So as mentioned and confirmed by tac it is a traffic burst and flow control is the best option to tackle that.

I believe same thing could be there on Outside Interface as well. If possible, you could implement the same or look for oversubscription as you are close to that.

Regards,

Akshay Rastogi

Remember to mark the answer as correct if it answers your queries or rate the helpful posts.

 

Go to solution
Rishabh Seth
Level 7
Level 7
In response to oyindamola15

‎11-03-2015 10:40 AM

Hi,

If microbursts are seen in the network then you should check if it caused by legitimate traffic or not. There could be an option infected host generating bursts of traffic.

If microbursts are legit then I would say you should try smoothening of traffic using traffic shaping or rate limiting.

Flow control is more like a temporary fix, try to investigate the cause of microbursts as it affect any device

HTH.

RS

Go to solution
oyindamola15
Level 1
Level 1
In response to Rishabh Seth

‎11-09-2015 06:10 AM

Thanks for the response. Is there a tool you can recommend to help us find if the micoburst is caused by an infected host? Or to verify the traffic burst is legit?

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to oyindamola15

‎11-09-2015 06:40 AM

Hi,

There is no specific tool as such. However you could take SPAN capture on switch for destination port as the port connected to ASA and analyze it through flow graph in Wireshark with tick to .01 or .001 sec.

Also you could check what host could be making a lot of connections, use the below command:

show local-host connection embryonic 500 | in host|count/limit
show local-host connection tcp 1000 | in host|count/limit
show local-host connection udp 1000 | in host|count/limit

These commands would show you hosts which are making lot of connections. Check if those hosts are allowed to make those many connections.

Hope it helps.

Regards,

Akshay Rastogi

0 Helpful

Go to solution
oyindamola15
Level 1
Level 1
In response to Akshay Rastogi

‎11-13-2015 06:32 AM

Thank s!

The commands helped. I was however able to verify that it was all legitimate traffic.

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to oyindamola15

‎11-14-2015 11:20 PM

Hi,

That means you need to control the legitimate traffic and if they are all suppose to make these many connections and the way they are sending traffic, then you are already using the flow control so could go through the same or try policing or shapping.

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card