Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
0
Helpful
2
Replies

ASA 5550 - Interface Problems

alexbonatti
Level 1
Level 1

‎03-14-2008 11:27 AM - edited ‎03-11-2019 05:17 AM

Hi guys,

I have 2 firewalls ASA5550 in failover mode, in the data sheet says that maximum throughput is 1.2G, but when the outside firewall traffic comes up to 750Mb, i start to have a lot of problems, like packet drops. When the traffic arrives at 800Mb the firewall stop to process the outside failover packets, and drop all packets in the outside interface.

Here are the show interface command:

Interface GigabitEthernet0/0 "outside", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps

Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)

MAC address 001a.e2ea.e674, MTU 1500

IP address xxx.xxx.xxx.xxx, subnet mask xxx.xxx.xxx.xxx

47486821698 packets input, 3893958800868 bytes, 19892367 no buffer

Received 16876 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 62954747 overrun, 0 ignored, 0 abort

0 L2 decode drops

81891090643 packets output, 108809258427982 bytes, 3695 underruns

0 output errors, 0 collisions

0 late collisions, 0 deferred

input queue (curr/max blocks): hardware (0/0) software (0/0)

output queue (curr/max blocks): hardware (1/511) software (0/0)

Traffic Statistics for "outside":

47485878509 packets input, 2841926097278 bytes

81891094335 packets output, 107330895810065 bytes

89951783 packets dropped

1 minute input rate 17131 pkts/sec, 1077743 bytes/sec

1 minute output rate 29928 pkts/sec, 38704909 bytes/sec

1 minute drop rate, 36 pkts/sec

5 minute input rate 17847 pkts/sec, 1059781 bytes/sec

5 minute output rate 31439 pkts/sec, 41073382 bytes/sec

5 minute drop rate, 36 pkts/sec

The overrun and no buffer are to high. It's possible that the ASA5550 has the maximum real throughput less than 800Mb?

Labels:
Preview file
13 KB
0 Helpful
2 Replies 2

allanc_16
Level 1
Level 1

‎03-14-2008 03:24 PM

Usually the overrun packets means that the interface is handling more traffic than what it can so it is getting overwhelmed with traffic.

0 Helpful

jojuarez
Level 1
Level 1

‎03-15-2008 07:33 PM

Hi,

Overruns just means that the interface is receiving more traffic than the one it can handle so you should take a look to the device connected to that interface.

On the other hand, did you clear the counters before getting those outputs? Otherwise, those counters are since the firewall is up.

In addition to the mentioned above, drops is not synonym of issues. Drops can also be caused due to policies you have in the configuration such as ACLs, inspections, etc.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card