01-26-2009 05:57 AM - edited 03-11-2019 07:41 AM
I notice something strange on my ASA firewalls. Ehternet giants and overrun are reported as errors on interface statistics:
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Available but not configured via nameif
MAC address 001b.d5e8.d9d5, MTU not set
IP address unassigned
263506341 packets input, 124547185400 bytes, 0 no buffer
Received 1320 broadcasts, 0 runts, 1062 giants
1235 input errors, 0 CRC, 0 frame, 173 overrun, 0 ignored, 0 abort
0 L2 decode drops
392896020 packets output, 498645988982 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (2/33) software (0/0)
output queue (curr/max packets): hardware (0/168) software (0/0)
Is this behavior normal ?
01-26-2009 06:01 AM
what is being reported on the switchport?
do sh int count er
regards,
01-26-2009 08:17 AM
Nothing :(
SW#sh int gi 1/0/1
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001f.9e38.5201 (bia 001f.9e38.5201)
Description: FIREWALL
MTU 9198 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 3/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 16593000 bits/sec, 1516 packets/sec
30 second output rate 738000 bits/sec, 801 packets/sec
14472553827 packets input, 16025120050533 bytes, 0 no buffer
Received 1552528 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
10855667028 packets output, 5824823801669 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
The switch is a C3750E and the fw is a ASA5520. MTU on each ASA subinterface is 8192. All servers have MTU 8192.
01-26-2009 09:53 AM
I would do sh int count errors rather than just sh int. If not already done, I would also replace the patch cable.
01-26-2009 10:15 PM
I already did this. This is the third factory made 50cm ethernet cable. Looking to my second ASA box is discover the same thing:
Interface GigabitEthernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Description: Internet
MAC address 001a.e2ea.f76c, MTU 1500
IP address 1.1.2.5, subnet mask 255.255.255.0
233335600 packets input, 131866082681 bytes, 1199 no buffer
Received 36690 broadcasts, 0 runts, 0 giants
171 input errors, 0 CRC, 0 frame, 171 overrun, 0 ignored, 0 abort
0 L2 decode drops
... and ...
Interface GigabitEthernet0/1 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Available but not configured via nameif
MAC address 001a.e2ea.f76d, MTU not set
IP address unassigned
273084633 packets input, 261669211975 bytes, 0 no buffer
Received 6278 broadcasts, 0 runts, 0 giants
19 input errors, 0 CRC, 0 frame, 19 overrun, 0 ignored, 0 abort
0 L2 decode drops
It appears to be related to traffic speed. When traffic rise around 60Mbps this "errors" begin to appear. Both boxes are light loaded (cpu < 10%), no VPN on them, no inspections, no NAT, only blocked ports.
01-27-2009 05:31 AM
I am suspecting the MTU settings as a possible cause of the problem. Your switchport is set at a higher MTU than the ASA interface MTU.
Please read this from the output interpreter:
WARNING: There have been 171 'overruns' reported.
This shows the number of times that the receiver hardware was incapable of handling
received data to a hardware buffer because the input rate exceeded the receiver's
capability to handle the data. If the overruns are equal to input errors and
there are no CRC errors then at one point the ASA/PIX received packets faster
than it can handle. This is not a cause of concern and can be ignored.
TRY THIS: Verify that speed and duplex settings are hard-coded on the ASA/PIX
and on the other directly connected devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide