01-20-2011 04:33 AM - edited 03-11-2019 12:37 PM
Hello,
I have an ASA5540 running V8.2.1 equipped with an ASA-SSM-20 running IPS-K9-6.2-2.
The ASA internal-data0/0 interface, aimed to communicate with the ASA-SSM-20 Gi0/1 interface exhibits some underrun errors increase.Physical outside and inside gigabit interfaces remain steady.
The ASA redirects all traffic through the SSM for inspection between the inside interface to or from the outside interface, where many IPSec tunnels terminate. I observed that most of the times the internal-data0/0 interface underruns increase precisely when a server located in the remote side of an specific L2L tunnel is transfering large FTP files (several Gb long) to an internal FTP server.
According with the documentation, underruns are the number of times that the transmitter ran faster than the adaptive security appliance could handle . All this leads me to consider that the ASA is unable to handle bursty traffic to or from the SSM-20 module, thus some kind of QoS should be necessary.
I would really appreciate any idea of what to do to mitigate this effect.
Regards in advance.
Interface Internal-Data0/0 "", is up, line protocol is up
Hardware is i82547GI rev00, BW 1000 Mbps, DLY 10 usec
(Full-duplex), (1000 Mbps)
MAC address 0000.0001.0002, MTU not set
IP address unassigned
2488409935 packets input, 1619369509464 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
2488409940 packets output, 1619369474024 bytes, 7719 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (511/486)
output queue (blocks free curr/low): hardware (511/0
01-23-2011 05:29 PM
Check this out: https://supportforums.cisco.com/docs/DOC-13103
You are correct.
An Overrun is when an incoming (ingress) packet hits the PIX's NIC, and the rx ring is full. This is generally caused by elevated CPU, or cpu hogs or infected hosts.
An Underrun is when part of the packet is in the tx ring, and the driver starts transmitting it on the wire, but is unable to get the remaining part of the packet by the time it has finished transmitting the first part.
-KS