08-22-2013 10:10 AM - last edited on 03-25-2019 05:51 PM by ciscomoderator
We are seeing rate limit drops on a new internet ethernet connection. I can't seem to find an explanation that does not have Qos in the reason for the rate limit drops.
Here is what we see on a ASA 5520 running 8.3.
Interface GigabitEthernet1/2 "outside", is up, line protocol is up
Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Media-type configured as RJ45 connector
Description: Outside connection to TWT port 0/1
MAC address c84c.xxxx.xxx, MTU 1500
IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.252
189630202 packets input, 151713633224 bytes, 0 no buffer
Received 201 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
168620541 packets output, 79755781476 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
406895 rate limit drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Traffic Statistics for "outside":
189563376 packets input, 148146509320 bytes
169040114 packets output, 76924197238 bytes
2782075 packets dropped
1 minute input rate 1398 pkts/sec, 1258861 bytes/sec
1 minute output rate 1195 pkts/sec, 418651 bytes/sec
1 minute drop rate, 8 pkts/sec
5 minute input rate 2109 pkts/sec, 1888351 bytes/sec
5 minute output rate 1881 pkts/sec, 1019056 bytes/sec
5 minute drop rate, 11 pkts/sec
When I do a 'sh run int g1/2' it shows nothing but the actual interface so I think that its not being dropped by us. The interface utilization is low so I dont think thats the issue.
I am sure there is an easy explanation of why there are packets dropping, does anyone have it?
THANKS!!!!
Solved! Go to Solution.
08-23-2013 01:27 AM
Can you clear the counters and test if they only occur on high load?
When you have set the IF to 100 and your inside is 1000, you can get packet drops because the connections from inside are too fast.
Michael
Please rate all helpful posts
08-22-2013 10:30 AM
Charlie,
Can you update to the latest Firmware (9.1.2) and ASDM (7.1.3) and see if the issue continues? You might also try hard setting G1/2 to 100MB/Full instead of Auto. If the issue continues after both of these, I would recommend placing a Cisco switch between G1/2 and the new internet connection as the issue may be on the ISP CPE ethernet connection to your ASA and may be corrected by the switch.
Shawn Eftink
CCNA/CCDA
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
08-22-2013 11:29 AM
Shawn,
Upgrading from 8.3 to 9.1 is not an option without extensive testing. (also, not really sure if this has any impact on the actual link, we get 90 up and down pretty consistently)
This was more of an educational/knowledge question than a 'I have a problem' question. I dont 'get it' and I can't google the answer so I thought I'd put it out there to a group that is a lot smarter than me. :-)
On circuit turn up the ISP and us had it hard set to 100/full and were getting errors and huge circuit degradation. In experimenting with adaptor setting the only way to run clean was for them to hard set and us in auto....
This firewall is directly connected to the ISP's ME3400E.
Thanks!
C.T.
08-22-2013 12:11 PM
Understood. When you say 90 Up/Down, is it 90 Up and 90 Down for a max potential of 180Mbps or is it a max potential of 90Mbps regardless of whether it's up or down?
Shawn Eftink
CCNA/CCDA
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
08-22-2013 12:29 PM
It is a 100Mb Ethernet link and get anywhere from 85-94Mb down and 83-89 up, which is OK.
I just got the ISP to give me stats out of their interface.
HSNN48H1C7001#sh int Fa0/1
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is xxx
Description: xxx
MTU 1546 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 19/255, rxload 5/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:09, output hang never
Last clearing of "show interface" counters 1w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1279487
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2123000 bits/sec, 774 packets/sec
5 minute output rate 7626000 bits/sec, 1065 packets/sec
517728225 packets input, 238568853356 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
625023464 packets output, 510019179129 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SO, there is no flow control on ISP, we can now see the RX and TX loads and they are nothing..... that takes me back to orginal question....where is the rate limiting happening that are being reporting at the interface level?? hmmm
Any insight would be greatly apperciated.
THANKS!!!!
08-23-2013 01:27 AM
Can you clear the counters and test if they only occur on high load?
When you have set the IF to 100 and your inside is 1000, you can get packet drops because the connections from inside are too fast.
Michael
Please rate all helpful posts
08-23-2013 11:39 AM
Michael,
You hit it.
While they do climb (at very little increase) during no load times,, when I flood it the counters start cranking up.
There is/was a simple explanation that makes perfect sense.
THANKS!!
C.T.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide