Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10849
Views
0
Helpful
3
Replies

out of order tcp packets?

tiwang
Level 3
Level 3

‎08-16-2011 04:33 AM - edited ‎03-11-2019 02:12 PM

hi out there

We have been digging a bit in "bad" http throughput at some sites through our ASA 5510/5520'eres - the boxes itself are not that loaded so that we would expect bad througput but some sites load very slow thorugh these boxes and through the "show asp" command I can see that we drop packets in a out of order que (ok - those dropped are dups accoring to the description):

gw# sh asp drop frame

  No valid adjacency (no-adjacency)                                         3531

  Reverse-path verify failed (rpf-violated)                                47101

  Flow is denied by configured rule (acl-drop)                            505169

  First TCP packet not SYN (tcp-not-syn)                                    1525

  TCP failed 3 way handshake (tcp-3whs-failed)                              3472

  TCP RST/FIN out of order (tcp-rstfin-ooo)                                 4952

  TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff)                             2

  TCP packet SEQ past window (tcp-seq-past-win)                              131

  TCP RST/SYN in window (tcp-rst-syn-in-win)                                   6

  TCP dup of packet in Out-of-Order queue (tcp-dup-in-queue)               50654

  TCP packet failed PAWS test (tcp-paws-fail)                                 24

  Slowpath security checks failed (sp-security-failed)                     21401

  FP L2 rule drop (l2_acl)                                                    

We have not defined any tcp-map to handle these our-of-order packets - but how is default behavior of the ASA for packets received a bit out of order? how huge is the default que etc for holding and handling these sessions? Is there a way to debug/log how often http sessions are received out-of-order ?

best regards /ti                        

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎08-17-2011 11:37 AM

Hi,

Not a very easy way to, but you can set a capture wide open on the interface and check the out of order packets. By any chance do you have an IPS module?

Mike.

Mike
0 Helpful

tiwang
Level 3
Level 3
In response to Maykol Rojas

‎08-18-2011 01:06 AM

hi again

yes we have SSM-20 in these boxes

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to tiwang

‎08-31-2011 12:34 PM

Hi,

The ASA is actually saying there are dups of packets in out-of-order queue. packets arriving out of order for a TCP connection is pretty normal but a lot of out of order packets can affect throughput.

On the ASA, do you have inspection for http configured? What about threat-detection? If you bypass the IPs module in it, do you find the throughput satisfactory?

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card