06-07-2013 02:34 PM - edited 03-11-2019 06:54 PM
Hi Guys,
I am facing packet drop issue on Cisco ASA 5520 after configuring its Gi0/0 & Gi0/1 = po1 and Gi0/2 & Gi0/3 = po2.
Its not showing any packet drop on interface but showing drops in port-channel description.
i have tried harcoded it but its still facing packet drop issue.
IOS version of the device is 8.4.4.1
Please give any inputs on the same.
Regards
Pankaj
06-07-2013 02:39 PM
Hello Pankaj,
Can you share the output you are seeing?
Regards,
06-09-2013 11:06 PM
Please find the outpot
ASA1/pri/act# sh int gi 0/0
Interface GigabitEthernet0/0 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
Active member of Port-channel1
MAC address fc99.472a.32ee, MTU 1500
IP address unassigned
167244901 packets input, 89026807839 bytes, 0 no buffer
Received 2700 broadcasts, 0 runts, 0 giants
3630 input errors, 0 CRC, 0 frame, 3630 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
261381816 packets output, 288945883007 bytes, 283 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 14 interface resets
0 late collisions, 0 deferred
530 input reset drops, 2 output reset drops, 2 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
ASA1/pri/act# sh int gi 0/1
Interface GigabitEthernet0/1 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
Active member of Port-channel1
MAC address fc99.472a.32ef, MTU 1500
IP address unassigned
123428655 packets input, 63233794065 bytes, 0 no buffer
Received 15177 broadcasts, 0 runts, 0 giants
62 input errors, 0 CRC, 0 frame, 62 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
100741628 packets output, 70971427169 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 17 interface resets
0 late collisions, 0 deferred
330 input reset drops, 2 output reset drops, 1 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/155)
ASA1/pri/act# sh int gi 0/2
Interface GigabitEthernet0/2 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
Active member of Port-channel2
MAC address fc99.472a.32f0, MTU 1500
IP address unassigned
191700678 packets input, 181939853856 bytes, 0 no buffer
Received 865210 broadcasts, 0 runts, 0 giants
9 input errors, 0 CRC, 0 frame, 9 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
204422549 packets output, 96429528747 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
127 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/90)
ASA1/pri/act# sh int gi 0/3
Interface GigabitEthernet0/3 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
Active member of Port-channel2
MAC address fc99.472a.32f1, MTU 1500
IP address unassigned
190847293 packets input, 180132375161 bytes, 0 no buffer
Received 925563 broadcasts, 0 runts, 0 giants
3 input errors, 0 CRC, 0 frame, 3 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
97645718 packets output, 58675326682 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 2 interface resets
0 late collisions, 0 deferred
83 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/80)
ASA1/pri/act# sh int po1
Interface Port-channel1 "outside", is up, line protocol is up
Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address fc99.472a.32ee, MTU 1500
IP address 172.22.144.61, subnet mask 255.255.255.0
Traffic Statistics for "outside":
295254805 packets input, 147547605262 bytes
369588543 packets output, 360085482881 bytes
1926377 packets dropped
1 minute input rate 5560 pkts/sec, 2258872 bytes/sec
1 minute output rate 8538 pkts/sec, 6431842 bytes/sec
1 minute drop rate, 31 pkts/sec
5 minute input rate 6254 pkts/sec, 1892007 bytes/sec
5 minute output rate 10055 pkts/sec, 8174594 bytes/sec
5 minute drop rate, 33 pkts/sec
Members in this channel:
Active: Gi0/0 Gi0/1
ASA1/pri/act# sh int po2
Interface Port-channel2 "inside", is up, line protocol is up
Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address fc99.472a.32f0, MTU 1500
IP address 172.21.144.61, subnet mask 255.255.255.0
Traffic Statistics for "inside":
389622667 packets input, 361181279514 bytes
306507921 packets output, 150120300631 bytes
5511445 packets dropped
1 minute input rate 8912 pkts/sec, 6450456 bytes/sec
1 minute output rate 5851 pkts/sec, 2325695 bytes/sec
1 minute drop rate, 44 pkts/sec
5 minute input rate 10439 pkts/sec, 8194380 bytes/sec
5 minute output rate 6550 pkts/sec, 1959800 bytes/sec
5 minute drop rate, 48 pkts/sec
Members in this channel:
Active: Gi0/2 Gi0/3
ASA1/pri/act# sh run int gi 0/0
!
interface GigabitEthernet0/0
channel-group 1 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int gi 0/1
!
interface GigabitEthernet0/1
channel-group 1 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int gi 0/2
!
interface GigabitEthernet0/2
channel-group 2 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int gi 0/3
!
interface GigabitEthernet0/3
channel-group 2 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int po1
!
interface Port-channel1
nameif outside
security-level 0
ip address 172.22.x.x 255.255.255.0 standby 172.22.x.x
ASA1/pri/act# sh run int po2
!
interface Port-channel2
nameif inside
security-level 100
ip address 172.21.x.x 255.255.255.0 standby 172.21.x.x
06-10-2013 08:00 AM
Bear in mind that a 5520 only has about 620 Mbit/s of backplane bandwidth, so it is very easy to overload it, and portchannels aren't likely to help with performance, since you can't saturate a single gigabit link with a 5520, much less two. I had to upgrade to 5525-x hardware to get rid of my overrun/underrun problems on 5520's.
It doesn't appear that the memory allocations are particularly user tunable, except for the QoS settings.
-- Jim Leinweber, WI State Lab of Hygiene
06-10-2013 09:46 AM
Hello Narendra,
Well the first thing I have to point out here is that normally when you do a show interface x/x you will see the packet-drop counter . I would say that in this case as both interfaces are being used on a port-channel (logically speaking the amount of drops of both interfaces will be shown over the port-channel interface).
What you have to remember is that the packet-drop count here refers to packet being denied by the ASP algorithm of the ASA, is not a layer2/1 issue,
For extra information
http://www.cisco.com/en/US/products/ps6120/products_qanda_item09186a0080bd250b.shtml
Note(What happens if you use the show traffic command)
Hope that I could help,
If you do not have any other question please mark it as answered,
Regards
06-11-2013 11:11 PM
Here are the output of show traffic
ASA1/pri/act# show traffic
outside:
received (in 383300.050 secs):
779563276 packets 430967656886 bytes
2000 pkts/sec 1124002 bytes/sec
transmitted (in 383300.050 secs):
941840573 packets 663870132850 bytes
2008 pkts/sec 1731010 bytes/sec
1 minute input rate 4418 pkts/sec, 2895043 bytes/sec
1 minute output rate 6138 pkts/sec, 2157367 bytes/sec
1 minute drop rate, 44 pkts/sec
5 minute input rate 4108 pkts/sec, 2696018 bytes/sec
5 minute output rate 5933 pkts/sec, 1999068 bytes/sec
5 minute drop rate, 39 pkts/sec
inside:
received (in 383298.530 secs):
993262369 packets 666558721792 bytes
2008 pkts/sec 1739006 bytes/sec
transmitted (in 383298.530 secs):
809950306 packets 437895020785 bytes
2001 pkts/sec 1142001 bytes/sec
1 minute input rate 6189 pkts/sec, 2161932 bytes/sec
1 minute output rate 4379 pkts/sec, 2880046 bytes/sec
1 minute drop rate, 43 pkts/sec
5 minute input rate 5985 pkts/sec, 2003741 bytes/sec
5 minute output rate 4073 pkts/sec, 2683190 bytes/sec
5 minute drop rate, 43 pkts/sec
FO:
received (in 2403893.490 secs):
3994577 packets 339659492 bytes
1 pkts/sec 0 bytes/sec
transmitted (in 2403893.490 secs):
33059836 packets 19648244072 bytes
1 pkts/sec 8000 bytes/sec
1 minute input rate 1 pkts/sec, 145 bytes/sec
1 minute output rate 86 pkts/sec, 90606 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 145 bytes/sec
5 minute output rate 90 pkts/sec, 95443 bytes/sec
5 minute drop rate, 0 pkts/sec
----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
received (in 1940.260 secs):
5913274 packets 4247958198 bytes
3047 pkts/sec 2189375 bytes/sec
transmitted (in 1940.260 secs):
5245236 packets 1235684425 bytes
2703 pkts/sec 636865 bytes/sec
1 minute input rate 3040 pkts/sec, 2059828 bytes/sec
1 minute output rate 2857 pkts/sec, 719117 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2779 pkts/sec, 1876026 bytes/sec
5 minute output rate 2554 pkts/sec, 523817 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
received (in 1937.930 secs):
2671902 packets 1919528181 bytes
1378 pkts/sec 990504 bytes/sec
transmitted (in 1937.930 secs):
6617573 packets 3225789991 bytes
3414 pkts/sec 1664554 bytes/sec
1 minute input rate 1377 pkts/sec, 921744 bytes/sec
1 minute output rate 3280 pkts/sec, 1553383 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1329 pkts/sec, 900356 bytes/sec
5 minute output rate 3379 pkts/sec, 1586606 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
received (in 1937.230 secs):
5976054 packets 2229412559 bytes
3084 pkts/sec 1150824 bytes/sec
transmitted (in 1937.230 secs):
4010488 packets 3392466850 bytes
2070 pkts/sec 1751194 bytes/sec
1 minute input rate 3079 pkts/sec, 1157343 bytes/sec
1 minute output rate 1988 pkts/sec, 1433096 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2993 pkts/sec, 1068038 bytes/sec
5 minute output rate 1690 pkts/sec, 1241615 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
received (in 1936.090 secs):
5991982 packets 2242076957 bytes
3094 pkts/sec 1158043 bytes/sec
transmitted (in 1936.090 secs):
4510313 packets 2744913368 bytes
2329 pkts/sec 1417761 bytes/sec
1 minute input rate 3111 pkts/sec, 1121919 bytes/sec
1 minute output rate 2390 pkts/sec, 1532707 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2993 pkts/sec, 1049235 bytes/sec
5 minute output rate 2383 pkts/sec, 1521157 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 2403953.270 secs):
681 packets 46308 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2403953.270 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management0/0:
received (in 2403953.270 secs):
3984259 packets 396665734 bytes
1 pkts/sec 0 bytes/sec
transmitted (in 2403953.270 secs):
32972436 packets 20112140110 bytes
1 pkts/sec 8000 bytes/sec
1 minute input rate 1 pkts/sec, 172 bytes/sec
1 minute output rate 86 pkts/sec, 91817 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 172 bytes/sec
5 minute output rate 90 pkts/sec, 96714 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet1/0:
received (in 2403953.660 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2403953.660 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet1/1:
received (in 2403953.670 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2403953.670 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet1/2:
received (in 2403954.020 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2403954.020 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet1/3:
received (in 2403954.030 secs):
55051 packets 3683436 bytes
0 pkts/sec 1 bytes/sec
transmitted (in 2403954.030 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data1/0:
received (in 2403954.310 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 2403954.310 secs):
22567 packets 1534312 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
06-12-2013 09:23 AM
Hello Narenda,
Yeah, in those outputs we can see that there are some drops on the physical interface,
Did you understand the concept I explained on the last post?
If you do not have any other question please mark it as answered, otherwise I will answer any other question u have.
Regards
06-14-2013 08:53 AM
Hello Narendra,
Are there any other questions?
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide