Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2508
Views
5
Helpful
7
Replies

Packet drops in Cisco ASA after configuring port-channel

pankaj29in
Level 1
Level 1

‎06-07-2013 02:34 PM - edited ‎03-11-2019 06:54 PM

Hi Guys,

I am facing packet drop issue on Cisco ASA 5520 after configuring its Gi0/0 & Gi0/1 = po1 and Gi0/2 & Gi0/3 = po2.

Its not showing any  packet drop on interface but showing drops in port-channel description.

i have tried harcoded it but its still facing packet drop issue.

IOS version of the device is 8.4.4.1

Please give any inputs on the same.

Regards

Pankaj                

Labels:
0 Helpful
7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

‎06-07-2013 02:39 PM

Hello Pankaj,

Can you share the output you are seeing?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

narendramaurya
Level 1
Level 1
In response to Julio Carvajal

‎06-09-2013 11:06 PM

Please find the outpot

ASA1/pri/act# sh int gi 0/0
Interface GigabitEthernet0/0 "", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Active member of Port-channel1
        MAC address fc99.472a.32ee, MTU 1500
        IP address unassigned
        167244901 packets input, 89026807839 bytes, 0 no buffer
        Received 2700 broadcasts, 0 runts, 0 giants
        3630 input errors, 0 CRC, 0 frame, 3630 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        261381816 packets output, 288945883007 bytes, 283 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 14 interface resets
        0 late collisions, 0 deferred
        530 input reset drops, 2 output reset drops, 2 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)

ASA1/pri/act# sh int gi 0/1
Interface GigabitEthernet0/1 "", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Active member of Port-channel1
        MAC address fc99.472a.32ef, MTU 1500
        IP address unassigned
        123428655 packets input, 63233794065 bytes, 0 no buffer
        Received 15177 broadcasts, 0 runts, 0 giants
        62 input errors, 0 CRC, 0 frame, 62 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        100741628 packets output, 70971427169 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 17 interface resets
        0 late collisions, 0 deferred
        330 input reset drops, 2 output reset drops, 1 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/155)


ASA1/pri/act# sh int gi 0/2
Interface GigabitEthernet0/2 "", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Active member of Port-channel2
        MAC address fc99.472a.32f0, MTU 1500
        IP address unassigned
        191700678 packets input, 181939853856 bytes, 0 no buffer
        Received 865210 broadcasts, 0 runts, 0 giants
        9 input errors, 0 CRC, 0 frame, 9 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        204422549 packets output, 96429528747 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 1 interface resets
        0 late collisions, 0 deferred
        127 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/90)

ASA1/pri/act# sh int gi 0/3
Interface GigabitEthernet0/3 "", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Active member of Port-channel2
        MAC address fc99.472a.32f1, MTU 1500
        IP address unassigned
        190847293 packets input, 180132375161 bytes, 0 no buffer
        Received 925563 broadcasts, 0 runts, 0 giants
        3 input errors, 0 CRC, 0 frame, 3 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        97645718 packets output, 58675326682 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 2 interface resets
        0 late collisions, 0 deferred
        83 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/80)

ASA1/pri/act# sh int po1
Interface Port-channel1 "outside", is up, line protocol is up
  Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        MAC address fc99.472a.32ee, MTU 1500
        IP address 172.22.144.61, subnet mask 255.255.255.0
  Traffic Statistics for "outside":
        295254805 packets input, 147547605262 bytes
        369588543 packets output, 360085482881 bytes
        1926377 packets dropped
      1 minute input rate 5560 pkts/sec,  2258872 bytes/sec
      1 minute output rate 8538 pkts/sec,  6431842 bytes/sec
      1 minute drop rate, 31 pkts/sec
      5 minute input rate 6254 pkts/sec,  1892007 bytes/sec
      5 minute output rate 10055 pkts/sec,  8174594 bytes/sec
      5 minute drop rate, 33 pkts/sec
  Members in this channel:
      Active:   Gi0/0 Gi0/1
ASA1/pri/act# sh int po2
Interface Port-channel2 "inside", is up, line protocol is up
  Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        MAC address fc99.472a.32f0, MTU 1500
        IP address 172.21.144.61, subnet mask 255.255.255.0
  Traffic Statistics for "inside":
        389622667 packets input, 361181279514 bytes
        306507921 packets output, 150120300631 bytes
        5511445 packets dropped
      1 minute input rate 8912 pkts/sec,  6450456 bytes/sec
      1 minute output rate 5851 pkts/sec,  2325695 bytes/sec
      1 minute drop rate, 44 pkts/sec
      5 minute input rate 10439 pkts/sec,  8194380 bytes/sec
      5 minute output rate 6550 pkts/sec,  1959800 bytes/sec
      5 minute drop rate, 48 pkts/sec
  Members in this channel:
      Active:   Gi0/2 Gi0/3


ASA1/pri/act# sh run int gi 0/0
!
interface GigabitEthernet0/0
channel-group 1 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int gi 0/1
!
interface GigabitEthernet0/1
channel-group 1 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int gi 0/2
!
interface GigabitEthernet0/2
channel-group 2 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int gi 0/3
!
interface GigabitEthernet0/3
channel-group 2 mode on
speed 1000
duplex full
no nameif
no security-level
no ip address
ASA1/pri/act# sh run int po1
!
interface Port-channel1
nameif outside
security-level 0
ip address 172.22.x.x 255.255.255.0 standby 172.22.x.x
ASA1/pri/act# sh run int po2
!
interface Port-channel2
nameif inside
security-level 100
ip address 172.21.x.x 255.255.255.0 standby 172.21.x.x


0 Helpful

James Leinweber
Level 4
Level 4
In response to narendramaurya

‎06-10-2013 08:00 AM

Bear in mind that a 5520 only has about 620 Mbit/s of backplane bandwidth, so it is very easy to overload it, and portchannels aren't likely to help with performance, since you can't saturate a single gigabit link with a 5520, much less two.  I had to upgrade to 5525-x hardware to get rid of my overrun/underrun problems on 5520's.

It doesn't appear that the memory allocations are particularly user tunable, except for the QoS settings.

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to narendramaurya

‎06-10-2013 09:46 AM

Hello Narendra,

Well the first thing I have to point out here is that normally when you do a show interface x/x you will see the packet-drop counter . I would say that in this case as both interfaces are being used on a port-channel (logically speaking the amount of drops of both interfaces will be shown over the port-channel interface).

What you have to remember is that the packet-drop count here refers to packet being denied by the ASP algorithm of the ASA, is not a layer2/1 issue,

For extra information

http://www.cisco.com/en/US/products/ps6120/products_qanda_item09186a0080bd250b.shtml

Note(What happens if you use the show traffic command)

Hope that I could help,

If you do not have any other question please mark it as answered,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

narendramaurya
Level 1
Level 1
In response to Julio Carvajal

‎06-11-2013 11:11 PM

Here are the output of show traffic

ASA1/pri/act# show traffic
outside:
        received (in 383300.050 secs):
                779563276 packets       430967656886 bytes
                2000 pkts/sec   1124002 bytes/sec
        transmitted (in 383300.050 secs):
                941840573 packets       663870132850 bytes
                2008 pkts/sec   1731010 bytes/sec
      1 minute input rate 4418 pkts/sec,  2895043 bytes/sec
      1 minute output rate 6138 pkts/sec,  2157367 bytes/sec
      1 minute drop rate, 44 pkts/sec
      5 minute input rate 4108 pkts/sec,  2696018 bytes/sec
      5 minute output rate 5933 pkts/sec,  1999068 bytes/sec
      5 minute drop rate, 39 pkts/sec
inside:
        received (in 383298.530 secs):
                993262369 packets       666558721792 bytes
                2008 pkts/sec   1739006 bytes/sec
        transmitted (in 383298.530 secs):
                809950306 packets       437895020785 bytes
                2001 pkts/sec   1142001 bytes/sec
      1 minute input rate 6189 pkts/sec,  2161932 bytes/sec
      1 minute output rate 4379 pkts/sec,  2880046 bytes/sec
      1 minute drop rate, 43 pkts/sec
      5 minute input rate 5985 pkts/sec,  2003741 bytes/sec
      5 minute output rate 4073 pkts/sec,  2683190 bytes/sec
      5 minute drop rate, 43 pkts/sec
FO:
        received (in 2403893.490 secs):
                3994577 packets 339659492 bytes
                1 pkts/sec      0 bytes/sec
        transmitted (in 2403893.490 secs):
                33059836 packets        19648244072 bytes
                1 pkts/sec      8000 bytes/sec
      1 minute input rate 1 pkts/sec,  145 bytes/sec
      1 minute output rate 86 pkts/sec,  90606 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  145 bytes/sec
      5 minute output rate 90 pkts/sec,  95443 bytes/sec
      5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
        received (in 1940.260 secs):
                5913274 packets 4247958198 bytes
                3047 pkts/sec   2189375 bytes/sec
        transmitted (in 1940.260 secs):
                5245236 packets 1235684425 bytes
                2703 pkts/sec   636865 bytes/sec
      1 minute input rate 3040 pkts/sec,  2059828 bytes/sec
      1 minute output rate 2857 pkts/sec,  719117 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 2779 pkts/sec,  1876026 bytes/sec
      5 minute output rate 2554 pkts/sec,  523817 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
        received (in 1937.930 secs):
                2671902 packets 1919528181 bytes
                1378 pkts/sec   990504 bytes/sec
        transmitted (in 1937.930 secs):
                6617573 packets 3225789991 bytes
                3414 pkts/sec   1664554 bytes/sec
      1 minute input rate 1377 pkts/sec,  921744 bytes/sec
      1 minute output rate 3280 pkts/sec,  1553383 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1329 pkts/sec,  900356 bytes/sec
      5 minute output rate 3379 pkts/sec,  1586606 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
        received (in 1937.230 secs):
                5976054 packets 2229412559 bytes
                3084 pkts/sec   1150824 bytes/sec
        transmitted (in 1937.230 secs):
                4010488 packets 3392466850 bytes
                2070 pkts/sec   1751194 bytes/sec
      1 minute input rate 3079 pkts/sec,  1157343 bytes/sec
      1 minute output rate 1988 pkts/sec,  1433096 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 2993 pkts/sec,  1068038 bytes/sec
      5 minute output rate 1690 pkts/sec,  1241615 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
        received (in 1936.090 secs):
                5991982 packets 2242076957 bytes
                3094 pkts/sec   1158043 bytes/sec
        transmitted (in 1936.090 secs):
                4510313 packets 2744913368 bytes
                2329 pkts/sec   1417761 bytes/sec
      1 minute input rate 3111 pkts/sec,  1121919 bytes/sec
      1 minute output rate 2390 pkts/sec,  1532707 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 2993 pkts/sec,  1049235 bytes/sec
      5 minute output rate 2383 pkts/sec,  1521157 bytes/sec
      5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
        received (in 2403953.270 secs):
                681 packets     46308 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 2403953.270 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Management0/0:
        received (in 2403953.270 secs):
                3984259 packets 396665734 bytes
                1 pkts/sec      0 bytes/sec
        transmitted (in 2403953.270 secs):
                32972436 packets        20112140110 bytes
                1 pkts/sec      8000 bytes/sec
      1 minute input rate 1 pkts/sec,  172 bytes/sec
      1 minute output rate 86 pkts/sec,  91817 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  172 bytes/sec
      5 minute output rate 90 pkts/sec,  96714 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet1/0:
        received (in 2403953.660 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 2403953.660 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet1/1:
        received (in 2403953.670 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 2403953.670 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet1/2:
        received (in 2403954.020 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 2403954.020 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet1/3:
        received (in 2403954.030 secs):
                55051 packets   3683436 bytes
                0 pkts/sec      1 bytes/sec
        transmitted (in 2403954.030 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Internal-Data1/0:
        received (in 2403954.310 secs):
                0 packets       0 bytes
                0 pkts/sec      0 bytes/sec
        transmitted (in 2403954.310 secs):
                22567 packets   1534312 bytes
                0 pkts/sec      0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to narendramaurya

‎06-12-2013 09:23 AM

Hello Narenda,

Yeah, in those outputs we can see that there are some drops on the physical interface,

Did you understand the concept I explained on the last post?

If you do not have any other question please mark it as answered, otherwise I will answer any other question u have.

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to narendramaurya

‎06-14-2013 08:53 AM

Hello Narendra,

Are there any other questions?

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card