Re: pix overrun errors.

Krystian9 · ‎04-19-2005

Hi

My company has a PIX515E with OS 6.3(4). Lately we discovered there were connectivity problems between servers in DMZ interface and servers in outside interface of the PIX.

Command "show interface" gives me a lot of overrun errors in input queues of outside and dmz interface, and a small number of lost carrier errors. VMS's Performance Monitor for says PIX has around 1 interface error per 5 minutes.

Can U tell me if my PIX is overloaded? If so my company is able to buy a more powerful one but I need to know it very fast.

Here are my show's:

#show memory

Free memory: 47552480 bytes

Used memory: 19556384 bytes

------------- ----------------

Total memory: 67108864 bytes

#show cpu usage

CPU utilization for 5 seconds = 7%; 1 minute: 11%; 5 minutes: 10%

#show traffic

outside:

received (in 71402.490 secs):

159151661 packets 2558181875 bytes

2048 pkts/sec 35045 bytes/sec

transmitted (in 71402.490 secs):

224006098 packets 1959599619 bytes

3016 pkts/sec 27023 bytes/sec

inside:

received (in 71402.490 secs):

123455 packets 123340347 bytes

1 pkts/sec 1005 bytes/sec

transmitted (in 71402.490 secs):

81267 packets 13063303 bytes

1 pkts/sec 2 bytes/sec

dmz:

received (in 71402.500 secs):

224105464 packets 1975652320 bytes

3018 pkts/sec 27007 bytes/sec

transmitted (in 71402.500 secs):

159135787 packets 2683360111 bytes

2048 pkts/sec 37039 bytes/sec

# show perfmon

PERFMON STATS: Current Average

Xlates 0/s 0/s

Connections 4/s 0/s

TCP Conns 3/s 0/s

UDP Conns 1/s 0/s

URL Access 0/s 0/s

URL Server Req 0/s 0/s

TCP Fixup 6507/s 0/s

TCPIntercept 0/s 0/s

HTTP Fixup 0/s 0/s

FTP Fixup 0/s 0/s

AAA Authen 0/s 0/s

AAA Author 0/s 0/s

AAA Account 0/s 0/s

#show interface

is in the attachment

umedryk · ‎04-25-2005

I think you should upgrade your PIX...

Patrick Iseli · ‎04-25-2005

Have you verified the speed and duplex mode on the PIX and on the Switch? Most of performance problems and errors like this are simple caused by duplex miss configuration.

Set it to or <100MB Full> <100MB Full>.

sincerely

Patrick

Krystian9 · ‎04-26-2005

Yes I did.

Its working in AUTO AUTO mode on the PIX and the catalyst switch.

george · ‎07-27-2005

Hi,

I have the same problem with my PIX 515 (CPU 50%, 100full). Did you manage to solve the problem and how?

./G

richardmcmahon · ‎10-19-2005

I also have the same problem but with a 525.

rbpix01# sh int eth0

interface ethernet0 "outside" is up, line protocol is up

Hardware is i82559 ethernet, address is 0002.b945.bec7

IP address x.x.x.x, subnet mask x.x.x.x

MTU 1500 bytes, BW 100000 Kbit full duplex

32093129 packets input, 357402249 bytes, 0 no buffer

Received 55720 broadcasts, 0 runts, 0 giants

79999 input errors, 0 CRC, 0 frame, 79999 overrun, 0 ignored, 0 abort

30835614 packets output, 2940086169 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (3/141)

output queue (curr/max blocks): hardware (128/128) software (1629/2659)

rbpix01# sh blocks

SIZE MAX LOW CNT

4 1600 1573 1599

80 400 389 398

256 1012 498 1012

1550 7573 3143 3804

2560 200 197 198

rbpix01# sh perfmon

PERFMON STATS: Current Average

Xlates 10/s 0/s

Connections 624/s 0/s

TCP Conns 423/s 0/s

UDP Conns 200/s 0/s

URL Access 305/s 0/s

URL Server Req 0/s 0/s

TCP Fixup 22080/s 0/s

TCPIntercept 0/s 0/s

HTTP Fixup 18842/s 0/s

FTP Fixup 135/s 0/s

AAA Authen 0/s 0/s

AAA Author 0/s 0/s

AAA Account 0/s 0/s

rbpix01# sh memory

Free memory: 168768344 bytes

Used memory: 99667112 bytes

------------- ----------------

Total memory: 268435456 bytes

rbpix01# sh cpu usage

CPU utilization for 5 seconds = 39%; 1 minute: 42%; 5 minutes: 43%

rbpix01# sh traffic

outside:

received (in 2977.510 secs):

33129755 packets 508554636 bytes

11126 pkts/sec 170798 bytes/sec

transmitted (in 2977.510 secs):

32079468 packets 4059538981 bytes

10773 pkts/sec 1363400 bytes/sec

Krystian9 · ‎10-20-2005

I guess that by no answer to our questions its RTFM, but the M is hell not giving me any help in understanding my problem.

btw u have a nice load over there :-)

jtroney · ‎04-26-2005

I'm a bit curious about your traffic mix, from all accounts, CPU utilization is 10% over a 5 minute interval, yet perfmon indicates a TCP fixup rate of 6507 fixups per second. Yet, the number of TCP connections are 3 fixups per second. Is there a database application sql, no ftp fixup, no http fixup ... This is fairly significant

Krystian9 · ‎10-20-2005

Hi

I have a audio media streaming server inside DMZ. Its using TCP/UDP and HTTP plugins. Around 1600 connections are in established mode to this server at the time of the counted capture.

When it comes to the counters you mentioned, I always thought of these as "new connections per second", am I wrong?

Krystian