05-15-2006 07:13 AM - edited 02-21-2020 12:54 AM
I found many fram drops:
gpix# sh asp drop
Frame drop:
Reverse-path verify failed 282
Flow is denied by access rule 619
Out of flow cache memory 102
First TCP packet not SYN 813
TCP failed 3 way handshake 254
TCP RST/FIN out of order 44
TCP SEQ in SYN/SYNACK invalid 1
TCP packet SEQ past window 3
TCP packet buffer full 10447
TCP RST/SYN in window 16
TCP DUP and has been ACKed 665
FP L2 rule drop 90
I also found drops on Interface:
gpix# sh inter inside
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 000a.b729.1d39, MTU 1500
IP address 172.16.1.1, subnet mask 255.255.255.0
2725739 packets input, 2670541923 bytes, 0 no buffer
Received 1729 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2423958 packets output, 413055078 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/35)
output queue (curr/max blocks): hardware (0/46) software (0/1)
Received 2725686 VLAN untagged packets, 2630170213 bytes
Transmitted 2423958 VLAN untagged packets, 366290372 bytes
Dropped 84920 VLAN untagged packets
gpix#
The main reason is "TCP packet buffer full", but can anyone tell me how can I deal with it?
05-19-2006 07:08 AM
Try the bug - CSCei29277
05-19-2006 10:15 PM
Have found out some other tcp issues with ver 7.0(1)
but after upgrading to 7.0(5) we have felt an improved performance. Can't say much especially with the earlier release of ver. 7.0 but the bottom line after series of debugging and reading caveats code upgrade is the ultimate solution.
hope this helps...
05-20-2006 06:09 PM
Thanks a lot!
Here is what I have done:
Firstly I upgraded it to 7.1(2),the performance got improved, bt the pix reboots itself every 30 minutes!
Then I had to downgrade it to 7.0(5), now it seemed OK, but I don't know what is awaiting me in the future.
05-21-2006 01:25 AM
if you are using 7.0 code series cisco suggests path upgrade fr 7.0(1)-7.0(2)-7.0(4)-7.0(5) but whatever awaits in the future still remain to be seen cisco forum is always around, you are encourage to share your experiences/issues and there will always someone out there will share their solutions & the last resort raise a TAC case...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide