PRTG Monitor interface discards

benbazian · ‎11-08-2019

We use PRTG to monitor our firewalls. We recently installed ASA a 5516x and an ASA 5508x in our 2 offices. On the 5516x I am constantly seeing "discards in" no matter on the level of traffic. We are seeing none on the 5508x. I looked at the interfaces on the ASA's and both show a good level of dropped packets so I am assuming that this stat is not from that parameter. Anyone have experience with this? Is this something I should be concerned about or am I chasing a red herring?

You can see the traffic and drops graph for the last 2 hours below and the show interface results form the 2 devices.

5508x# sho interface external1
Interface GigabitEthernet1/8 "external1", is up, line protocol is up
  Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        MAC address x.x.x, MTU 1500
        IP address x.x.x.x, subnet mask x.x.x.x
        1352099182 packets input, 1248181988665 bytes, 0 no buffer
        Received 26121380 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        840821495 packets output, 303886304208 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 12 output reset drops
        input queue (blocks free curr/low): hardware (1996/1821)
        output queue (blocks free curr/low): hardware (2047/1936)
  Traffic Statistics for "external1":
        1350539267 packets input, 1223808333580 bytes
        840821495 packets output, 288537872740 bytes
        3367201 packets dropped
      1 minute input rate 213 pkts/sec,  64501 bytes/sec
      1 minute output rate 193 pkts/sec,  54109 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 208 pkts/sec,  57302 bytes/sec
      5 minute output rate 192 pkts/sec,  54577 bytes/sec
      5 minute drop rate, 0 pkts/sec


5516x# show interface external1 detail
Interface GigabitEthernet1/8 "external1", is up, line protocol is up
  Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: External
        MAC address x.x.x, MTU 1500
        IP address x.x.x.x, subnet mask x.x.x.x
        38689714 packets input, 28912915454 bytes, 0 no buffer
        Received 32680 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        34143951 packets output, 14431674256 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (1949/1820) 
        output queue (blocks free curr/low): hardware (2047/1668)
  Traffic Statistics for "external1":
        38660025 packets input, 28185464932 bytes
        34143951 packets output, 13766201049 bytes
        105959 packets dropped
      1 minute input rate 179 pkts/sec,  59164 bytes/sec
      1 minute output rate 182 pkts/sec,  53321 bytes/sec
      1 minute drop rate, 1 pkts/sec
      5 minute input rate 206 pkts/sec,  75914 bytes/sec
      5 minute output rate 204 pkts/sec,  62180 bytes/sec
      5 minute drop rate, 1 pkts/sec
  Control Point Interface States:
        Interface number is 9
        Interface config status is active
        Interface state is active