12-04-2012 03:39 PM - edited 03-11-2019 05:32 PM
I have setup QOS using an ACL with policing to a certain bandwidth.
That is working fine.
But when a data transfer is happening that is getting QOS'd/policed I get these messages in the log:
%ASA-4-733100: [ Port-8191-65535] drop rate-1 exceeded. Current burst rate is 14 per second, max configured rate is 40; Current average rate is 42 per second, max configured rate is 20; Cumulative total count is 25405
I'm using basic threat detection, and I've tried adjusting the "interface-drop" rates to not trigger using the maximum values, but still no luck.
I've confirmed with a capture on asp-drop that it is indeed QOS dropping:
802.1Q vlan#2 P0 1.1.1.1.80 > 2.2.2.2.21273: . 2469168962:2469169352(390) ack 2016042672 win 258 Drop-reason: (rate-exceeded) Output QoS rate exceeded
here is my threat-detection rates, which by the way none match up to the error of max burst of 40, and max avg of 20.
ASA/act# show run all threat-detection rate
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate interface-drop rate-interval 600 average-rate 2147483647 burst-rate 2147483647
threat-detection rate interface-drop rate-interval 3600 average-rate 2147483647 burst-rate 2147483647
Basically I want to limit the amount of these messages showing up in the log files during a QoS policing event.
thanks in advance