Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
4
Replies

%FW-4-TCP_OoO_SEG: - Issue

Deepak Kumar
VIP Alumni
VIP Alumni

‎02-19-2017 04:31 AM - edited ‎03-05-2019 08:03 AM

Hi Support Team,

I am getting following traps from my Cisco Router with ZBF configuration.

02-19-2017 16:00:14 Local7.Warning  *.*.*.*   17099: 073718: Feb 19 16:00:13: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-211084556 1492 bytes is out-of-order; expected seq:4083858056. Reason: TCP reassembly queue overflow - session 10.10.xx.xx:49236 to 13.107.4.50:80 on zone-pair ccp-zp-in-out class ccp-protocol-http


02-19-2017 16:00:12 Local7.Warning  *.*.*.*.*  17098: 073717: Feb 19 16:00:11: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-213998333 1492 bytes is out-of-order; expected seq:4080944279. Reason: TCP reassembly queue overflow - session 10.10.xx.xx :49236 to 13.107.4.50:80 on zone-pair ccp-zp-in-out class ccp-protocol-http


02-19-2017 16:00:10 Local7.Warning *.*.*.*.*  17097: 073716: Feb 19 16:00:09: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-217027701 1492 bytes is out-of-order; expected seq:4077913459. Reason: TCP reassembly queue overflow - session 10.10.xx.xx :49236 to 13.107.4.50:80 on zone-pair ccp-zp-in-out class ccp-protocol-http


02-19-2017 16:00:08 Local7.Warning *.*.*.*.* 17096: 073715: Feb 19 16:00:07: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-219744219 1492 bytes is out-of-order; expected seq:4075198393. Reason: TCP reassembly queue overflow - session 10.10.xx.xx:49236 to 13.107.4.50:80 on zone-pair ccp-zp-in-out class ccp-protocol-http


02-19-2017 16:00:07 Local7.Warning *.*.*.*.*  17095: 073714: Feb 19 16:00:06: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-222295455 1492 bytes is out-of-order; expected seq:4072639897. Reason: TCP reassembly queue overflow - session 10.10.xx.xx:49236 to 13.107.4.50:80 on zone-pair ccp-zp-in-out class ccp-protocol-http


02-19-2017 16:00:05 Local7.Warning *.*.*.*.*  17094: 073713: Feb 19 16:00:04: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-225164548 1492 bytes is out-of-order; expected seq:4069778064. Reason: TCP reassembly queue overflow - session 10.10.xx.xx:49236 to 13.107.4.50:80 on zone-pair ccp-zp-in-out class ccp-protocol-http

I tried with the following configuration:

ip inspect WAAS flush-timeout 10
ip inspect tcp reassembly queue length 1024
ip inspect tcp reassembly timeout 8

But Problem is still.

Please guide a good method to resolve an issue.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Labels:
0 Helpful
4 Replies 4

Julio E. Moisa
VIP Alumni
VIP Alumni

‎02-19-2017 05:58 AM

Hi,

You could verify including this command line ip inspect tcp reassembly memory limit 4096do you see any information executing the command line:

show ip inspect statistics

This link could be useful:

https://learningnetwork.cisco.com/thread/90952

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Julio E. Moisa

‎02-19-2017 08:35 AM

The following output for "Sho ip inspect statistics"

FO-R1#show ip inspect statistics
Interfaces configured for inspection 0
Session creations since subsystem startup or last reset 0
Current session counts (estab/half-open/terminating) [0:0:0]
Maxever session counts (estab/half-open/terminating) [0:0:0]
Last session created never
Last statistic reset never
Last session creation rate 0
Maxever session creation rate 0
Last half-open session total 0
TCP reassembly statistics
received 0 packets out-of-order; dropped 0
peak memory usage 0 KB; current usage: 0 KB
peak queue length 0

Please guide, why it showing no interface is configured for inspecting?

Please find attached file as the configuration file.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Preview file
21 KB
0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to Deepak Kumar

‎02-19-2017 08:39 AM

Hi,

Thanks, try to include this line and check if the messages stop

ip inspect tcp reassembly memory limit 4096

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/ht_ooop.html




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Julio E. Moisa

‎02-19-2017 09:04 PM

Hi,

This solution is not working for me. Please guide me any other method.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents