Re: Misses in show buffer keep increasing.

CHISHIUNG · ‎05-30-2025

We are experiencing an event where a 10M file transfer is taking longer than expected.
We observed the show buffer on the following L2SW#2 (C2960) and found that the miss count on the interface buffer was gradually increasing.
In addition, ping from FW to L3SW is also experiencing response delay (delay around 500ms) during the time when the event occurs.
What is the cause?

L2SW#1----(100M)----FW----(10M)----L2SW#2----(10M)----L3SW

#show buffer

Interface buffer pools:
RxQFB buffers, 2040 bytes (total 150, permanent 150):
　　　146 in free list (0 min, 150 max allowed)
　　　465457863 hits, 0 misses
RxQ1 buffers, 2040 bytes (total 128, permanent 128):
　　　2 in free list (0 min, 128 max allowed)
　　　527511609 hits, 396313696 fallbacks
RxQ3 buffers, 2040 bytes (total 16, permanent 16):
　　　1 in free list (0 min, 16 max allowed)
　　　634158426 hits, 39670359 fallbacks
RxQ4 buffers, 2040 bytes (total 64, permanent 64):
　　　0 in free list (0 min, 64 max allowed)
　　　44939265 hits, 47934727 misses
RxQ6 buffers, 2040 bytes (total 64, permanent 64):
　　　0 in free list (0 min, 64 max allowed)
　　　24406 hits, 24342 misses
RxQ7 buffers, 2040 bytes (total 96, permanent 96):
　　　30 in free list (0 min, 96 max allowed)
　　　541335009 hits, 0 misses
RxQ8 buffers, 2040 bytes (total 32, permanent 32):
　　　0 in free list (0 min, 32 max allowed)
　　　271697370 hits, 272580424 misses
RxQ10 buffers, 2040 bytes (total 16, permanent 16):
　　　1 in free list (0 min, 16 max allowed)
　　　390773341 hits, 24423347 fallbacks
RxQ12 buffers, 2040 bytes (total 16, permanent 16):
　　　0 in free list (0 min, 16 max allowed)
　　　16 hits, 0 misses
RxQ15 buffers, 2040 bytes (total 4, permanent 4):
　　　0 in free list (0 min, 4 max allowed)
　　　3337058860 hits, 3337058856 misses

Leo Laohoo · ‎05-30-2025

Bypass the firewall.

CHISHIUNG · ‎05-30-2025

What does it mean to bypass the Firewall? I would like to know specifically.

Leo Laohoo · ‎05-30-2025

Connect L2SW#1 to L2SW#2 without going through the firewall.

MHM Cisco World · ‎05-31-2025

What is FW ypu use ? If you use ASA then enable flow control in both FW interface and check.

MHM

CHISHIUNG · ‎05-31-2025

FW is using Fortigate. I have not set up any policing or shaping. I have not had any problems before.

MHM Cisco World · ‎05-31-2025

From 100 to 10 you get bottle neck issue' and this make FW drop frame you need to make FW ask high throughput SW to slow send data. Or make both link 100.

Why it appear now it can be because your traffic was not hit high threshold point.

MHM

Joseph W. Doherty · ‎05-31-2025

ping from FW to L3SW is also experiencing response delay (delay around 500ms) during the time when the event occurs.

That might be due to the bottleneck described by @MHM Cisco World . If you queue up on an interface, using just a single FIFO queue, latency will jump due to queuing delay. Such queuing also commonly leads to queue overflow which drops packets. Either or both also can very much slow data transfers.

10M file transfer is taking longer than expected

Without details, cannot say whether your expectations are reasonable.

Regarding all the listed buffer misses, I recall Cisco doesn't normally consider misses an issue, at least that appears to be true within https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/15091-buffertuning.html or https://www.cisco.com/c/en/us/support/docs/interfaces-modules/channel-interface-processors/14620-41.html. (BTW, if you do want to tune your buffer settings, you might see if device supports the buffer auto tune feature.)

If your sw2 only had your two 10 Mbps connections, it would be difficult to see it having any performance issues.

If there are additional active interfaces, performance issues can easily arise on a 2960. I recall it has very limited buffer resource (2K?), so even just one port being sent frames to transmit in excess of it egress rate, i.e. needing to queue, can easily cause performance issues. (Also, that series has other design issues related to buffer queue management. There's other architecture issues too, which is why that series was marketed as user edge switches.)