TCP Reassembly queue overflow - Anything to worry about?

bill.morton · ‎07-08-2008

I am getting a few of these in my logs, do I need to take any action? Connection is PPPoE DSL.

009357: Jul 8 09:28:22.214 CDT: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:104330552 1492 bytes is out-of-order; expected seq:104304632. Reason: TCP reassembly queue overflow - session 192.168.1.21:1535 to 82.165.207.37:80

009358: Jul 8 09:29:15.898 CDT: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:3779234016 1492 bytes is out-of-order; expected seq:3779181744. Reason: TCP reassembly queue overflow - session 192.168.1.21:1543 to 216.27.14.71:80

009359: Jul 8 09:29:19.598 CDT: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:3785688738 1492 bytes is out-of-order; expected seq:3785662602. Reason: TCP reassembly queue overflow - session 192.168.1.21:1541 to 216.27.14.71:80

009360: Jul 8 09:29:21.914 CDT: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:3786173706 1492 bytes is out-of-order; expected seq:3786147570. Reason: TCP reassembly queue overflow - session 192.168.1.21:1541 to 216.27.14.71:80

interface FastEthernet0/0

description Link to the AK LAN 192.168.1.0/24$ES_LAN$

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no ip mroute-cache

duplex auto

speed auto

no mop enabled

!

interface ATM0/0/0

bandwidth 3000

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/0/0.1 point-to-point

bandwidth 3000

no ip redirects

no ip unreachables

no ip proxy-arp

no snmp trap link-status

pvc 0/35

pppoe-client dial-pool-number 1

!

interface Dialer1

mtu 1492

bandwidth 3000

ip address x.x.x.x 255.255.255.248

ip access-group OutsideACL in

no ip redirects

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname xxxxx

ppp chap password 7 xxxx

ppp pap sent-username xxxx

!

owillins · ‎07-14-2008

%FW-4-TCP_OoO_SEG : [chars]

Explanation TCP Out of Order packet processing queue related messages.

Recommended Action Increase the size of Out of Order packet processing queue size.

http://www.cisco.com/en/US/docs/ios/12_4t/system/messages/sm_ht03.html

a.alekseev · ‎07-14-2008

could you the output "sh ip traffic"

bill.morton · ‎07-15-2008

#sh ip traffic

IP statistics:

Rcvd: 39141763 total, 713575 local destination

0 format errors, 0 checksum errors, 0 bad hop count

0 unknown protocol, 0 not a gateway

0 security failures, 0 bad options, 0 with options

Opts: 0 end, 0 nop, 0 basic security, 0 loose source route

0 timestamp, 0 extended security, 0 record route

0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

0 other

Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble

0 fragmented, 0 fragments, 0 couldn't fragment

Bcast: 523310 received, 0 sent

Mcast: 147115 received, 430468 sent

Sent: 568322 generated, 19659162 forwarded

Drop: 345 encapsulation failed, 0 unresolved, 0 no adjacency

0 no route, 0 unicast RPF, 0 forced drop

0 options denied

Drop: 0 packets with source IP address zero

Drop: 0 packets with internal loop back IP address

ICMP statistics:

Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 14 unreachable

39 echo, 20 echo reply, 0 mask requests, 0 mask replies, 0 quench

0 parameter, 0 timestamp, 0 timestamp replies, 0 info request, 0 other

0 irdp solicitations, 0 irdp advertisements

Sent: 0 redirects, 11999 unreachable, 35 echo, 39 echo reply

0 mask requests, 0 mask replies, 0 quench, 0 timestamp, 0 timestamp replies

0 info reply, 0 time exceeded, 0 parameter problem

0 irdp solicitations, 0 irdp advertisements

TCP statistics:

Rcvd: 9647 total, 0 checksum errors, 89 no port

Sent: 83240 total

UDP statistics:

Rcvd: 556750 total, 1 checksum errors, 510594 no port

Sent: 178694 total, 0 forwarded broadcasts

BGP statistics:

Rcvd: 0 total, 0 opens, 0 notifications, 0 updates

0 keepalives, 0 route-refresh, 0 unrecognized

Sent: 0 total, 0 opens, 0 notifications, 0 updates

0 keepalives, 0 route-refresh

IP-EIGRP statistics:

Rcvd: 147129 total

Sent: 294325 total

PIMv2 statistics: Sent/Received

Total: 0/0, 0 checksum errors, 0 format errors

Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0

Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0

Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0

Queue drops: 0

State-Refresh: 0/0

IGMP statistics: Sent/Received

Total: 0/0, Format errors: 0/0, Checksum errors: 0/0

Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0

DVMRP: 0/0, PIM: 0/0

Queue drops: 0

OSPF statistics:

Rcvd: 0 total, 0 checksum errors

0 hello, 0 database desc, 0 link state req

0 link state updates, 0 link state acks

Sent: 0 total

0 hello, 0 database desc, 0 link state req

0 link state updates, 0 link state acks

ARP statistics:

Rcvd: 522624 requests, 557 replies, 0 reverse, 0 other

Sent: 866 requests, 143 replies (94 proxy), 0 reverse

-=-=-=-=-

#sh ip ips stat

Interfaces configured for ips 0

Session creations since subsystem startup or last reset 322894

Current session counts (estab/half-open/terminating) [0:0:0]

Maxever session counts (estab/half-open/terminating) [625:140:66]

Last session created 00:00:00

Last statistic reset never

TCP reassembly statistics

received 241611 packets out-of-order; dropped 50192

peak memory usage 121 KB; current usage: 0 KB

peak queue length 16

sectel123 · ‎10-08-2009

try this, it should bump up your counters and stop some of the false reports

>>

ip inspect log drop-pkt

ip inspect max-incomplete high 8000

ip inspect max-incomplete low 7900

ip inspect one-minute high 8000

ip inspect one-minute low 7900

ip inspect udp idle-time 360

ip inspect dns-timeout 10

ip inspect tcp idle-time 7200

ip inspect tcp max-incomplete host 250 block-time 1

ip inspect tcp reassembly queue Length 128

ip inspect tcp reassembly timeout 10