Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13869
Views
4
Helpful
3
Replies

Help with Underrun errors

Ryan.Bachman_2
Level 1
Level 1

‎11-20-2009 07:08 AM - edited ‎03-11-2019 09:41 AM

I am experiencing a high amout of underrun packet drops for egress traffic out my inside interface on a ASA 5520 (avg 10 packet drops p/sec).  I am not completely clear on the understanding of underruns, but my understanding is that the harware is working faster the the software processing.  I am hoping someone can give me a few suggestions as to where I should look for my problems, or what typically leads to this type of performance.  I am sure traffic patterns matter in this type of situation, and I have about 50Mbps sustained traffic ingress on my Untrusted port, and 60-70 MBps ingress on my DMZ port.  Traffic peaks at higher rates, those are just daily averages.  Do I need to move up models?  Thanks so much for your help.

Ryan

Labels:
0 Helpful
3 Replies 3

Kureli Sankar
Cisco Employee
Cisco Employee

‎11-20-2009 07:52 AM

An Overrun is when an incoming (ingress) packet hits the PIX's NIC, and the rx ring is full.  This is generally caused by elevated CPU, or cpu hogs or infected hosts.

An Underrun is when part of the packet is in the tx ring, and the driver starts transmitting it on the wire, but is unable to get the remaining part of the packet by the time it has finished transmitting the first part.

Pls. take a look at CSCso66911    ASA55x0 GE output stuck and underrun errors

here: http://tools.cisco.com/Support/BugToolKit/

Resolved in 008.000(005)          008.000(004.005)          007.002(004.009)

Also this one CSCsz58391    Burst Traffic causes underrun when QoS shaping is enabled on ASA

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee

‎11-20-2009 11:49 AM

It seems you might be oversuscribing your box.

If you see overrung/underruns and have 40-70Mbps with higher bursts it is likely to be overloaded when there are traffic spikes.

Keep an eye on your cpu too and try to alleviate it if possible. If your cpu is constantly high due to traffic you might need more hardware.

I hope it helps.

PK

Ryan.Bachman_2
Level 1
Level 1
In response to Panos Kampanakis

‎11-20-2009 01:00 PM

PK -

Thanks for the suggestion.  I was leaning the same way.  About 85% of the traffic is web, and I don't have any sort of proxy solution in place.  Probably try to mitigate it with a couple of Squid Servers to see if I can get the load down.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card