Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

%FW-4-TCP_OoO_SEG: Dropping TCP Segment

Any idea what this means? Why are these packets being dropped?

Mar  2 13:46:11.315: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1826858942 1492 bytes is out-of-order; expected seq:1826829902. Reason: TCP reassembly queue overflow - session 10.2.31.31:50052 to 31.13.69.42:80

Mar  2 13:52:13.439: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1264022358 1492 bytes is out-of-order; expected seq:1263984606. Reason: TCP reassembly queue overflow - session 10.2.31.31:50228 to 184.84.239.17:80

Mar  2 14:08:46.261: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:3591782745 1492 bytes is out-of-order; expected seq:3591717405. Reason: TCP reassembly queue overflow - session 10.2.31.13:58412 to 207.46.206.46:80

Mar  2 14:08:47.825: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:3591726117 1492 bytes is out-of-order; expected seq:3591720309. Reason: TCP reassembly queue overflow - session 10.2.31.13:58412 to 207.46.206.46:80

1 REPLY
New Member

%FW-4-TCP_OoO_SEG: Dropping TCP Segment

Ronni,

It looks like you are running some firewall inspection features on your router. What's happening is your out-of-order queue is getting full and dropping packets.

One thing you can try is increasing the queue size:

ip inspect tcp reassembly queue length 

I would suggest starting with a size of about 80 to see if it has any effect on the logs. If you are still seeing an issue, could you provide a 'show ip inspect statistics' and any relevant configuration?

Thanks!

Joey

9221
Views
10
Helpful
1
Replies