I am experiencing a high amout of underrun packet drops for egress traffic out my inside interface on a ASA 5520 (avg 10 packet drops p/sec). I am not completely clear on the understanding of underruns, but my understanding is that the harware is working faster the the software processing. I am hoping someone can give me a few suggestions as to where I should look for my problems, or what typically leads to this type of performance. I am sure traffic patterns matter in this type of situation, and I have about 50Mbps sustained traffic ingress on my Untrusted port, and 60-70 MBps ingress on my DMZ port. Traffic peaks at higher rates, those are just daily averages. Do I need to move up models? Thanks so much for your help.
An Overrun is when an incoming (ingress) packet hits the PIX's NIC, and the rx ring is full. This is generally caused by elevated CPU, or cpu hogs or infected hosts.
An Underrun is when part of the packet is in the tx ring, and the driver starts transmitting it on the wire, but is unable to get the remaining part of the packet by the time it has finished transmitting the first part.
Pls. take a look at CSCso66911 ASA55x0 GE output stuck and underrun errors
Thanks for the suggestion. I was leaning the same way. About 85% of the traffic is web, and I don't have any sort of proxy solution in place. Probably try to mitigate it with a couple of Squid Servers to see if I can get the load down.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...