Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Interface Rate Limit Drops

We are seeing rate limit drops on a  new internet ethernet connection. I can't seem to find an explanation  that does not have Qos in the reason for the rate limit drops.

Here is what we see on a ASA 5520 running 8.3.

Interface GigabitEthernet1/2 "outside", is up, line protocol is up

  Hardware is VCS7380 rev01, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

        Input flow control is unsupported, output flow control is unsupported

        Media-type configured as RJ45 connector

        Description: Outside connection to TWT port 0/1

        MAC address c84c.xxxx.xxx, MTU 1500

        IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.252

        189630202 packets input, 151713633224 bytes, 0 no buffer

        Received 201 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        168620541 packets output, 79755781476 bytes, 0 underruns

        0 pause output, 0 resume output

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops

        406895 rate limit drops

        input queue (blocks free curr/low): hardware (0/0)

        output queue (blocks free curr/low): hardware (0/0)

  Traffic Statistics for "outside":

        189563376 packets input, 148146509320 bytes

        169040114 packets output, 76924197238 bytes

        2782075 packets dropped

      1 minute input rate 1398 pkts/sec,  1258861 bytes/sec

      1 minute output rate 1195 pkts/sec,  418651 bytes/sec

      1 minute drop rate, 8 pkts/sec

      5 minute input rate 2109 pkts/sec,  1888351 bytes/sec

      5 minute output rate 1881 pkts/sec,  1019056 bytes/sec

      5 minute drop rate, 11 pkts/sec

When  I do a 'sh run int g1/2' it shows nothing but the actual interface so I  think that its not being dropped by us. The interface utilization is  low so I dont think thats the issue.

I am sure there is an easy explanation of why there are packets dropping, does anyone have it?

THANKS!!!!

  • Firewalling
Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Interface Rate Limit Drops

Can you clear the counters and test if they only occur on high load?

When you have set the IF to 100 and your inside is 1000, you can get packet drops because the connections from inside are too fast.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
6 REPLIES

Interface Rate Limit Drops

Charlie,

Can you update to the latest Firmware (9.1.2) and ASDM (7.1.3) and see if the issue continues?  You might also try hard setting G1/2 to 100MB/Full instead of Auto.  If the issue continues after both of these, I would recommend placing a Cisco switch between G1/2 and the new internet connection as the issue may be on the ISP CPE ethernet connection to your ASA and may be corrected by the switch.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Interface Rate Limit Drops

Shawn,

Upgrading from 8.3 to 9.1 is not an option without extensive testing. (also, not really sure if this has any impact on the actual link, we get 90 up and down pretty consistently)

This was more of an educational/knowledge question than a 'I have a problem' question. I dont 'get it' and I can't google the answer so I thought I'd put it out there to a group that is a lot smarter than me. :-)

On circuit turn up the ISP and us had it hard set to 100/full and were getting errors and huge circuit degradation. In experimenting with adaptor setting the only way to run clean was for them to hard set and us in auto....

This firewall is directly connected to the ISP's ME3400E.

Thanks!

C.T.

Interface Rate Limit Drops

Understood.  When you say 90 Up/Down, is it 90 Up and 90 Down for a max potential of 180Mbps or is it a max potential of 90Mbps regardless of whether it's up or down?

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: Interface Rate Limit Drops

It is a 100Mb Ethernet link and get anywhere from 85-94Mb down and 83-89 up, which is OK.

I just got the ISP to give me stats out of their interface.

HSNN48H1C7001#sh int Fa0/1

FastEthernet0/1 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is xxx

Description: xxx

MTU 1546 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 19/255, rxload 5/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:09, output hang never

Last clearing of "show interface" counters 1w5d

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1279487

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 2123000 bits/sec, 774 packets/sec

5 minute output rate 7626000 bits/sec, 1065 packets/sec

517728225 packets input, 238568853356 bytes, 0 no buffer

Received 0 broadcasts (0 multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

625023464 packets output, 510019179129 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

SO, there is no flow control on ISP, we can now see the RX and TX loads and they are nothing..... that takes me back to orginal question....where is the rate limiting happening that are being reporting at the interface level?? hmmm

Any insight would be greatly apperciated.

THANKS!!!!

Re: Interface Rate Limit Drops

Can you clear the counters and test if they only occur on high load?

When you have set the IF to 100 and your inside is 1000, you can get packet drops because the connections from inside are too fast.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

Re: Interface Rate Limit Drops

Michael,

You hit it.

While they do climb (at very little increase) during no load times,, when I flood it the counters start cranking up.

There is/was a simple explanation that makes perfect sense.

THANKS!!

C.T.

775
Views
4
Helpful
6
Replies