Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

traffic NFS over TCP Out-of-Order and DUP ACK passing through FWSM

Hi,

     I recently had problems with our Server Network and after capture network traffic I realized that there are a lot of bad TCP traffic from servers: TCP out-of-order, Dup ACK, Retransmission.

     I was suspecting of my FWSM and moved servers network behind the FWSM to the front. My susrprise was that the bad traffic dissapeared so it is related to FWSM behavior directly.

    I am running the last FWSM version 4.1(3) and usually the network works fine even with bad traffic but when the traffic increase the services go down.

   Someone could help me about this bad TCP traffic ?, I was looking about options as randomization but I don´t know if it is exactly what I need.

   The FWSM CPU is very idle (<10%) and is not dropping packets like I could see. The network trafiic sometimes could be up to 800Mbps from a client to a server with NFS over TCP.

                                                                                                                                         Best regards, Jorge Goya.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: traffic NFS over TCP Out-of-Order and DUP ACK passing throug

Even though we haven't done full analysis on this., if the symptom is low performance and the FWSM is responsible for the Out of Order packets then try command "sysopt np-completion unit" on the FWSM and see if that helps.

I hope it does.

PK

Cisco Employee

Re: traffic NFS over TCP Out-of-Order and DUP ACK passing throug

The "sysopt np-completion unit"  does not fix saturation issues. It fixes Out of Order packets introduced by the FWSM that could slow down transfers and TCP traffic.

https://supportforums.cisco.com/docs/DOC-13066 explains how to see if your FWSM is oversubscribed, but that is irrelevant to OOO packets.

PK

3 REPLIES
Cisco Employee

Re: traffic NFS over TCP Out-of-Order and DUP ACK passing throug

Even though we haven't done full analysis on this., if the symptom is low performance and the FWSM is responsible for the Out of Order packets then try command "sysopt np-completion unit" on the FWSM and see if that helps.

I hope it does.

PK

New Member

Re: traffic NFS over TCP Out-of-Order and DUP ACK passing throug

Hi again,

      I don´t believe that FWSM is falling into saturation because now I have low traffic passing through and the captures shows some TCP bad traffic yet. Could you let me know a document to understand the counters when I use "sh np blocks" command ?

     There is additional commnads to check if the FWSM is saturated and due to this is dropping packets ?

                                                                                                                       Regards, Jorge.

Cisco Employee

Re: traffic NFS over TCP Out-of-Order and DUP ACK passing throug

The "sysopt np-completion unit"  does not fix saturation issues. It fixes Out of Order packets introduced by the FWSM that could slow down transfers and TCP traffic.

https://supportforums.cisco.com/docs/DOC-13066 explains how to see if your FWSM is oversubscribed, but that is irrelevant to OOO packets.

PK

3128
Views
4
Helpful
3
Replies
CreatePlease to create content