cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
917
Views
0
Helpful
3
Replies

Why no info on "TCP reassembly queue overflow"

kwallewein
Level 1
Level 1

I'm getting syslog messages from IOS 12.4(9)T3 that I can't figure out what to do with, e.g.:

%FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1102628888 576 bytes is out-of-order; expected seq:1102605840. Reason: TCP reassembly queue overflow

I've searched and couldn't find any reference anywhere regarding "TCP reassembly queue overflow".

1. Why are there messages in IOS that appear to be completely undocumented?

2. If they are something I should act upon, what kid of actions are appropriate?

3. If not, and they aren't causing me problems, I'd rather not receive them -- how do I accomplish that?

3 Replies 3

sachinraja
Level 9
Level 9

Hello,

have u checked if the ios has any caveates ? might be a software bug... have u enabled IPS on your router ? this can happen if you have IPS turned on with less re-assembly limit... you can have this parameter tweaked with the "ip inspect tcp reassembly" command, given on the following URL

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/124t11/ht_ooop.htm#wp1051333

Hope this helps.. all the best..

Raj

Yes, I am running IPS. Your suggestion makes sense -- the reassembly queue was at defaults. Doesn't explain the lack of documentation, though. I have trouble understanding why the IOS development team doesn't have a rule that all error messages must be documented. Seems like a no-brainer....

Oh,wait, all IOS messages are intuitively obvious, right?

Reminds me of a programmer I once knew who refused to document properly. Figured it was job security. Is that what makes IOS so inscrutable?

yes I agree. ALL, error messages and warnings should have hints and/or tips

ie

ip inspect log drop-pkt

ip inspect max-incomplete high 8000

ip inspect max-incomplete low 7900

ip inspect one-minute high 8000

ip inspect one-minute low 7900

ip inspect udp idle-time 360

ip inspect dns-timeout 10

ip inspect tcp idle-time 7200

ip inspect tcp max-incomplete host 250 block-time 1

ip inspect tcp reassembly queue Length 128

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: