Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why no info on "TCP reassembly queue overflow"

I'm getting syslog messages from IOS 12.4(9)T3 that I can't figure out what to do with, e.g.:

%FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1102628888 576 bytes is out-of-order; expected seq:1102605840. Reason: TCP reassembly queue overflow

I've searched and couldn't find any reference anywhere regarding "TCP reassembly queue overflow".

1. Why are there messages in IOS that appear to be completely undocumented?

2. If they are something I should act upon, what kid of actions are appropriate?

3. If not, and they aren't causing me problems, I'd rather not receive them -- how do I accomplish that?

3 REPLIES

Re: Why no info on "TCP reassembly queue overflow"

Hello,

have u checked if the ios has any caveates ? might be a software bug... have u enabled IPS on your router ? this can happen if you have IPS turned on with less re-assembly limit... you can have this parameter tweaked with the "ip inspect tcp reassembly" command, given on the following URL

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/124t11/ht_ooop.htm#wp1051333

Hope this helps.. all the best..

Raj

New Member

Re: Why no info on "TCP reassembly queue overflow"

Yes, I am running IPS. Your suggestion makes sense -- the reassembly queue was at defaults. Doesn't explain the lack of documentation, though. I have trouble understanding why the IOS development team doesn't have a rule that all error messages must be documented. Seems like a no-brainer....

Oh,wait, all IOS messages are intuitively obvious, right?

Reminds me of a programmer I once knew who refused to document properly. Figured it was job security. Is that what makes IOS so inscrutable?

New Member

Re: Why no info on "TCP reassembly queue overflow"

yes I agree. ALL, error messages and warnings should have hints and/or tips

ie

ip inspect log drop-pkt

ip inspect max-incomplete high 8000

ip inspect max-incomplete low 7900

ip inspect one-minute high 8000

ip inspect one-minute low 7900

ip inspect udp idle-time 360

ip inspect dns-timeout 10

ip inspect tcp idle-time 7200

ip inspect tcp max-incomplete host 250 block-time 1

ip inspect tcp reassembly queue Length 128

645
Views
0
Helpful
3
Replies
CreatePlease login to create content