Even though the interface is 100Mbps, 40Mbps could spike overruns depending on the traffic burstiness. So even though you don't exceed the average there are bursts that the transmitter cannot transmit and loses.
So we used that same logic, must be too much traffic spiking.
We even lowered the handful of servers in the DMZ to 100Full -- no change.
So now we have a 5540 with a gig connections. No difference, still getting thousands and thousands of overruns.
Now we even see overruns on outside and a few on inside.
I see this on multiple customers, multiple ASA & PIX configs.
I'm not sure if it is an obscure accounting issue - for instance the ASA reports an SNMP discarded packet for every DENY. So suddenly you'll have millions of discards on your ethernet port which has nothing to do with ethernet discards but are Layer 3- Layer-7 discard. The ethernet packet was accepted as a valid packet. This is the first firewall to report denys as SNMP reported interface discards.
If it is a performance issue it is something low level and TAC was not able to help us to determine what was wrong. We got the same explanation about exceeding port. The 100 Mb NIC was receiving traffic from the 100Mb Siwtchport faster than allowed (by the hardware installed in the firewall). We aren't exceeding 100Mb--just exceeding the capabilty of the hardware Cisco chose for their NICs & firewall.
The theory is bursts. The theory always seems to be it is bursts.
There are other reasons for overruns on an interface as well.
For traffic to be taken off the wire and put back on to the wire, blocks of size 1550 are used. These blocks are used by other services as well, such as Web Filtering. Depletion of these blocks because of long queues for Web Filtering, or because of other processes which use 1550 blocks, can also cause overruns to happen.
The value of "low" for 1550 blocks in "show block" output, if 0, would indicate depletion of 1550 blocks at some time.
Secondly, even if value is not 0 but low, fragmentation of memory could cause blocks of 1550 to be unavailable for allocation.
I shall try to enlist further reasons for overruns if i come across them.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...