Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
4
Replies

Poor http performace of pix 525 running 7.0(1) OS

mengye
Level 1
Level 1

‎05-15-2006 07:13 AM - edited ‎02-21-2020 12:54 AM

I found many fram drops:

gpix# sh asp drop

Frame drop:

Reverse-path verify failed 282

Flow is denied by access rule 619

Out of flow cache memory 102

First TCP packet not SYN 813

TCP failed 3 way handshake 254

TCP RST/FIN out of order 44

TCP SEQ in SYN/SYNACK invalid 1

TCP packet SEQ past window 3

TCP packet buffer full 10447

TCP RST/SYN in window 16

TCP DUP and has been ACKed 665

FP L2 rule drop 90

I also found drops on Interface:

gpix# sh inter inside

Interface Ethernet1 "inside", is up, line protocol is up

Hardware is i82559, BW 100 Mbps

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

MAC address 000a.b729.1d39, MTU 1500

IP address 172.16.1.1, subnet mask 255.255.255.0

2725739 packets input, 2670541923 bytes, 0 no buffer

Received 1729 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

2423958 packets output, 413055078 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/35)

output queue (curr/max blocks): hardware (0/46) software (0/1)

Received 2725686 VLAN untagged packets, 2630170213 bytes

Transmitted 2423958 VLAN untagged packets, 366290372 bytes

Dropped 84920 VLAN untagged packets

gpix#

The main reason is "TCP packet buffer full", but can anyone tell me how can I deal with it?

1 person had this problem
0 Helpful
4 Replies 4

bbaley
Level 3
Level 3

‎05-19-2006 07:08 AM

Try the bug - CSCei29277

0 Helpful

dondongamo
Level 1
Level 1

‎05-19-2006 10:15 PM

Have found out some other tcp issues with ver 7.0(1)

but after upgrading to 7.0(5) we have felt an improved performance. Can't say much especially with the earlier release of ver. 7.0 but the bottom line after series of debugging and reading caveats code upgrade is the ultimate solution.

hope this helps...

0 Helpful

mengye
Level 1
Level 1
In response to dondongamo

‎05-20-2006 06:09 PM

Thanks a lot!

Here is what I have done:

Firstly I upgraded it to 7.1(2),the performance got improved, bt the pix reboots itself every 30 minutes!

Then I had to downgrade it to 7.0(5), now it seemed OK, but I don't know what is awaiting me in the future.

0 Helpful

dondongamo
Level 1
Level 1
In response to mengye

‎05-21-2006 01:25 AM

if you are using 7.0 code series cisco suggests path upgrade fr 7.0(1)-7.0(2)-7.0(4)-7.0(5) but whatever awaits in the future still remain to be seen cisco forum is always around, you are encourage to share your experiences/issues and there will always someone out there will share their solutions & the last resort raise a TAC case...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card