Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Information contained in the show blocks command output

Resolution

The show blocks command is useful in diagnosing certain network problems. This command displays the maximum available buffer space on the PIX Firewall. It also shows the current available buffer space and lowest amount of buffer space that has been available.

If at any point the buffer space reaches zero, there is an overflow, and information is dropped. When this occurs, it usually happens on the PIX network interfaces.

When the buffer space is very low or frequently hits zero, there is an indication that too much traffic is trying to pass through the PIX. To resolve the issue, steps or design considerations may need to be considered.

This is an example of the output seen when issuing the show blocks command:

 

SIZE        MAX        LOW        CNT

4           1600        1600       1600

80          100         97         97

256         80          79         79

1550        788         402        404

65536       8           8          8

This list details each column of the output:

 

  • The SIZE column displays the block type.

  • The MAX column is the maximum number of allocated blocks.

  • The LOW column is the fewest blocks available since the last reboot.

  • The CNT column is the current number of available blocks.

  • A zero in the LOW column indicates a previous event where memory was exhausted.

  • A zero in the CNT column means memory is exhausted. Exhausted memory is not a problem, as long as traffic is moving through the PIX .

To see if traffic is moving, issue the show conn command. If traffic is not moving and the memory is exhausted, a problem may be indicated.

This is sample output from the show conn command:

PixFirewall(config)#show conn

6 in use, 6 most used

TCP out 209.165.201.1:80 in 10.3.3.4:1404 idle 0:00:00 Bytes 11391

TCP out 209.165.201.1:80 in 10.3.3.4:1405 idle 0:00:00 Bytes 3709

TCP out 209.165.201.1:80 in 10.3.3.4:1406 idle 0:00:01 Bytes 2685

TCP out 209.165.201.1:80 in 10.3.3.4:1407 idle 0:00:01 Bytes 2683

TCP out 209.165.201.1:80 in 10.3.3.4:1403 idle 0:00:00 Bytes 15199

TCP out 209.165.201.1:80 in 10.3.3.4:1408 idle 0:00:00 Bytes 2688

UDP out 209.165.201.7:24 in 10.3.3.4:1402 idle 0:01:30

UDP out 209.165.201.7:23 in 10.3.3.4:1397 idle 0:01:30

UDP out 209.165.201.7:22 in 10.3.3.4:1395 idle 0:01:30 

In this example, host 10.3.3.4 on the inside has accessed a website at 209.165.201.1. The global address on the outside interface is 209.165.201.7.

The clear blocks command keeps the maximum count to whatever number is allocated in the system and equates the low count to the current count.

This list details the use of each block:

  • 4. Duplicates existing blocks in the Domain Name System (DNS), Internet Security Association and Key Management Protocol (ISAKMP), URL-filtering, user authentication (uauth), H.323, and Transmission Control Protocol (TCP) modules

  • 80. Used in TCP intercept to generate an Acknowledgment (ACK) packet, failover, and hello messages

  • 256. Stateful failover, syslog, and TCP module

    

  • 1550. Ethernet packets, buffering URL, and filtered packets

  • 65536. QoS metrics
Version history
Revision #:
1 of 1
Last update:
‎06-18-2009 04:04 PM
Updated by:
 
Labels (1)