i am working on a network, trying to find what is casuign performance issues. the site has a 225 mbps internet connection and can fairly easily peg that out. i have increased their speed to 350 mbps for troubleshooting and we havent pegged that out yet. i think the 5510 has a max throughput of 300mbps, so i dont expect to hit that. one of the first things i have found is error counters on their asa 5510. both the inside and outside interfaces are counting up input errors. the # of counters between input errors and overruns, (there are underruns too!) is exatly the same on each interface.
Interface Ethernet0/1 "inside", is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps) Input flow control is unsupported, output flow control is off MAC address 442b.0359.21dd, MTU 1500 IP address 192.168.6.1, subnet mask 255.255.255.0 312476526 packets input, 114296210506 bytes, 0 no buffer Received 318 broadcasts, 0 runts, 0 giants 20235 input errors, 0 CRC, 0 frame, 20235 overrun, 0 ignored, 0 abort 0 pause input, 0 resume input 0 L2 decode drops 481371281 packets output, 582283911170 bytes, 77596 underruns 0 pause output, 0 resume output 0 output errors, 0 collisions, 1 interface resets 0 late collisions, 0 deferred 0 input reset drops, 0 output reset drops, 0 tx hangs input queue (blocks free curr/low): hardware (255/230) output queue (blocks free curr/low): hardware (255/0) Traffic Statistics for "inside": 312474776 packets input, 108422541327 bytes 481448926 packets output, 573590766452 bytes 1063578 packets dropped 1 minute input rate 1665 pkts/sec, 989616 bytes/sec 1 minute output rate 1950 pkts/sec, 1906811 bytes/sec 1 minute drop rate, 11 pkts/sec 5 minute input rate 832 pkts/sec, 165855 bytes/sec 5 minute output rate 1187 pkts/sec, 1313979 bytes/sec 5 minute drop rate, 7 pkts/sec Interface Ethernet0/0 "outside", is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps) Input flow control is unsupported, output flow control is off MAC address 442b.0359.21dc, MTU 1500 IP address x.x.x.x, subnet mask 255.255.255.240 481773452 packets input, 582644590009 bytes, 0 no buffer Received 27549 broadcasts, 0 runts, 0 giants 49496 input errors, 0 CRC, 0 frame, 49496 overrun, 0 ignored, 0 abort 0 pause input, 0 resume input 0 L2 decode drops 311474391 packets output, 114204420600 bytes, 20447 underruns 0 pause output, 0 resume output 0 output errors, 0 collisions, 0 interface resets 0 late collisions, 0 deferred 0 input reset drops, 0 output reset drops, 0 tx hangs input queue (blocks free curr/low): hardware (255/230) output queue (blocks free curr/low): hardware (255/0) Traffic Statistics for "outside": 481773194 packets input, 573846100763 bytes 311494838 packets output, 108380968297 bytes 347768 packets dropped 1 minute input rate 1056 pkts/sec, 1066485 bytes/sec 1 minute output rate 785 pkts/sec, 165101 bytes/sec 1 minute drop rate, 0 pkts/sec 5 minute input rate 1187 pkts/sec, 1314411 bytes/sec 5 minute output rate 825 pkts/sec, 165472 bytes/sec 5 minute drop rate, 1 pkts/sec
a little bit about how everything is connected... there is a content filter inbetween the asa inside interface and the sites core. its an inline content filter and the ethernet interfaces are passive so the wan link still works even if the filter totally dies.
searching around google looking for tips on troubleshooting over runs has pretty much always sent me to look at cpu-hogs. i'm sorry, but the output of that command tells me nothing.
Process: tmatch compile thread, PROC_PC_TOTAL: 1, MAXHOG: 7, LASTHOG: 7 LASTHOG At: 16:16:16 UTC Feb 11 2018 PC: 818ecf2 (suspend)
I can't find any explanation of the data, so it tells me nothing.
when i run sh proc cpu-usage i usually only see a couple non-zero items. ssh, cause i'm ssh'd in, logger and dispatch unit. ssh and logger are always 0.x% and dispatch unit i have seen as high as 30%. 30% on the dispatch unit doesn't seem like its traffic being too high, but i'm just not sure.
1550 blocks look good.
sh blocks SIZE MAX LOW CNT 0 400 399 400 4 200 199 199 80 952 893 952 256 1900 1898 1900 1550 7843 7534 7584 2048 600 567 600 2560 900 899 900 4096 100 99 100 8192 100 100 100 16384 102 102 102 65536 16 16 16
all involved interfaces, on the asa and next hop devices are 1000 full, i captured packets on both sides of the asa toady and have them loaded into etherpeek, but i haven't really used this before and i'm not sure what to look for. any tips?
No comments:
Post a Comment