Cisco Cisco ASA for Nexus 1000V Series Switch 문제 해결 가이드
ASA# show interface GigabitEthernet0/1
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0026.0b31.0c59, MTU 1500
IP address 10.0.0.113, subnet mask 255.255.0.0
580757 packets input, 86470156 bytes, 0 no buffer
Received 3713 broadcasts, 0 runts, 0 giants
2881 input errors, 0 CRC, 0 frame, 2881 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
905828 packets output, 1131702216 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/202)
In the example above, 2881 overruns were observed on the interface since the ASA booted up or
since the command clear interface was entered in order to clear the counters manually.
since the command clear interface was entered in order to clear the counters manually.
Causes of Interface Overruns
Interface overrun errors are usually caused by a combination of these factors:
Software level - The ASA software does not pull the packets off of the interface FIFO queue
fast enough. This causes the FIFO queue to fill up and new packets to be dropped.
fast enough. This causes the FIFO queue to fill up and new packets to be dropped.
●
Hardware level - The rate at which packets come into the interface is too fast, which causes
the FIFO queue to fill before the ASA software can pull the packets off. Usually, a burst of
packets causes the FIFO queue to fill up to maximum capacity in a short amount of time.
the FIFO queue to fill before the ASA software can pull the packets off. Usually, a burst of
packets causes the FIFO queue to fill up to maximum capacity in a short amount of time.
●
Steps to Troubleshoot the Cause of Interface Overruns
The steps to troubleshoot and address this problem are:
Determine if the ASA experiences CPU hogs and if they contribute to the problem. Work to
mitigate any long or frequent CPU hogs.
mitigate any long or frequent CPU hogs.
1.
Understand the interface traffic rates and determine if the ASA is oversubscribed due to the
traffic profile.
traffic profile.
2.
Determine if intermittent traffic bursts cause the problem. If so, implement flow control on the
ASA interface and adjacent switchports.
ASA interface and adjacent switchports.
3.
Potential Causes and Solutions
CPU on the ASA is Periodically Too Busy to Process Incoming Packets (CPU
Hogs)
Hogs)
The ASA platform processes all packets in software and uses the main CPU cores that handle all
system functions (such as syslogs, Adaptive Security Device Manager connectivity, and
Application Inspection) in order to process incoming packets. If a software process holds the CPU
system functions (such as syslogs, Adaptive Security Device Manager connectivity, and
Application Inspection) in order to process incoming packets. If a software process holds the CPU