Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 476 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall High Discards on Cisco switch that connects to LAN Port

Andrew Rayfield1

Hello all

I have battling for months to work this one out.

I have two XG firewalls in a active passive HA. Both have a cable to a Cisco 6500. The cisco has a static route to send 0.0.0.0 to the firewall lan ip.

As traffic flow increases as people use the internet more I find high discards on the cisco port that connects to the LAN port of the XG. This also impacts internet performance.

If i change a device on the LAN to default gateway to the LAN interface on the XG then performance is restored, only when routing via the cisco do i get these discards. So that rules out cables and the ports.

Below is the output from show network interfaces and netstat -s

Any suggestions on where to look next would be great.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.11.26 21:49:53 =~=~=~=~=~=~=~=~=~=~=~=
[K console> show network interfaces
GuestAP Zonetype:UNBOUND MAC Address:F2:66:D6:F4:D7:6D MTU:1500
IPv4 Addr(s): 10.255.0.1/24 Bcast:10.255.0.255
UP BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


Port1 Zonetype:LAN MAC Address:00:E0:20:06:FA:DC MTU:1500
IPv4 Addr(s): 192.168.231.251/24 Bcast:192.168.231.255
IPv6 Addr(s): fe80::2e0:20ff:fe06:fadc/64 (link-local)
Speed:1000Mb/s Full Duplex Auto Negotiation:yes
UP BROADCAST RUNNING MULTICAST
RX State: packets:53540709915 bytes:56785802750495 (51.6 TiB)
errors:0 dropped:110568 overruns:31 frame:0
TX State: packets:49418499248 bytes:13705224529283 (12.4 TiB)
errors:0 dropped:0 overruns:0 carrier:0


Port10 Zonetype:UNBOUND MAC Address:7C:5A:1C:59:24:7C MTU:1500
Speed:65535Mb/s Full Duplex
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


Port2 Zonetype:WAN MAC Address:00:E0:20:15:0E:49 MTU:1500
IPv4 Addr(s): 176.57.253.132/26 Bcast:176.57.253.191
176.57.253.183/32
176.57.253.190/32
176.57.253.134/32
176.57.253.138/32
176.57.253.136/32
176.57.253.150/32
176.57.253.151/32
176.57.253.141/32
176.57.253.152/32
176.57.253.156/32
176.57.253.159/32
176.57.253.160/32
176.57.253.189/32
176.57.253.142/32
176.57.253.143/32
176.57.253.148/32
176.57.253.145/32
176.57.253.163/32
176.57.253.133/32
176.57.253.147/32
176.57.253.162/32
--More-- 176.57.253.149/32
176.57.253.157/32
176.57.253.182/32
176.57.253.135/32
176.57.253.164/32
176.57.253.184/32
IPv6 Addr(s): fe80::2e0:20ff:fe15:e49/64 (link-local)
Speed:1000Mb/s Full Duplex Auto Negotiation:yes
UP BROADCAST RUNNING MULTICAST
RX State: packets:50826075422 bytes:18403080722624 (16.7 TiB)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:60863835987 bytes:56086295089914 (51.0 TiB)
errors:0 dropped:0 overruns:0 carrier:0


Port3 Zonetype:DMZ MAC Address:00:E0:20:11:08:FE MTU:1500
IPv4 Addr(s): 10.10.101.254/24 Bcast:10.10.101.255
IPv6 Addr(s): fe80::2e0:20ff:fe11:8fe/64 (link-local)
Speed:1000Mb/s Full Duplex Auto Negotiation:yes
UP BROADCAST RUNNING MULTICAST
RX State: packets:34910998021 bytes:6886017965859 (6.2 TiB)
errors:0 dropped:11873 overruns:0 frame:0
TX State: packets:26658209303 bytes:6693055517021 (6.0 TiB)
errors:0 dropped:0 overruns:0 carrier:0


Port4 Zonetype:DMZ MAC Address:7C:5A:1C:59:24:76 MTU:1500
IPv4 Addr(s): 10.10.110.1/24 Bcast:10.10.110.255
IPv6 Addr(s): fe80::7e5a:1cff:fe59:2476/64 (link-local)
Speed:1000Mb/s Full Duplex Auto Negotiation:yes
UP BROADCAST RUNNING MULTICAST
RX State: packets:64575343 bytes:19799131532 (18.4 GiB)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:221736958 bytes:48268795617 (44.9 GiB)
errors:0 dropped:0 overruns:0 carrier:0


Port5 Zonetype:LAN MAC Address:00:E0:20:15:0E:4E MTU:1500
IPv4 Addr(s): 172.20.80.1/21 Bcast:172.20.87.255
IPv6 Addr(s): fe80::2e0:20ff:fe15:e4e/64 (link-local)
Speed:1000Mb/s Full Duplex Auto Negotiation:yes
UP BROADCAST RUNNING MULTICAST
RX State: packets:2758121835 bytes:676393996196 (629.9 GiB)
errors:0 dropped:1631712 overruns:0 frame:0
TX State: packets:4067739155 bytes:4758417208832 (4.3 TiB)
errors:0 dropped:0 overruns:0 carrier:0


Port6 Zonetype:UNBOUND MAC Address:7C:5A:1C:59:24:78 MTU:1500
Speed:65535Mb/s Full Duplex Auto Negotiation:yes
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
--More-- errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


Port7 Zonetype:UNBOUND MAC Address:7C:5A:1C:59:24:79 MTU:1500
Speed:65535Mb/s Full Duplex Auto Negotiation:yes
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


Port8 Zonetype:UNBOUND MAC Address:7C:5A:1C:59:24:7A MTU:1500
Speed:65535Mb/s Full Duplex Auto Negotiation:yes
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


Port9 Zonetype:UNBOUND MAC Address:7C:5A:1C:59:24:7B MTU:1500
Speed:65535Mb/s Full Duplex
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


erspan0 Zonetype:UNBOUND MAC Address:00:00:00:00:00:00 MTU:1450
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


gretap0 Zonetype:UNBOUND MAC Address:00:00:00:00:00:00 MTU:1462
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


ifb0 Zonetype:UNBOUND MAC Address:52:B3:76:3B:85:1C MTU:1500
IPv6 Addr(s): fe80::50b3:76ff:fe3b:851c/64 (link-local)
UP BROADCAST RUNNING NOARP
RX State: packets:62095648568 bytes:53964193232993 (49.0 TiB)
--More-- errors:0 dropped:0 overruns:0 frame:0
TX State: packets:62095648568 bytes:53964193232993 (49.0 TiB)
errors:0 dropped:0 overruns:0 carrier:0


spq Zonetype:UNBOUND MAC Address:F6:1A:77:06:0B:F5 MTU:1500
BROADCAST MULTICAST
RX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 frame:0
TX State: packets:0 bytes:0 (0.0 B)
errors:0 dropped:0 overruns:0 carrier:0


XG450_WP02_SFOS 18.0.1 MR-1-Build396# netstat -s
Ip:
Forwarding: 1
0 total packets received
3122 with invalid headers
141404347712 forwarded
0 incoming packets discarded
1739476815 incoming packets delivered
143782028048 requests sent out
272061 outgoing packets dropped
284 dropped because of missing route
2547 fragments dropped after timeout
12529385 reassemblies required
6236948 packets reassembled ok
2547 packet reassemblies failed
289654 fragments received ok
78 fragments failed
631198 fragments created
Icmp:
221119439 ICMP messages received
106108 input ICMP message failed
ICMP input histogram:
destination unreachable: 220028696
timeout in transit: 127
echo requests: 852787
echo replies: 237829
230357184 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 228964486
time exceeded: 2511
redirect: 299549
echo requests: 237851
echo replies: 852787
IcmpMsg:
InType0: 237829
InType3: 220028696
InType8: 852787
InType11: 127
OutType0: 852787
OutType3: 228964486
OutType5: 299549
OutType8: 237851
OutType11: 2511
Tcp:
13164960 active connection openings
13723027 passive connection openings
141205 failed connection attempts
738680 connection resets received
322 connections established
990811835 segments received
1020085384 segments sent out
3746401 segments retransmitted
158 bad segments received
1435261 resets sent
Udp:
280002585 packets received
220349926 packets to unknown port received
390248 packet receive errors
651333745 packets sent
390248 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
32601 resets received for embryonic SYN_RECV sockets
264 ICMP packets dropped because they were out-of-window
ArpFilter: 43
13229932 TCP sockets finished time wait in fast timer
31178980 delayed acks sent
3451 delayed acks further delayed because of locked socket
Quick ack mode was activated 1017400 times
225 SYNs to LISTEN sockets dropped
260024295 packet headers predicted
55657794 acknowledgments not containing data payload received
177321708 predicted acknowledgments
7 times recovered from packet loss due to fast retransmit
TCPSackRecovery: 955339
TCPSACKReneging: 6
Detected reordering 10993 times using FACK
Detected reordering 32094 times using SACK
Detected reordering 58 times using reno fast retransmit
Detected reordering 7 times using time stamp
916 congestion windows fully recovered without slow start
7 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 6404
15218 congestion windows recovered without slow start after partial ack
TCPLostRetransmit: 129314
22 timeouts after reno fast retransmit
TCPSackFailures: 759
5772 timeouts in loss state
2831076 fast retransmits
169300 retransmits in slow start
TCPTimeouts: 582511
TCPLossProbes: 253737
TCPLossProbeRecovery: 33503
TCPSackRecoveryFail: 36291
TCPDSACKOldSent: 1055476
TCPDSACKOfoSent: 54778
TCPDSACKRecv: 132832
TCPDSACKOfoRecv: 826
56456 connections reset due to unexpected data
728856 connections reset due to early user close
22343 connections aborted due to timeout
TCPDSACKIgnoredOld: 8192
TCPDSACKIgnoredNoUndo: 53692
TCPSackShifted: 1771712
TCPSackMerged: 4971704
TCPSackShiftFallback: 1646302
TCPDeferAcceptDrop: 494067
TCPReqQFullDrop: 129
TCPRcvCoalesce: 227876205
TCPOFOQueue: 36921921
TCPOFOMerge: 53254
TCPChallengeACK: 321
TCPSYNChallenge: 163
TCPFastOpenCookieReqd: 23
TCPSpuriousRtxHostQueues: 105987
TCPAutoCorking: 1552848
TCPFromZeroWindowAdv: 3327
TCPToZeroWindowAdv: 3327
TCPWantZeroWindowAdv: 212741
TCPSynRetrans: 429767
TCPOrigDataSent: 725237549
TCPHystartTrainDetect: 53024
TCPHystartTrainCwnd: 4248357
TCPHystartDelayDetect: 40796
TCPHystartDelayCwnd: 3851477
TCPACKSkippedSynRecv: 25579
TCPACKSkippedSeq: 454
TCPACKSkippedTimeWait: 6
TCPACKSkippedChallenge: 13
TCPWinProbe: 383
TCPKeepAlive: 283054
TCPWqueueTooBig: 58
IpExt:
InNoRoutes: 15210
InTruncatedPkts: 368
InMcastPkts: 16454971
OutMcastPkts: 176064138
InBcastPkts: 18540217
OutOctets: 161368597829928
InMcastOctets: 14917207152
OutMcastOctets: 36234445160
InBcastOctets: 1817687463
InCsumErrors: 134
XG450_WP02_SFOS 18.0.1 MR-1-Build396#



This thread was automatically locked due to age.