Wednesday 4 January 2017

Troubleshooting packet loss and performance issues with the Cisco ASA

We should firstly identify whether there are any problems with the CPU or memory with:

show cpu

Typically if you are hitting an average of 80% or above you should be concerned.


show memory

You should also identify any interface errors with:

show interface | i errors

and reissue it after 30 seconds or so to identify if it's increasing or not.

We should also get a rough idea of the traffic throughput while we are experiencing the problem by firstly clearing the existing traffic information with:

clear traffic

and then after 5 minutes or so running the following command:

show traffic

We should also check connection counts / limits with:

show conn count

Pay attention to the limit vs the current connection count.

For a more granular overview of actions such as NAT translations, tcp connections etc. we can use the 'perfmon' command to get the number per second:

show perfmon

We can issue the 'show blocks' command to check whether the memory is over commited:

show blocks

The 'CNT' column informs us how many blocks we have available to the device - if any are zero - or rather are frequently zero this causes an overflow and information is dropped.


Post a Comment