[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1831
  • Last Modified:

High discard transmit count and TCP Out-of-order issue

I noticed in my monitoring software (Solarwinds NPM) the other day that the interface connecting our main switch stack and our router has over 20 million (million!) transmit discards and climbing. My network has about 150-200 devices on it, this discard amount seems ridiculously high to me. We aren't having any noticeable network slowness, and had I not looked at this particular screen in the monitor software I wouldn't have known there was an issue at all. That being said, it was time to investigate.

I ran a "sh int" on my switch stack interface (gig speed) on my stack of 4 Cisco 3750 switches. Nothing looked unusual. Ran the same command on my core router (Cisco 2821) inside interface (gig speed). One thing stood out: 1237956 unknown protocol drops and rising. It's not 20 million but it's a good start.

Tracked down this article: https://supportforums.cisco.com/docs/DOC-15490 and made sure DTP, CDP, LLDP, VTP are not applied/enable on either where applicable. Checked, protocol drop count was still going up.

SPAN’d (mirrored) the switch port we're having problems with to sniff the traffic with Wireshark. Results show I’m getting a lot of “TCP Retransmission” “TCP Out-of-order” and “TCP Dup ACK”. From my research these errors show a bottle neck somewhere, I'm unsure of where that bottleneck is as everything is gigabit speed leading from the PC out to the internet. PC <--gig--> Switch <--gig--> Router <--gig--> Firewall.

My question: where do I go from here as far as figuring out where this bottleneck is? Or alternatively if it's not a bottleneck, what settings need to be changed to fix the unknown protocol drops?
0
travisryan
Asked:
travisryan
  • 4
  • 2
1 Solution
 
marine7275Commented:
Most of them are collisions I would bet. I would check your frame sizes and duplex settings on devices.
0
 
travisryanAuthor Commented:
How would check to see if it was collisions or not? How would I determine what the optimal frame size and duplex settings are?
0
 
marine7275Commented:
You would have to do this app by app and device by device. Inventory all your gear and start reading recommended settings. Most could be solved by setting duplex to x-full instead of auto-negotiate.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
travisryanAuthor Commented:
MTU size is 1500 on both devices. Full-duplex is set on both interfaces.
0
 
travisryanAuthor Commented:
It looks like this has to do with our security camera computers, waiting on their support to answer me back.
0
 
travisryanAuthor Commented:
Waiting on security camera software vendor.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now