[SOLVED] many outgoing packets dropped

Similar Messages

• Windows 2008 R2 Std SP1 - firewall reports packets dropped...

  Hi,
  1) I'm trying to harden the Windows firewall on standalone (non AD) Windows 2008 R2 Std SP1 server, and restrict outgoing packets to known rules. What I'm seeing is firewall log entries showing dropped packets,
  and the dropped packets are always zero length. e.g. I configured a rule to allow Windows Service Host svchost.exe to reach out to MS for MS Security Essentials Updates, and it is able to check for and download updates - but what I see are dropped zero length
  packets for the target IP addresses that I have allowed in the rule. I see other packets too, for other application targets, for which new rules allow the application to work
  - but again I see dropped zero length packets. Is there a feature that I can disable to allow the zero length packets out?
  2) Also, I've enabled firewall logging to a file, but I see a mis-match between what appears in the \Windows\System32\LogFiles\Firewall\*.log files versus
  the event ID 5152 entries in the Security event log - I mean, sometimes I see corresponding matching entries - most of the time I don't - it's as if some of the notifications re dropped packets make it to the firewall log file, and some make to the
  event log, and some make it to both.  Is this just a-typical and that's just the way it is?
  Thanks.  Dave.

  Hi Dave,
  I suggest you use Netsh commands to collect diagnostic data of Windows Firewall and IPsec, the collected data will be exported into an XML file that we can examine for clues to the cause of the problem. 
  Please use this command below for capturing:
  netsh wfp capture start file= "path and file".
  More information for you:
  Netsh Commands for Windows Filtering Platform (WFP) in Windows Server 2008 R2
  http://technet.microsoft.com/en-us/library/dd735538(v=WS.10).aspx
  [SDP 3][ 4f18caa6-df64-4dfd-a18e-096cf5a6a0fc] IPSEC Trace Logging
  http://support.microsoft.com/kb/2749575
  Best Regards,
  Amy

• High packet drop over FCoE setup

  We have nexus 5k switch connected to storage array through FCoE 10GB interface and with blade chasse support FCoE. We are facing a hug latency on the traffic flow between the server and the storage. Can some one help me to solve this issue? Also do we need to setup the jumbo frame and modify the MTU size?
  Sent from Cisco Technical Support iPad App

  Aymen,
  MTU should not be an issue.  No need to modify the MTU for regular ethernet traffic, unless you're using IP storage such as iSCSI. 
  Let's narrow down the problem first. 
  1. Do you see packet loss/performance issues on other servers connected to the same N5K(s)?
  2. Are you seeing any packet drops on the N5K interfaces or GATOs ASIC? 
  show interface e1/20 counters errors
  show interface e1/20 flowcontrol
  show interface e1/20 priority-flow-control
  show system internal ethpm errors | egrep Ethernet1/20
  show hardware internal gatos port ethernet 1/20| egrep -i err
  I would check these counters on both the host facing and arrary facing interfaces.
  3. What is the exact array that is FCoE attached?
  4. Do you have a topology diagram?
  5. What are the server side adapters, firmware and driver versions being used (include the OS on the host).
  Regads,
  Robert

• Many times I drop a photo into a book page box and it resizes it.  I want to scale it smaller but it only allows me to make it bigger.  Why can't I slide to make it smaller?

  many times I drop a photo into a book page box and it resizes it.  I want to scale it smaller but it only allows me to make it bigger.  Why can't I slide to make it smaller?

  Control (right) - click on the photo in the frame and select Fit to Frame Size in the contextual menu.
  Here's an extreme example of that:
  OT

• Customer packet drops issue

  Hi,
  Our customer took 30Mbps metro link from us. Even at 17Mbps link utilization they are facing packet drops. Our side policer is implemented for 30Mbps. There are no errors on customer or our interfaces. But I can see exceed packets under 'show policy-map interface' . Used maximum Bc. Does customer required to implement shaping his end with same CIR and Bc.
  Regards
  Siva K

  Hi Siva,
  It is not a mandatory rule that Customer should also have the same CIR configured with shaping.
  When Customer have 30 Mbps circuit SLA with Service Provider, he may be able to pump ta line rate from CE side. But on PE side, it will be policied and excess traffic will be dropped.
  To avoid Customer's traffic getting dropped at PE, It is advisible to configure shaping at CE side so that the traffic SLA will be maintained without or with less number of packet loss.
  Can you post your config and show policy-map interface output with traffic?.
  Regards,
  Nagendra

• Solaris 10 ip address of outgoing packets on logical interfaces

  Hi there.
  I have a Sun here with Solaris 10 and one physical interface e0 and one logical interface on it e0:1.
  e0 has address 1.2.3.4
  e0:1 has address 1.2.3.5
  gateway is 1.2.3.254
  To every ip address I bind a sendmail deamon.
  For incoming connection the ip packtes come out with the right ip address
  from the interface to which the connection was established.
  But for outgoing packets it seems that only the ip address of e0 is used even if the sendmail on e0:1 makes an outgoing connection.
  On Solaris 9 every app that binds to an logigical interface uses that ip for outgoing connection, but on Solaris 10 it looks, that only the ip address of the primary (physical) interface (e0) is used.
  Is there a way to make outgoing connections of apps binding e0:1 to use the ip address of the e0:1 interface?
  I dont use zones, both interfaces are in the global zone.

  I'm not that familiar with postfix, but thats where the solution should be. As I mentioned earlier in this thread, the application has full control here and should be the place to set it. I'll bet postfix has a setting for what outbound IP address to use.
  Trying to coerce this at the OS level is much more difficult.
  Especially with your phrase about "if packet enters..." There's two possible things you might mean by that.
  #1 is if the packet coming in starts a TCP session. That session sets the two IP addresses, and the OS can't override that address for outbound packets. The usesrc setting is only valid for TCP sessions started by your machine.
  #2 is if the "packet coming in" you refer to really means an email in (which gets completed), and then your machine sends an email back out. But then there's no association (in the OS) between the two emails, so it doesn't know that this mail "should" go out that interface.
  In both cases, I think you'll want postfix to handle this.
  Darren

• Packet drop when clients moving from one Access point to another

  HI  All ,
  I am new to wireless . I am using  WS-SVC-WISM-1-K9  wism module and using 5 Access points . When my clients are moving from one access point to another we are getting packet drops .
  Kindly anyone suggest me what all configuration i need to verify on the controller  for Proper client roaming so that i can resolve my issues..
  Please let me know in case of any explanations requiered .
  Thanks  in Advance !!!
  Regards
  Angus

  For radius authenticated SSIDs, you need WPA2-aes or wpa1-tkip-CCKM. It depends on what the client supports.
  For pre-shared key, any WPA should be decent enough for roaming speed.
  If you're on WEP ... no comment.
  If you covered the above point, check if it's not a coverage problem. If the 2 APs coverage zone are not overlapping there will be a hole where you don't have signal and logically will have packet drops.

• Wireless AP 1262 getting packet drops whille buffering videos for 18 users.

  Hi Team,
  Please help for this issue
  We are having 1262 Access point model and we are getting packet drops when 20  users are connected and users do Video streaming and buffering online.
  Even our AD IP address also getting packet drops during the users are connected and using youtube or someother video sites.
  Please help on this issue.
  Best regards,
  Arun

  Well if you have 802.11n enabled and also have 802.11n capable devices, then you would have max of 144mbps on the 2.4ghz and up to 300mbps on the 5ghz with 40 MHz channels. If you are using 20mhz on the 5ghz you will have the same as the 2.4ghz which is again 144mbps.
  So if you have clients working fine on the 5ghz and its set to 20mhz, then I would look at interference on the 2.4ghz. See if your SNR is low as that will identify a poor 2.4ghz spectrum.
  Sent from Cisco Technical Support iPhone App

• N7000 : details of packets dropped by COPP policy (class-default) ?

  Hi,
  On one of our N7K, we have some packets dropped by the COPP policy in the class-default class-map. :
  Partial results of "show policy-map interface control-plane" not so long after clearing the counters :
  class-map class-default (match-any)
        set cos 0
        police cir 100 kbps , bc 250 ms
        module 1 :
          conformed 12210790 bytes; action: transmit
          violated 201870 bytes; action: drop
        module 2 :
          conformed 8399646 bytes; action: transmit
          violated 0 bytes; action: drop
        module 3 :
          conformed 34518233 bytes; action: transmit
          violated 6186895 bytes; action: drop
  What would be the best way to figure out what traffic is dropped by the policy ? Is there any logging possible ?
  Thanks,
  Laurent

  There is still no logging possible.
  What can be done is piping the class-default-traffic to some port and then analyze it with wireshark or some similar tool. But as far as I know, this still cannot be done by default - at least with NX-OS 4.2(4) we had to reprogram the module with assistance from TAC. I suggest you contact your support partner in this matter.

• Routing outgoing packets over multiple interfaces?

  I have two network interfaces (eth0 and eth1) with separate IP addresses on the same subnet.  All outgoing traffic uses eth0 regardless of the interface the incoming traffic came in on.
  I assume the outgoing packets still have the correct source IP address (not always eth0's), and I'd like the packets to go out on the interface with the corresponding IP address.
  I think I have half the solution to my problem:
  http://www.novell.com/support/viewConte … Id=7000318
  The other half is that my IPs are dynamic, so ddclient could change my IPs and then the routing would be invalid.
  Last edited by MindlessXD (2009-02-10 07:06:16)

  Setup custom route tables to be used depending on the iptables conntrack marks below
  ip route flush table 1
  ip rule del fwmark 101 table 1
  ip route add table 1 default via <ETH0 IP ADDRESS>
  ip rule add fwmark 101 table 1
  ip route flush table 2
  ip rule del fwmark 102 table 2
  ip route add table 2 default via <ETH1 IP ADDRESS>
  ip rule add fwmark 102 table 2
  I'm not 100% sure if you can add a route via the interfaces IP address. This code has been modified from a box using 2 different ISP's so they have different upstream routers. You might need to replace the 'via' parts with 'src'
  # Ensure traffic in one interface goes back out the same interface
  iptables -t mangle -F PREROUTING
  iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
  iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
  iptables -t mangle -A PREROUTING -i eth0 -m state --state NEW -j MARK --set-mark 101
  iptables -t mangle -A PREROUTING -i eth1 -m state --state NEW -j MARK --set-mark 102

• EEM -automatic shut down or switch over of WAN link in OSPF when packet drop increase

  Hi,
  Need help..
  can any one help me how can EEM help for automatic shut down or switch over of WAN link in OSPF when packet drop increase a predefined level.
  I have a set up different branches connected together...OSPF is the routing protocol and need to communicate with two branches via hub locations.
  need to shut or switch some percent of traffic from primary to back up when packet drop in the link.

  I am not sure EEM can do what you want.
  Another option could be to use SLA tacking/monitoring. But you will fall back to the new route when you lose some percentage of pings, you can't switch only part of the traffic.
  I hope it helps.
  PK

• Signature 1330 causes packet drops

  Hello Members,
  i see in my IPS-NME module a hign number of packet drops because of the following signatures:
  1330-17: TCP segment out of state order
  1330-12: TCP segment is out of order.
  the targets and the attacers are internal hosts.
  are these signatures triggered because of not propper configured policies or is this an indicator for problems in the internal network.
  thanks for your inputs.
  regards
  alex

  Hello Sid,
  thanks for your answer. I learned that most of packets where the Signature 1330 triggers are packets from the IPS module to the IPS Express Manager. I added wireshark dump to the case.
  That's really odd, i ran a traceroute from the IPS Manager to the IPS Module and vice versa and the flow look ok to me.
  Trace from the IPS module to the IPS Manager
  # trace 10.0.128.5
  traceroute to 10.0.128.5 (10.0.128.5), 4 hops max, 40 byte packets
  1  172.16.1.9 (172.16.1.9)  1.479 ms  1.327 ms  1.275 ms
  2  172.16.1.1 (172.16.1.1)  3.616 ms  2.952 ms  1.907 ms
  3  10.89.27.10 (10.89.27.10)  2.288 ms  2.044 ms  2.136 ms
  4  10.89.27.21 (10.89.27.21)  8.106 ms  9.148 ms  8.266 ms
  return path
  C:\Users\Administrator.NOS-POC>tracert 172.16.1.11
  Tracing route to 172.16.1.11 over a maximum of 30 hops
    1    <1 ms    <1 ms    <1 ms  10.0.128.1
    2     2 ms     3 ms     2 ms  172.16.2.1
    3     1 ms     1 ms     1 ms  10.89.27.22
    4     9 ms     9 ms     9 ms  10.89.27.9
    5     8 ms     8 ms     8 ms  172.16.1.6
    6     8 ms     8 ms     8 ms  172.16.1.11
  Trace complete.
  trace from the IPS module's gateway
  #traceroute vrf CENTRAL 10.0.128.5 source 172.16.1.9
  Type escape sequence to abort.
  Tracing the route to 10.0.128.5
    1 172.16.1.1 0 msec 0 msec 0 msec
    2 10.89.27.10 0 msec 0 msec 4 msec
    3 10.89.27.21 8 msec 8 msec 8 msec
    4 172.16.2.6 8 msec 8 msec 4 msec
    5 10.0.128.5 4 msec 4 msec 4 msec
  what make me wonder is that the IPS module doesn't show hops further than 4 hops.
  regards
  alex

• Too many outgoing email addresses.

  What do I do when I have too many outgoing email addresses and cannot get to the bottom to edit or close the message?

  Hello mktapplesupport,
  Thanks for using Apple Support Communities.
  If you would like to remove an email account from the Mail application, please follow the instructions below:
  Removing an email account
  You may want to remove an email account from Mail, for example if you no longer use the account.
  Important: Removing an account will permanently delete its mailboxes, messages, notes, and to do items. If you want to keep those, be sure to copy them to an On My Mac mailbox before deleting the account.
  Exchange and IMAP accounts store their mailboxes and messages on the server; deleting these account types in Mail will not permanently delete messages from the server. However, if you are not completely certain that your account is one of those types, be sure to copy the mailboxes and messages you want to keep into an On My Mac mailbox, or save individual messages manually by selecting them and choosing Save As from the File menu.
  To remove an email account in Mail:
  Open Mail (click it on the Dock or open it from the Applications folder).
  From the Mail menu, choose Preferences..., or press Command-, (the Command and comma keys).
  Click the "Accounts" icon.
  Select the account you wish to remove.
  Click the "-" (minus) icon. You will be alerted that "The account's setup information, mailboxes, messages, notes, and to do's will be deleted permanently from your computer."
  If you are sure you want to remove the account and email messages from your computer, click "Remove" to complete this process.
  Configuring Mail for your email account
  http://support.apple.com/kb/HT1277
  Take care,
  Alex H.

• Monitoring dscp ef packet drops

  Looking for some guidance please.
  I have been tasked by our network team to find a solution to monitor voice traffic specifically for packet drops in dscp ef traffic.
  Thinking of using my cacti box as my first port of call but need to know exactly which OIDs i need to be pulling in.  I have looked at the various mib sets related to qos cos etc.... but to be honest, they are bit daunting for someone who is not familiar in this area.
  Any other options for this would be greatly appreciated - could rmon fulfill this task?
  cheers

  You can troubleshoot the output drops occuring with priority queuing be following the sugesstions made in http://www.cisco.com/en/US/tech/tk39/tk51/technologies_tech_note09186a0080103e8a.shtml

• Packet drops on v490 production server..help us

  Hello...
  We have v490 server with ce0 interface configured.. It gets down frequently & after some packet drops it makes itself up...
  Can anybody tell me what could be the reason behind this problem...
  I have checked switch & router by changing interface cables, still problem persists...no message on /var/adm/messages.
  Thanks in advance
  gmraj

  try a "snoop -d ce0" and verify messages
  also, perhaps the NIC is broken
  also, perhaps the duplex/speed of the NIC isn't set correctly (autoneg, forced, fullduplex, halfduplex etc.) and you have to define it with a "ndd -set "