Cisco FWSM & Discards

Question

We have a bunch of Cisco FWSMs running multiple contexts and they are being monitored by Orion.  Orion is showing some with high receive discards on one of the 2 interfaces (inside/outside).  This doesn't seem right to me.  Is Orion reporting something it's confused about?

TIA.

BB

orionofmyeye · Answer

anyone know what the discards are looking at?  case open with cisco and here is first iteration

Were you referring to the "drops" of the "show interface" command? I believe that is what Orion would report as discards. Is that correct? Usually these discards are ACL drops, incorrect vlan packets, error, it could be anything.
So these counters are very high usually. They shouldn't concern you.

Though, I see some underruns and no buffers on your interfaces. Also in the "sh np block" I saw that the threshold 1 and 2 counters went for NP3 ingress packets. These could mean that your FWSM could be handling high amount of traffic.

Does "sh np block" show the threshold incrementing constantly? If you runn it twice with a few minutes time interval, what do you get?

Also how about the interfaces? If you do "clear interfaces"
(www.cisco.com/.../c3.h
tml#wp1873754) and wait for a while. What do you see "sh interface" show?

njoylif · Answer

I've seen this as well.

I filtered them off the top xx pages.  I think it is due to ACLs and general FW protection, but would love a solid answer.

orionofmyeye · Answer

did you ever validate this?  we discovered the same thing.  is it acl drops?