1. Home
  2. Cisco Systems
  3. IOS Crypto drops

IOS Crypto drops

Hello,

Cisco 837 ver 12.3(11)T4

LAN--837==Internet===Other.vpn.device--LAN |----------VPN-tunnel-------|

I am seeing dropped packets over this link and wondered if anyone might have any suggestions regarding the following.

Pings across the link show close to exactly 1 in 1000 drops.

The 837 reports

router#sh cry eng acc stat .... 3061179 packets in 3061179 packets out tx_lo_count 2833 ....

tx_lo_count/packets-in close to 1/1000.

Hmm! packets-in = packets-out??? Odd!

router#sh proc cpu | inc cry PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 140 575164 2720 211457 0.00% 0.05% 1.09% 0 crypto sw pk pro router#

"Invoked" number is close to "tx_lo_count".

The "uSecs" is uSecs CPU time per invocation which seems to me to be a lot at 200 ms.

I am clutching at straws here I know, however my question is:

Can anyone shed light on the meaning of "tx_lo_count" or any other light on these observations. I have had a look on CCO but can find no meaningful information.

Full output of "sh cry eng acc stat" follows:

router#sh cry eng acc stat Load for five secs: 22%/5%; one minute: 11%; five minutes: 17% Time source is SNTP, 11:43:33.192 UTC Tue Mar 15 2005

HIFN79xx: ds: 0x81D9FEF4 idb:0x81D765FC Statistics for Virtual Private Network (VPN) Module: 3061179 packets in 3061179 packets out 9 paks/sec in 9 paks/sec out 36 Kbits/sec in 35 Kbits/sec out rx_no_endp: 0 rx_hi_discards: 0 fw_failure: 0 invalid_sa: 0 invalid_flow: 0 fw_qs_filled: 0 fw_resource_lock:0 lotx_full_err: 0 null_ip_error: 0 pad_size_error: 0 out_bound_dh_acc: 0 esp_auth_fail: 0 ah_auth_failure: 0 crypto_pad_error: 0 ah_prot_absent: 0 ah_seq_failure: 0 ah_spi_failure: 0 esp_prot_absent:0 esp_seq_fail: 0 esp_spi_failure: 0 obound_sa_acc: 0 invalid_sa: 0 out_bound_sa_flow: 0 invalid_dh: 0 bad_keygroup: 0 out_of_memory: 0 no_sh_secret: 0 no_skeys: 0 invalid_cmd: 0 cleanup_flow: 0 comp_unsupported:0 pak_too_big: 0 pak_mp_length_spec_fault: 0 tx_lo_queue_size_max 2 cmd_unimplemented: 0 tx_lo_count 2833 317614 seconds since last clear of counters Interrupts: Notify = 0, Reflected = 0, Spurious = 0 packet_loop_max: 0 packet_loop_limit: 512

router#

Reply to
anybody43
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.