cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tips to reduce sequence number gap rate on High Speed AMD

rsharma374
Contributor

Hello Guys,

Please advise if we have any guide or help which we can share with our network team to help them reduce sequence number gap rate on our AMD. Anything which can be provided from network perspective , like SPAN configuration best practice for clean traffic or something related would be helpful.


3 REPLIES 3

matthew_eisengr
Inactive

Hi Rohit.

I don't think there is a guide as such.

If it is being caused by the monitoring point being overloaded you could:

  1. Reduce the overall traffic volume.
    1. If it is a SPAN session, you could filter on VLAN instead of just copying the entire interface.
    2. You could look to filter out any UDP or non-IP traffic that isn't of interest.
    3. You could introduce another SPAN session on a different interface to spread the load.
  2. If it is a TAP you could introduce a packet broker and filter or reduce the traffic in a more granular way than the SPAN in option 1.

Hopefully this helps a little!


anthony_percy2
Inactive

This can be caused by not getting the full bi-directional TCP session traffic on the SPAN due to incorrect SPAN setup e.g not all the vlans are configured that you need etc (or you have some partially configured vlans that you don't need!). Get the network team to work out exactly what vlans should be part of the SPAN that gives you the traffic you want. We did have one very strange problem that was caused by to incorrect rate limits set on the SPAN port configuration for Nexus 7000 switching down stream edge traffic. Some flows in the SPAN were being rate limited incorrectly even though the configuration was correct which caused a large sequence number gap rate on the AMD. Upgrading the Cisco switch software fixed the problem after a few months of troubleshooting...:-(


john_leight
Dynatrace Pro
Dynatrace Pro

Seqence number gaps are most commonly caused by missing packets (due to an overloaded or mis-configured span) or getting packets from both sides of a firewall (with different sequence numbers). Troubleshoot this by getting a packet capture. The CAS packet capture utility from the traffic diagnostic screen is the easiest way to get it.

Load the capture into wireshark. Add some columns in wireshark to show the hardware source and destination MAC address. Adding the VLAN and tcp.seq numbers (a custom column) will help as well. Sequence number changes and ack'd unseen segments should help get you to the root-cause.