[j-nsp] SRX 3600 dropped packets - how to debug?
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 29 09:33:42 EDT 2013
On 28/05/13 14:57, Phil Mayers wrote:
> I have my suspicions about what exactly the ALG is (mis)counting as a
> drop, and will be trying to reproduce it on the bench now it's been
> taken out of service.
All,
Just to confirm that, as tested on the bench on SRX 3600 and JunOS
12.1R6.5 *all* packets processed by the DNS alg count as a "drop" in the
output of "show security flow statistics", even though they're forwarded
correctly.
The SUNRPC alg seems to do the same; presumably the all do.
So, if you have any ALGs enabled, that counter is misleading, and if you
don't, DNS packets will consume a lot of your sessions.
This is demo model so I can't open a support case, but when the real kit
arrives, maybe I will...
More information about the juniper-nsp
mailing list