High rate on "flow_host_ha_encap_err"

Reply
Highlighted
L4 Transporter

High rate on "flow_host_ha_encap_err"

Hi folks,

By chance (okay, we were troubleshooting another issue) we found a potentially strange issue on our active PA-2050 (there is a secondary (HA passive) PA-2050 in place as well).

1) We issue the following command on the prompt: show counter global filter delta yes severity drop

2) We get the following output:

Global counters:

Elapsed time since last sampling: 561.912 seconds

name                                   value     rate severity  category  aspect    description

--------------------------------------------------------------------------------

flow_rcv_err                               8        0 drop      flow      parse     Packets dropped: flow stage receive error

flow_rcv_dot1q_tag_err                   120        0 drop      flow      parse     Packets dropped: 802.1q tag not configured

flow_no_interface                        120        0 drop      flow      parse     Packets dropped: invalid interface

flow_ipv6_disabled                       234        0 drop      flow      parse     Packets dropped: IPv6 disabled on interface

flow_policy_deny                        3560        6 drop      flow      session   Session setup: denied by policy

flow_tcp_non_syn_drop                   1144        2 drop      flow      session   Packets dropped: non-SYN TCP without session match

flow_fwd_l3_mcast_drop                 26653       47 drop      flow      forward   Packets dropped: no route for IP multicast

flow_parse_l4_tcpfin                       1        0 drop      flow      parse     Packets dropped: invalid TCP flags (FIN only)

flow_parse_l4_tcpsynfin                    7        0 drop      flow      parse     Packets dropped: invalid TCP flags (SYN+FIN+*)

flow_action_close                        506        0 drop      flow      pktproc   TCP sessions closed via injecting RST

flow_host_service_deny                    13        0 drop      flow      mgmt      Device management session denied

flow_host_service_unknown              26654       47 drop      flow      mgmt      Session discarded: unknown application to control plane

flow_host_ha_encap_err                465431      828 drop      flow      mgmt      Packets dropped: encapsulation error to control plane's HA agent

flow_lion_rcv_err                          8        0 drop      flow      offload   Packets dropped: receive error from offload processor

appid_lookup_invalid_flow                  1        0 drop      appid     pktproc   Packets dropped: invalid session state

tcp_drop_decrypt_packets                  43        0 drop      tcp       pktproc   number of decrypted packets get dropped

proxy_url_request_pkt_drop                 2        0 drop      proxy     pktproc   The number of packets get dropped because of waiting for url category request in ssl proxy

url_request_pkt_drop                      91        0 drop      url       pktproc   The number of packets get dropped because of waiting for url category request

--------------------------------------------------------------------------------

Total counters shown: 18

--------------------------------------------------------------------------------

What concerns us is the line marked red above. It looks like it's abnormal... Does anyone have a clue how we could troubleshoot this issue to find the cause for it? We don't see any System logs indicating a problem with HA... The Switch ports look good (all interfaces in 1000 FD mode and 0 errors/discards, etc.).

The HA settings (active/passive mode) are attached.

Thanks a lot!

Oliver

L4 Transporter

Re: High rate on "flow_host_ha_encap_err"

The output in the main post shows only the delta rate, the output below shows the absolute value and it looks quite high...

PAN(active)> show counter global | match flow_host_ha_encap_err

name                                   value     rate severity  category  aspect    description

--------------------------------------------------------------------------------

flow_host_ha_encap_err             2039219767      841 drop      flow      mgmt      Packets dropped: encapsulation error to control plane's HA agent

L6 Presenter

Re: High rate on "flow_host_ha_encap_err"

How does your packet forwarding settings for ha look like ? do you have primary device or first packet ? Can u switch this option and see if that makes any difference ? also how is your ha 2 ? is it L2 ethernet or L3 . Can you make L3 it is not already and see if it makes any diff.

-Sandeep

L4 Transporter

Re: High rate on "flow_host_ha_encap_err"

We don't have a packet forwarding setting in active/passive mode. I think this option is only available in active/active mode.

The ha2 is currently setup with "ethernet" as transport. I'll change it to L3 next Sunday (maintenance window) and report back when done. Thanks for the hint!

-Oliver

L6 Presenter

Re: High rate on "flow_host_ha_encap_err"

my bad i saw the word " secondary device " and thought this is active/active setup. Just give a shot changing the mode to l3 on ha 2 interface/

L4 Transporter

Re: High rate on "flow_host_ha_encap_err"

That's it. I just tested it with "IP" as transport type and the errors are gone. Thanks a lot for your help.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!