Hello everyone.
Got a question to the community on an interesting situation:
- PAN-PA-3050 / PAN OS 7.1.10
- Drop Counter increases on two aggregated interfaces (ae3 - interfaces 1/3 & 1/4)
- connected via Cisco vPC tech with a Nexus FEX switch
- new patch cable
- only req. VLANs are on the trunk / CDP is deactivated
- no obvious layer 2 errors visible during packet capture
Counter details:
REDACTED (active)> show interface ethernet1/3
…
Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 2198604878
bytes transmitted 67193368
packets received 16782405
packets transmitted 541882
receive incoming errors 1817713
receive discarded 0
receive errors 0
packets dropped 0
--------------------------------------------------------------------------------
REDACTED (active)> show interface ethernet1/4
…
Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 2198281424
bytes transmitted 67192748
packets received 16779807
packets transmitted 541877
receive incoming errors 1682781
receive discarded 1
receive errors 0
packets dropped 0
REDACTED (active)> show system state filter sys.s1.p3.detail
sys.s1.p3.detail: { 'pkts1024tomax_octets': 0x73619d2bd, 'pkts128to255_octets': 0x7d82ed54, 'pkts256to511_octets': 0x2f804d10, 'pkts512to1023_octets': 0x4dd41a61, 'pkts64_octets': 0x21a793bf, 'pkts65to127_octe
ts': 0x2a3d76b7d, 'rcv_fifo_overrun': 0x1bbc71, }
REDACTED (active)> show system state filter sys.s1.p4.detail
sys.s1.p4.detail: { 'bad_crc': 0x1, 'pkts1024tomax_octets': 0x769a235ec, 'pkts128to255_octets': 0xe38e6000, 'pkts256to511_octets': 0x3106dc4a, 'pkts512to1023_octets': 0x4d595c47, 'pkts64_octets': 0x19c1a2b5, '
pkts65to127_octets': 0x284dd797b, 'rcv_fifo_overrun': 0x19ad5d, }
REDACTED (active)> show counter global filter delta yes severity drop
Global counters:
Elapsed time since last sampling: 12.214 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
flow_rcv_dot1q_tag_err 55 4 drop flow parse Packets dropped: 802.1q tag not configured
flow_no_interface 55 4 drop flow parse Packets dropped: invalid interface
flow_ipv6_disabled 14 1 drop flow parse Packets dropped: IPv6 disabled on interface
flow_policy_deny 1684 137 drop flow session Session setup: denied by policy
flow_tcp_non_syn_drop 20 1 drop flow session Packets dropped: non-SYN TCP without session match
flow_fwd_l3_bcast_drop 1 0 drop flow forward Packets dropped: unhandled IP broadcast
flow_fwd_l3_mcast_drop 206 16 drop flow forward Packets dropped: no route for IP multicast
flow_fwd_notopology 3 0 drop flow forward Packets dropped: no forwarding configured on interface
--------------------------------------------------------------------------------
Total counters shown: 8
We do not encounter any kind of issues within the network, but this is pretty confusing. Is this a bug or a normal behaviour?
I might be mistaken, but does 'rcv_fifo_overrun' mean that the firewall cannot process the incoming traffic? This is almost impossible, since we do not experience connection issues. Is this maybe flood protection? Or am I missing something?
Any input would be appreciated.
