Your session state is synchronized between the two RE's so that is why the current session counter reflects sessions.If you do a flow session you will see the same flows on both nodes.  

Counters are cumulative so you must have had traffic on RE1 at some point.

I can add that if you have "local" interfaces (not assigned to any redundancy group),

they can still forward traffic, even on a "passive" (in terms of RG0) node.

Thanks guys.

I know about session sync but I was wondering about the forwarded packets on node1. We don't have any local interfaces and I can't recall having that node active. I can't rule out though that the cluster failed over at one point and we didn't notice. I am going to watch those counters.

Thanks!

I have to come back to this. I have watched the counters for a couple of days, and they are rising on the inactive/secondary node. Maybe I am interpreting those counters wrong, but I want to understand. Anyone care to check on their end how it looks for them (in a pure active/passive setup)?

 show security flow statistics    
node0:
--------------------------------------------------------------------------
    Current sessions: 1333
    Packets forwarded: 895999775
    Packets dropped: 21656684
    Fragment packets: 0

node1:
--------------------------------------------------------------------------
    Current sessions: 1374
    Packets forwarded: 73686697
    Packets dropped: 73586281
    Fragment packets: 0

What puzzels me is that the number of dropped packets is almost as high as the one for packets forwarded (node1).

I double checked, there shouldn't be any traffic on node1.

Just checked one of my customers boxes. Two SRX240 units in a pure A/P mode - RE and all I/F's are only active on node 0. Monitored stats for two hours and did not see a single packet hit the counters.

Thanks a lot Kevin for checking that for me. Much appreciated.

Very strange indeed. I just double checked and all interfaces are active on node0, yet I see input rate counters on the ge interfaces on node 1 increase. 

Also, could someone clarify please:

Forwarded packets vs. Dropped packets in the statistics: Mine show an almos equal amount of packets. So it looks as if all packets are being dropped. Why do they show up in the "forwarded packets" statistic? 

I will be setting up packet captures tomorrow.

Hi,

Any luck with the issue?

Looks like we have the same with SRX210 cluster, I see traffic on the secondary node where in fact I should not see it