Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  High out defer counter on 5GT

    Posted 04-08-2009 11:19

    Hi

    The counters of the interface ist ingreasing while traffic is passing The only thing which changed is that we made an upgrade of the internet connectivity from 4 Mbits to 10 Mbits. 

     

    any idea

     

    regards

    iglu

     



  • 2.  RE: High out defer counter on 5GT
    Best Answer

    Posted 04-08-2009 15:29

    Hi for the 5GT, there is a specific KB which explains the issue (KB 4566):

    http://kb.juniper.net/index?page=content&id=KB4566&actp=search&searchid=1239229372523

    Copy and pasting it for easy ref:

    Synopsis:

    Why Are the 'Out Defer' Counters Incrementing When Traffic Flow Is Low?

     

     

    The fact that the out defer counters are incrementing when traffic flow is low does not necessarily indicate a problem. If there is a large volume of data being sent out, sometimes there will be contention in the gateway with packets trying to exit the Untrust interface. The NS-5GT buffers the packets and defers transmission for later.

    If the Trusted LAN has several hosts sending packets through the NS-5GT gateway, sometimes data needs to be buffered so that the NS-5GT can process the packets. Packets are examined for policy checking, AV, DI, URL filtering, logging, and anything else that is configured to be inspected.

    This issue should not impact the traffic throughput or the performance of NS-5GT.


    ++++++++++++
     
    Basically the out defer would mean that the FW is buffering the packets, it does not mean that the firewall is dropping packets.
    For ease of mind, you can also do a snoop to check that each incoming packet is being sent out/ of course sniffer captures on ingress and egress are the best to compare though.


  • 3.  RE: High out defer counter on 5GT

    Posted 04-08-2009 23:15

    If the counter is growing continusly and the user complain about bad performance it would mean that the performance of the firewall is not enough anymore. 

    regards iglu



  • 4.  RE: High out defer counter on 5GT

    Posted 04-09-2009 08:29

    Yes, of course if users complain then definitely its an issue. But I think if you are getting complaints, its not just the "out defer" counters incrementing. Usually some of the other counters like overruns will start creeping up as well.

    So I guess users are complaining and only this counter is incrementing?



  • 5.  RE: High out defer counter on 5GT

    Posted 04-09-2009 11:16

    Hi
    Everything is ok now. I went to the coustomer an we had some issu with the dns. A dns request was forwarde to two other dns server and that one rejected the query and after that there was a third one configured which gave the answer. that is why the user complained about bad performance.

    thanks 
    regards iglu