I am new to CGNAT .Can anyone help me understand about egress and ingress dropflow and whether following output is normal or shows something wrong??
Interface Service Set Current Current Pkt drop Pkt drop
Ingress DropFlow Egress DropFlow Exceed Ingress Limit Exceed Egress Limit
ams7 AMS020 283 854 0 0
ams8 AMS021 267 963 0 0
ams9 AMS022 126 1096 0 0
ams10 AMS023 270 653 0 0
There are no packet drops,but still showing ingress ,egress drop flows?
You can use "show services sessions| match Drop" and check the drop flows. Default value for Max-drop-flow per pic is 40000 and current count is very less. This doesn't indicate any problem. It can be DoS attack.