SRX Services Gateway
SRX Services Gateway

Lot of discards between SRX and HP switch

[ Edited ]
‎10-30-2017 12:52 PM

Hello,

 

 Does anybody have an idea why i get massive discards between a SRX 300 and a HP (1910, 1810) switch ?

I have the same setup on multiple locations and on all these locations the same issue occurs.

When a port on the SRX is directly connected to for example a Vmware hypervisor there ar no discards at all

 

 

Packet Forwarding Engine hardware discard statistics:
    Timeout                    :                    0
    Truncated key              :                    0
    Bits to test               :                    0
    Data error                 :                    0
    Stack underflow            :                    0
    Stack overflow             :                    0
    Normal discard             :             36055623
    Extended discard           :                    0
    Invalid interface          :                    0
    Info cell drops            :                    0
    Fabric drops               :                    0

 

screenshot.png 

3 REPLIES 3
SRX Services Gateway

Re: Lot of discards between SRX and HP switch

‎10-30-2017 02:52 PM

Few expamples of traffic that will be logged as discards are:
- packets destined to IP that SRX doesn't know how to route (including multicast)

- packets destined to IP that SRX have static route with discard action

- packets matching firewall filter with discard action
- packets with TTL=1
- pecket destined to martian IP address (show route martians)

 

Regards, Wojtek

SRX Services Gateway

Re: Lot of discards between SRX and HP switch

‎10-30-2017 06:59 PM

Do you have any firewall filter configured with action discard

Also, check if you have a static route with discard?

 

Check the KB here: https://kb.juniper.net/InfoCenter/index?page=content&id=KB9262

 

_
Regards
Malik
4xJNCIE, 3xJNCSP, 3xJNCDS, CCIE, HCIE, VCIX-DCV, VCIX-NV, CISSP, JNCIS-ENT-Cloud, JNCIS-DevOps, PCNSE7

[If it helped to solve your problem, Please mark it "Accept as solution"; Kudos are always Appreciated]
SRX Services Gateway

Re: Lot of discards between SRX and HP switch

‎10-31-2017 03:50 AM

I usually see these with policiers.  This will give you the name of any  configured policier with hits.

 

show policer

 

Or with firewall filters as mentioned above:

 

show firewall

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home