Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

correction layer statistics

Please, can someone explain the correction layer statistics. In particular the "local asymmetric conns", are these common values?

[Expert@??????ch01-01-ch01-02:0]# asg_blade_stats corr
1_02:

Getting stats for SXL device 0, may take a few seconds...

Cluster Correction Stats (All Traffic):
------------------------------------------------------
Sent packets: 2058184627 (125824132 with metadata)
Sent bytes: 2,138,385,116,358
Received packets: 902271628 (148901403 with metadata)
Received bytes: 871,614,646,160
Send errors: 0
Receive errors: 0
Local asymmetric conns: 7656898 <- are this the current active asymmetric connection?
ICMP ERROR forwarded packets: 0
ICMP ERROR forwarded bytes: 0
VS Stateless forwarded packets: 1743
VS Stateless forwarded bytes: 586,780

We had problems with connections they are done hide NAT (everything is fine with only one gateway active)

 

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

0 Kudos
Jeffrey_Fogel
Employee Alumnus
Employee Alumnus

The corrections table is there because in many cases when traffic is NATed, the return packet will hit a different security gateway. This is expected and why we have the corrections layer. It keeps track of all connections which it knows will have return packets will not hit the same gateway in the security group. When the return packet arrives, it utilizes the corrections table to determine which gateway should process the packet. It is then seamlessly forwards over dedicated VLANS in the downlink cables to the correct gateway.

Your distribution mode will play a large part in what the size of this table will be based upon your traffic patterns. Regardless of table size, this correction process is extremely fast.  I can't say if that's a large or small number without more info, but I would imagine the value shown could be up to 100% of the total connections. 

0 Kudos