Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Exonix
Advisor
Jump to solution

millions of dropped packets

Hello All,

we have several GW R81.10 with a GRE interface configured. The GRE together with Policy Based Routing is used for Zscaler. On one Firewall at the headquarters we see only 50k dropped packets, but on another branch, we see over 2M dropped packets. How can I find out, what is dropped?

Thank you!

gedroppte_pakete.png

0 Kudos
1 Solution

Accepted Solutions
Exonix
Advisor

log2.png

can this setting be a reson for the drop?

qos1.png

View solution in original post

0 Kudos
12 Replies
Timothy_Hall
Champion
Champion

It is not clear if the drops being reported there are policy drops, or interface buffering drops (RX-DRP).  Please post the output of:

netstat -ni

ifconfig gre1

ethtool -S gre1  (this may not work)

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Exonix
Advisor

[Expert@vrafws01:0]# netstat -ni
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 1737832834 0 0 0 1600292921 0 0 0 BMRU
eth1 1500 0 1758186694 0 0 0 1695221461 0 0 0 BMRU
eth2 1500 0 520731 0 0 0 81 0 0 0 BMRU
eth2.716 1500 0 520729 0 0 0 81 0 0 0 BMRU
eth2.802 1500 0 0 0 0 0 0 0 0 0 BMRU
eth2.816 1500 0 0 0 0 0 0 0 0 0 BMRU
eth2.817 1500 0 0 0 0 0 0 0 0 0 BMRU
eth2.819 1500 0 0 0 0 0 0 0 0 0 BMRU
gre1 1476 0 576331143 0 0 0 673523116 0 0 0 MOPRU
gre2 1476 0 420183 0 0 0 500820 0 0 0 MOPRU
lo 65536 0 4625268 0 0 0 4625268 0 0 0 LMPRU

[Expert@vrafws01:0]# ifconfig gre1
gre1 Link encap:UNSPEC HWaddr DF-1F-02-F2-16-09-AC-8B-00-00-00-00-00-00-00-00
inet addr:172.21.241.129 P-t-P:172.21.241.130 Mask:255.255.255.252
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1476 Metric:1
RX packets:576348007 errors:0 dropped:0 overruns:0 frame:0
TX packets:673539505 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:351032158812 (326.9 GiB) TX bytes:622558876610 (579.8 GiB)

[Expert@vrafws01:0]# ethtool -S gre1
no stats available

0 Kudos
Timothy_Hall
Champion
Champion

Must be policy drops then, try applying this filter to the traffic logs in the SmartConsole:

interface:gre1 and not action:accept

Otherwise you'll need to run fw ctl zdebug + drop | grep gre1 and wait for some traffic to get dropped to see the reason.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Wolfgang
Authority
Authority

@Exonix use the filter mentioned by @Timothy_Hall in the log view of SmartConsole. On the right you can open and see a statistics tab with details to top source, destination, service etc. With this information you  get more details for the dropped traffic.

Exonix
Advisor

I found a lot of dropped traffic from and to Zscaler Servers. fw ctl zdebug didn't schow anyting.

gre47.png

 

The top-sources are Zscaler Servers:

top1.png

 

0 Kudos
_Val_
Admin
Admin

Click on one of the logs, what does it say?

 

Exonix
Advisor

log2.png

can this setting be a reson for the drop?

qos1.png

0 Kudos
_Val_
Admin
Admin

Yes, it could be it. Why did you set this in the first place?

0 Kudos
Exonix
Advisor

I didn't set it, it was configured long time ago, before I joined the company.

As soon as we removed this restriction, the number of dropped packets decreased three times. I was told the customer has upgraded its Internet connection to 50 Mbit and the restriction is no longer necessary. I keep watching.

_Val_
Admin
Admin

Good we figured this out

Exonix
Advisor

thank you!

0 Kudos
G_W_Albrecht
Legend
Legend

Drop ratio is four times higher.

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events