Global couter historical blockages or drops due to asymmetric traffic.
Hello, good evening, as always thanks for the collaboration.
Is it possible to review the history, not what changed in the last hour, minutes or seconds, but the history of the last 6 or 8 hours ?
Is it possible ?
If I run a show counter global filter packet-filter packet-filter no | match drop
Without using the delta, these values that appear for example this output, indicates zero drop and value 3118246
show counter global filter packet-filter no | match flow_tcp_non_syn_drop
flow_tcp_non_syn_drop 3118246 0 drop flow session Packets dropped: non-SYN TCP without session match
show counter global filter packet-filter no | match out_of_wnd
tcp_drop_out_of_wnd 225073 0 warn tcp resource out-of-window packets dropped
show counter global filter packet-filter no | match tcp_out_of_sync
tcp_out_of_sync 949 0 warn tcp pktproc can't continue tcp reassembly because it is out of sync
To better interpret this, in first 3118246 value, what time does it correspond to? and this 0, well I guess it is not or has not
applied drop to any connection, right?
Thanks
I remain attentive
Best regards
Sorry I missed part (or many parts) of your question
The count is "lifetime" it simply adds since the last reboot
The next number is rate, which indicates how many have been seen between your last 2 deltas
The nonsyntcp is ack packets for which no syn was seen, this can happen if the firewall is "in" the asymmetry (syn used different path, ack came back via firewall)
Out-of window is when the firewall receives packets that don't belong to the current tcp window, this can be due to upstream asymmetry where some packets take a longer route
Out of sync is when packers are truly completely scrambled
I think it's dp-monitor.log btw :)
Yes it is, but it's in the (dataplane) logs rather than the show counters
A full "show counters global" is recorded every 10 or 15 minutes in one of the dataplane logs (I don't have access to a device right now and the name of the log eludes me)
I should be able to provide you the exact log later today ;)