Possible reasons for increasing TX/RX drops in circuit counters

book

Article ID: 167955

calendar_today

Updated On:

Products

XOS

Issue/Introduction

This article explains some of the possible reasons for TX/RX drop packet counters increasing on APMsAn increasing counter of TX/RX dropped packets can be observed on VAPs. Counters are accessible with "netstat -i",  "ifconfig" or with the XOS command "swatch" (option "2. apmdevstats_slot.swc").

Example:

vsx_1 (CBS): [vs1] ~# netstat -i
Kernel Interface table
Iface     MTU  Met      RX-OK RX-ERR RX-DRP RX-OVR     TX-OK TX-ERR TX-DRP TX-OVR Flg
int.1    1500    0 3070637465      0    911      0 796633348      0  56964      0 BDMRU
int.2    1500    0  352209913      0  10685      0 274795775      0 823312      0 BDMRU
int.3    1500    0 1174977076      0   6540      0 425415227      0 293151      0 BDMRU
...
 

Cause

Goal:
To explain the reasons that may cause TX/RX drop counters to increase.

Resolution

TX drop counters explained:

The "TX-DRP" counter is normally increasing when the VND driver recognizes that the APM is operating as a non-master VAP in a VAP group (the master/non-master status can be verified by running "show ap-vap-mapping") and the APM is trying to respond to a broadcast (typically a response to an ARP request). Even though broadcasts are received and processed by all VAP group members (NPM takes care of the packet replication) only the master VAP is allowed to answer the broadcast. These packets are therefore dropped for a valid reason by the VND driver on non-master VAPs.


RX drop counters explained:

Possible legitimate reasons for a packet to be dropped by the VND driver on the receiving (RX) side:

1) When running Check Point VSX, non-management circuits have IP addresses defined under VRRP only and auto-configured with backup-stay-up option. All packets arriving to such circuit will be dropped and counted as "downRx" (in "cat /proc/cbs_vnd/stats"). There is one exception: in a case where the interface is part of MLT group-inteface, LACP frames are allowed to pass the circuit.

2) RX drop count can be especially high on a circuit configured for Check Point synchronization - see the section References for more information about this topic.

Workaround

N/A