On 28/05/13 14:57, Phil Mayers wrote:
I have my suspicions about what exactly the ALG is (mis)counting as a
drop, and will be trying to reproduce it on the bench now it's been
taken out of service.
All,
Just to confirm that, as tested on the bench on SRX 3600 and JunOS
12.1R6.5 *all* packets processed by the DNS alg count as a "drop" in the
output of "show security flow statistics", even though they're forwarded
correctly.
The SUNRPC alg seems to do the same; presumably the all do.
So, if you have any ALGs enabled, that counter is misleading, and if you
don't, DNS packets will consume a lot of your sessions.
This is demo model so I can't open a support case, but when the real kit
arrives, maybe I will...
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
