DotW: Packet Drops in LAN Interface

In this week's Discussion of the Week, we're taking a look at a question asked by our community member Gururaj regarding packet drops on his Palo Alto Networks firewall LAN interface:

Drops on LAN interfaceGururaj had an outage for a couple of minutes and noticed some packet drops on the interface.  He was asking the community for advice on how to identify the root cause.

There are many reasons why packets might be dropped on the interface and the information provided isn't quite enough to identify the root cause in this case.  Especially post mortem it will be even more difficult to identify the reason for these drops.

How exactly do you go about debugging this kind of issue?

Several members jumped in on the discussion, providing tips and tricks on the topic. User DI_Support posted a couple of interesting links explaining the meaning of the packet drop counters, also explaining the difference between Hardware and Logical interface counters and also including a link on how check Interface Hardware Counters :

• Packet Drop Counters
• How to check interface hardware counters
• The difference for Hardware and Logical interface counters

Checking  threat-, traffic- , system- or configuration-log near the timeframe that you noticed the issue might provide additional information as well.  Note, however, that packets might already be dropped before even being logged in these logfiles.

Ideally, you want to be able to do some debugging at the moment the outage occurs, using global counters as our own community team member reaper pointed out.  The following articles explain the significance of global counters and how to troubleshoot dropped packets using these counters :

• What is the Significance of Global Counters
• How to Troubleshoot Using Counters

You can follow the entire discussion here.

Feedback? Ideas? Was this article helpful to you? Please leave a thumbs up.

Regards,

Kiwi