Palo Alto Networks Knowledgebase: The Difference Between Receive Errors for Hardware and Logical Interface Counters

The Difference Between Receive Errors for Hardware and Logical Interface Counters

27676
Created On 09/25/18 19:22 PM - Last Updated 02/08/19 00:01 AM
Resolution

Under Hardware interface counters read from CPU:

 

Receive Errors show the count of any receive errors received on the physical (hardware) interface. They are primarily L2-L4 parsing/header errors and although the counter mentions "hardware," they are predominantly logical errors (CRC, framing or other hardware-related errors are NOT counted here).

Most common types of events that cause these errors are

  • incorrect length of VLAN tag
  • unexpected VLAN tag
  • unsupported L2 protocol
  • incorrect IP checksum
  • TCP/UDP packet checksum error
  • TCP/UDP port 0
  • Invalid TCP flag, etc.

Very often, a constant increase of this counter is caused by STP/LLDP/UDLD frames arriving on a L3 firewall port (these protocols are not supported on L3 ports and are legitimately dropped and counted as "Receive errors").

 

Under Logical interface counter read from CPU:

Receive Errors show only the count of errors seen on an HA2 interface. This counter may increment only if the interface is configured as an HA2 High Availability interface.

 

Example

Use the command, show interface ethernet1/x, to display the counters. The following example shows the relevant parts of the command output:

> show interface ethernet1/3

 

--------------------------------------------------------------------------------

Name: ethernet1/3, ID: 18

Link status:

  Runtime link speed/duplex/state: 1000/full/up

  Configured link speed/duplex/state: auto/auto/auto

MAC address:

  Port MAC address 00:1b:17:47:38:12

Operation mode: layer3

Untagged sub-interface support: no

...

--------------------------------------------------------------------------------

 

Hardware interface counters read from CPU:

--------------------------------------------------------------------------------

bytes received                           206948822

bytes transmitted                        7785678

packets received                         2471785

packets transmitted                      50916

receive errors                           7820

packets dropped                          0

--------------------------------------------------------------------------------

 

Logical interface counters read from CPU:

--------------------------------------------------------------------------------

bytes received                           164031355

bytes transmitted                        7785678

packets received                         2287119

packets transmitted                      50916

receive errors                           0

packets dropped                          47064

packets dropped by flow state check      32

forwarding errors                        0

no route                                 0

arp not found                            2

neighbor not found                       0

neighbor info pending                    0

mac not found                            0

packets routed to different zone         0

land attacks                             0

ping-of-death attacks                    0

teardrop attacks                         0

ip spoof attacks                         0

mac spoof attacks                        0

ICMP fragment                            0

layer2 encapsulated packets              0

layer2 decapsulated packets              0

--------------------------------------------------------------------------------

 

owner: ncackov



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWkCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language