How to mitigate an abnormal increase in "pkt_recv_multiple_bufs" global counter

How to mitigate an abnormal increase in "pkt_recv_multiple_bufs" global counter

7287
Created On 08/09/23 20:00 PM - Last Modified 08/23/23 18:36 PM


Objective


The counter pkt_recv_multiple_bufs increments when a packet is received by the firewall and takes up multiple buffers instead of a single buffer in the firewall. This may occur in the following scenario. Example:
  • Interface MTU is manually configured/set by the user to 9,100
  • Packet size of 9,000 enters the interface
  • However, the setting Jumbo Frames is not enabled globally on the firewall (Device > Setup > Session > Enable Jumbo Frames)
  • It would be expected that the packet is small enough to enter the interface since its Packet Size is lower than the MTU of the ingress interface. However, In this scenario, since Jumbo Frames is not enabled globally on the firewall, the firewall will discard the packet and the counter pkt_recv_multiple_bufs will increment
Below is an example of the global counter pkt_recv_multiple_bufs incrementing in the firewall: 
> show counter global

name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_recv_multiple_bufs 15 15 drop packet pktproc Packets received with multiple buffers

Environment


  • PAN-OS
  • Global Counters

Procedure


  1. Configure Jumbo Frames on the firewall
  2. Verify the counter pkt_recv_multiple_bufs is no longer incrementing when large size packets come in. Take a packet capture if needed

Additional Information


Note: This document only applies to larger packet sizes and interfaces with a higher than default MTU. It does not apply to packets and interfaces at or below 1500 MTU. If the counter pkt_recv_multiple_bufs is not incrementing in your environment, disregard this document and proceed to the documents below instead.

Intermittent packet loss and slowness affecting specific applications
Configure Session Settings
Jumbo Frame: Adjusting MSS On Interfaces With Custom MTU
Enable Jumbo Frames on the VM-Series Firewall
Application failure through firewall when jumbo frames are enabled
How to Verify MTU Size Exceeded
How the Palo Alto Network Firewall Handles Packets that Exceed the MTU
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g22HCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language