Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What does the message "pkt not xfred to h/w. session flags: 0x440" in get dbuf stream mean?

0

0

Article ID: KB15073 KB Last Updated: 21 Sep 2009Version: 1.0
Summary:
What does the message “pkt not xfred to h/w. session flags: 0x440” in get dbuf stream mean?
Symptoms:
When looking through the debug flow basic output, the customer is seeing the following message:

pkt not xfred to h/w. session flags: 0x440

Solution:
The output "pkt not xfred to h/w" means that the packet is being kept in the CPU rather than being sent down to the ASIC.  System devices use ASIC chips to process packets faster than the CPU can. When a packet comes in and is either matched to an existing session, the firewall usually sends the traffic down to the ASIC for further processing. In certain cases this does not happen, since all processing for some traffic stays in the CPU. Some of these reasons are ALG (Application Layer Gateway) traffic, or traffic using Deep Inspection, Anti-Virus, Anti-Spam and URL filtering. You can check what kind of traffic this is by looking at the debug output and checking the get session id (session id number) that is listed in the debug. When looking at the session, check the protocol and the policy being used.

Example:

**st: <trust-688|ethernet2/1.1|Root|2b0> e00d811c: 9212:1.1.1.1/5f1->2.2.2.2 /ac70,6,212
****** 9327643.0: <Trust/ethernet2/1.1> packet received [212]******
ipid = 37394(9212), @e00d811c
packet passed sanity check.
flow packet already have session.
flow session id 854867
vsd 0 is active
pkt not xfred to h/w. session flags: 0x440

ISG-2000-> get session id 854867
id 854867(000d0b53), flag 00000440, vsys id 0(Root)
policy id 3561, application id 63, dip id 0, state 0
current timeout 131070, max timeout 131070 (second)
status normal, start time 9327001, duration 0
session id mask 0, app value 0
ethernet2/1.2(vsd 0): 2.2.2.2/44144->1.1.1.1/1521, protocol 6 session token 50 route 22
gtwy 129.105.208.26, mac 0003ba21a1e9, nsptn info 0, pmtu 1500
flag 800805, diff 0/0
port seq 0, subif 86, cookie 0, fin seq 0, fin state 0
ethernet2/1.1(vsd 0): 2.2.2.2/44144->1.1.1.1/1521, protocol 6 session token 54 route 26
gtwy 129.105.202.96, mac 00144f4acebc, nsptn info 0, pmtu 1500
mac 00144f4acebc, nsptn info 0
flag 800804, diff 0/0
port seq 0, subif 88, cookie 0, fin seq 0, fin state 0
Saturn hardware session:
chip 0,idx 795025,flag 0x40,diff (0/0),pid 3561,time (9327001/13107/13107),ssid 854867
22(1):2.2.2.2/44144->2.2.2.2/1521,6,token:32,l2:(a:22:219),vl:1,sa:0,vsd:0,L2 xl:1
bcnt:0, vect:0, fin_seq:0x00000000, fst:0, flag:10
22(1):1.1.1.1/1521->2.2.2.2/44144,6,token:36,l2:(a:22:35688),vl:1,sa:0,vsd:0,L2 xl:1
bcnt:0, vect:0, fin_seq:0x00000000, fst:0, flag:10
hw sess:8e10c880, ssid 854867, shadow sess:045cb150, shadow flag: 0x10

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search