Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] [SRX] SCTP packet drop

0

0

Article ID: KB23316 KB Last Updated: 05 Jan 2021Version: 3.0
Summary:
Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE). Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.

This article describes the issue of SCTP packets being dropped, when Static NAT is configured on the SRX device.
Symptoms:
SCTP packets are dropped by the SRX device, when NAT is configured. This is how it can be identified:
root@srx> start shell
root@srx% srx-cprod.sh -s spu -c  "sh usp jsf counter gprs-sctp"
======== Start SPU1.0, node1.fpc1.pic0, spu =======
        gate hit                             193287
        gate hit ok                              12

======== Start SPU4.0, node1.fpc4.pic0, spu ========

        gate hit                             231443
        gate hit ok                               4

======== Start SPU4.0, node0.fpc4.pic0, spu ========

        gate hit                             202467
        gate hit ok                               0

Flow traceoptions for the flow:
CID-01:FPC-04:PIC-00:THREAD_ID-11:RT:SPU invalid session id 00000000
CID-01:FPC-04:PIC-00:THREAD_ID-11:RT: After jsf gate hit. sid 0xbf4, pid 6, cookie 0xfaad2, jbuf 0x11. rc = 77
CID-01:FPC-04:PIC-00:THREAD_ID-11:RT:  packet dropped, denied by gate_hit callback
CID-01:FPC-04:PIC-00:THREAD_ID-11:RT:denied by gate_hit callback
Solution:
 To resolve this issue, stop using Static NAT; otherwise this issue is resolved in 11.4R3.
Modification History:
2021-01-01: Tagged article for EOL/EOE.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search