Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[M/MX] ASN (Autonomous System Number) does not get updated in the flow-records of sampling with a valid value

0

0

Article ID: KB34720 KB Last Updated: 15 Aug 2019Version: 1.0
Summary:

This article explains the possible reasons for why ASN (Autonomous System Number) may not get updated with a valid value.

Symptoms:

At times, ASN is updated with a value of 4294967295 which is 0xFFFFFFFF.  This is an unset value initialized prior to the proper valid value.

Cause:

AS numbers are propagated from RE routing protocol modules to PFEs/FPCs sampling module. PFEs sampling module generate inline-sampling flow-records and sends to the collector at periodic intervals based on set flow timeouts and upon flow termination.

By the time PFE sends out a flow-record ,if AS number (either for source or destination) is not learned/updated yet on PFE, an AS value of 4294967295 is sent in the flow-records. If the flows are long lived flows, you would eventually see valid values of AS being set in the subsequent flow-records. It takes a maximum of 2 minutes to get the AS values updated to PFEs.

On receiving FIN, RST or FIN ACK , we export the flow instantly with Flow end reason as “End of Flow Detected (3)” without waiting for active or inactive timeout periods.

Solution:

This is an expected behavior. At times, increasing the inactive timeout to more than 120 seconds might help, as it allows sufficient time for the PFEs to learn ASN values.

However, it does not guarantee the flows that get terminated upon receiving FIN, RST or FIN ACK as this would lead to flow-termination and immediate flow-record-export.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search