Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] L3 incomplete drops are seen for bad IPv6 pkt len packets

0

0

Article ID: KB35737 KB Last Updated: 24 Apr 2020Version: 1.0
Summary:

Traffic drops are seen under L3 incomplete counter when running the command, 'show interfaces <> extensive'.

Cause:

Bad length packets are sent by source.

Solution:

Take the following steps to identify packets in the MX:

  1. Check which interface shows the L3 incomplete errors

    show interfaces et-1/1/9 extensive          
    Physical interface: et-1/1/9, Enabled, Physical link is Up
      Interface index: 174, SNMP ifIndex: 590, Generation: 177
      Link-level type: Ethernet, MTU: 1518, MRU: 1526, Speed: 100Gbps, BPDU Error: None, Loop Detect PDU Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled
      Pad to minimum frame size: Disabled
      Device flags   : Present Running
      Interface flags: SNMP-Traps Internal: 0x4000
      CoS queues     : 8 supported, 8 maximum usable queues
      Schedulers     : 0
      Hold-times     : Up 0 ms, Down 500 ms
      Damping        : half-life: 0 sec, max-suppress: 0 sec, reuse: 0, suppress: 0, state: unsuppressed
      Current address: 94:f7:ad:46:d3:a3, Hardware address: 94:f7:ad:46:d3:a3
      Last flapped   : 2020-04-22 16:08:15 PDT (00:29:13 ago)
      Statistics last cleared: 2020-04-22 16:03:54 PDT (00:33:34 ago)
      Traffic statistics:
       Input  bytes  :              8515948                    0 bps
       Output bytes  :              3805508                  200 bps
       Input  packets:                94004                    0 pps
       Output packets:                24722                    0 pps
       IPv6 transit statistics:
       Input  bytes  :              4486040
       Output bytes  :                    0
       Input  packets:                55984
       Output packets:                    0
      Dropped traffic statistics due to STP State:
       Input  bytes  :                    0
       Output bytes  :                    0
       Input  packets:                    0
       Output packets:                    0
      Input errors:
        Errors: 45613, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 45613, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0
      Output errors:
        Carrier transitions: 2, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors:
  2. Check if bad IPv6 packet length errors show under PFE by issuing the commands below in MPC cards. It does not work on DPC cards.

    show jnh 2 exceptions terse   
    
    Packet Exceptions
    ----------------------
    bad IPv6 pkt len                   DISC(111)        47813    5068178.
    IP options                         PUNT(  2)         4557     483042
  3. Enable debugging under PFE to check the source of the packet:

    Enable the traces

    a.   start shell pfe network fpc1
    b.   debug jnh exceptions-trace 
    c.  .debug jnh exceptions 111 discard  
    
    [Apr 22 23:39:40.011] [2992] jnh_exception_packet_trace:1799 [iif:0,code/info:239 D(bad IPv6 pkt len)/0x0,score:(0x0),ptype:3/0,orig_ptype:3,offset:18,orig_offset:18,len:124,l2iif:0,oif:0,BD 0,l2-off=0,token=0 ]
    [Apr 22 23:39:40.011] [2993] jnh_exception_packet_trace:1823 0x00: 30 00 ef 00 00 00 00 00 00 12 00 7c 80 00 00 30 
    [Apr 22 23:39:40.011] [2994] jnh_exception_packet_trace:1823 0x10: 12 00 00 40 01 00 00 00 00 00 00 00 00 00 00 94 
    [Apr 22 23:39:40.011] [2995] jnh_exception_packet_trace:1823 0x20: f7 ad 46 d3 a3 00 10 94 00 00 02 81 00 00 02 86 
    [Apr 22 23:39:40.011] [2996] jnh_exception_packet_trace:1823 0x30: dd 60 00 00 00 a5 18 2f ff 20 01 00 00 00 00 00 
    [Apr 22 23:39:40.011] [2997] jnh_exception_packet_trace:1823 0x40: 00 00 00 00 00 00 00 00 02 20 10 00 00 00 00 00 
    [Apr 22 23:39:40.011] [2998] jnh_exception_packet_trace:1823 0x50: 00 00 00 00 00 00 00 00 01 3b 00 01 04 00 00 00 
    [Apr 22 23:39:40.011] [2999] jnh_exception_packet_trace:1823 0x60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    [Apr 22 23:39:40.011] [3000] jnh_exception_
    packet_trace:1823 0x70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  4. Disable the traces

    start shell pfe network fpc<>
    undebug jnh exceptions 

How to identify the source of the packets:

  1. First, check IPv6 ether type [86dd] in the trace. Notice 86dd in the packet

    Apr 22 23:39:40.011] [2995] jnh_exception_packet_trace:1823 0x20:  86  
    [Apr 22 23:39:40.011] [2996] jnh_exception_packet_trace:1823 0x30: dd 60 00 00 00 a5 18 2f ff 20 01 00 00 00 00 00
  2. Before that, either VLAN-TAG or destination MAC, as per interface configuration. This interface has vlan-id 2 configured in my example router. Hence, we see 8100 for vlan identifier prior to that destination and source  MAC addresses seen.

    VLAN-ID :  81 00 00 02
    Source MAC:00 10 94 00 00 02 
    Destination MAC: 94 f7 ad 46 d3 a3 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search