[Solved] In/out errors on LAN
-
I've built a new PFSense system and I'm having some In/out errors on my LAN. Is this normal or do I have a port/cable issue? (I've already changed the cable and the error rate stayed the same).
This is my config map.
Modem -> PFsense -> 4x1Gb Lan Bridged -> 1Gb Switch/Access Point (WiFi + 4 Ethernet Ports).
I'm only using one of the LAN ports on my PFSense system out of the four available. I bridged the four ports as I intended to use more than one.
Here is the information from the affected interface, this is the Bridge. No other interface is showing any In/Out Error or Colossians.
Based on this the error rate is about 1.06%
Is this something I should be concerned about? I'm not having any issues accessing the internet, the speed is what I should be receiving and is identical to my old equipment. But obviously seeing errors of any kind is worrying with a new system, this is my first PFSense build also.
Thank you for any replies. It is much appreciated.
-
Are they continuously incrementing?
-
Yes, the Out errors increment every time I refresh the page by 1-10 more.
The percentage is lowering though, it is now down to 0.9% from 1.06%
-
Everything should be auto-negotiate with gigabit but check for something on one side being 100-half and the other side being 100-full.
And bridging all your gigabit pfsense ports just takes all your extra, expensive, gigabit router ports and turns them into cheap, gigabit switch ports. Not sure why you would want to do that.
-
I do have two devices on my switch which are 100Mb and not 1Gb (Server IPMI and CCTV Camera Hub). And then I have two computers also on it at 1Gb/s
Could that be the cause of it?
Also the reason I bridged the LAN to create a switch is because that's how I wanted it. I'm not using VLAN's or multiple subnets. The card wasn't very expensive, cost me less than a single port card due to a good deal.
-
Ok. Bridging is a waste of ports but it's your network.
You need to be sure that every interface on your network is connected to a port in the same mode. That's the first thing I would verify if I was seeing errors like that.
And not just what the settings say it should be, but what the port has actually negotiated.
-
When you say the same mode are you referring to half / full duplex?
My setup is like so.
Modem -> 1Gb/s Full Duplex -> PFSense
Then it goes PFSense -> 1Gb/s Full Duplex -> Switch/AP
Then from there it goes:
Switch/AP -> 1Gb/s Full Duplex -> Desktop
Switch/AP -> 1Gb/s Full Duplex -> Home Server
Switch/AP -> 1Gb/s Full Duplex -> Server IPMI (I thought this was 100Mb but it's actually 1Gb)
Switch/AP -> 100Mb/s Full Duplex -> CCTV HubSo far I've tried changing the ports being used for the PFSense -> Switch connection on both sides and changed the cable. None of this affected the rate of the errors.
Any ideas at all? Maybe I should remove the lan bridge and see if that changes the situation since I'm not using the four ports anyway only one.
-
If that's the case and you have verified that all ports are actually negotiated as you describe, then you need to look at cables and ports/NICs as possible points of errors.
Mode:
100-full
100-half
gigabit -
Thank you for your time. Just to confirm In/Out errors of any kind like this is unusual right? I'm having 0.87% of all packets fail only on the Lan Bridge, that's not normal for Bridges or anything like that?
I'm thinking perhaps it's my 4 port Intel Nic, luckily I do have another Nic I can try.
-
No. it's not normal. Screenshot is a bridge0. Get iinto the shell and look at the bridge member interfaces too. ifconfig -a
ETA: Nevermind. ifconfig doesn't show errors. Have cisco on the brain.
 -
Ok I've done that command in the shell and I've got a lot of information back. I'm not exactly sure what parts I should take note of. Nothing is sticking out to me.
Here is the screenshot. The only thing I've removed is the IPv4 WAN address for privacy.
-
Sorry. Have cisco on the brain. ifconfig doesn't show errors.
-
Do a Diagnostics > Command Prompt then enter netstat -i.
That way you can just cut and paste into a post.
-
Here is that result.
$ netstat -i Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll igb0 1500 <link#1>00:1b:21:a6:56:80 6099743 0 0 3997337 0 0 igb0 - fe80::21b:21f fe80::21b:21ff:fe 0 - - 2 - - igb1 1500 <link#2>00:1b:21:a6:56:81 20438108 0 0 10787381 0 0 igb1 - fe80::21b:21f fe80::21b:21ff:fe 0 - - 1 - - igb2 1500 <link#3>00:1b:21:a6:56:82 0 0 0 0 0 0 igb2 - fe80::21b:21f fe80::21b:21ff:fe 0 - - 1 - - igb3 1500 <link#4>00:1b:21:a6:56:83 0 0 0 0 0 0 igb3 - fe80::21b:21f fe80::21b:21ff:fe 0 - - 2 - - em0 1500 <link#5>00:1b:63:f1:10:9b 14848095 0 0 26496640 0 0 em0 - fe80::21b:63f fe80::21b:63ff:fe 0 - - 4 - - em0 - 94.174.70.0 cpc14-enfi16-2-0- 70129 - - 20091 - - pflog0 33144 <link#6>0 0 0 96767 0 0 pfsync0 1500 <link#7>0 0 0 0 0 0 lo0 16384 <link#8>3352954 0 0 3352953 0 0 lo0 - your-net localhost 3365820 - - 3352952 - - lo0 - localhost ::1 0 - - 0 - - lo0 - fe80::1%lo0 fe80::1%lo0 0 - - 0 - - enc0 1536 <link#9>0 0 0 0 0 0 bridge0 1500 <link#10>02:fe:4a:c8:9c:00 26548908 0 0 14809533 133170 0 bridge0 - 192.168.0.0 pfSense 48622 - - 54149 - - bridge0 - fe80::1:1%bri fe80::1:1%bridge0 1519 - - 4682 - -</link#10></link#9></link#8></link#7></link#6></link#5></link#4></link#3></link#2></link#1> -
One thing I don't understand, it's showing 10787381 packets out on igb1 which is my PFSense box's port that I'm using to connect to my Switch (I switched it from igb0 when trying to test if it was the port at fault). But it shows 0 Errors igb1 and igb0.
But then on the bridge, it shows the traffic and errors. Does that mean the errors are isolated in my Bridge and not the networking hardware or are the errors for individual nics suppressed and shown on the bridge instead? Hmm
-
Try a different Cat cable and a different switch-port after that.
-
I already tried that. Same amount of errors. I think what I'll try tomorrow is removing the LAN Bridge and if that doesn't work I'll change the NIC.
-
That is strange.
I would expect to see errors on the bridge member but maybe it doesn't work that way. Either way, if you delete the bridge since you're only using one port, that will tell you something.
I don't think you have to delete it. Just remove igbX from the bridge, then assign LAN to igbX.
-
Okay I've resolved the problem.
First thing I did today was get a proper Ethernet cable tester. I tested all my cables, they are all wired correctly and have excellent frequency response with no outside foreign frequencies detected.
Then I fitted a brand new switch. Problem still there.
So I'd ruled out my switch, my cables, and all four individual ports on my PFSense box. I'm using an Intel i340-T4 by the way.
So now it came time to remove the bridge. I did that and guess what? no more in/out errors. Completely gone. I tested every port on the i340-T4 individually by changing the LAN to each port and none of them shows any errors of any kind. Then I put the bridge back as it was before and the errors instantly came back.
I'm not sure if this is an igb driver issue, a pfsense issue or something along those lines. If anyone wants more information about the way I was running this setup feel free to ask.
Thank you Derelict and jahonix for your help. The forum is a great resource with people like yourselves willing to answer peoples questions.
-
Did it actually cause any issues? Might just be cosmetic. Haven't seen that, that's a pretty common type of configuration. Might also want to try on 2.2.
