Watchguard X-Core - Packet Loss (RealTek)



  • Ok, having issues with significant (0.4-1.2%) packet loss on a watchguard X700 port.

    pfSense2.0-RC1.

    re0

    • Duplex fixed
    • Cable: 90ft Solid 24AWG/CAT5E UTP - Run away from power lines
    • Disabled TSO, Checksum and the other offloading, 2 of which were disabled already.
    • System tunables, tcp.tso set to 0

    The weird thing, all other used ports on the unit have no packet loss probably because the cable length is short (1-3ft).

    Originally, I had 7% packet loss so I changed out the cable with high-quality cable and that brought it down. Yet, the original line on a pfSense box with Intel NICs had 0% packet loss. It seams as though the Realtek chipset is highly sensitive to the slightest interference or long cable runs.

    As traffic increases, so does the packet loss.

    Not sure what to do next, any ideas? Thank you for your help!



  • Replace it with an intel nic if there is no loss.
    If the throughput is high, than you CPU has to do much of the work with a realtek nic. An intel nic performs much better and does not load the CPU as much as the realtek nic.



  • @Nachtfalke:

    Replace it with an intel nic if there is no loss.
    If the throughput is high, than you CPU has to do much of the work with a realtek nic. An intel nic performs much better and does not load the CPU as much as the realtek nic.

    Thanks for the advice but I can't replace the NIC, it's soldered in to the watchguard board :-)


  • Netgate Administrator

    You could try an STP cable if you can find one. Or make your own with some aluminium foil!
    It's a shame Watchguard chose to save money with those poor NICs.

    Steve



  • @FJSchrankJr
    I am sorry. I didn't metion that. It was my fault.

    @stephenw10
    As far as I understand him, he has changed the cable.
    Perhaps you could do LAGG with two links and so the traffic will get LoadBalanced on two nics ?



  • Hey guys, first off I really appreciate you both taking the time to help me, thank you.

    Yeah, I ran a new cable but it was UTP. I have been considering running shielded cable instead but I went with new high quality UTP because I had the connectors for it and it was readily available here. The shielded you need the special RJ45 ends that have the metal shell otherwise from what I learned, the shield if ungrounded would act like a big antenna and cause issues. They also tell you that you should not ground both ends just in case there is a ground potential difference between both sides, in which case it would try to pass current through the shielding, also not good.

    I have a feeling shielded would work but it's quite amazing in the difference between RealTek and Intel. On all of the short patch cables and other ports no problem at all.


  • Netgate Administrator

    @Nachtfalke:

    As far as I understand him, he has changed the cable.
    Perhaps you could do LAGG with two links and so the traffic will get LoadBalanced on two nics ?

    He has changed it but said he thought he was having a problem with interference. Using a shielded cable would be better therefore. However they are rare.

    Interesting suggestion with LAGG. The other end would have to support it though.

    Steve



  • Time to make some telephone calls and find some STP around here I suppose. On the LAGG, that's a good idea but in this case the telco provides the ethernet handoff with little to touch on their box.


  • Netgate Administrator

    @FJSchrankJr:

    The shielded you need the special RJ45 ends that have the metal shell otherwise from what I learned, the shield if ungrounded would act like a big antenna and cause issues. They also tell you that you should not ground both ends just in case there is a ground potential difference between both sides, in which case it would try to pass current through the shielding, also not good.

    That's true to some extent. I'd be surprised if an ungrounded shield had much of a negative effect though. You can just ground it your self to the case at one end with a short length of wire.
    You also have to make sure the RJ45 sockets you're plugging into have a contact for a metal plug, some are all plastic. You can always roll your own by wrapping it in foil, a bit tedious though!  ;)

    Steve



  • @stephenw10:

    @FJSchrankJr:

    The shielded you need the special RJ45 ends that have the metal shell otherwise from what I learned, the shield if ungrounded would act like a big antenna and cause issues. They also tell you that you should not ground both ends just in case there is a ground potential difference between both sides, in which case it would try to pass current through the shielding, also not good.

    That's true to some extent. I'd be surprised if an ungrounded shield had much of a negative effect though. You can just ground it your self to the case at one end with a short length of wire.
    You also have to make sure the RJ45 sockets you're plugging into have a contact for a metal plug, some are all plastic. You can always roll your own by wrapping it in foil, a bit tedious though!  ;)

    Steve

    Funny you mention that… The switch has grounded ports but the ethernet hand off itself does not, I wonder if this is some type of standard in that only switches have grounded ports. I could always ground the shield directly you're right, though having the metal/STP connector might not be too hard to get assuming I can find some place around here that sells STP. I will post the results back here. Thanks guys.



  • Ok, here was my temporary fix:

    I created a VLAN on a switch I have from Cisco which uses high quality NICs/PHYs. The VLAN consists of 2 ports. 1 port goes to the long cable run, 1 port goes to the pfsense watchguard.

    The purpose of this is because the RealTek NICs on the watchguard seam to be ok on short cable runs but not long cable runs, so essentially I created a intermediary NIC that will handle the long cable run better then serve it up to the watchguard at a very short distance. The patch cord is approximately 2 ft now, 0 packets lost on a 10,000 40byte ping. Absolutely perfect!

    So now, I am thinking this can hold me over until I order the highest quality CAT5E 350Mhz STP cable available. The question is, with STP do you think it will solve the problem being as though the RealTek's are highly sensitive to distance/interference? Otherwise, I will leave it on a VLAN. I would like to minimize the extra point of failure if possible so hopefully STP will solve the problem.



  • You could also try cat6 stp as that appears to be the least susceptible to interference of any kind.



  • That may be the better way to go you're right. I was a bit worried that after installing CAT5E STP, I would still see some packet loss so CAT6 STP would be a safer bet. Thank you.

    The VLAN meanwhile solved the problem but I would like to eliminate that.



  • i use cat6 and cat5e cables and ever saw any loss. 
    RC



  • I am not seeing any loss either on the other ports because they're using short patch cables of about 2ft-10ft. Hook CAT5E up and run it about 100ft and you may see the difference. In my case, power lines are at least 12" away which should be acceptable. Anyways, I never did see any packet loss either until I used a longer cable run. I replaced the cable about 3 times so far, going with STP will be the 4th and each time I replace it, it is helping so there is clearly a interference issue. Ethernet uses differential signaling to cut down on noise but the RealTek seams to be very sensitive on longer runs. Using a good Cisco switch and a VLAN, I was able to eliminate the loss all together so it must be related to the RealTek NIC.


  • Netgate Administrator

    This is interesting stuff!  :)
    I worked with low level signals requiring screened cables before and have wondered about using STP. However it seems that chip manufacturers have become very good at getting signals down relatively low cost cable and I've never had a problem using UTP.
    I was speaking to a friend today who works in networking and he basically said that the earthing problems introduced by STP outweigh the benefits when compared to the falling cost of fibre which doesn't suffer in extreme environments. However I believe a lot of this may be more rumour than first hand experience.
    Then, while Googling, I turned up this:
    http://www.zytrax.com/tech/layer_1/cables/tech_lan.htm#stp
    Including this "fact":

    Even ungrounded shielded cables provide better performance (by ~20db) than conventional unshielded twisted pair (UTP).

    Not sure what their sources are though.
    I'll be very interested in your results.

    Steve



  • how about putting a "switch/hub" in the middle, if possible ^_^..just to have a "pre-amplifier effect"..



  • I hard a 200 plus foot run using realtek, intel, broadcom and a few different other nics.  I had issues until, I did one thing.  I took a managed switch created two vlans.  I plugged the external cable into the vlan1 with the firewall.  From the I connected my firewall internal vlan went out to the rest of the internal vlan. no issues from there.
    RC


Locked