Rx Errors on "IN" LAN Interface



  • Good Afternoon:

    I am trying to troubleshoot some errors I am getting my LAN Interface that I am getting.

    Media autoselect
    In/out packets 52211629/44382673 (44.20 GB/15.74 GB)
    In/out packets (pass) 52207011/44381941 (44.20 GB/15.74 GB)
    In/out packets (block) 4618/732 (533 KB/29 KB)
    In/out errors 71266/0
    Collisions 0

    I see only errors on the IN LAN Interface.  The WAN has just a few.  In the logs the only packets I see being dropped are from ICMP via ping from random WAN addresses.  Not sure where else to turn, we have many devices running on this virtual switches and only this device with interface errors.  I read that I can change - Firewall Optimization Options, will this help?

    This pfsense box has 4 cpus and 2GB of RAM.  CPU Utilization is a mere 5% and memory 7-10% - Can anyone give me advice where to turn next to troubleshoot.



  • In/Out errors on a NIC usually correspond to a failing NIC or bad cabling. Could also be a bad switch port since it's on LAN side.

    You mention virtual switch though, is this a VM and if so what platform is it running on? Errors on a VM NIC may not actually be a NIC problem (unless you have a NIC in pass-through dedicated mode to pfsense) but could still be a cable problem (would see corresponding errors on other VMs sharing that NIC/cable).

    Errors, whether a dedicated system or in a virtual environment have nothing to do with the firewall. There's a separate line item for blocked packets. Errors are just that, an error occurred transmitting or receiving a packet. It's not a collision because that's a separate line item there but it could be an incomplete packet, malformed or damaged in some way that made it unusable.

    Joel


  • Rebel Alliance Developer Netgate

    It can also be from the driver if it ran out of buffer space to process a packet or some other error condition that resulted in a dropped packet.

    Some drivers are nice and report the actual condition of the failure in sysctl output. For example if you have an em nic, run "sysctl -a | grep .em." and see what you get. Substitute the driver name as needed (bce, bge, igb, etc) but make sure not to put the number on the end, as in the sysctl tree it would be em.0 and not em0 or it may only have a general list of things.


Log in to reply