IN errors on SK Interface on a Watchguard x750e

  • Has anyone else noticed errors on an SK interface running 2.1?    The error count grows fast enough that I can randomly refresh and watch the number go up, but is low enough that overall performance seems good and no user complaints.

    I have a pair configured using CARP, and so far the only problem ports are plugging into my primary LAN, SK1 and SK3 (LAN1 and LAN2).  I have experienced the errors on both units, swapped cables a couple times, and plugged into a couple different switches.

    Each unit plugs into the same Dell switch, that then has a single cable that plugs directly into our network backbone.

    When I either manually set the interface to 100mb Full, or tweak the Dell switch to only AUTO at 100mb Full all errors appear to go away. So the problem appears to be specific to running at 1gig.

    The problem is I have a 100mb PtP and 25mb Internet pipe, which means 100mb has the potential on a busy day to limit the traffic going through the firewalls.

    I did not deploy these units live until after 2.1 went final, so I can not confirm if this problem would have existed when running previous versions.  I just noticed the error count the other day, but I would assume the problem has always been present.

  • Not seeing any interface errors pile up here…

    I did occasionally with 2.0.3

    But keep in mind these boxes already have some miles on them.

  • Yeah my boxes are 6 years old, and were ran 24/7 in a data center up until July of this year running Watchguard software.

    I have gone all day now and not a single error running at 100mb….. Strange..

    I am tempted to just let things go back at a gig and let the errors pile up since I was seeing good throughput and no actual problems.  I suppose I could also move my LAN interfaces to the MSK ports, but I was avoiding those for my 'main' networks because of the known bugs with those ports. Although I do have the disabled option in place that is supposed to fix the MSK issues.

  • Netgate Administrator

    What sort of speeds were you pushing through them when the errors started occurring?

    It's possible you ran out of CPU or PCI bus bandwidth. The sk interfaces are PCI and all on the same bus.


  • Looking through CPU graph history I average around 10%  with peaks into 40% utilization I have upgraded the CPU to a Pentium M 2.26 ghz processor.

    I wouldn't think I am maxing out the PCI bus since I am limited to 125mb, well, technically a little more with LAN2 traffic, but there should be minimal LAN1 to LAN2 traffic which are both SK interfaces.  98% of traffic would be going out the 100mb interface that connects offices, or 25mb pipe for Internet.

    I guess in troubleshooting I will just give one of my spare MSK interfaces a try.  I know when I tested performance when going live, gig to gig networks, the MSK interfaces did perform much better than the SK, but the SK still was more than fast enough for the connections they are routing between.

  • Netgate Administrator

    Hmm, always worrying to see errors when you don't know the cause.
    Keep us updated with anything you find.


  • So moving to MSK interface for LAN1 and so far still 0 errors, LAN2, still running on an SK interface shows a few hundred IN errors.

    Very strange that the errors happened to occur only on my LAN1 and LAN2 interfaces, but not the WAN or PtP, but then again WAN is limited to 25mb, and PtP is limited to 100mb by our Internet provider.  So  for whatever reason when going over a gig, my SK ports seem to indicate errors.

    I'll move LAN2 to my last free MSK port and confirm that I remain error free.

  • Surprisingly moving the LAN2 interface to the MSK3 network ended up generating more IN errors on the LAN2 port than the errors that were being Generated on the SK interface.  LAN1 continued to receive 0 errors on the MSK interface.

    So I went ahead and moved LAN2 back to the SK interface, where it slowly generates some IN errors, since my LAN1 and all other interfaces are working error free I am going to leave things as is. Not really sure why I am getting any errors, but with how little traffic goes through my LAN2 interface I am not really concerned at this point.

Log in to reply