[Solved] In/out errors on LAN



  • Yes, the Out errors increment every time I refresh the page by 1-10 more.

    The percentage is lowering though, it is now down to 0.9% from 1.06%


  • LAYER 8 Netgate

    Everything should be auto-negotiate with gigabit but check for something on one side being 100-half and the other side being 100-full.

    And bridging all your gigabit pfsense ports just takes all your extra, expensive, gigabit router ports and turns them into cheap, gigabit switch ports.  Not sure why you would want to do that.



  • I do have two devices on my switch which are 100Mb and not 1Gb (Server IPMI and CCTV Camera Hub). And then I have two computers also on it at 1Gb/s

    Could that be the cause of it?

    Also the reason I bridged the LAN to create a switch is because that's how I wanted it. I'm not using VLAN's or multiple subnets. The card wasn't very expensive, cost me less than a single port card due to a good deal.


  • LAYER 8 Netgate

    Ok.  Bridging is a waste of ports but it's your network.

    You need to be sure that every interface on your network is connected to a port in the same mode.  That's the first thing I would verify if I was seeing errors like that.

    And not just what the settings say it should be, but what the port has actually negotiated.



  • When you say the same mode are you referring to half / full duplex?

    My setup is like so.

    Modem -> 1Gb/s Full Duplex -> PFSense

    Then it goes PFSense -> 1Gb/s Full Duplex -> Switch/AP

    Then from there it goes:
    Switch/AP -> 1Gb/s Full Duplex -> Desktop
    Switch/AP -> 1Gb/s Full Duplex -> Home Server
    Switch/AP -> 1Gb/s Full Duplex -> Server IPMI (I thought this was 100Mb but it's actually 1Gb)
    Switch/AP -> 100Mb/s Full Duplex -> CCTV Hub

    So far I've tried changing the ports being used for the PFSense -> Switch connection on both sides and changed the cable. None of this affected the rate of the errors.

    Any ideas at all? Maybe I should remove the lan bridge and see if that changes the situation since I'm not using the four ports anyway only one.


  • LAYER 8 Netgate

    If that's the case and you have verified that all ports are actually negotiated as you describe, then you need to look at cables and ports/NICs as possible points of errors.

    Mode:

    100-full
    100-half
    gigabit



  • Thank you for your time. Just to confirm In/Out errors of any kind like this is unusual right? I'm having 0.87% of all packets fail only on the Lan Bridge, that's not normal for Bridges or anything like that?

    I'm thinking perhaps it's my 4 port Intel Nic, luckily I do have another Nic I can try.


  • LAYER 8 Netgate

    No.  it's not normal.  Screenshot is a bridge0.  Get iinto the shell and look at the bridge member interfaces too.  ifconfig -a

    ETA: Nevermind.  ifconfig doesn't show errors. Have cisco on the brain.

    ![Screen Shot 2015-01-09 at 11.34.46 AM.png](/public/imported_attachments/1/Screen Shot 2015-01-09 at 11.34.46 AM.png)
    ![Screen Shot 2015-01-09 at 11.34.46 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-01-09 at 11.34.46 AM.png_thumb)



  • Ok I've done that command in the shell and I've got a lot of information back. I'm not exactly sure what parts I should take note of. Nothing is sticking out to me.

    Here is the screenshot. The only thing I've removed is the IPv4 WAN address for privacy.


  • LAYER 8 Netgate

    Sorry.  Have cisco on the brain.  ifconfig doesn't show errors.


  • LAYER 8 Netgate

    Do a Diagnostics > Command Prompt then enter netstat -i.

    That way you can just cut and paste into a post.



  • Here is that result.

    $ netstat -i
    Name               Mtu Network       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
    igb0              1500 <link#1>00:1b:21:a6:56:80  6099743     0     0  3997337     0     0
    igb0                 - fe80::21b:21f fe80::21b:21ff:fe        0     -     -        2     -     -
    igb1              1500 <link#2>00:1b:21:a6:56:81 20438108     0     0 10787381     0     0
    igb1                 - fe80::21b:21f fe80::21b:21ff:fe        0     -     -        1     -     -
    igb2              1500 <link#3>00:1b:21:a6:56:82        0     0     0        0     0     0
    igb2                 - fe80::21b:21f fe80::21b:21ff:fe        0     -     -        1     -     -
    igb3              1500 <link#4>00:1b:21:a6:56:83        0     0     0        0     0     0
    igb3                 - fe80::21b:21f fe80::21b:21ff:fe        0     -     -        2     -     -
    em0               1500 <link#5>00:1b:63:f1:10:9b 14848095     0     0 26496640     0     0
    em0                  - fe80::21b:63f fe80::21b:63ff:fe        0     -     -        4     -     -
    em0                  - 94.174.70.0   cpc14-enfi16-2-0-    70129     -     -    20091     -     -
    pflog0           33144 <link#6>0     0     0    96767     0     0
    pfsync0           1500 <link#7>0     0     0        0     0     0
    lo0              16384 <link#8>3352954     0     0  3352953     0     0
    lo0                  - your-net      localhost          3365820     -     -  3352952     -     -
    lo0                  - localhost     ::1                      0     -     -        0     -     -
    lo0                  - fe80::1%lo0   fe80::1%lo0              0     -     -        0     -     -
    enc0              1536 <link#9>0     0     0        0     0     0
    bridge0           1500 <link#10>02:fe:4a:c8:9c:00 26548908     0     0 14809533 133170     0
    bridge0              - 192.168.0.0   pfSense              48622     -     -    54149     -     -
    bridge0              - fe80::1:1%bri fe80::1:1%bridge0     1519     -     -     4682     -     -</link#10></link#9></link#8></link#7></link#6></link#5></link#4></link#3></link#2></link#1> 
    


  • One thing I don't understand, it's showing 10787381 packets out on igb1 which is my PFSense box's port that I'm using to connect to my Switch (I switched it from igb0 when trying to test if it was the port at fault). But it shows 0 Errors igb1 and igb0.

    But then on the bridge, it shows the traffic and errors. Does that mean the errors are isolated in my Bridge and not the networking hardware or are the errors for individual nics suppressed and shown on the bridge instead? Hmm



  • Try a different Cat cable and a different switch-port after that.



  • I already tried that. Same amount of errors. I think what I'll try tomorrow is removing the LAN Bridge and if that doesn't work I'll change the NIC.


  • LAYER 8 Netgate

    That is strange.

    I would expect to see errors on the bridge member but maybe it doesn't work that way.  Either way, if you delete the bridge since you're only using one port, that will tell you something.

    I don't think you have to delete it.  Just remove igbX from the bridge, then assign LAN to igbX.



  • Okay I've resolved the problem.

    First thing I did today was get a proper Ethernet cable tester. I tested all my cables, they are all wired correctly and have excellent frequency response with no outside foreign frequencies detected.

    Then I fitted a brand new switch. Problem still there.

    So I'd ruled out my switch, my cables, and all four individual ports on my PFSense box. I'm using an Intel i340-T4 by the way.

    So now it came time to remove the bridge. I did that and guess what? no more in/out errors. Completely gone. I tested every port on the i340-T4 individually by changing the LAN to each port and none of them shows any errors of any kind. Then I put the bridge back as it was before and the errors instantly came back.

    I'm not sure if this is an igb driver issue, a pfsense issue or something along those lines. If anyone wants more information about the way I was running this setup feel free to ask.

    Thank you Derelict and jahonix for your help. The forum is a great resource with people like yourselves willing to answer peoples questions.



  • Did it actually cause any issues? Might just be cosmetic. Haven't seen that, that's a pretty common type of configuration. Might also want to try on 2.2.



  • I'm on 2.2 RC. Have been the entire time.

    It didn't seem to cause any problems. Network speed was consistent, everything worked fine. Just the errors kept climbing at a steady pace.

    As I say though, removed the bridge, errors gone. Perhaps it was my fault in the way I set the bridge up?



  • I found the issue. It gives out errors because you have unused ports. I had the exact same issue but when I removed the 2 nics which didn't had a cable in them I stopped receiving those errors. So it seems to be a cosmetic thing.


  • LAYER 8 Netgate

    Ahh..  File that one away.  Thanks.



  • Found it by pure chance as I had the exact same thing. So I went to remove the 2 unused port so I could setup a static connection to see if it was a cable/nic issue. Just figured I might as well check the interfaces again after that and since then no errors.

    I would suggest a second verification just to be sure.



  • I can't redo my network right now with this box as it's in production otherwise I would test to verify.

    But based on what I saw when this was happening to me I think you're right. Hopefully this can be corrected in an update to PFSense so we don't get more threads like these with worried noobies like myself.  ;D



  • @0x10C:

    I've built a new PFSense system and I'm having some In/out errors on my LAN. Is this normal or do I have a port/cable issue? (I've already changed the cable and the error rate stayed the same).

    This is my config map.

    Modem -> PFsense -> 4x1Gb Lan Bridged -> 1Gb Switch/Access Point (WiFi + 4 Ethernet Ports).

    I'm only using one of the LAN ports on my PFSense system out of the four available. I bridged the four ports as I intended to use more than one.

    Here is the information from the affected interface, this is the Bridge. No other interface is showing any In/Out Error or Colossians.

    Based on this the error rate is about 1.06%

    Is this something I should be concerned about? I'm not having any issues accessing the internet, the speed is what I should be receiving and is identical to my old equipment. But obviously seeing errors of any kind is worrying with a new system, this is my first PFSense build also.

    Thank you for any replies. It is much appreciated.

    I can verify the errors.. if you have bridget the ports and you have unused ports enabled.. you get errors on the bridge.. just unenable the unused ports and you are good.. this is still happening in 2.3 realice version..  :)



  • @toomas said in [Solved] In/out errors on LAN:

    @0x10C:

    I've built a new PFSense system and I'm having some In/out errors on my LAN. Is this normal or do I have a port/cable issue? (I've already changed the cable and the error rate stayed the same).

    This is my config map.

    Modem -> PFsense -> 4x1Gb Lan Bridged -> 1Gb Switch/Access Point (WiFi + 4 Ethernet Ports).

    I'm only using one of the LAN ports on my PFSense system out of the four available. I bridged the four ports as I intended to use more than one.

    Here is the information from the affected interface, this is the Bridge. No other interface is showing any In/Out Error or Colossians.

    Based on this the error rate is about 1.06%

    Is this something I should be concerned about? I'm not having any issues accessing the internet, the speed is what I should be receiving and is identical to my old equipment. But obviously seeing errors of any kind is worrying with a new system, this is my first PFSense build also.

    Thank you for any replies. It is much appreciated.

    I can verify the errors.. if you have bridget the ports and you have unused ports enabled.. you get errors on the bridge.. just unenable the unused ports and you are good.. this is still happening in 2.3 realice version..  :)

    New pfSense user here, sorry to revive an old thread but I can also verify that this is still a thing with version 2.4.4.

    I bridged two of my LAN-ports today and immediately after that I began receiving output errors on the bridge-interface (with the other network cable unplugged).


Log in to reply