Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 7 subscribers
  • Views 4651 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internal NIC being reported as down periodically

Jean Thibodeau

Periodically I get bursts of kernel messages related to internet connected NIC going down. What might cause this? UTM is connected to ISP modem that's in router mode for what that's worth.

It's a 3 wk old unit where there was only ISP router before. There aren't widespread reports of connections failing, maybe because it's only for a couple seconds and people are blaming the other end. There was a complaint of zoom session reporting bandwidth was low (which never happened before UTM) but think that was fixed by excluding zoom.com from web filtering (not yet confirmed).

Any info would be appreciated.

2021:03:07-12:19:28 lyneutm kernel: [316673.226072] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down
2021:03:07-12:19:28 lyneutm kernel: [316673.226134] br0: port 1(eth1) entered disabled state
2021:03:07-12:19:31 lyneutm kernel: [316676.529641] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX
2021:03:07-12:19:31 lyneutm kernel: [316676.529783] br0: port 1(eth1) entered forwarding state
2021:03:07-12:19:31 lyneutm kernel: [316676.529801] br0: port 1(eth1) entered forwarding state
2021:03:07-12:19:46 lyneutm kernel: [316691.548052] br0: port 1(eth1) entered forwarding state
--------

2021:03:07-12:29:00 lyneutm kernel: [317245.206282] igb 0000:01:00.0 eth0: igb: eth0 NIC Link is Down
2021:03:07-12:29:00 lyneutm kernel: [317245.206345] br0: port 3(eth0) entered disabled state
2021:03:07-12:29:02 lyneutm kernel: [317247.414163] igb 0000:01:00.0 eth0: igb: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX
2021:03:07-12:29:02 lyneutm kernel: [317247.414302] br0: port 3(eth0) entered forwarding state
2021:03:07-12:29:02 lyneutm kernel: [317247.414321] br0: port 3(eth0) entered forwarding state
2021:03:07-12:29:17 lyneutm kernel: [317262.440610] br0: port 3(eth0) entered forwarding state
---------
2021:03:07-12:30:32 lyneutm kernel: [317337.009373] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down
2021:03:07-12:30:32 lyneutm kernel: [317337.009432] br0: port 1(eth1) entered disabled state
2021:03:07-12:30:33 lyneutm kernel: [317338.717503] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 10 Mbps Full Duplex, Flow Control: RX/TX
2021:03:07-12:30:33 lyneutm kernel: [317338.717646] br0: port 1(eth1) entered forwarding state
2021:03:07-12:30:33 lyneutm kernel: [317338.717665] br0: port 1(eth1) entered forwarding state
2021:03:07-12:30:34 lyneutm kernel: [317339.376656] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down
2021:03:07-12:30:34 lyneutm kernel: [317339.716391] br0: port 1(eth1) entered disabled state
2021:03:07-12:30:37 lyneutm kernel: [317342.268387] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
2021:03:07-12:30:37 lyneutm kernel: [317342.268650] br0: port 1(eth1) entered forwarding state
2021:03:07-12:30:37 lyneutm kernel: [317342.268669] br0: port 1(eth1) entered forwarding state
2021:03:07-12:30:38 lyneutm kernel: [317343.355436] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down
2021:03:07-12:30:38 lyneutm kernel: [317343.355497] br0: port 1(eth1) entered disabled state
2021:03:07-12:30:41 lyneutm kernel: [317346.311117] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
2021:03:07-12:30:41 lyneutm kernel: [317346.311378] br0: port 1(eth1) entered forwarding state
2021:03:07-12:30:41 lyneutm kernel: [317346.311397] br0: port 1(eth1) entered forwarding state
2021:03:07-12:30:56 lyneutm kernel: [317361.353523] br0: port 1(eth1) entered forwarding state


This thread was automatically locked due to age.
Parents
  • 0

    Do you have NIC ports bridged but not both connected?  That may cause this error.

    You might have a problem with that NIC port itself, you might want to try another port if you have it.

    Double check your MTU as well.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    oops, it's not the internet connected NIC that's a problem. it's (primarily) one of the 3 bridged ports for LAN use - 'eth1'. (I have 4 ports total.) I searched back through a week of kernel logs for "NIC Link is Down" and twice out of at least 2 dozen entries, it was 'eth0', another of the bridged ports for LAN use. 

    Two of the 3 bridged ports are connected to windows 10 PC's (not sure which two and unit is at remote site), and the other has a Ubiquity Unifi AP connected to it. I know one of the PC's is shutdown periodically - would that cause NIC to go down? But then wouldn't it just stay down if it's related to that PC's status? Is NIC kernel message related to status of what's connected to it, or is it about internal connection to hardware?

    I also see from searching for "NIC Link is Up" that the eth1 comes up at different speeds, 10,100,1000. In contrast to that, eth0 came back up at 100M both times it went down. (Is there a way to get more info from sophos as to what's connected to a port? not finding it but am new to sophos.)

    To try another port I'd have to go to the site (with a switch in hand as 3 LAN ports are needed.) Is there anything more I can do remotely first?

    MTU is 1500.

  • 0 in reply to Jean Thibodeau

    Jean, have you tried using tcpdump on eth1 to see what device is talking there?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    not familiar with tcpdump. googled it and it seems I would have to install it on the machine connected to eth1 (which I can only guess at this point as this is a remote site, and it might be an AP that would not be able to run it). Unless this tool available to run from sophos appliance? 

  • 0 in reply to Jean Thibodeau

    tcpdump is available in every UTM.  You can SSH into the UTM and do:

    tcpdump -i eth1

    That should give you the IP of the device active there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Jean Thibodeau

    tcpdump is available in every UTM.  You can SSH into the UTM and do:

    tcpdump -i eth1

    That should give you the IP of the device active there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML