This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Overruns on Eth0 with vlans

Not sure at what point this started happening, but users reported slow down with remote desktop sessions when a large burst of traffic from other vlans is being forwarded on other networks.  The problem interface is Eth0 where we have vlans feeding into a single Gigabit NIC. When running interface utilization reports, we never see the interface usage above 50%.  CPU during this time also is not overly high either.

This is running on an SG210 unit with 9.707-5

The switch side looks good with no errors on the port as well as showing it negotiated at 1Gb/s.  It is possible that this single interface is being overrun with a high amount of small sized frames that are crushing the buffers on the NIC?  We have disabled IPS as well with no improvement either.

Thoughts?

Kernel Interface table
Iface          MTU   Met    RX-OK                RX-ERR RX-DRP RX-OVR       TX-OK               TX-ERR TX-DRP TX-OVR Flg
eth0          1500   0        1293356652     0              0              6189083      871370358     0              0             0 BMRU
eth0.250  1 500  0        124224906       0              0              894               110990123      0              0             0 BMRU
eth0.252  1500   0        766372373       0              0              210               680361194      0              0             0 BMRU
eth0.254  1500   0        62973369         0              0              893               55570793        0              0             0 BMRU
eth1          1500   0        3339392878    0              0              26208           4054117486   0              0             0 BMRU
eth2          1500   0        7495678554    0              0              1593             7215925998   0              0             0 BMRU
eth2.270 1500    0        843462196      0              0               0                    935233965      0             0             0 BMRU
eth2.271 1500    0        2426691545    0              0               2246             1777174610   0             0             0 BMRU
eth2.272 1500    0        2065913509    0              0               0                    2605155602   0             0             0 BMRU
eth3         2000    0        112792697       0              0              63                  2624902163   0             0             0 BMRU
eth4         1500    0        456 0 0 0 36     0              0              0                     BMRU
lo              65536  0       530130435       0              0              59                  530130435      0            0               0 LRU



This thread was automatically locked due to age.
Parents
  • Hey,

    If disabling IPS didn't help, then my guess is that your idea is correct.  Jave you considered creating a LAG with Eth0?  Please share your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • No LAG yet, but we are considering moving the DMZ over to Eth5.  I am also seeing some drops on the cpu when running a script that monitors the /proc/net/softnet_stat file.

    <M> colofw1:/home/login # sudo ./softnet.sh
    cpu     total                dropped     squeezed     collision   rps                   flow_limit
    0         485021503   1284           166506         0                594096926    0
    1          75446702     268566       96462           0                3445083594  0

    Wonder if a Dual Core Celeron just can't keep up

    model name : Intel(R) Celeron(R) CPU G1820 @ 2.70GHz
    stepping : 3
    microcode : 0x1c
    cpu MHz : 2583.562
    cache size : 2048 KB
    physical id : 0
    siblings : 2
    core id : 0
    cpu cores : 2

    Even with moving to another interface, if the CPU does not get back around clearing out these buffers in time, we might still have issues.

Reply
  • No LAG yet, but we are considering moving the DMZ over to Eth5.  I am also seeing some drops on the cpu when running a script that monitors the /proc/net/softnet_stat file.

    <M> colofw1:/home/login # sudo ./softnet.sh
    cpu     total                dropped     squeezed     collision   rps                   flow_limit
    0         485021503   1284           166506         0                594096926    0
    1          75446702     268566       96462           0                3445083594  0

    Wonder if a Dual Core Celeron just can't keep up

    model name : Intel(R) Celeron(R) CPU G1820 @ 2.70GHz
    stepping : 3
    microcode : 0x1c
    cpu MHz : 2583.562
    cache size : 2048 KB
    physical id : 0
    siblings : 2
    core id : 0
    cpu cores : 2

    Even with moving to another interface, if the CPU does not get back around clearing out these buffers in time, we might still have issues.

Children
No Data