This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet link up and down in the same minute

Hi,

on a customer site I face a problem that we receive lots of up/down for one link -they have 2 links- in the same minute (can even be twice in a minute) but there is no problem that is feeled.

How is UTM checking a link ? Ping ? Against which IP(s) ? If they are few links, are the destinations IPs same ?

I would like to take a capture from UTM checks to see what is the source of this behaviour.

Thanks for any hint

-- 
Daniel



This thread was automatically locked due to age.
Parents
  • Need to figure out - Is it the ISP or is it the UTM?  What network card is in the UTM?  There are incompatible cards that will do this, I have the issue myself in a SuperMicro on-board NIC, that will do this every second or so.

    I would check your Kernel Message log and see if you have something like 'link is down', 'link is up' type pattern and post a copy of the logs here.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • UTM is in VM, ISP links are separated in VLANs which means using same card. I already checked logs and didn't see any informations about link down or up.

  • Salut Daniel,

    What virtual NIC are you using in the VM?

    Amodin's suggestion seems to have paid off - it feels like the ISP's problem or an Ethernet cable to the ISP's equipment.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bonjour Bob and all,

    e1000 is the libvirt driver used for WLANs. As I told, both ISPs connections are using the same link -Ethernet card being I350 Gigabit Network Connection- so server HW can not be involved. Another thing is that the customer have 5 locations, all equiped with the same HW, Sophos UTM version and 2 same ISPs- only this site have the problem with this one link.

    Will replace cable from switch to ISP equipment.

    Thanks.

  • Did changing the cable solve the problem, Daniel?

    I don't remember the issue, but using e1000 virtual NICs seems to cause a problem with the UTM.  The recommended one is vmxnet3.  Does the problem persist if you make that change?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob. We changed the cable from switch to ISP router, and we have much less problems. In the mean time I asked ISP to fix the floow to 1000/full instead of auto (already done on our side), don't know if they did it.

    Concerning the virtual NIC, I would agree if *both* ISP links would have the problem as all the traffic is going out with the same NIC using VLANs. Can give a try to vmxnet3 if problem still persistent.

    On another site from this customer I faced problem with one VM (Asterisk on Ubuntu 20.04) where the NIC was e1000: network stopped twice to work after around 3 weeks, host OS being RH. The same setup with host OS Ubuntu 16/18/20 *never* had any problem. I switched to virtio for this VM 2 weeks ago, will see what is the result.

    Daniel

  • Bob, The e1000 drivers are the issue which has been a problem for years that no one seems interested in fixing.

    9.7 killed eth0 for me... It had to be 'taken out'. - Hardware, Installation, Up2Date, Licensing - UTM Firewall - Sophos Community

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi Amodin. I just check on Ubuntu 20, available drivers are e1000e, virtio and hypervisor default (? don't know what it means), and Debian 10 & 11 have e1000, rtl8139, virtio and the same hypervisor default.

    No vmxnet3 in both cases.

Reply Children
  • Yeah, it's an issue centered around UTM/XG, in my opinion related to the e1000, that post I linked above was what I had found in both versions.  There was no way around it with the exception of just using a completely different NIC card I had to install.  I couldn't use anything that was a motherboard NIC for my system.  I ended up turning those into admin interfaces outside the UTM.

    I'd really urge you to look in the Kernel Messages log in UTM for your connection and see if it's dropping you or resetting.  I gave an example from both XG and UTM in that link as well.  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Amodin, as said in my message from last wednesday, logs where already checked and nothing related inside. Again:

    . original problem appears only with one ISP despite the fact that all traffic (2 x ISP, lan and voice) goes out with the same virtual drive e1000
    . concerning the network who stopped to work after around 3 weeks, only modification was to replace the host Dell+Ubuntu 20 with HP+RHELx And before this it was working like a charm since ages. Anyway I did change it to driver virtio and will see.

    Daniel