on a customer site I face a problem that we receive lots of up/down for one link -they have 2 links- in the same minute (can even be twice in a minute) but there is no problem that is feeled.
How is UTM checking a link ? Ping ? Against which IP(s) ? If they are few links, are the destinations IPs same ?
I would like to take a capture from UTM checks to see what is the source of this behaviour.
Thanks for any hint
What virtual NIC are you using in the VM?
Amodin's suggestion seems to have paid off - it feels like the ISP's problem or an Ethernet cable to the ISP's equipment.
Cheers - Bo…
Need to figure out - Is it the ISP or is it the UTM? What network card is in the UTM? There are incompatible cards that will do this, I have the issue myself in a SuperMicro on-board NIC, that will do this every second or so.
I would check your Kernel Message log and see if you have something like 'link is down', 'link is up' type pattern and post a copy of the logs here.
UTM - 9.707 | Intel i3-4150 4th Gen Processor 16GB Memory | 500GB SATA HDD | GB Ethernet x5
UTM is in VM, ISP links are separated in VLANs which means using same card. I already checked logs and didn't see any informations about link down or up.
Bonjour Bob and all,
e1000 is the libvirt driver used for WLANs. As I told, both ISPs connections are using the same link -Ethernet card being I350 Gigabit Network Connection- so server HW can not be involved. Another thing is that the customer have 5 locations, all equiped with the same HW, Sophos UTM version and 2 same ISPs- only this site have the problem with this one link.
Will replace cable from switch to ISP equipment.
Did changing the cable solve the problem, Daniel?
I don't remember the issue, but using e1000 virtual NICs seems to cause a problem with the UTM. The recommended one is vmxnet3. Does the problem persist if you make that change?
Cheers - Bob
Hello Bob. We changed the cable from switch to ISP router, and we have much less problems. In the mean time I asked ISP to fix the floow to 1000/full instead of auto (already done on our side), don't know if they did it.
Concerning the virtual NIC, I would agree if *both* ISP links would have the problem as all the traffic is going out with the same NIC using VLANs. Can give a try to vmxnet3 if problem still persistent.
On another site from this customer I faced problem with one VM (Asterisk on Ubuntu 20.04) where the NIC was e1000: network stopped twice to work after around 3 weeks, host OS being RH. The same setup with host OS Ubuntu 16/18/20 *never* had any problem. I switched to virtio for this VM 2 weeks ago, will see what is the result.
Bob, The e1000 drivers are the issue which has been a problem for years that no one seems interested in fixing.
9.7 killed eth0 for me... It had to be 'taken out'. - Hardware, Installation, Up2Date, Licensing - UTM Firewall - Sophos Community
Hi Amodin. I just check on Ubuntu 20, available drivers are e1000e, virtio and hypervisor default (? don't know what it means), and Debian 10 & 11 have e1000, rtl8139, virtio and the same hypervisor default.
No vmxnet3 in both cases.
Yeah, it's an issue centered around UTM/XG, in my opinion related to the e1000, that post I linked above was what I had found in both versions. There was no way around it with the exception of just using a completely different NIC card I had to install. I couldn't use anything that was a motherboard NIC for my system. I ended up turning those into admin interfaces outside the UTM.
I'd really urge you to look in the Kernel Messages log in UTM for your connection and see if it's dropping you or resetting. I gave an example from both XG and UTM in that link as well.
Amodin, as said in my message from last wednesday, logs where already checked and nothing related inside. Again:
. original problem appears only with one ISP despite the fact that all traffic (2 x ISP, lan and voice) goes out with the same virtual drive e1000. concerning the network who stopped to work after around 3 weeks, only modification was to replace the host Dell+Ubuntu 20 with HP+RHELx And before this it was working like a charm since ages. Anyway I did change it to driver virtio and will see.
Ah, Daniel, I didn't realize you were working with Ubuntu instead of VMWare.
My english so bad ?
For the original problem we really suffer less noise to not say (to early) zero after the cable change. Thanks for the hint !
Hi. I confirm that from the cable change time, the flow of mails concerning up and down from this ISP drastically decrease. Next step will be to switch from e1000 to virtio driver for libvirt.
Thanks to all your help.