Fortinet black logo

Administration Guide

Diagnosing NIC issues

Sometimes diagnosing NIC issues is important, especially for hardware FortiWeb appliance.

  1. Use diagnose command to check and analyze NIC related issues:

    FortiWeb # diagnose hardware nic list port9

    driver igb

    version 5.6.0-k

    firmware-version 3.29, 0x8000021a

    bus-info 0000:85:00.0

    Supported ports: [ TP ]

    Supported link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: Yes

    Supported FEC modes: Not reported

    Advertised link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Advertised pause frame use: Symmetric

    Advertised auto-negotiation: Yes

    Advertised FEC modes: Not reported

    Speed: 1000Mb/s

    Duplex: Full

    Port: Twisted Pair

    PHYAD: 1

    Transceiver: internal

    Auto-negotiation: on

    MDI-X: off (auto)

    Supports Wake-on pumbg

    Wake-on g

    Current message level 0x00000007 (7)

    Link detected yes

    Link encap Ethernet

    HWaddr 08:35:71:11:65:BB

    INET addr 0.0.0.0

    Bcast 10.52.255.255

    Mask 255.255.0.0

    FLAG UP BROADCAST RUNNING MULTICAST

    MTU 1500

    MEtric 1

    Outfill 538970656

    Keepalive 538976266

    Memory fbd80000-fbdfffff

    RX packets 1

    RX errors 0

    RX dropped 1

    RX overruns 0

    RX frame 0

    TX packets 148

    TX errors 0

    TX dropped 0

    TX overruns 0

    TX carrier 0

    TX collisions 0

    TX queuelen 1000

    RX bytes 60 (60.0 b)

    TX bytes 10360 (10.1 Kb)

    Adaptive RX off

    Adaptive TX off

    stats-block-usecs 0

    sample-interval 0

    pkt-rate-low 0

    pkt-rate-high 0

    rx-usecs 3

    rx-frames 0

    rx-usecs-irq 0

    rx-frames-irq 0

    tx-usecs 0

    tx-frames 0

    tx-usecs-irq 0

    tx-frames-irq 0

  2. Use backend tools to check and analyze NIC related issues:

    /# ifconfig port1

    port1 Link encap:Ethernet HWaddr 08:35:71:16:F5:42

    inet addr:10.50.0.228 Bcast:10.50.255.255 Mask:255.255.0.0

    inet6 addr: fe80::a35:71ff:fe16:f542/64 Scope:Link

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:198 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:0 (0.0 B) TX bytes:13908 (13.5 KiB)

    #One can pay special attention to errors highlighted as above. If these error statistics continuously increase, it usually means a NIC issue or performance issue.

    Errors: counts CRC errors, too-short frames and too-long frames. This can result from faulty network cables, faulty hardware (e.g., NICs, switch ports), CRC errors, or a speed/duplex mismatch.

    Dropped: packets dropped here include NIC ring buffers full, CPU receiving NIC interrupts is very busy, cable/hw/duplex issues and driver issues

    Overruns: The overruns field counts the times when there is fifo overruns, caused by the rate at which the buffer gets full and the kernel isn't able to empty it.

    Frame: counts the number of received misaligned Ethernet frames; it usually means receiving invalid frames or CRC errors.

    /# ethtool port1

    Settings for port1:

    Supported ports: [ FIBRE ]

    Supported link modes: 40000baseSR4/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: No

    Advertised link modes: 40000baseSR4/Full

    Advertised pause frame use: No

    Advertised auto-negotiation: No

    Speed: 40000Mb/s

    Duplex: Full

    Port: FIBRE

    PHYAD: 0

    Transceiver: internal

    Auto-negotiation: off

    Supports Wake-on: g

    Wake-on: g

    Current message level: 0x00000007 (7)

    drv probe link

    Link detected: yes

    #One can also add some options such as -S to check more details for a NIC:

    /# ethtool -S port1 | grep drop

    rx_dropped: 0

    tx_dropped: 0

    port.rx_dropped: 0

    port.tx_dropped_link_down: 1

    /# ethtool -S port1 | grep errors

    rx_errors: 0

    tx_errors: 0

    rx_length_errors: 0

    rx_crc_errors: 0

    veb.tx_errors: 0

    port.tx_errors: 0

    port.rx_crc_errors: 0

    port.rx_length_errors: 0

    /# ethtool -S port1 | grep crc

    rx_crc_errors: 0

    port.rx_crc_errors: 0

    /# dmesg | grep port1 (or driver name, etc.)

    … ...

Sometimes diagnosing NIC issues is important, especially for hardware FortiWeb appliance.

  1. Use diagnose command to check and analyze NIC related issues:

    FortiWeb # diagnose hardware nic list port9

    driver igb

    version 5.6.0-k

    firmware-version 3.29, 0x8000021a

    bus-info 0000:85:00.0

    Supported ports: [ TP ]

    Supported link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: Yes

    Supported FEC modes: Not reported

    Advertised link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Advertised pause frame use: Symmetric

    Advertised auto-negotiation: Yes

    Advertised FEC modes: Not reported

    Speed: 1000Mb/s

    Duplex: Full

    Port: Twisted Pair

    PHYAD: 1

    Transceiver: internal

    Auto-negotiation: on

    MDI-X: off (auto)

    Supports Wake-on pumbg

    Wake-on g

    Current message level 0x00000007 (7)

    Link detected yes

    Link encap Ethernet

    HWaddr 08:35:71:11:65:BB

    INET addr 0.0.0.0

    Bcast 10.52.255.255

    Mask 255.255.0.0

    FLAG UP BROADCAST RUNNING MULTICAST

    MTU 1500

    MEtric 1

    Outfill 538970656

    Keepalive 538976266

    Memory fbd80000-fbdfffff

    RX packets 1

    RX errors 0

    RX dropped 1

    RX overruns 0

    RX frame 0

    TX packets 148

    TX errors 0

    TX dropped 0

    TX overruns 0

    TX carrier 0

    TX collisions 0

    TX queuelen 1000

    RX bytes 60 (60.0 b)

    TX bytes 10360 (10.1 Kb)

    Adaptive RX off

    Adaptive TX off

    stats-block-usecs 0

    sample-interval 0

    pkt-rate-low 0

    pkt-rate-high 0

    rx-usecs 3

    rx-frames 0

    rx-usecs-irq 0

    rx-frames-irq 0

    tx-usecs 0

    tx-frames 0

    tx-usecs-irq 0

    tx-frames-irq 0

  2. Use backend tools to check and analyze NIC related issues:

    /# ifconfig port1

    port1 Link encap:Ethernet HWaddr 08:35:71:16:F5:42

    inet addr:10.50.0.228 Bcast:10.50.255.255 Mask:255.255.0.0

    inet6 addr: fe80::a35:71ff:fe16:f542/64 Scope:Link

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:198 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:0 (0.0 B) TX bytes:13908 (13.5 KiB)

    #One can pay special attention to errors highlighted as above. If these error statistics continuously increase, it usually means a NIC issue or performance issue.

    Errors: counts CRC errors, too-short frames and too-long frames. This can result from faulty network cables, faulty hardware (e.g., NICs, switch ports), CRC errors, or a speed/duplex mismatch.

    Dropped: packets dropped here include NIC ring buffers full, CPU receiving NIC interrupts is very busy, cable/hw/duplex issues and driver issues

    Overruns: The overruns field counts the times when there is fifo overruns, caused by the rate at which the buffer gets full and the kernel isn't able to empty it.

    Frame: counts the number of received misaligned Ethernet frames; it usually means receiving invalid frames or CRC errors.

    /# ethtool port1

    Settings for port1:

    Supported ports: [ FIBRE ]

    Supported link modes: 40000baseSR4/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: No

    Advertised link modes: 40000baseSR4/Full

    Advertised pause frame use: No

    Advertised auto-negotiation: No

    Speed: 40000Mb/s

    Duplex: Full

    Port: FIBRE

    PHYAD: 0

    Transceiver: internal

    Auto-negotiation: off

    Supports Wake-on: g

    Wake-on: g

    Current message level: 0x00000007 (7)

    drv probe link

    Link detected: yes

    #One can also add some options such as -S to check more details for a NIC:

    /# ethtool -S port1 | grep drop

    rx_dropped: 0

    tx_dropped: 0

    port.rx_dropped: 0

    port.tx_dropped_link_down: 1

    /# ethtool -S port1 | grep errors

    rx_errors: 0

    tx_errors: 0

    rx_length_errors: 0

    rx_crc_errors: 0

    veb.tx_errors: 0

    port.tx_errors: 0

    port.rx_crc_errors: 0

    port.rx_length_errors: 0

    /# ethtool -S port1 | grep crc

    rx_crc_errors: 0

    port.rx_crc_errors: 0

    /# dmesg | grep port1 (or driver name, etc.)

    … ...