Diagnosing NIC issues
Sometimes diagnosing NIC issues is important, especially for hardware FortiWeb appliance.
-
Use diagnose command to check and analyze NIC related issues:
FortiWeb # diagnose hardware nic list port9
driver igb
version 5.6.0-k
firmware-version 3.29, 0x8000021a
bus-info 0000:85:00.0
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: Symmetric
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: Symmetric
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
MDI-X: off (auto)
Supports Wake-on pumbg
Wake-on g
Current message level 0x00000007 (7)
Link detected yes
Link encap Ethernet
HWaddr 08:35:71:11:65:BB
INET addr 0.0.0.0
Bcast 10.52.255.255
Mask 255.255.0.0
FLAG UP BROADCAST RUNNING MULTICAST
MTU 1500
MEtric 1
Outfill 538970656
Keepalive 538976266
Memory fbd80000-fbdfffff
RX packets 1
RX errors 0
RX dropped 1
RX overruns 0
RX frame 0
TX packets 148
TX errors 0
TX dropped 0
TX overruns 0
TX carrier 0
TX collisions 0
TX queuelen 1000
RX bytes 60 (60.0 b)
TX bytes 10360 (10.1 Kb)
Adaptive RX off
Adaptive TX off
stats-block-usecs 0
sample-interval 0
pkt-rate-low 0
pkt-rate-high 0
rx-usecs 3
rx-frames 0
rx-usecs-irq 0
rx-frames-irq 0
tx-usecs 0
tx-frames 0
tx-usecs-irq 0
tx-frames-irq 0
-
Use backend tools to check and analyze NIC related issues:
/# ifconfig port1
port1 Link encap:Ethernet HWaddr 08:35:71:16:F5:42
inet addr:10.50.0.228 Bcast:10.50.255.255 Mask:255.255.0.0
inet6 addr: fe80::a35:71ff:fe16:f542/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:198 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:13908 (13.5 KiB)
#One can pay special attention to errors highlighted as above. If these error statistics continuously increase, it usually means a NIC issue or performance issue.
Errors: counts CRC errors, too-short frames and too-long frames. This can result from faulty network cables, faulty hardware (e.g., NICs, switch ports), CRC errors, or a speed/duplex mismatch.
Dropped: packets dropped here include NIC ring buffers full, CPU receiving NIC interrupts is very busy, cable/hw/duplex issues and driver issues
Overruns: The overruns field counts the times when there is fifo overruns, caused by the rate at which the buffer gets full and the kernel isn't able to empty it.
Frame: counts the number of received misaligned Ethernet frames; it usually means receiving invalid frames or CRC errors.
/# ethtool port1
Settings for port1:
Supported ports: [ FIBRE ]
Supported link modes: 40000baseSR4/Full
Supported pause frame use: Symmetric
Supports auto-negotiation: No
Advertised link modes: 40000baseSR4/Full
Advertised pause frame use: No
Advertised auto-negotiation: No
Speed: 40000Mb/s
Duplex: Full
Port: FIBRE
PHYAD: 0
Transceiver: internal
Auto-negotiation: off
Supports Wake-on: g
Wake-on: g
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
#One can also add some options such as -S to check more details for a NIC:
/# ethtool -S port1 | grep drop
rx_dropped: 0
tx_dropped: 0
port.rx_dropped: 0
port.tx_dropped_link_down: 1
/# ethtool -S port1 | grep errors
rx_errors: 0
tx_errors: 0
rx_length_errors: 0
rx_crc_errors: 0
veb.tx_errors: 0
port.tx_errors: 0
port.rx_crc_errors: 0
port.rx_length_errors: 0
/# ethtool -S port1 | grep crc
rx_crc_errors: 0
port.rx_crc_errors: 0
/# dmesg | grep port1 (or driver name, etc.)
… ...
