Fortinet black logo

Administration Guide

Diagnosing NIC issues

Diagnosing NIC issues

Sometimes diagnosing NIC issues is important, especially for hardware FortiWeb appliance.

  1. Use diagnose command to check and analyze NIC related issues:

    FortiWeb # diagnose hardware nic list port9

    driver igb

    version 5.6.0-k

    firmware-version 3.29, 0x8000021a

    bus-info 0000:85:00.0

    Supported ports: [ TP ]

    Supported link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: Yes

    Supported FEC modes: Not reported

    Advertised link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Advertised pause frame use: Symmetric

    Advertised auto-negotiation: Yes

    Advertised FEC modes: Not reported

    Speed: 1000Mb/s

    Duplex: Full

    Port: Twisted Pair

    PHYAD: 1

    Transceiver: internal

    Auto-negotiation: on

    MDI-X: off (auto)

    Supports Wake-on pumbg

    Wake-on g

    Current message level 0x00000007 (7)

    Link detected yes

    Link encap Ethernet

    HWaddr 08:35:71:11:65:BB

    INET addr 0.0.0.0

    Bcast 10.52.255.255

    Mask 255.255.0.0

    FLAG UP BROADCAST RUNNING MULTICAST

    MTU 1500

    MEtric 1

    Outfill 538970656

    Keepalive 538976266

    Memory fbd80000-fbdfffff

    RX packets 1

    RX errors 0

    RX dropped 1

    RX overruns 0

    RX frame 0

    TX packets 148

    TX errors 0

    TX dropped 0

    TX overruns 0

    TX carrier 0

    TX collisions 0

    TX queuelen 1000

    RX bytes 60 (60.0 b)

    TX bytes 10360 (10.1 Kb)

    Adaptive RX off

    Adaptive TX off

    stats-block-usecs 0

    sample-interval 0

    pkt-rate-low 0

    pkt-rate-high 0

    rx-usecs 3

    rx-frames 0

    rx-usecs-irq 0

    rx-frames-irq 0

    tx-usecs 0

    tx-frames 0

    tx-usecs-irq 0

    tx-frames-irq 0

  2. Use backend tools to check and analyze NIC related issues:

    /# ifconfig port1

    port1 Link encap:Ethernet HWaddr 08:35:71:16:F5:42

    inet addr:10.50.0.228 Bcast:10.50.255.255 Mask:255.255.0.0

    inet6 addr: fe80::a35:71ff:fe16:f542/64 Scope:Link

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:198 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:0 (0.0 B) TX bytes:13908 (13.5 KiB)

    #One can pay special attention to errors highlighted as above. If these error statistics continuously increase, it usually means a NIC issue or performance issue.

    Errors: counts CRC errors, too-short frames and too-long frames. This can result from faulty network cables, faulty hardware (e.g., NICs, switch ports), CRC errors, or a speed/duplex mismatch.

    Dropped: packets dropped here include NIC ring buffers full, CPU receiving NIC interrupts is very busy, cable/hw/duplex issues and driver issues

    Overruns: The overruns field counts the times when there is fifo overruns, caused by the rate at which the buffer gets full and the kernel isn't able to empty it.

    Frame: counts the number of received misaligned Ethernet frames; it usually means receiving invalid frames or CRC errors.

    /# ethtool port1

    Settings for port1:

    Supported ports: [ FIBRE ]

    Supported link modes: 40000baseSR4/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: No

    Advertised link modes: 40000baseSR4/Full

    Advertised pause frame use: No

    Advertised auto-negotiation: No

    Speed: 40000Mb/s

    Duplex: Full

    Port: FIBRE

    PHYAD: 0

    Transceiver: internal

    Auto-negotiation: off

    Supports Wake-on: g

    Wake-on: g

    Current message level: 0x00000007 (7)

    drv probe link

    Link detected: yes

    #One can also add some options such as -S to check more details for a NIC:

    /# ethtool -S port1 | grep drop

    rx_dropped: 0

    tx_dropped: 0

    port.rx_dropped: 0

    port.tx_dropped_link_down: 1

    /# ethtool -S port1 | grep errors

    rx_errors: 0

    tx_errors: 0

    rx_length_errors: 0

    rx_crc_errors: 0

    veb.tx_errors: 0

    port.tx_errors: 0

    port.rx_crc_errors: 0

    port.rx_length_errors: 0

    /# ethtool -S port1 | grep crc

    rx_crc_errors: 0

    port.rx_crc_errors: 0

    /# dmesg | grep port1 (or driver name, etc.)

    … ...

Diagnosing NIC issues

Sometimes diagnosing NIC issues is important, especially for hardware FortiWeb appliance.

  1. Use diagnose command to check and analyze NIC related issues:

    FortiWeb # diagnose hardware nic list port9

    driver igb

    version 5.6.0-k

    firmware-version 3.29, 0x8000021a

    bus-info 0000:85:00.0

    Supported ports: [ TP ]

    Supported link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: Yes

    Supported FEC modes: Not reported

    Advertised link modes: 10baseT/Half 10baseT/Full

    100baseT/Half 100baseT/Full

    1000baseT/Full

    Advertised pause frame use: Symmetric

    Advertised auto-negotiation: Yes

    Advertised FEC modes: Not reported

    Speed: 1000Mb/s

    Duplex: Full

    Port: Twisted Pair

    PHYAD: 1

    Transceiver: internal

    Auto-negotiation: on

    MDI-X: off (auto)

    Supports Wake-on pumbg

    Wake-on g

    Current message level 0x00000007 (7)

    Link detected yes

    Link encap Ethernet

    HWaddr 08:35:71:11:65:BB

    INET addr 0.0.0.0

    Bcast 10.52.255.255

    Mask 255.255.0.0

    FLAG UP BROADCAST RUNNING MULTICAST

    MTU 1500

    MEtric 1

    Outfill 538970656

    Keepalive 538976266

    Memory fbd80000-fbdfffff

    RX packets 1

    RX errors 0

    RX dropped 1

    RX overruns 0

    RX frame 0

    TX packets 148

    TX errors 0

    TX dropped 0

    TX overruns 0

    TX carrier 0

    TX collisions 0

    TX queuelen 1000

    RX bytes 60 (60.0 b)

    TX bytes 10360 (10.1 Kb)

    Adaptive RX off

    Adaptive TX off

    stats-block-usecs 0

    sample-interval 0

    pkt-rate-low 0

    pkt-rate-high 0

    rx-usecs 3

    rx-frames 0

    rx-usecs-irq 0

    rx-frames-irq 0

    tx-usecs 0

    tx-frames 0

    tx-usecs-irq 0

    tx-frames-irq 0

  2. Use backend tools to check and analyze NIC related issues:

    /# ifconfig port1

    port1 Link encap:Ethernet HWaddr 08:35:71:16:F5:42

    inet addr:10.50.0.228 Bcast:10.50.255.255 Mask:255.255.0.0

    inet6 addr: fe80::a35:71ff:fe16:f542/64 Scope:Link

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:198 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:1000

    RX bytes:0 (0.0 B) TX bytes:13908 (13.5 KiB)

    #One can pay special attention to errors highlighted as above. If these error statistics continuously increase, it usually means a NIC issue or performance issue.

    Errors: counts CRC errors, too-short frames and too-long frames. This can result from faulty network cables, faulty hardware (e.g., NICs, switch ports), CRC errors, or a speed/duplex mismatch.

    Dropped: packets dropped here include NIC ring buffers full, CPU receiving NIC interrupts is very busy, cable/hw/duplex issues and driver issues

    Overruns: The overruns field counts the times when there is fifo overruns, caused by the rate at which the buffer gets full and the kernel isn't able to empty it.

    Frame: counts the number of received misaligned Ethernet frames; it usually means receiving invalid frames or CRC errors.

    /# ethtool port1

    Settings for port1:

    Supported ports: [ FIBRE ]

    Supported link modes: 40000baseSR4/Full

    Supported pause frame use: Symmetric

    Supports auto-negotiation: No

    Advertised link modes: 40000baseSR4/Full

    Advertised pause frame use: No

    Advertised auto-negotiation: No

    Speed: 40000Mb/s

    Duplex: Full

    Port: FIBRE

    PHYAD: 0

    Transceiver: internal

    Auto-negotiation: off

    Supports Wake-on: g

    Wake-on: g

    Current message level: 0x00000007 (7)

    drv probe link

    Link detected: yes

    #One can also add some options such as -S to check more details for a NIC:

    /# ethtool -S port1 | grep drop

    rx_dropped: 0

    tx_dropped: 0

    port.rx_dropped: 0

    port.tx_dropped_link_down: 1

    /# ethtool -S port1 | grep errors

    rx_errors: 0

    tx_errors: 0

    rx_length_errors: 0

    rx_crc_errors: 0

    veb.tx_errors: 0

    port.tx_errors: 0

    port.rx_crc_errors: 0

    port.rx_length_errors: 0

    /# ethtool -S port1 | grep crc

    rx_crc_errors: 0

    port.rx_crc_errors: 0

    /# dmesg | grep port1 (or driver name, etc.)

    … ...