Forum Discussion

Christopher_Boo's avatar
Christopher_Boo
Icon for Cirrostratus rankCirrostratus
Feb 10, 2014

Most likely cause of network input errors?

I have an HA pair of LTMs running 10.2.3. On one vlan I am incrementing input errors at the same exact rate on both the active and passive units. Discussing with our network engineer, he says he has seen this before at another job, but can't quite remember the cause. He believes it is a case of the LTMs not understanding some type of traffic coming across the port and dropping it as a result. Have any of you ever encountered anything like this?

 

Thanks, Chris

 

  • I'm getting both drops and errors. I think I know what the problem is now. The devices on this vlan are using jumbo frames. My LTM doesn't support jumbo frames. Without an intermediate device to fragment the frames, I suspect they are being treated as errors and dropped. Thanks for the help guys!

     

    Chris

     

  • He believes it is a case of the LTMs not understanding some type of traffic coming across the port and dropping it as a result.

    isn't it input drop rather than input error?

    errs in/out - This counter reports the total number of frames with framing or CRC errors 
    drop in/out - This counter reports the total numbers of packets dropped due to unknown L2 protocols or VLAN IDs (unrecognized packets), or because buffers were exhausted 
    

    sol9932: Interpreting the counters displayed by the bigpipe interface command or the bigpipe trunk command

    http://support.f5.com/kb/en-us/solutions/public/9000/900/sol9932
  • Yeah I'm sure it isn't the LTMs as the in errors increment equally and at the same time on both the active and passive LTM. Even removing the IP address from the interfaces, they will continue to increment the errors. All other interfaces on both LTMs are fine.

     

    Chris

     

  • Sounds like maybe the device your F5 is plugged into, assuming it's a switch, may have the port configured as a trunk since you are seeing broadcast traffic from another vlan. Doesn't sound like a misconfiguration on your LTM.

     

  • I only have a single vlan on that interface and it is just a standard gigabit port negotiated at 1000 full. I'm seeing the IN errors and a lot of drops in interface statistics on the F5 GUI. I know drops are not unusual, but this is a disproportionate number compared to my other interfaces. I have done a TCP dump for that interface. I'm not a network guru, but usually figure it out if I stare long enough. A couple things that don't look right to me...

     

    There is a ton of ARP broadcast traffic and even though the network is 10.14.8 I'm seeing ARPs for 10.14.9 as well. This really doesn't seem right to me.

     

    I'm seeing some ICMPv6 traffic and we're not using IPv6 yet.

     

    I know I really need to work with my network admin on this, but was hoping someone had seen it before and might have some pointers.

     

    Thanks for any help!

     

    Chris

     

  • Hey Chris,

     

    Are there multiple vLANs on the same interface? Where are you getting the error statistic (ifconfig, maybe?)? Have you done TCPdump on that interface?