Discards on interface
6 days ago
Hi, I'm sorry to put everything here in English, my Deutsch is terrible, and I'm sorry to bother you in such a way.
I've got the following setup at home:
Draytek, that works as a dsl modem in a bridge mode and Ubiquity Edgerouter 4 for pppoe initialization and router.
interfaces {
ethernet eth0 {
address 192.168.165.100/24
description WAN
duplex auto
mtu 1500
speed auto
vif 7 {
description "Telekom Internet"
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server none
password ****************
user-id ******@t-online.de
}
}
}
There are no issues with connectivity and getting an IP address on eth0.7 interface, and keep access to the Web UI of the Draytek modem available on https://192.168.165.1, but for some time I was able to notice discards on eth0 interface. I could gather some monitoring statistics with my LibreSNMP setup:
I have double checked mss-clamp:
# show firewall options
mss-clamp {
interface-type pppoe
mss 1452
}
interface statistics:
~$ show interfaces ethernet eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 18:e8:29:4c:4e:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.165.100/24 brd 192.168.165.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::1ae8:29ff:fe4c:4ece/64 scope link
valid_lft forever preferred_lft forever
Description: WAN
RX: bytes packets errors dropped overrun mcast
6611727912766 6092296480 0 12310169 0 12367734
TX: bytes packets errors dropped carrier collisions
4125255134146 4778176773 0 0 0
we could see dropped counter almost identical to mcast packets
I've checked the tcpdump:
~$ sudo tcpdump -i eth0 -n -vvv ether multicast
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:30:02.673078 unknown (10), length 52
0x0000: 0a00 19a7 0001 1000 0000 0100 0404 0000
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
0x0030: 0000 0000
18:30:03.675005 unknown (10), length 52
0x0000: 0a00 19a7 0001 1000 0000 0100 0404 0000
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
0x0030: 0000 0000
18:30:04.677617 unknown (10), length 52
0x0000: 0a00 19a7 0001 1000 0000 0100 0404 0000
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
0x0030: 0000 0000
unknown packets are coming
I've set a multicast rule to accept:
# set firewall name WAN_LOCAL rule 30 action accept
# set firewall name WAN_LOCAL rule 30 description 'Allow modem multicast traffic'
# set firewall name WAN_LOCAL rule 30 destination address 224.0.0.0/4
# set firewall name WAN_LOCAL rule 30 protocol all
commited changes and save, but iptables statistics gives nothing:
~$ sudo iptables -L -v -n -x
Chain WAN_LOCAL (1 references)
pkts bytes target prot opt in out source destination
14626121 3872633460 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* WAN_LOCAL-10 */ state RELATED,ESTABLISHED
9257 544684 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* WAN_LOCAL-20 */ state INVALID
0 0 RETURN all -- * * 0.0.0.0/0 224.0.0.0/4 /* WAN_LOCAL-30 */
48 2592 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 /* WAN_LOCAL-999 */ LOG flags 0 level 4 prefix "[WAN_LOCAL-999-D]"
48 2592 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* WAN_LOCAL-999 */
1684642 86536818 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* WAN_LOCAL-10000 default-action drop */
looks like it is not an ip packet but ether instead
~$ sudo tcpdump -i eth0 -n -e -XX ether multicast
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:25:49.811001 00:24:45:62:9b:bb > 01:80:c2:00:00:02, ethertype Slow Protocols (0x8809), length 66: unknown (10), length 52
0x0000: 0a00 19a7 0001 1000 0000 0100 0404 0000
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
0x0030: 0000 0000
0x0000: 0180 c200 0002 0024 4562 9bbb 8809 0a00 .......$Eb......
0x0010: 19a7 0001 1000 0000 0100 0404 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 ..
19:25:50.812012 00:24:45:62:9b:bb > 01:80:c2:00:00:02, ethertype Slow Protocols (0x8809), length 66: unknown (10), length 52
0x0000: 0a00 19a7 0001 1000 0000 0100 0404 0000
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
0x0030: 0000 0000
0x0000: 0180 c200 0002 0024 4562 9bbb 8809 0a00 .......$Eb......
0x0010: 19a7 0001 1000 0000 0100 0404 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 ..
Googling ethertype 0x8809 gives me a link to the telekom document https://www.telekom.de/dlp/agb/pdf/53372.pdf
this is seems to be about EthernetConnect 2.0 - the service available for Geschäftskunden
My question is: is it normal to have discards on the interface?
Just curious if everything is configured right on uplink devices and i should just use my internet and do not pay attention to this discarded packets.
43
7
6 days ago
IIRC, discards are normal, could be the firewall discarding packets for example.
Drops are also nothing to worry about, will usually be caused by flow control.
I’d start to worry once I see RX/TX errors steadily increasing, those are most likely caused by hardware, e.g. cable runs, patch cables or sockets.
0
6 days ago
Hi @albdv.
Discards on the interface can occur due to various reasons such as network congestion, configuration mismatches, or other network-related issues. It is essential to determine whether these discards are affecting the network performance significantly.
Kind regards, Martin Bo.
3
Answer
from
6 days ago
Hi @Martin Bo.
Thank you very much for your response.
No performance issues were noticed so far. 1 pps is something the system could survive, I believe.
What makes me to state this question is about the nature of the discarded packages that are coming to the interface.
As far as I could investigate this is an L2 Ethernet packets and speedy googling gives me that it could be related to some services that is called EthernetConnect, which is not a part of my service package, I'm worrying about if everything is fine configured on the uplink level, because, as far as I could understand it could be that the uplink hardware is expecting some OAM interfaces available.
I really do not know and just doing a wild guess.
Just willing to have a perfect setup.
Best wishes
Answer
from
5 days ago
Just willing to have a perfect setup.
Hi @Martin Bo.
Thank you very much for your response.
No performance issues were noticed so far. 1 pps is something the system could survive, I believe.
What makes me to state this question is about the nature of the discarded packages that are coming to the interface.
As far as I could investigate this is an L2 Ethernet packets and speedy googling gives me that it could be related to some services that is called EthernetConnect, which is not a part of my service package, I'm worrying about if everything is fine configured on the uplink level, because, as far as I could understand it could be that the uplink hardware is expecting some OAM interfaces available.
I really do not know and just doing a wild guess.
Just willing to have a perfect setup.
Best wishes
Then buy a Fritz!Box or a Speedport. If you choose any hardware outside the consumer market, you are responsible for it yourself.
Answer
from
5 days ago
Then buy a Fritz!Box or a Speedport. If you choose any hardware outside the consumer market, you are responsible for it yourself.
Just willing to have a perfect setup.
Hi @Martin Bo.
Thank you very much for your response.
No performance issues were noticed so far. 1 pps is something the system could survive, I believe.
What makes me to state this question is about the nature of the discarded packages that are coming to the interface.
As far as I could investigate this is an L2 Ethernet packets and speedy googling gives me that it could be related to some services that is called EthernetConnect, which is not a part of my service package, I'm worrying about if everything is fine configured on the uplink level, because, as far as I could understand it could be that the uplink hardware is expecting some OAM interfaces available.
I really do not know and just doing a wild guess.
Just willing to have a perfect setup.
Best wishes
Then buy a Fritz!Box or a Speedport. If you choose any hardware outside the consumer market, you are responsible for it yourself.
A Fritz!Box or a Speedport may be the perfect setup for some, and for others they may not be.
For example these consumer routers usually have a somewhat low limit of possible firewall states (at least in the past when I tested them). So, if you plan on running a setup that creates a lot of sessions, consumer routers may not be a perfect match.
Unlogged in user
Answer
from
6 days ago
As @albdv has already researched, the discarded frames appear to be of ethertype 0x8809, "Link Aggregation
Control/Marker Protocol (LACP)".
I find it curious to have these frames appear on a line that does not support Link aggregation (assuming that @albdv has a Magenta Zuhause line booked).
Does anyone know if this is normal?
1
Answer
from
5 days ago
I find it curious to have these frames appear on a line that does not support Link aggregation (assuming that @albdv has a Magenta Zuhause line booked).
Does anyone know if this is normal?
As @albdv has already researched, the discarded frames appear to be of ethertype 0x8809, "Link Aggregation
Control/Marker Protocol (LACP)".
I find it curious to have these frames appear on a line that does not support Link aggregation (assuming that @albdv has a Magenta Zuhause line booked).
Does anyone know if this is normal?
That is indeed interesting as the packets captured on the WAN interface carry a source MAC address from Adtran Inc, which is neither Draytek nor Ubiquiti, so most likely coming in from the Telekom infrastructure.
Unlogged in user
Answer
from
Unlogged in user
Ask
from