Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 662 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connectivity issues after some GBs downloaded / minutes

Tobias Fink

Hi,

sorry for the long read.

Short version: WAN connection breaks down after 10 minutes in a KVM/proxmox virtualized Sophos XG instance.

Verbose mode:

I've been using Sophos XG for some days now, and i'ts really a cool piece of software. Goal is to have control over youtube and other services (my kids are becoming addicts...), which was achieved pretty easily :)

My setup is a proxmox host (6 core xeon, 64gb ram, some ssds, some hdds, a dvbs-tuner, 2 onboard nics and a twoport pcie 82571EB nic).

Sophos is running with 8GB ram, 4 processors, the twoport 82571EB attached via pcie passthrough. Runs very nicely, download speeds around 70-80mbps with my 1gbps cable connection, everything perfect.

Except, after a while of heavy downloading (~20GB, or 10 Minutes), internet connectivity starts to break down slowley: After 10 Minutes one first ping timeout... 3 minutes later the next one... 1 minute later another one.. then after 30 secondes, after 15, after 5, after 3, then everything goes down until i cancel the download. It really looks like something is running full or hot and then stays full / hot.

In the shell everything looks easy, cpu is at 3-5% disks are spacey, no uncommon log messages.

The web frontend is reacting normal. But as soon as i start to download anything bigger then a website now, the wan connection breaks down immediatley.

Whats specificly odd: When i click on Network->Edit WAN Port->Save ("All connections will be dropped -> OK"), everything starts working again (for the next round of 10 Minutes / 20GB)

I've already set up a fresh sophos-instance, and the problem started immediately after the first ready boot. To rule out network problems, I've also switched back to my providers router, everything running nice and stable there.

What i've also tried so far without any effect is this:

ethtool -K Port1 rx off tx off tso off gso off gro off
ethtool -K Port2 rx off tx off tso off gso off gro off
(I really dont have much of an idea what i did there to be honest):

system firewall-acceleration disable

Replacing the network adapter with a different (4-port) Intel pcie-card.

I don't know how to proceed any further, not even where to look...

Thanks and best regards,

Tobias



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

     Thank you for reaching out to Sophos Community.

    Tobias Fink said:
    Whats specificly odd: When i click on Network->Edit WAN Port->Save ("All connections will be dropped -> OK"), everything starts working again (for the next round of 10 Minutes / 20GB)

    As mentioned when you update the WAN interface configuration internet starts working again which points to an issue with ARP. When you update an interface config it forcefully sends an ARP request to the gateway.

    I'd request to check ARP table on XG when the issue persists again.

    ==> Navigate to CONFIGURE > Network > Neighbors (ARP-NDP) > Show: IPv4 neighbor cache and filter 'IP address' with WAN interface gateway IP.

    You can also check ARP table from the CLI.

    ==> Login to SSH > 5. Device Management > 3. Advanced Shell

    18.0.4 MR-4# arp -a | grep -i "<WAN interface>"

    eg: 18.0.4 MR-4# arp -a | grep -i "Port2"

    You may also add a static ARP entry under CONFIGURE > Network > Neighbors (ARP-NDP) with gateway IP and WAN interface.

  • 0 in reply to FormerMember

    Hi Yash Kothari,

    thank you for your reply.

    I've worked around the problem by setting the router of my isp to "router mode" (was in "bridge mode") and using the Sophos XG as "exposed host" (port-forward all ports). In this configuration the problem does not occurr. I will try to reproduce the problem when i find time and check the ARP table.

    Unknown said:
    You may also add a static ARP entry under CONFIGURE > Network > Neighbors (ARP-NDP) with gateway IP and WAN interface.

    I don't quite understand the concept here, what exactly am i supposed to do? Set the static ARP entry to the values as they are, when the problem does not occurr?

  • 0 in reply to Tobias Fink

    Hi,

    are you experiencing short line breaks that the XG sees as link fails and a s result does not refresh tables where as your router does?

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    I will check that on my next approach, I can not work on the internet connection atm, because people are using it.

    Where would the XG log such link fails?

  • 0 in reply to Tobias Fink

    The trouble is, it doesn’t, thought your router might though.

    ian

Reply Children
No Data