Interfaces report in/out errors

[Vilhonator]

Also you don't shape it to 10Gb/s, that way connections will suffer, instead you shape it around 17Gb/s. You can exceed maximum throughput to certain extent, but not massively much.

Also way you count what kind of bandwidth your network has is by multiplying the amount of ports in use with maximum speed + some overhead.

for example if all 4 1Gb ports are connected, then theoratical maximum bandwidth is somewhere between 4 to 10Gb (1Gb x4 = 4 and 2.5Gb * 4 = 10Gb)

Yes, 10Gb and 1Gb ports can reach higher bandwiths (best I have reached with 1Gb port is 2.5Gb/s)

It could also be a bug, since I doubt that your network could reach much over 17Gb/s bandwidth since first of all, your ISP is most major limiter of that (unless your Internet speed is around 1Gb or close to that)

[Patrick M. Hausen]

But dropped packets due to congestion will not lead to interface errors. On a modern system Ethernet is full-duplex with flow control. There should be no errors at all on the link. If the kernel drops a packet because of a queue overflow, that's not an interface error - or is it? I might be mistaken here. But up to now I thought interface errors are strictly transmission errors on the wire. Which should not happen.

[Vilhonator]

But dropped packets due to congestion will not lead to interface errors. On a modern system Ethernet is full-duplex with flow control. There should be no errors at all on the link. If the kernel drops a packet because of a queue overflow, that's not an interface error - or is it? I might be mistaken here. But up to now I thought interface errors are strictly transmission errors on the wire. Which should not happen.

Good point. Forgot that completely. I would read what kinds of things could be causing these errors. Quite possibly all is fine and either internet or your internal network side, some servers and computers encounter time out errors, that is if they could be the culprit.

By what I mean, would be for example trying to connect a website or server which is down kind of situations.

For example computer downloading OS updates and client shutting down due to power outage or forced shutdown or user closing browser while it tries to connect or download something without canceling the download or manually stop connection first could be one such thing

[NW4FUN]

Hi Vilhonator,

I'm genuinely puzzled from what I'm reading as this is extremely misleading and I'm not exactly sure where this information (2.5G from a 1G ETH???) is coming from!!

As far as the link goes, as I stated quite clearly in a previous post, my ISP brings in a 10G Download/10G Upload symmetric DIA, which makes the whole idea of shaping simply pointless.

As per your supposed congestion point, I'm not quite sure what you are referring to...my topology is based on the three-layer hierarchical model (with the only difference that core and distribution are aggregated in one due to the simple design). Between the layers there's a 20G LACP link and switches are capable of forwarding 176 Gbps.

I really appreciate your efforts, however, if you keep misreading (or misunderstanding) my previous posts where I'm describing the problem, this is not helping as it just adds more confusion.

[Vilhonator]

Let's make this very simple.

If traffic to all your VLANs go through single ethernet cable (you haven't set OpnSense SFP+ ports to VLANs and setup all SFP ports on your Switches to VLAN Trunk mode), then maximum speed to all VLANs is 10Gbps (ethernet cable is able to transfer maximum of 10Gbps in or out and it is shared between VLANs, you can't have over 10Gb going through multiple VLANs through single ethernet cable) that also applies to ethernet ports.

Spanning tree is also good thing to use, but most important is to make sure, that traffic between all vlans doesn't go trhough single cable if cable isn't able to handle the traffic alone.

Don't know the english term of the factor, but due to it, ethernet and SFP is able to have slightly faster or slower speeds than what it is marketed for (which is why network card drivers can have difference), I mean your switches are able to forward traffic up to 176Gbps, that alone should make you doubt it, if ethernet and SFP would be limited to whatever speeds they are marketed for and your switches don't have 2 100Gb QSFP ports.

How am I able to get 2.5Gbs while transferring stuff from 1 computer to another computer locally? Simple, 1Gb/s out from 1 VLAN to 1Gb/s in to another VLAN = 2Gbps + factor I am referring to.

[Vilhonator]

Yes, 10Gb and 1Gb ports can reach higher bandwiths (best I have reached with 1Gb port is 2.5Gb/s)

What I am refferring there, is to BANDWIDTH, it's calculated in bits per second (as all network stuff is) but refers to total traffic going in and out your network, including internet.

For example you don't need 10Gb internet because your clients have to be able to download and upload stuff to the internet at 10Gbps speed, you need 10Gb internet to provide enough bandwidth for all your clients being able to watch netflix etc. online without latency issues. Sounds silly, but 126 clients even with just 1Gb connection isn't exactly small bandwidth eater. Watching netflix @ 4K/Ultra HD requires 15Mbps (which with 126 clients would be around 1.9-2Gb/s)

That's where QoS and Traffic shaping comes to play, you can prioritize different services and set bandwidth limitations, to make sure that your firewall doesn't just let everything that is allowed through at max speed it can handle.

Traffic shaping is bit less of an hassle to setup, but it is a must, when you need to make sure there's enough bandwidth to go around.

[NW4FUN]

I wasn't expecting support from a CCIE on here, however it'd have good to hear from somebody who knows what's he/she is talking about...

@franco - any words of wisdom from your end?