Netdata Community

Network Interface Drops


The following graph is the network interface drops of my instance, and I am a little bit confused about it. Why this graph is so similar to the graph of sine? Also, the average drops is always very close to 0.5 drops per 5 seconds, which is a little unusual. How can I know what is going on here?

1 Like

Hey @AiurAL and welcome to our community!

@ilyam8 do you have any idea? :stuck_out_tongue:

Hi @AiurAL

The question is about the pattern (close to 0.5 drops per 5 seconds) or how to debug these drops/identify dropped packets?

Thank you for your reply! I am curious about both the pattern and ways to debug the dropped packets.

Did you use tcpdump? You use it capture and analyze network traffic.

Keep in mind then there won’t be any dropds during capturing.

I tried it. It shown the count of dropped packets but did not provide any information about the dropped packets.

Yes, it doesn’t report info about drops, it captures all the packets (assuming no filtering applied) and you can analyze them in real-time or export the capture and analyze using wireshark.

There could be a lot of reasons, for instance:

  • switch port configured as trunk and your server receives tagged traffic (VLAN)
  • there is some device (or devices) in your network that sends multicast packets (likely IPv6)

Check Interface Drops (net_drops.ens160) chart when using tcpdump (make sure capture on ens160 - sudo tcpdump -n -i ens160). I guess there would be 0 drops?

Thank you for your interpretation. Now I can capture packets correctly and found the pattern that one stp packet is received each 2 seconds, which fits the packet drops shown in the graph (0.5 drops/s). Seems that the dropped packets are stp packets, but how can I prove it? (e.g. What causes stp packets dropped?)

@AiurAL It falls into the unregistered protocols drops category. You need to configure hosts-facing ports as edge (D-Link, Cisco switches) ports on your switch (do not send STP packets). Check the documentation for your network device.

It is a little bit difficult for me to configure the switch. Could we solve this problem by configuring our machine? I noticed that you mentioned “unregistered protocols drops category”. Could we find and configure it in Linux?

I would say don’t treat it as a problem. Dropped packets are just dropped packets.

I noticed that you mentioned “unregistered protocols drops category”.

Yes, anything not expected by your sever is being dropped (STP frames in your case).