Re: Slow transfer speeds over different subnets

synertecadmin · ‎10-05-2018

Hello,

We are running out of IP Addresses in our DHCP scope, so I have been tasked with sorting this out. One possible solution we are considering is to setup a second scope and use Superscoping.

Our main IP range is 192.168.0.0/24 and we would like to use 192.168.1.0/24 for the next range.

We use Cisco Switches Catalyst 2960 which are Gb devices and Juniper SRX firewalls. We also have a layer 3 switch a Catalyst 3650, which we are using for test purposes.

On the layer 3 switch, I created 2 vLans for the 2 different IP ranges and can successfully get traffic flowing between the 2 networks. I have also created address book entries on the Juniper firewall and set a trust to trust policy to handle the routing.

As a test, I have been copying a 4GB file between devices on the same IP range and also between the 2 networks.

Typically, the file will transfer in about 40 seconds at speeds of 100MB/sec between devices on the same network. However, when copying this file between the 2 networks then I get a massive reduction in transfer speed.

The cisco layer 3 switch gets a transfer rate of around 20MB/sec and when using the Juniper device instead I get a speed of 10MB/sec.

If I connect my test clients directly to the layer 3 switch then I get a transfer speed of 100MB/sec which is what I would expect. However, when I connect the clients to a normal switch which in turn gets connected to the layer 3 switch, then my transfer speed drops to 20MB/sec

All ports are set to their full speed of 1Gb.

Is Superscoping not a good idea. We really do not want to change to a /23 subnet, but it looks like this might be our next option if I cannot get the routing between 2 networks to work at an acceptable speed. Bearing in mind that this is only a test setup so there is no traffic on the network, apart from the 2 test clients

Georg Pauwen · ‎10-05-2018

Hello,

post the full config of your 3650...

synertecadmin · ‎10-05-2018

Hi, please see below. Hope this is what you are after:

interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1

interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.0.1 255.255.255.0
!
interface Vlan3
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server

Georg Pauwen · ‎10-05-2018

Hello,

Is this the full configuration ,? There should be lines such as ip routing and ip cef in there...

Can you post the output os:

Show interfaces gigabitethernet1/0/2 ,and 1/0/3 ?

synertecadmin · ‎10-05-2018

So this is what show interfaces gigabitEthernet 1/0/3 and 1/0/2 shows:

Switch#show interfaces gigabitEthernet 1/0/2
GigabitEthernet1/0/2 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is 003a.7d63.ae82 (bia 003a.7d63.ae82)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Switch#show interfaces gigabitEthernet 1/0/3
GigabitEthernet1/0/3 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is 003a.7d63.ae83 (bia 003a.7d63.ae83)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

The following is what shows in show conf that I didn't paste in last time:

Switch#show conf
Using 1611 out of 2097152 bytes, uncompressed size = 3007 bytes
!
! Last configuration change at 05:58:56 UTC Fri Oct 5 2018
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision ws-c3650-24ts
!
!
!
!
!
ip routing
!
!
!
qos queue-softmax-multiplier 100
!
crypto pki trustpoint TP-self-signed-569782949
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-569782949
revocation-check none
rsakeypair TP-self-signed-569782949

crypto pki certificate chain TP-self-signed-569782949
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10

Georg Pauwen · ‎10-05-2018

Heelo,

Post the output of the two active interfaces between which the file transfer is slow...

pieterh · ‎10-05-2018

superscoping is a way to use multiple IP subnets on the same LAN (/VLAN) within the LAN it's L2 forwarding.

you need a router with multiple interfaces connected to the same LAN to forward packets between the subnets.

nowadays it is more common to assign each subnet to its own VLAN,

and use a router (L3 switch) with an interface/subinterface/SVI per VLAN to forward packets between the subnets.

that's why Georg (expects some L3 config)

with separate vlans you do not need superscoping just two separate scopes

synertecadmin · ‎10-05-2018

I have tried both ways. Using Juniper SRX340 to do the routing then I get transfer speeds of 10MB/Sec. Using a Cisco L3 switch, I created 2 vlans for each subnet and get transfer speeds of 20MB/sec.

Using both solutions when transferring data to clients on the same network I get 100MB/sec.

pieterh · ‎10-05-2018

I see no "ip routing" statement in your switchconfig,

and "no ip route 0.0.0.0 0.0.0.0 <Juniper> "

so its layer3 capable but not acting as layer3 switch

synertecadmin · ‎10-05-2018

Juniper will not show in this config. Sorry if I'm causing confusion. I have setup 2 different tests 1 using Juniper to do the routing and 1 using a L3 switch. For Juniper I added 192.168.0.1 and 192.168.1.1 to the address book and setup a policy for zone trust to trust. Again, each client can ping each other but get awful file transfer speeds

I have not setup any IP Routing on the L3 switch, is this where I am going wrong. All I did was create 2 vlans, 1 for 192.168.0.0/24 and 1 for 192.168.1.0/24

I have one client IP 192.168.1.20 and another set to 192.168.0.20. They can both ping each other using the config I have

But my transfer speeds are slow when copying a 4 GB

synertecadmin · ‎10-05-2018

Hi Georg, Sorry I posted that config when I did not have any devices connected to the switch. I have re-setup the test again:

GigabitEthernet1/0/3 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 003a.7d63.ae83 (bia 003a.7d63.ae83)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:07:36, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     749 packets input, 78395 bytes, 0 no buffer
     Received 655 broadcasts (366 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 366 multicast, 0 pause input
     0 input packets with dribble condition detected
     403 packets output, 33748 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Switch#show interfaces gigabitEthernet 1/0/4
GigabitEthernet1/0/4 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 003a.7d63.ae84 (bia 003a.7d63.ae84)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     440 packets input, 78098 bytes, 0 no buffer
     Received 399 broadcasts (313 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 313 multicast, 0 pause input
     0 input packets with dribble condition detected
     372 packets output, 39100 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

synertecadmin · ‎10-05-2018

One thing I think I might have forgotten to mention. If I connect the clients directly to the L3 switch, then transferring a file across the 2 vLans I get 100MB/sec.

But this is not a valid test as all clients will connect to a L2 switch which in turn would connect to the L3 one. When I set this up, that is when I get the slow transfer speed

Alex Pfeil · ‎10-05-2018

Did you verify everything connects at 1Gbps?

pieterh · ‎10-05-2018

I have not setup any IP Routing on the L3 switch, . All I did was create 2 vlans, 1 for 192.168.0.0/24 and 1 for 192.168.1.0/2
is this where I am going wrong
-> Yes, now the switch only has two addresses to connect to for management using telnet/ssh it does not use it to forward packets between vlan2 and vlan3 and it will not build the normal "ARP-table" to look up MAC-adresses for an IP-adress.

another thing
is the vlan2 IP configured as default gateway for vlan2 clients
and the vlan3 IP for the vlan3 clients?

pieterh · ‎10-05-2018

all clients will connect to a L2 switch which in turn would connect to the L3 one
-> check if the L2 switch also knows about the different VLANs?