Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6709
Views
50
Helpful
10
Replies

Internet Slow with VLANS

kurtsalvador1
Level 1
Level 1

‎06-09-2015 03:04 AM

MODEL : SG 500

I have configured the switch in L3 mode with three VLANS. For WAN access, the switch is connected to a non-cisco Load Balancer / Router with 4 WAN Links. Storm control enabled to default settings on all ports.

Clients can access the Internet and VLANS can communicate with each other. No problem.

I just noticed that Internet access is significantly slower compared to when there were no VLANS in place. With no VLANS configured, speed tests would show very close to the aggregate speed of the four (4) WAN links. With the VLANS in place, speed tests now show just roughly 40% - 60%  of the aggregate speed. Sometimes just the speed of one link.

I disabled all Green Ethernet options and it didn't help.

Is there something I may have missed? 

FYI: The Load Balancef is Pfsense 

Labels:
Preview file
120 KB
10 Replies 10

marco.merlo
Level 1
Level 1

‎06-09-2015 05:26 AM

Hi,

do you have any information about how Pfsense provides load balancing?

In the "no svi" scenario is yhe load balancer playing default  gateway role for the client?

If Pfsense took  load balancing decisions on source mac address basis the slow performances could be easily explained.

Regards

MM

kurtsalvador1
Level 1
Level 1
In response to marco.merlo

‎06-09-2015 05:39 AM

Hi Marco,

Yes, in the "no svi" scenario, the load balancer was the the default gateway.

I am not really sure how pfsense does its load balancing decisions. But to give you an idea, in pfsense, a gateway group is defined with up to n WANs, then subnet is configured setting the gateway group as the default gateway.

Thanks!

 

 

marco.merlo
Level 1
Level 1
In response to kurtsalvador1

‎06-09-2015 05:57 AM

Hi,

unfortunately I did never work on 500 platform so I do not know if it has some performance issue related  to layer 3 switching. Indeed Boris's hint on  looking at cpu utilization is a good starting point.

From balancer perspective the two scenarios are very different.

When the balancer provides DG to the clients it natively sees their mac address and taking LB decisions on source mac address can be an option.

In the svi scenario the balancer gets Ethernet frames that always have 500 switch mac address as source address, so taking decisions on mac address means no balancing  at all.

When  experiencing the low throughput issue, did you give a look at each link utilization?

If the low throughput is anyway fairly distributed to the four links you can focus on switch side, if not a further investigation on how the balancer works  is needed.

Regards

M

 

 

kurtsalvador1
Level 1
Level 1
In response to marco.merlo

‎06-09-2015 05:03 PM

Hi, 

Left everything overnight and it seems that Internet speed has come up. Bandwidth tests (using two (2) different sites) are attached. Please note that the four (4) WAN interfaces are DSL ( 8mb/768kb , 13mb/1mb, 10mb/768kb, 8mb/768kb ). Would love to have faster, dedicated links but Internet its too expensive in my side of the world :-)

Have to wait for peak Internet usage and observe.

Preview file
40 KB

Boris Uskov
Level 4
Level 4
In response to kurtsalvador1

‎06-09-2015 11:45 PM

Hello,

I am strongly agree with Marco and with his suggestion to verify each WAN link utilisation of loadbalancer. It can help to isolate the problem.

Could you, please, explain your phrase: "Also, for the VLANS, all switch IP addresses reside in VLAN 900"?

I thought, that switch's IP-addresses should be IP-addresses of SVI Interfaces. If so, each IP-address should reside on the separate VLAN...

kurtsalvador1
Level 1
Level 1
In response to Boris Uskov

‎06-10-2015 02:26 AM

What I meant is that I changed default to VLAN 900. I've got two (2) SF300-10 and an SF300-24 as access switches ( in Layer 2 ) and their default VLANS are also set to 900.

In short, nothing is using VLAN 1. Was just wondering if changing Default VLAN has an effect.

0 Helpful

Boris Uskov
Level 4
Level 4
In response to kurtsalvador1

‎06-10-2015 02:36 AM

Hi, ok, I understood. I believe, changing the default VLAN should not have any effect for performance. Moreover, it is even recommended to change default vlan to some other vlan due to security reasons.

So, we'll wait for the results of WAN links utilisation testing.

Boris Uskov
Level 4
Level 4

‎06-09-2015 05:40 AM

Hello, 

I can suggest to verify CPU utilization of the switch with commands:

show cpu input rate

show cpu utilization

Also, please, see the following discussion:

https://supportforums.cisco.com/discussion/11898831/sg-500-high-cpu-utilization

They had the high CPU Utilization there, while the switch was not overloaded with traffic... 

kurtsalvador1
Level 1
Level 1
In response to Boris Uskov

‎06-09-2015 04:46 PM

Hi Boris,

Sending you over some screenshots.

Unfortunately, show input rate is not a valid command.

Likewise, show arp has 79 entries but this is expected to rise to around 500 (or 600) when the switch is placed into production.

Also, for the VLANS, all switch IP addresses reside in VLAN 900. Is this good or should I change the default VLAN to 1 ?

Thanks!

 

Preview file
224 KB
Preview file
32 KB

Jerry Paul
Level 1
Level 1

‎06-15-2015 10:11 AM

Hi,

configure it for failover on all links. Load balancer is dividing speeds.

 

 

 

Jerry Paul

www.thenetworkhardware.com

Customers Also Viewed These Support Documents