MODEL : SG 500
I have configured the switch in L3 mode with three VLANS. For WAN access, the switch is connected to a non-cisco Load Balancer / Router with 4 WAN Links. Storm control enabled to default settings on all ports.
Clients can access the Internet and VLANS can communicate with each other. No problem.
I just noticed that Internet access is significantly slower compared to when there were no VLANS in place. With no VLANS configured, speed tests would show very close to the aggregate speed of the four (4) WAN links. With the VLANS in place, speed tests now show just roughly 40% - 60% of the aggregate speed. Sometimes just the speed of one link.
I disabled all Green Ethernet options and it didn't help.
Is there something I may have missed?
FYI: The Load Balancef is Pfsense
do you have any information about how Pfsense provides load balancing?
In the "no svi" scenario is yhe load balancer playing default gateway role for the client?
If Pfsense took load balancing decisions on source mac address basis the slow performances could be easily explained.
Yes, in the "no svi" scenario, the load balancer was the the default gateway.
I am not really sure how pfsense does its load balancing decisions. But to give you an idea, in pfsense, a gateway group is defined with up to n WANs, then subnet is configured setting the gateway group as the default gateway.
unfortunately I did never work on 500 platform so I do not know if it has some performance issue related to layer 3 switching. Indeed Boris's hint on looking at cpu utilization is a good starting point.
From balancer perspective the two scenarios are very different.
When the balancer provides DG to the clients it natively sees their mac address and taking LB decisions on source mac address can be an option.
In the svi scenario the balancer gets Ethernet frames that always have 500 switch mac address as source address, so taking decisions on mac address means no balancing at all.
When experiencing the low throughput issue, did you give a look at each link utilization?
If the low throughput is anyway fairly distributed to the four links you can focus on switch side, if not a further investigation on how the balancer works is needed.
Left everything overnight and it seems that Internet speed has come up. Bandwidth tests (using two (2) different sites) are attached. Please note that the four (4) WAN interfaces are DSL ( 8mb/768kb , 13mb/1mb, 10mb/768kb, 8mb/768kb ). Would love to have faster, dedicated links but Internet its too expensive in my side of the world :-)
Have to wait for peak Internet usage and observe.
I am strongly agree with Marco and with his suggestion to verify each WAN link utilisation of loadbalancer. It can help to isolate the problem.
Could you, please, explain your phrase: "Also, for the VLANS, all switch IP addresses reside in VLAN 900"?
I thought, that switch's IP-addresses should be IP-addresses of SVI Interfaces. If so, each IP-address should reside on the separate VLAN...
What I meant is that I changed default to VLAN 900. I've got two (2) SF300-10 and an SF300-24 as access switches ( in Layer 2 ) and their default VLANS are also set to 900.
In short, nothing is using VLAN 1. Was just wondering if changing Default VLAN has an effect.
Hi, ok, I understood. I believe, changing the default VLAN should not have any effect for performance. Moreover, it is even recommended to change default vlan to some other vlan due to security reasons.
So, we'll wait for the results of WAN links utilisation testing.
I can suggest to verify CPU utilization of the switch with commands:
show cpu input rate
show cpu utilization
Also, please, see the following discussion:
They had the high CPU Utilization there, while the switch was not overloaded with traffic...
Sending you over some screenshots.
Unfortunately, show input rate is not a valid command.
Likewise, show arp has 79 entries but this is expected to rise to around 500 (or 600) when the switch is placed into production.
Also, for the VLANS, all switch IP addresses reside in VLAN 900. Is this good or should I change the default VLAN to 1 ?