Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet Slow with VLANS

MODEL : SG 500

I have configured the switch in L3 mode with three VLANS. For WAN access, the switch is connected to a non-cisco Load Balancer / Router with 4 WAN Links. Storm control enabled to default settings on all ports.

Clients can access the Internet and VLANS can communicate with each other. No problem.

I just noticed that Internet access is significantly slower compared to when there were no VLANS in place. With no VLANS configured, speed tests would show very close to the aggregate speed of the four (4) WAN links. With the VLANS in place, speed tests now show just roughly 40% - 60%  of the aggregate speed. Sometimes just the speed of one link.

I disabled all Green Ethernet options and it didn't help.

Is there something I may have missed? 

FYI: The Load Balancef is Pfsense 

Everyone's tags (1)
10 REPLIES
New Member

Hi,do you have any

Hi,

do you have any information about how Pfsense provides load balancing?

In the "no svi" scenario is yhe load balancer playing default  gateway role for the client?

If Pfsense took  load balancing decisions on source mac address basis the slow performances could be easily explained.

Regards

MM

New Member

Hi Marco,Yes, in the "no svi"

Hi Marco,

Yes, in the "no svi" scenario, the load balancer was the the default gateway.

I am not really sure how pfsense does its load balancing decisions. But to give you an idea, in pfsense, a gateway group is defined with up to n WANs, then subnet is configured setting the gateway group as the default gateway.

Thanks!

 

 

New Member

Hi,unfortunately I did never

Hi,

unfortunately I did never work on 500 platform so I do not know if it has some performance issue related  to layer 3 switching. Indeed Boris's hint on  looking at cpu utilization is a good starting point.

From balancer perspective the two scenarios are very different.

When the balancer provides DG to the clients it natively sees their mac address and taking LB decisions on source mac address can be an option.

In the svi scenario the balancer gets Ethernet frames that always have 500 switch mac address as source address, so taking decisions on mac address means no balancing  at all.

When  experiencing the low throughput issue, did you give a look at each link utilization?

If the low throughput is anyway fairly distributed to the four links you can focus on switch side, if not a further investigation on how the balancer works  is needed.

Regards

M

 

 

New Member

Hi, Left everything overnight

Hi, 

Left everything overnight and it seems that Internet speed has come up. Bandwidth tests (using two (2) different sites) are attached. Please note that the four (4) WAN interfaces are DSL ( 8mb/768kb , 13mb/1mb, 10mb/768kb, 8mb/768kb ). Would love to have faster, dedicated links but Internet its too expensive in my side of the world :-)

Have to wait for peak Internet usage and observe.

Silver

Hello,I am strongly agree

Hello,

I am strongly agree with Marco and with his suggestion to verify each WAN link utilisation of loadbalancer. It can help to isolate the problem.

Could you, please, explain your phrase: "Also, for the VLANS, all switch IP addresses reside in VLAN 900"?

I thought, that switch's IP-addresses should be IP-addresses of SVI Interfaces. If so, each IP-address should reside on the separate VLAN...

New Member

What I meant is that I

What I meant is that I changed default to VLAN 900. I've got two (2) SF300-10 and an SF300-24 as access switches ( in Layer 2 ) and their default VLANS are also set to 900.

In short, nothing is using VLAN 1. Was just wondering if changing Default VLAN has an effect.

Silver

Hi, ok, I understood. I

Hi, ok, I understood. I believe, changing the default VLAN should not have any effect for performance. Moreover, it is even recommended to change default vlan to some other vlan due to security reasons.

So, we'll wait for the results of WAN links utilisation testing.

Silver

Hello, I can suggest to

Hello, 

I can suggest to verify CPU utilization of the switch with commands:

show cpu input rate

show cpu utilization

Also, please, see the following discussion:

https://supportforums.cisco.com/discussion/11898831/sg-500-high-cpu-utilization

They had the high CPU Utilization there, while the switch was not overloaded with traffic... 

New Member

Hi Boris,Sending you over

Hi Boris,

Sending you over some screenshots.

Unfortunately, show input rate is not a valid command.

Likewise, show arp has 79 entries but this is expected to rise to around 500 (or 600) when the switch is placed into production.

Also, for the VLANS, all switch IP addresses reside in VLAN 900. Is this good or should I change the default VLAN to 1 ?

Thanks!

 

New Member

Hi,configure it for failover

Hi,

configure it for failover on all links. Load balancer is dividing speeds.

 

 

 

Jerry Paul

www.thenetworkhardware.com

552
Views
0
Helpful
10
Replies
CreatePlease login to create content