Very Poor Performance on VLAN Routing

marvosa

@kdb9000 said in Very Poor Performance on VLAN Routing:

As far as I can tell with Ubiquiti. The ports were setup as an Aggregate across the 3 ports on the Switch.

Which mode was configured on the PFsense side? Which mode was configured on the Ubiquity switch?

KDB9000

@bingo600

My settings are the same as what you have in the image (disabled for the two offloading, checksum is the only offloader enabled).

@johnpoz

I haven't gotten the iperf working on the Synology (not sure which one I need to install). I did use the Windows version between two computers on different VLANS.

Main > Gaming

Main VLAN>iperf3.exe -c 192.168.13.235
Connecting to host 192.168.13.235, port 5201
[  4] local 192.168.10.60 port 57740 connected to 192.168.13.235 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  4.50 MBytes  37.7 Mbits/sec
[  4]   1.00-2.00   sec  38.0 MBytes   319 Mbits/sec
[  4]   2.00-3.00   sec  56.1 MBytes   470 Mbits/sec
[  4]   3.00-4.00   sec  56.0 MBytes   470 Mbits/sec
[  4]   4.00-5.00   sec  56.9 MBytes   477 Mbits/sec
[  4]   5.00-6.00   sec  55.1 MBytes   462 Mbits/sec
[  4]   6.00-7.00   sec  57.8 MBytes   484 Mbits/sec
[  4]   7.00-8.00   sec  58.4 MBytes   490 Mbits/sec
[  4]   8.00-9.00   sec  56.0 MBytes   470 Mbits/sec
[  4]   9.00-10.00  sec  55.4 MBytes   464 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec   494 MBytes   414 Mbits/sec                  sender
[  4]   0.00-10.00  sec   494 MBytes   414 Mbits/sec                  receiver

iperf Done.

Gaming VLAN>iperf3.exe -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.10.60, port 57739
[  5] local 192.168.13.235 port 5201 connected to 192.168.10.60 port 57740
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.01   sec  4.00 MBytes  33.2 Mbits/sec
[  5]   1.01-2.00   sec  32.3 MBytes   274 Mbits/sec
[  5]   2.00-3.00   sec  56.1 MBytes   471 Mbits/sec
[  5]   3.00-4.00   sec  56.0 MBytes   469 Mbits/sec
[  5]   4.00-5.00   sec  56.8 MBytes   476 Mbits/sec
[  5]   5.00-6.00   sec  55.1 MBytes   462 Mbits/sec
[  5]   6.00-7.00   sec  57.7 MBytes   484 Mbits/sec
[  5]   7.00-8.00   sec  58.5 MBytes   491 Mbits/sec
[  5]   8.00-9.00   sec  56.2 MBytes   471 Mbits/sec
[  5]   9.00-10.00  sec  55.4 MBytes   464 Mbits/sec
[  5]  10.00-10.11  sec  6.01 MBytes   475 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.11  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-10.11  sec   494 MBytes   410 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

And then from Gaming > Main

Gaming VLAN>iperf3.exe -c 192.168.10.60
Connecting to host 192.168.10.60, port 5201
[  4] local 192.168.13.235 port 64557 connected to 192.168.10.60 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  34.2 MBytes   287 Mbits/sec
[  4]   1.00-2.01   sec  33.1 MBytes   277 Mbits/sec
[  4]   2.01-3.00   sec  33.6 MBytes   284 Mbits/sec
[  4]   3.00-4.00   sec  32.6 MBytes   273 Mbits/sec
[  4]   4.00-5.00   sec  29.5 MBytes   247 Mbits/sec
[  4]   5.00-6.01   sec  31.6 MBytes   265 Mbits/sec
[  4]   6.01-7.00   sec  33.0 MBytes   278 Mbits/sec
[  4]   7.00-8.00   sec  31.6 MBytes   265 Mbits/sec
[  4]   8.00-9.00   sec  33.0 MBytes   277 Mbits/sec
[  4]   9.00-10.00  sec  32.1 MBytes   269 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec   324 MBytes   272 Mbits/sec                  sender
[  4]   0.00-10.00  sec   324 MBytes   272 Mbits/sec                  receiver

iperf Done.

Main VLAN>iperf3.exe -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.13.235, port 64556
[  5] local 192.168.10.60 port 5201 connected to 192.168.13.235 port 64557
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec  33.3 MBytes   280 Mbits/sec
[  5]   1.00-2.00   sec  32.5 MBytes   273 Mbits/sec
[  5]   2.00-3.00   sec  33.6 MBytes   282 Mbits/sec
[  5]   3.00-4.00   sec  32.6 MBytes   273 Mbits/sec
[  5]   4.00-5.00   sec  29.3 MBytes   246 Mbits/sec
[  5]   5.00-6.00   sec  31.7 MBytes   266 Mbits/sec
[  5]   6.00-7.00   sec  33.1 MBytes   278 Mbits/sec
[  5]   7.00-8.00   sec  31.5 MBytes   264 Mbits/sec
[  5]   8.00-9.00   sec  33.1 MBytes   277 Mbits/sec
[  5]   9.00-10.00  sec  32.1 MBytes   269 Mbits/sec
[  5]  10.00-10.04  sec  1.58 MBytes   304 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.04  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-10.04  sec   324 MBytes   271 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

Nothing in the network as changed since I posted the initial thread, and the SMB traffic between the VLANs is still very poor compared to what the iperf test shows (which I have seen some people the iperf test isn't a very good test).

johnpoz

Iperf on pfsense is not a good test no.

But client to client through pfsense is good test.

So what do you see from client to client on the same network? Because those speeds are terrible for gig.. You should be seeing high 800's to low 900s for sure..

What specific model of nas do you have? And I can help you figure out which synology iperf you want. For example on my ds918 its the apollolake..

KDB9000

@marvosa said in Very Poor Performance on VLAN Routing:

@kdb9000 said in Very Poor Performance on VLAN Routing:

As far as I can tell with Ubiquiti. The ports were setup as an Aggregate across the 3 ports on the Switch.

Which mode was configured on the PFsense side? Which mode was configured on the Ubiquity switch?

Aggregate is what is it called on the Ubiquiti side, LAGG is what it is called on the pfSense side. On the pfSense side, the protocol was LACP. Ubiquiti doesn't have any other options to change for the Aggregate (aside from setting Link Speed and how many ports are in the Aggregate). At this time, I am not running LAGG on pfSense. Instead the 3 connections are individual with different VLAN's attached to them.

bingo600

@kdb9000

What does an L2 iperf report ?
I mean server & client on the same subnet

Are you running hairpin / "On a Stick" when doing the inter Vlan xfers ?

I have divided my Vlans across two pfSense interfaces.
And made sure my Server and (cabled) Client vlans are on separate IGBx interfaces.

/Bingo

KDB9000

This post is deleted!

KDB9000

@johnpoz said in Very Poor Performance on VLAN Routing:

Iperf on pfsense is not a good test no.

But client to client through pfsense is good test.

So what do you see from client to client on the same network? Because those speeds are terrible for gig.. You should be seeing high 800's to low 900s for sure..

What specific model of nas do you have? And I can help you figure out which synology iperf you want. For example on my ds918 its the apollolake..

I haven't been able to test that yet. Having issues getting iperf on the Synology. I will say, when the Synology was on a different network (had one called Server before I moved the Synology) I had a lot of issues with transferring files to it and even using OwnCloud (which is hosted on the Synology). Backup using Veeam was also an issue (similar to what I am seeing with the on in the Gaming VLAN). Once it was moved to the Main VLAN, all of those issues went away (so going from Layer 3 to Layer 2). The number of hops and the setup of the Synology (other then the IP) has not changed.

KDB9000

@bingo600 said in Very Poor Performance on VLAN Routing:

@kdb9000

What does an L2 iperf report ?
I mean server & client on the same subnet

Are you running hairpin / "On a Stick" when doing the inter Vlan xfers ?

I have divided my Vlans across two pfSense interfaces.
And made sure my Server and (cabled) Client vlans are on separate IGBx interfaces.

/Bingo

It was "On a Stick" and worked without issue for a long time. It was only recently it started acting up. I have since spread out the VLANs onto the other interfaces, although Main and Gaming at on the same interface. When I tried to move it, pfSense was having issues with the routing (it still said it was on the one interface when I had moved it to another interface) and was blocking the traffic (at least outbound from the VLAN, inbound to the VLAN worked fine).

johnpoz

@kdb9000 which specific nas do you have - can lookup up which version of the software you need. I have ds918 which is the apollolake software..

KDB9000

@johnpoz said in Very Poor Performance on VLAN Routing:

@kdb9000 which specific nas do you have - can lookup up which version of the software you need. I have ds918 which is the apollolake software..

DS1817+

bingo600

@kdb9000 said in Very Poor Performance on VLAN Routing:

Nothing in the network as changed since I posted the initial thread, and the SMB traffic between the VLANs is still very poor compared to what the iperf test shows (which I have seen some people the iperf test isn't a very good test).

I hate it when people are using SMB as ANY kind of network performance test.
SMB performance depends on the Server CPU load , and disk load at the exact moment.

Then i end up having people blaming the network , for their lousy overcomitted Virtual server, with mechanical disks

/Bingo

bingo600

@kdb9000 said in Very Poor Performance on VLAN Routing:

although Main and Gaming at on the same interface. When I tried to move it, pfSense was having issues with the routing (it still said it was on the one interface when I had moved it to another interface) and was blocking the traffic (at least outbound from the VLAN, inbound to the VLAN worked fine).

So the above iperfs you showed , are using "On a stick" (same) interface.
As it's Main -> Gaming , and reverse ?

/Bingo

KDB9000

@bingo600 said in Very Poor Performance on VLAN Routing:

@kdb9000 said in Very Poor Performance on VLAN Routing:

Nothing in the network as changed since I posted the initial thread, and the SMB traffic between the VLANs is still very poor compared to what the iperf test shows (which I have seen some people the iperf test isn't a very good test).

I hate it when people are using SMB as ANY kind of network performance test.
SMB performance depends on the Server CPU load , and disk load at the exact moment.

Then i end up having people blaming the network , for their lousy overcomitted Virtual server, with mechanical disks

/Bingo

I monitored the Synology system, it was basically idle when I tried doing the backup and/or file transfers. OwnCloud doesn't use SMB (at least when uploading through the web page and I do not believe so with the Windows Client), and was also problematic. The Veeam backup does use SMB, and while monitoring the performance of the computer and the storage there wasn't anything that would cause the transfer to be slow. To also add to that, when I did the VLAN setup on the Synology (one VLAN in the same as the system backing up, the other required me to go to pfSense) it would preform at the 500 KB/s going across the VLAN compared to the MB/s I see when I went to it directly on Layer 2. These test were done one right after the other (not at the same time).

I will also point out that I do not have any Virtual Servers (unless you want to count what I am running in Docker as a Virtual Server) in play with this setup. If you want to blame Docker for the OwnCloud part, I had slow transfers, interrupted transfers, and issues when using it over Layer 3. I did not have any issues when I switch it to Layer 2.

KDB9000

@bingo600 said in Very Poor Performance on VLAN Routing:

@kdb9000 said in Very Poor Performance on VLAN Routing:

although Main and Gaming at on the same interface. When I tried to move it, pfSense was having issues with the routing (it still said it was on the one interface when I had moved it to another interface) and was blocking the traffic (at least outbound from the VLAN, inbound to the VLAN worked fine).

So the above iperfs you showed , are using "On a stick" (same) interface.
As it's Main -> Gaming , and reverse ?

/Bingo

Yes, until I can get pfSense to correctly move the VLAN to another interface. I am Working from Home, so it isn't very easy to reset my Router/Firewall at this time.

bingo600

@kdb9000

My SMB "rant" was not meant for you, in particular.
It was gathered , from many job debug situations , where 95% of the SMB tests , were proven wrong by iperf. But it takes a lot of convincing to get a M$ Admin to accept that iperf is the way to go, when testing network performance.

KDB9000

@bingo600 said in Very Poor Performance on VLAN Routing:

@kdb9000

My SMB "rant" was not meant for you, in particular.
It was gathered , from many job debug situations , where 95% of the SMB tests , were proven wrong by iperf. But it takes a lot of convincing to get a M$ Admin to accept that iperf is the way to go, when testing network performance.

I wasn't sure, but I know some people might pick it up and run with it. And I know what you mean, we have to fight with out Database people about the Storage system (they keep blaming performance issues on Storage when we do not see any issues related to it). We did find issues with the Databases that we brought to their attention, and after that most of the issues stopped or it wasn't as bad as it was.

bingo600

@kdb9000

Did you see this one
https://www.reddit.com/r/synology/comments/f2s6nv/only_getting_1gbit_transfer_speeds_rather_than/

Something about SMB signing

KDB9000

@bingo600 said in Very Poor Performance on VLAN Routing:

@kdb9000

Did you see this one
https://www.reddit.com/r/synology/comments/f2s6nv/only_getting_1gbit_transfer_speeds_rather_than/

Something about SMB signing

SMB Signing is related to Domains (as far as I can tell and something that was mentioned in the Reddit you sent). One of the Synology troubleshooting guides mentioned SMB Signing as well, but it was only if the Synology was part of a Domain setup.

bingo600

@kdb9000

Re iperf install

https://www.synology.com/en-global/knowledgebase/DSM/tutorial/Compatibility_Peripherals/What_kind_of_CPU_does_my_NAS_have

DS1817+ Intel Atom C2538 Quad Core 4 Yes Avoton DDR3 2/8 GB

Do you see any Avoton arch - iperf packages

johnpoz

@bingo600 said in Very Poor Performance on VLAN Routing:

DS1817+ Intel Atom C2538 Quad Core 4 Yes Avoton DDR3 2/8 GB

http://www.jadahl.com/iperf-arp-scan/DSM_6.2/iperf_avoton-6.2_3.7-1.spk

Install that spk, then ssh to your nas, then just run iperf3 -s

Then hit your nas IP from linux or windows client also running iperf.. I compile iperf3 for windows myself..

Here is that
iperf3.9_64.zip