All comunications got down with inter-vlan communication
-
Hello. I have next scenario in LAN interface(just showing the neccesary interfaces), PFSense version 2.3.3-RELEASE
lan/vlan interface: IP ADDRESS
re1 10.0.0.207/16
re1_vlan208 172.20.208.254/24I have a PC in the vlan 208, and 2 servers in the re1 net(the total pcs passing through PFSense are more than 600),
User PC(172.20.208.150)
Server 1 (10.0.0.17/16, shared resource \backups\ )
Server 2 (10.0.225.62/16, shared resource \maps\ )A final user can see from their PC access to both shares resources, when the user, from their PC, try to copy one file form \10.0.0.17\backups to \10.0.225.62\maps, all the communication in re1 interface goes down(with all 30 vlans associated tho this and more than 600 users)
No idea how to troubleshot this problem
Thanks for your help
-
"re1 10.0.0.207/16"
Well yeah all traffic from re1 to any vlan on re1 would hairpin through re1.. So yeah if you fill up the pipe - all those vlans would have problems.. You have 30 vlans connected to 1 interface.. And you have intervlan traffic? Yeah that is really bad idea.
So you have 600 machines bottlenecked through 1 interface.. Yeah that is going to be slow when trying to talk to each other.
If you have that many vlans that talk to each other - that really should be handled on a L3 switch..
600 devices ok.. why would you have a /16.. A /22 would be much better mask for 600 devices on the same network.. /16 is not really a mask you would put on a interface - that is a routing cidr ;) Or a firewall cidr mask on a rule, etc.
-
I mean, a lot of people used to copy files from one machine to another machine, and the PFSense handle it without problems, but the specific scenario I describe above make the communication crash, the intervlan traffic exists all the time, the copy of the files exists all the time, PFSense crash only when the copy is don in the manner I describe in the first post, the masks? no idea, I recently enter to manage this network and I'm changing the net topology, but this cannot do easily, because of nature of the systems the people actually use, the vlans is part of the change, the vlans works well, all the working hours the people copy info from one pc to another, but, copying like I describe in the first post make unavailable the communication in that interface, if I pause the copy, the communications returns, if I resume the copy, the communication once again got dropped, this scenario have been testes in non-working hours and the result is the same, so definitely the pipe is not filled up, and there is not the problem
Thanks for your help
"re1 10.0.0.207/16"
Well yeah all traffic from re1 to any vlan on re1 would hairpin through re1.. So yeah if you fill up the pipe - all those vlans would have problems.. You have 30 vlans connected to 1 interface.. And you have intervlan traffic? Yeah that is really bad idea.
So you have 600 machines bottlenecked through 1 interface.. Yeah that is going to be slow when trying to talk to each other.
If you have that many vlans that talk to each other - that really should be handled on a L3 switch..
600 devices ok.. why would you have a /16.. A /22 would be much better mask for 600 devices on the same network.. /16 is not really a mask you would put on a interface - that is a routing cidr ;) Or a firewall cidr mask on a rule, etc.
-
So you have user in Vlan A doing a copy from vlan B to vlan C.. With a copy paste highlight file in B and paste on machine in C.. So yeah all those copies go through PC on vlan A.. Through multiple hairpins.. Not going to be good..
Talk about a hairpin nightmare..
your flowing all the traffic through pfsense multiple times, and the pc multiple times all over the same interfaces..
If they need to move a file from B to C.. Then rdp to B or C and copy or paste the file directly - don't have it flow through the PC on A.. Is that better?? Either way that many vlans that all do intervlan traffic using 1 interface is going to be horrible.. Hope your devices are all set to use 10mbps and your trunk is gig..
