routing between vlans -- slow speed on an APU4

  • Greetings,
    I recently got my hands on a vmware esxi server, and on that server, there are a variety of vlans.

    I configures my APU for a trunk port, and connected a cable directly to the VMWare server.

    The APU is a router on a stick, and routing between vlans works fine, but ...

    I used rsync between two vlans and was surprised to see a 1.2M throughput. I have Cisco gigabit switches, and the server is a monster. There are no traffic policies being used. The port is connected at 1gbit full duplex

    re1.1601: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 0e:0e:be:3e:ae:ee
    inet6 fe80::2ee:beee:feee:abee%re1.1601 prefixlen 64 scopeid 0x8
    inet netmask 0xffffff00 broadcast
    media: Ethernet autoselect (1000baseT <full-duplex,master>)
    status: active
    vlan: 1601 vlanpcp: 0 parent interface: re1
    groups: vlan

    Any thoughts or is this expected speed?



  • Netgate Administrator

    Whether that's 1.2Mbps or 1.2MBps both are incredibly slow. It would seem there is something basic at fault there.
    The re NIC in the your output implies you have a 4GB APU1 rather than the new APU4 board, correct?

    You should disable all hardware off loading features in System > Advanced > Networking.

    It may be necessary to disable for hardware VLAN tagging though I'm not aware of any specific issue there.

    Check Status > Interfaces for errors.

    Check the connected switch for logged errors if it logs that.


  • Just have some curious questions.

    • Just for clarity, by APU4, do you mean a Netgate APU4?
    • What model switches are you using?
    • Why did you trunk your ESXi box directly to your firewall instead of to the switch?

  • @stephenw10

    Wow -- that did it! Move the needle to a stunning 581mbits a second.

    Huge thanks -- awesome!!!

  • Netgate Administrator

    What specific thing corrected it for reference?


  • Even though it's "working", you should still re-visit your design. I wouldn't plug your server directly into your firewall.

Log in to reply