Best Network Topology with Current Hardware
-
@kjk54
I followed a Draytek article that created a route for all traffic that wasn't in the VLANs by ticking the 'default' box above.
When I try and add it using the interface i.e. VLAN 99 I get an error.
I have not tested IPV4 routing on the switch as at the moment due to WFH, I simply have the two P2280Xs connected on the desk via the uplinks and a laptop so I don't kill off the main home network. Yes, I defined an access port for VLAN99.
-
"I followed a Draytek article that created a route for all traffic that wasn't in the VLANs by ticking the 'default' box above."
I don't have any idea what it is.
Have you enabled the IPv4 routing on your L3 switch? You need to get IPv4 routing up and running on the switch first. You can test it with two devices connected to the same switch. For the test to be valid you need to disconnect the uplinks. Note that in this configuration, the switch interfaces need be the gateways on your endpoint devices, not the pfSense interfaces.
-
@kjk54
The default box was in the pic above and the article was...
https://www.draytek.co.uk/support/guides/kb-vigorswitch-vlanrouting
However, I have enabled IPv4 routing on the L3 switch. I can disconnect the uplinks but will struggle to test at the moment as I don't have 2 PCs near the switches to test with unfortunately.
-
It may be okay. Possibly they just do not bother to show the outgoing interface since it can be determined from the subnet of the next hop.
You do not necessarily need another PC. Almost anything with a RJ45 jack can be used.
-
In normal you can use all switches as Layer2 switches and the pfSense
is routing the entire traffic and also the vlans or you may be set up a
transfer net between the pfSense and the or one Layer3 switch and the
Layer3 switch is routing then the vlans perhaps a bit faster, but you may
be setting up then ACLs on the switch for the vlan traffic (to secure or allow/deny) -
@kjk54
Okay, I'm sure I can find something with a RJ45 connector!
-
@Dobby_ said in Best Network Topology with Current Hardware:
In normal you can use all switches as Layer2 switches and the pfSense
is routing the entire traffic and also the vlans or you may be set up a
transfer net between the pfSense and the or one Layer3 switch and the
Layer3 switch is routing then the vlans perhaps a bit faster, but you may
be setting up then ACLs on the switch for the vlan traffic (to secure or allow/deny)I am currently using the switches as Layer 2 and routing the VLANs via Pfsense but the inter VLAN speed is pathetic, much lower than it should be but I can't seem to get to the bottom of it. For example Iperf to NAS on 1G network.....
Could put the NAS on the main LAN and get wire speed but still need to access it from the IOT network (firestick)! Hence the reason for going down the L3 route.
Same LAN speed is fine.......Between 2 PCs on same VLAN........
-
The NAS speed can be also based on the HDD/SSD´s speed!
Perhaps there is also not the max. load on the line, so you could try out iPerf
with multiple streams to gain the load for getting better "numbers". -
@Dobby_ said in Best Network Topology with Current Hardware:
The NAS speed can be also based on the HDD/SSD´s speed!
Perhaps there is also not the max. load on the line, so you could try out iPerf
with multiple streams to gain the load for getting better "numbers".How do I run Iperf with multiple streams?
Totally get that the NAS speed could be affected by HDD speed but they are ironwolfs in a Synology DS920+ and reading around people seem to be getting much better results than me!
-
@stevencavanagh said in Best Network Topology with Current Hardware:
For example Iperf to NAS on 1G network.....
And it is ~50 Mbits/sec? You must have a link speed issue. More like 100M, not 1G.
-
@kjk54 said in Best Network Topology with Current Hardware:
@stevencavanagh said in Best Network Topology with Current Hardware:
For example Iperf to NAS on 1G network.....
And it is ~50 Mbits/sec? You must have a link speed issue. More like 100M, not 1G.
Totally agree but I cannot find the reason at all.
Nothing is running at 100MB. NAS, both switches (P1280) & both PCs are showing as running as 1G. Can only assume it is either the LAG from switch 1 to switch 2 or LAG from switch 1 to Pfsense but they are indicating all is good at 1G
-
Some asymmetric routing? Are you seeing a lot of retries/retransmissions?
-
@stephenw10 said in Best Network Topology with Current Hardware:
Some asymmetric routing? Are you seeing a lot of retries/retransmissions?
Where is the best place to check for this? Would it be in the System Logs somewhere?
-
iperf normally reports retries at one end. Otherwise a pcap would show retransmissions.
-
@stephenw10
Iperf not showing any retries.However, when trying Iperf from Pfsense to NAS IP address it still shows 50 Mbits/sec, does that point to the cabling between Pfsense and the NAS?
-
I mean 50Mbps is an odd value. It would be exactly 100 or very close if something were linked at that. If something were linked at half duplex you'd likely see <20Mbps at best.
Do you have any traffic shaping in play you may have forgotten about?
-
@stephenw10
Don't think there is any traffic shaping in play, certainly no limiters on Pfsense nor is there any in play on either of the 2 switches. -
@stevencavanagh
Traffic shaping was enabled but could not see where it would be influencing the speed to the server.In utter frustration I completely removed the shaper and now get the following results, which I think is as good as it gets with a 1G connection across VLANs via Pfsense.
There is a LAG connecting the NAS to Pfsense (2 * 1G connections) and another from Switch to Pfsense (2 * 1G connections) but this obviously would not increase the speed.
Only issue I may have would be the Microsoft Teams / Jabber voice calls tomorrow when I'm back online for work, as that is why I added the shaper in the first place as I kept getting drop outs.
Any idea as to what bit of the shaper I should modify for this? Clearly my attempt at it worked (sort of) but cocked up the NAS!
Either way, Many thanks for pointing me in this direction!
-
Ah, yup I've forgotten about old test config changes many, many times!
If those are LACP laggs you may get load balancing between them but you would need multiple parallel connections to see it.
-
@stephenw10
Yes they are LACP and I have tested with multiple parallel connections in the past and all seemed good, so hopefully all is good, well at least until tomorrow when I try a Teams call.Unless I am missing something there doesn't appear to be a checkbox for Teams in the shaper anywhere for some reason.