SRX Services Gateway
Highlighted
SRX Services Gateway

SRX Inter Vlan Slowness.

‎09-25-2015 11:26 AM

Hi All,

 

I have 2 srx 240's in a cluster setup connected with a 4300 virtual chassis setup.

 

 

 

Off the 4300's I have a server that is pretty beefy. It pushes 115 mb/s cifs easily all day long with no dips.  Same for other protos.

 

Here is my problem. Between vlans on the srx to the vlan that the server is on. I get either 20 to 50 MB/s CIFS if data is transfered across vlans to the server. If i put a client on the same vlan. I get 115 MB/s.

 

I disabled any packet limiting. I tried several vlans. Depending on the vlan. I can actually get different speeds. Which makes no sense to me?

 

What is wrong?

9 REPLIES 9
Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎09-25-2015 11:41 AM

Hello,

 

How many RGs you have on the cluster?

Are all RGs primary only on one node?

Or they are primary on different mode? e.g. RG1 which contains vlan.x is primary on node 0 & RG2 which contains vlan.server is primary on Node 1?

 

Regards,

 

Rushi

Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎09-25-2015 11:58 AM

{secondary:node1}[edit]
root@NRFPWAN# show chassis cluster redundancy-group 0
node 0 priority 100;
node 1 priority 1;

{secondary:node1}[edit]
root@NRFPWAN# show chassis cluster redundancy-group 1
node 0 priority 100;
node 1 priority 1;
interface-monitor {
ge-5/0/10 weight 255;
ge-5/0/11 weight 255;
ge-0/0/11 weight 255;
ge-0/0/10 weight 255;
}

{secondary:node1}[edit]
root@NRFPWAN# show chassis cluster redundancy-group 2
node 0 priority 100;
node 1 priority 1;
interface-monitor {
ge-0/0/15 weight 255;
ge-5/0/15 weight 255;
}

 

root@NRFPWAN# show interfaces reth1
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
minimum-links 1;
lacp {
active;
periodic fast;
}
}
unit 2 {
vlan-id 2;
family inet {
address 192.168.40.1/21;
}
}
unit 3 {
vlan-id 3;
family inet {
address 192.168.50.1/21;
}
}
unit 5 {
vlan-id 5;
family inet {
address 10.48.0.1/12;
}
}
unit 6 {
vlan-id 6;
}
unit 7 {
vlan-id 7;
}
unit 8 {
vlan-id 8;
}
unit 9 {
vlan-id 9;
family inet {
address 172.16.22.1/24;
}
}
unit 10 {
vlan-id 10;
family inet {
address 10.40.0.1/13;
}
}
unit 11 {
vlan-id 11;
family inet {
address 10.24.0.1/13;
}
}
unit 12 {
vlan-id 12;
family inet {
address 10.128.0.1/10;
}
}
unit 13 {
vlan-id 13;
family inet {
address 10.20.0.1/14;
}
}
unit 14 {
vlan-id 14;
family inet {
address 10.32.0.1/13;
}
}
unit 15 {
vlan-id 15;
family inet {
address 172.16.1.1/24;
}
}
unit 16 {
vlan-id 16;
family inet {
address 172.16.2.1/24;
}
}
unit 17 {
vlan-id 17;
family inet {
address 172.16.3.1/24;
}
}
unit 18 {
vlan-id 18;
family inet {
address 172.16.4.1/24;
}
}
unit 19 {
vlan-id 19;
family inet {
address 172.16.5.1/24;
}
}
unit 21 {
vlan-id 21;
family inet {
address 172.16.6.1/24;
}
}
unit 22 {
vlan-id 22;
family inet {
address 172.16.7.1/24;
}
}
unit 23 {
vlan-id 23;
family inet {
address 172.16.8.1/24;
}
}
unit 25 {
vlan-id 25;
family inet {
address 10.80.0.1/24;
}
}
unit 35 {
vlan-id 35;
family inet {
address 192.168.60.1/21;
}
}

 

 

root@NRFPWAN# show interfaces reth0
redundant-ether-options {
redundancy-group 2;
minimum-links 1;
}
unit 0 {
family inet {
address my.public.address/27;
}
}

 

 

I followed the basic guide. I assume all vlans are on node 0.

Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎09-26-2015 08:16 AM

Hello,

 

When sending traffic across vlans what do you see in Wireshark capture taken on client & server at the same time?

 

Do you see any retransmission or dup-ack?

 

Is it possible for you to configure a specific TCP MSS e.g. 1300 as below?

 

set tcp-mss all-tcp mss 1300

 

Regards,

 

Rushi

Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎09-28-2015 06:59 AM

I have set tcp mss 1300 in internet options and security flow  for all. Same speeds are found.

 

Will run wireshark. Server doesnt easily run wireshark. 

Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎10-02-2015 03:23 PM

I have now tested this with single 3300 and 4300 switches.  with 2 vlans.

 

 

Identical issues. even with flow control. 

 


Personally I am starting to lose faith in juniper products entirely.

Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎10-06-2015 07:21 AM

I confirmed there are fragments on the server side of the setup.

 

I also confirmed larger networks like 10/ based networks transfer file between other 10 networks.

 

 

a /24 to /24 gets 20 MB/s.

 


This is blowing my mind. 

Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎10-07-2015 11:08 AM

BUMP

Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎10-07-2015 01:24 PM

What service are you hosting on the server ? Is it a database ? 

 

Also, try disabling the following features on the srx and check if it improves performance or not :

 

set security flow tcp-session no-sequence-check

set security flow tcp-session no-syn-check

 

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]

 

 

 

Thanks,
Hisham

Please accept my comment as a solution, if it helped in resolving your issue, to help guide other commentators and encourage others.
Highlighted
SRX Services Gateway

Re: SRX Inter Vlan Slowness.

‎10-08-2015 05:18 AM

Server hosts CIFS/NFS/ISCSI.

 

Testing was done with iperf.

 

 

I had tried these settings. No performance gain noted.

 

 

One thing I have noted yesterday is if i define all networks within the same vlan. Performance is wirespeed.

 

Out of vlan? 20MB/s even if the SRX is not connected.

Feedback