Reply
New Member
Posts: 16
Registered: ‎03-05-2017

Slow VLAN Routing

I have an EdgeMax and I feel like the clan routing is extremely slow. When I copy a file from one vlan to another I feel like I am getting about 10-12meg from what Windows shows during the transfer. I have checked and everything in my Cisco Switch for these devices show they are connected via Gig. 

 

Does anyone have an idea on why it is so slow or what might need need to be changed to speed up the transfer?

Highlighted
Established Member
Posts: 751
Registered: ‎02-12-2013
Kudos: 190
Solutions: 60

Re: Slow VLAN Routing

Hi @chapandrew6
Which model do you have and which firmware version? It sounds like hardware offloading is not enabled:
https://help.ubnt.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading
New Member
Posts: 16
Registered: ‎03-05-2017

Re: Slow VLAN Routing

Model: EdgeRouter X 

Version: v1.10.8

 

I checked and the config looks to have hardware offloading enabled.

Established Member
Posts: 751
Registered: ‎02-12-2013
Kudos: 190
Solutions: 60

Re: Slow VLAN Routing

@chapandrew6 Post your configuration (sanitize where needed)
New Member
Posts: 16
Registered: ‎03-05-2017

Re: Slow VLAN Routing

Is there an easy way to export the running config to a file on my computer?  When I show it, it is too long and I cant go back all the way.

Established Member
Posts: 751
Registered: ‎02-12-2013
Kudos: 190
Solutions: 60

Re: Slow VLAN Routing

@chapandrew6

You can either do it via CLI by running this command:
show configuration | cat

Or download the configuration via the GUI:
https://help.ubnt.com/hc/en-us/articles/360012074414-EdgeRouter-How-to-Post-Configurations-on-the-Ed...
New Member
Posts: 16
Registered: ‎03-05-2017

Re: Slow VLAN Routing

So my config was too long to post on here so im attaching the file below.  I think i got everything scrubbed.  Notepad++ seems to open it fine.

Established Member
Posts: 751
Registered: ‎02-12-2013
Kudos: 190
Solutions: 60

Re: Slow VLAN Routing

@chapandrew6

Wow - that's one hell of a config. Not sure if ER-X was the right router for you or if you should have been looking at ER-4.

You have QoS in your config, which doesn't seem to do anything, but it will still disable offload, so you need to remove that and reboot.
I don't know how many resources DPI takes, but it doesn't make things faster.

But I would think it's the amount of firewall rules that is slowing you down - combined with you only using a single interface.
I must admit, that I'm starring blind on all your rules, so I haven't found anything that pops out, but you could enable logging on one rule at the time and see if some rule is catching all traffic, which will slow down performance.

What's the CPU level, when you're routing maximum over the VLAN (after you have removed QoS and rebooted)?

configure
set system traffic-analysis dpi disable
set system traffic-analysis export disable
delete traffic-control
commit
save;exit
New Member
Posts: 16
Registered: ‎03-05-2017

Re: Slow VLAN Routing

I will try doing that tomorrow and see what happens.  I am good on a Systems / Infrastructure side of things but networking is not my area of expertise.  I always like to think security and like to segment traffic for security.  I have been thinking about switching and trying PFSense but would take time to setup something like that.

Emerging Member
Posts: 57
Registered: ‎03-26-2017
Kudos: 5
Solutions: 2

Re: Slow VLAN Routing

I though advanced queue you have at the bottom would disable the hw offload?

https://help.ubnt.com/hc/en-us/articles/220716608-EdgeRouter-Advanced-Queue-CLI-Examples

 

Generally speaking - each rule you put it means some performance degradation as the 1st packet of each flow is inspected against all rules. I typically fight for every rule before putting it in.

Established Member
Posts: 751
Registered: ‎02-12-2013
Kudos: 190
Solutions: 60

Re: Slow VLAN Routing

@chapandrew6
If you separate everything on VLANs - with no or little cross-talk, then you should be good. I'm not sure if your problem is just the offload being disabled by the QoS - I'm too tired to look through all your firewall rules, but my guess is that you've probably gone a little overboard and could slim down.

I just saw that Netgate (the company behind pfSense) released SG-1100 last week, which is a tiny 3 port device, but it looks to be really fast and has plenty of RAM and storage to do fun stuff with.
New Member
Posts: 16
Registered: ‎03-05-2017

Re: Slow VLAN Routing

I performed the commands below but its still the exact same speeds.  I checked the CPU and it never seems to go over 50%  for the most part its around 10%.  

 

configure
set system traffic-analysis dpi disable
set system traffic-analysis export disable
delete traffic-control
commit
save;exit

 

 

I am trying to block traffic between vlans and by default block everything only allowing specific items between vlans.  Maybe i need a more powerful firewall. Man Sad

New Member
Posts: 33
Registered: ‎05-23-2016
Kudos: 1
Solutions: 1

Re: Slow VLAN Routing

I also think the machine is not sized for this number of rules (and using out rules is generally not a good idea).

Reply