XS 1930 no policy route in ACL?

sp2001

Hi @Zyxel_Melen I have 2 vlan defined on the switch, 1 connected at 1gbit/s to another switch, the other with 2 machine directly connected at 10gbit speed, iperf3 between machines on 10gbit vlan get 9.47 gbit/s throughput, from machines on 10 gbit/s vlan to machine on 1gbit/s vlan I get 30mbit/s with iperf3, just for curiosity I’ve also tried from machine on 10gbit/s vlan to fast.com transiting via the 1gbit/s vlan while on machine on 1gbit/s vlan to fast.com I get 200mbit/s. With 80MB/s you mean 640mbit/s?

sp2001

Hi, below the config, let me know if you spot something that can justify the vlan routing bad performance:

; Product Name = XS1930-10
; Firmware Version = V4.80(ABQE.1) | 02/01/2023
; Service Status = Not Licensed
; SysConf Engine Version = 1.2
; Config last updated = 02:41:11 (UTC+03:00 DST) 2023-05-27
no service-control snmp
vlan 1
name Mgt
normal ""
fixed 1-10
forbidden ""
untagged 1-10
exit
vlan 50
name Ten-Network
normal 2-10
fixed 1
forbidden ""
untagged ""
ip address 10.254.254.254 255.0.0.0
ip address default-gateway 10.0.0.1
exit
vlan 100
name 10Gbit
normal ""
fixed 1-10
forbidden ""
untagged 1-10
ip address 172.31.0.1 255.255.0.0
exit
interface route-domain 10.254.254.254/8
exit
interface route-domain 172.31.0.1/16
exit
interface vlan 1
ipv6
ipv6 address dhcp client ia-naexit
interface port-channel 1
flow-control
pvid 50
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 2
flow-control
pvid 100
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 3
flow-control
pvid 100
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 4
flow-control
pvid 100
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 5
flow-control
pvid 100
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 6
flow-control
pvid 100
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 7
flow-control
pvid 100
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 8
flow-control
pvid 100
loopguard
green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
exit
interface port-channel 9
flow-control
pvid 100
loopguard
exit
interface port-channel 10
flow-control
pvid 100
loopguard
exit
ip name-server 10.0.0.1 192.168.254.1
spanning-tree
time timezone 200
time daylight-saving-time
time daylight-saving-time start-date last sunday march 2
time daylight-saving-time end-date last sunday october 3
timesync server ch.pool.ntp.org
timesync ntp
storm-control
loopguard
snmp-server location Office
rmon statistics etherstats 1 port-channel 1rmon statistics etherstats 2 port-channel 2rmon statistics etherstats 3 port-channel 3rmon statistics etherstats 4 port-channel 4rmon statistics etherstats 5 port-channel 5rmon statistics etherstats 6 port-channel 6rmon statistics etherstats 7 port-channel 7rmon statistics etherstats 8 port-channel 8rmon statistics etherstats 9 port-channel 9rmon statistics etherstats 10 port-channel 10green-ethernet eee
green-ethernet auto-power-down
green-ethernet short-reach
wizard ignore

Zyxel_Melen

Hi @sp2001,

My last result looks not good might be due to PC's I/O performance. I used your configuration and tested it again with Iperf3. Below is my result:

1. 10G to 1G : 937 mbit/s.
2. 1G to 1G : 933 mbit/s.

Based on my result, the XS1930 does not have performance problems on VLAN routing. May I know your test steps, test command, and your PC's OS? Also, when you test Iperf3, are your PCs connected to the XS1930 directly or not?

Zyxel_Melen

Hi @sp2001,

Generally, when testing transmission performance, it is recommended to disable EEE (Energy-Efficient Ethernet) and Flow Control settings as they can potentially impact performance.

Since you mentioned that the 1G PC and the 10G PC are connected to different switches, based on your test result of 30Mbps, it seems that the link speed between the two switches may not be 1G. It would be worth testing the performance by directly connecting the 1G PC to the XS1930 switch to see if there is any difference.

Lastly, could you please provide information about your internet bandwidth speed? Whether using the 10G PC or the 1G PC to access fast.com, both resulting in 200Mbps, does this meet your expectations?

sp2001

Hi @Zyxel_Melen, some update, xs1930 is connected to a GS1900-24 both device report the respective connection port to be 1Gbit/s full duplex, I've also tested connecting the 1 gbit/s pc directly on a port of xs1930 assigned to vlan50 getting same performance so issue doesn't seems to be related to the other switch or connection between the two switches.

Since this was the status and since on your side it was working correctly I've performed again a back to factory default and re-apply config I've posted here and now it is working fine getting ~9.4 Gbit/s with iperf3 between the two test machines.

Honestly having re-applied exactly same config parameter it is not clear to me why now it work…

But I think it's fine.

Was thinking to set mtu on the machine on 10gbit/s vlan to 9014, but not sure if xs1930 support path mtu discovery, I've seen in the doc that it is reported but seems only for ipv6 and not ipv4. Do you know if path mtu discovery for ipv4 is supported by internal routing engine of xs1930?

let me know

best regards

SP

Zyxel_Melen

Hi @sp2001,

This might be due to the EEE. If the performance problem occurs again, I recommend disabling the EEE. And it's good to hear the XS1930 works properly in your network.

In addition, XS1930 supports jumbo frame (12KB), and I also did a ping test (One of PC is in VLAN 1 and another is in VLAN 10). Below is my result:

So I think you can set MTU to 9014 on your machine.

sp2001

hi, made some test, if I ping between 2 machine on the same vlan that I use for 10gbit it work fine with jumbo frame but if I ping a machine connected to another vlan and machine on the second vlan has standard mtu it doesn’t work, seems xs1930 is not sending a path mtu message telling the source machine that packet need to be fragmented.