XS 1930 no policy route in ACL?

2»

All Replies

  • sp2001
    sp2001 Posts: 5
    First Comment

    Hi @Zyxel_Melen I have 2 vlan defined on the switch, 1 connected at 1gbit/s to another switch, the other with 2 machine directly connected at 10gbit speed, iperf3 between machines on 10gbit vlan get 9.47 gbit/s throughput, from machines on 10 gbit/s vlan to machine on 1gbit/s vlan I get 30mbit/s with iperf3, just for curiosity I’ve also tried from machine on 10gbit/s vlan to fast.com transiting via the 1gbit/s vlan while on machine on 1gbit/s vlan to fast.com I get 200mbit/s. With 80MB/s you mean 640mbit/s?

  • sp2001
    sp2001 Posts: 5
    First Comment

    Hi, below the config, let me know if you spot something that can justify the vlan routing bad performance:

    ; Product Name = XS1930-10
    ; Firmware Version = V4.80(ABQE.1) | 02/01/2023
    ; Service Status = Not Licensed
    ; SysConf Engine Version = 1.2
    ; Config last updated = 02:41:11 (UTC+03:00 DST) 2023-05-27
    no service-control snmp
    vlan 1
    name Mgt
    normal ""
    fixed 1-10
    forbidden ""
    untagged 1-10
    exit
    vlan 50
    name Ten-Network
    normal 2-10
    fixed 1
    forbidden ""
    untagged ""
    ip address 10.254.254.254 255.0.0.0
    ip address default-gateway 10.0.0.1
    exit
    vlan 100
    name 10Gbit
    normal ""
    fixed 1-10
    forbidden ""
    untagged 1-10
    ip address 172.31.0.1 255.255.0.0
    exit
    interface route-domain 10.254.254.254/8
    exit
    interface route-domain 172.31.0.1/16
    exit
    interface vlan 1
    ipv6
    ipv6 address dhcp client ia-naexit
    interface port-channel 1
    flow-control
    pvid 50
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 2
    flow-control
    pvid 100
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 3
    flow-control
    pvid 100
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 4
    flow-control
    pvid 100
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 5
    flow-control
    pvid 100
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 6
    flow-control
    pvid 100
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 7
    flow-control
    pvid 100
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 8
    flow-control
    pvid 100
    loopguard
    green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    exit
    interface port-channel 9
    flow-control
    pvid 100
    loopguard
    exit
    interface port-channel 10
    flow-control
    pvid 100
    loopguard
    exit
    ip name-server 10.0.0.1 192.168.254.1
    spanning-tree
    time timezone 200
    time daylight-saving-time
    time daylight-saving-time start-date last sunday march 2
    time daylight-saving-time end-date last sunday october 3
    timesync server ch.pool.ntp.org
    timesync ntp
    storm-control
    loopguard
    snmp-server location Office
    rmon statistics etherstats 1 port-channel 1rmon statistics etherstats 2 port-channel 2rmon statistics etherstats 3 port-channel 3rmon statistics etherstats 4 port-channel 4rmon statistics etherstats 5 port-channel 5rmon statistics etherstats 6 port-channel 6rmon statistics etherstats 7 port-channel 7rmon statistics etherstats 8 port-channel 8rmon statistics etherstats 9 port-channel 9rmon statistics etherstats 10 port-channel 10green-ethernet eee
    green-ethernet auto-power-down
    green-ethernet short-reach
    wizard ignore

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,590  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @sp2001,

    My last result looks not good might be due to PC's I/O performance. I used your configuration and tested it again with Iperf3. Below is my result:

    1. 10G to 1G : 937 mbit/s.
    2. 1G to 1G : 933 mbit/s.

    Based on my result, the XS1930 does not have performance problems on VLAN routing. May I know your test steps, test command, and your PC's OS? Also, when you test Iperf3, are your PCs connected to the XS1930 directly or not?

    Zyxel Melen


  • Zyxel_Melen
    Zyxel_Melen Posts: 2,590  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @sp2001,

    Generally, when testing transmission performance, it is recommended to disable EEE (Energy-Efficient Ethernet) and Flow Control settings as they can potentially impact performance.

    Since you mentioned that the 1G PC and the 10G PC are connected to different switches, based on your test result of 30Mbps, it seems that the link speed between the two switches may not be 1G. It would be worth testing the performance by directly connecting the 1G PC to the XS1930 switch to see if there is any difference.

    Lastly, could you please provide information about your internet bandwidth speed? Whether using the 10G PC or the 1G PC to access fast.com, both resulting in 200Mbps, does this meet your expectations?

    Zyxel Melen


  • sp2001
    sp2001 Posts: 5
    First Comment

    Hi @Zyxel_Melen, some update, xs1930 is connected to a GS1900-24 both device report the respective connection port to be 1Gbit/s full duplex, I've also tested connecting the 1 gbit/s pc directly on a port of xs1930 assigned to vlan50 getting same performance so issue doesn't seems to be related to the other switch or connection between the two switches.

    Since this was the status and since on your side it was working correctly I've performed again a back to factory default and re-apply config I've posted here and now it is working fine getting ~9.4 Gbit/s with iperf3 between the two test machines.

    Honestly having re-applied exactly same config parameter it is not clear to me why now it work…

    But I think it's fine.

    Was thinking to set mtu on the machine on 10gbit/s vlan to 9014, but not sure if xs1930 support path mtu discovery, I've seen in the doc that it is reported but seems only for ipv6 and not ipv4. Do you know if path mtu discovery for ipv4 is supported by internal routing engine of xs1930?

    let me know

    best regards

    SP

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,590  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @sp2001,

    This might be due to the EEE. If the performance problem occurs again, I recommend disabling the EEE. And it's good to hear the XS1930 works properly in your network.

    In addition, XS1930 supports jumbo frame (12KB), and I also did a ping test (One of PC is in VLAN 1 and another is in VLAN 10). Below is my result:

    So I think you can set MTU to 9014 on your machine.

    Zyxel Melen


  • sp2001
    sp2001 Posts: 5
    First Comment

    hi, made some test, if I ping between 2 machine on the same vlan that I use for 10gbit it work fine with jumbo frame but if I ping a machine connected to another vlan and machine on the second vlan has standard mtu it doesn’t work, seems xs1930 is not sending a path mtu message telling the source machine that packet need to be fragmented.