Show Posts
1
23.1 Legacy Series / Re: Slow one way iperf3 inter vlan routing
« on: September 23, 2023, 01:09:18 am »
I've just solved about 20 CAPTCHA's to post this so hopefully it's useful! In a week of troubleshooting (admittedly I started at layer 7/disk IO) this is about the only information I've found of somebody seeing the same pattern, so I thought it best to reply even if it's only for my own reference if I see the problem again. 
I was seeing the same behaviour as your 3rd set of iperf results between two of my hosts in the end I managed to identify what the problem was for me, perhaps it's the same for you.
In my situation I was running iperf from my desktop on VLAN 30 to a server on VLAN 20 and getting this:
Running a reverse test was absolutely fine and ran at about 500Mbps.
The key to this was the server was configured with two NICs one on VLAN 20 and one on VLAN 30; my layer 3 IP network maps one to one with VLANs. I'd originally done this so the servers management interface could be accessed from other hosts on VLAN 30 without having to hop through the firewall.
So from my understanding of what was happening in my case is the TCP packets were flowing:
Forgive me if the technical details are wrong but this but basically the replies were coming directly to my desktop as they were actually on the same L3 network.
In the end I realised placing the server on both networks was daft as it allowed it to reach into my more secure network without going through any firewall rules so I just removed the additional interface.
FWIWW Running wireshark on both sides of the connection was a tremendous help in tracking this down.
Edit: I didn't try disabling the firewall - I wasn't sure of the implications of that so stayed well away - so I can't say if it's exactly the same problem.
I was seeing the same behaviour as your 3rd set of iperf results between two of my hosts in the end I managed to identify what the problem was for me, perhaps it's the same for you.
In my situation I was running iperf from my desktop on VLAN 30 to a server on VLAN 20 and getting this:
Code: [Select]
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 126 KBytes 1.03 Mbits/sec
[ 4] 1.00-2.01 sec 0.00 Bytes 0.00 bits/sec
[ 4] 2.01-3.01 sec 63.0 KBytes 519 Kbits/sec
[ 4] 3.01-4.02 sec 0.00 Bytes 0.00 bits/sec
[ 4] 4.02-5.01 sec 0.00 Bytes 0.00 bits/sec
[ 4] 5.01-6.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 6.00-7.01 sec 0.00 Bytes 0.00 bits/sec
[ 4] 7.01-8.01 sec 0.00 Bytes 0.00 bits/sec
[ 4] 8.01-9.01 sec 0.00 Bytes 0.00 bits/sec
[ 4] 9.01-10.01 sec 0.00 Bytes 0.00 bits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.01 sec 189 KBytes 155 Kbits/sec sender
[ 4] 0.00-10.01 sec 64.2 KBytes 52.5 Kbits/sec receiver
Running a reverse test was absolutely fine and ran at about 500Mbps.
The key to this was the server was configured with two NICs one on VLAN 20 and one on VLAN 30; my layer 3 IP network maps one to one with VLANs. I'd originally done this so the servers management interface could be accessed from other hosts on VLAN 30 without having to hop through the firewall.
So from my understanding of what was happening in my case is the TCP packets were flowing:
Code: [Select]
Desktop (VLAN 30) -> Firewall -> Server (VLAN 20)
Desktop (VLAN 30) <- Server (VLAN 30)
Forgive me if the technical details are wrong but this but basically the replies were coming directly to my desktop as they were actually on the same L3 network.
In the end I realised placing the server on both networks was daft as it allowed it to reach into my more secure network without going through any firewall rules so I just removed the additional interface.
FWIWW Running wireshark on both sides of the connection was a tremendous help in tracking this down.
Edit: I didn't try disabling the firewall - I wasn't sure of the implications of that so stayed well away - so I can't say if it's exactly the same problem.