D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: sc00byy on October 19, 2009, 09:31:36 AM
-
Hello there,
Here's a quick topo of our network, 10x dfl-210 connected to 1 dfl-800 (main office) using vpn. Servers are on their vlan and users on another one.
I just enabled vlan tagging and created some vlans to keep my users off servers' network. Now, our main dfl-800 have his cpu between 75% and 95%. I only have a few rules and few connections.
Is it only because of vlan tagging that now this dfl-800 have difficulties to handle traffic?
thanks
-
I wouldn't suspect the VLAN before the VPNs, what do your throughputs on each tunnel look like?
How about your total NAT throughput?
What did your CPU Utilization look like before enabling VLANs?
How many connections are you averaging?
What is your memory utilization like?
-
I wouldn't suspect the VLAN before the VPNs, what do your throughputs on each tunnel look like?
I have a stack of 4x DGS-3100 connect to this DFL-800. I know that dfl-800 is a bottleneck because it only have 100mbits ports.
How about your total NAT throughput?
I got an average of 2000kbps
What did your CPU Utilization look like before enabling VLANs?
Between 20% and 30%
How many connections are you averaging?
500
What is your memory utilization like?
71 / 128 MB
-
What kind of routed throughput do you have between VLANs? I expected since you didn't have VLAN interfaces previously that it would have been minimal, but you have made it clear my assumptions lived up to the title.
-
What kind of routed throughput do you have between VLANs?
An average of 3000kbps. I did some testing and found that what is killing the dfl-800 is really when throughput is getting high between VLANs. I tried to find some documentation about what the dfl-800 is supporting but didn't find any.
I think the best way to fix this is to upgrade to a more powerful unit like the dfl-1600. I will then get gigabyte routing.
-
Given you are showing a potential hardware problem on what I assume is the same unit in another thread I am going to blame your specific DFL-800.
-
Given you are showing a potential hardware problem on what I assume is the same unit in another thread I am going to blame your specific DFL-800.
I did a reset on this device and now load is far more better. Between 20% and 40%
-
Well lets see if it stays in that range, I distrust fixing things entirely with a reset.
-
I have the same issue with vlans too but the problem replicates only with the alg function enabled !!! help
in one hour i have 80% cpu and slow speed
its a dfl 800 i have installed the latest 2.27 fw
the only strange thing is a length errors on lan interface and some dropped errors.
lan interface its connected to a cisco express 500 switch
-
The problem mitigates a little changing vlans Ethernet interface from lan(7 port switch integrated on dfl 800) to wan 2 where don't see length Ethernet errors.
But show the same strange behavior of CPU usage increasing until reach 40% and staying there whit or without traffic, i think ther is a abnormal behavior of cpu usage related with vlans and ALG.
I try disabling PBR and the behavior persist, looks like its a VLANS issue related, i have used ALG before without vlans with out problem
Any body with the same problem??
-
my cpu usage monitored by snmp looks like this
daily
(http://pwp.etb.net.co/sergio_acuna/cpu%20day.jpg)
hour
(http://pwp.etb.net.co/sergio_acuna/cpu%20hour.jpg)
-
now the behavior its taking some even more estrange turn.
the cpu usage its increasing in low traffic time going to 70% o 80 % but at peak traffic time 30% 40%