Hi,
i'm experiencing something strange... Fortigate 1800F clustered running 6.4.12 (planned to be upgraded in October to 7.0.15)
I'll narrow it down to it's most simplistic form...
Two user vlans A and B
One server vlan C
When running iperf between user vlans and server vlan C i see a considerable downgrade in download performance from vlan A. Upload is perfect and saturates the 1 GBit interface.
I don't see this issue from vlan B. Both download and upload saturate the 1 GBit interface.
All vlans go into one single trunk which is aggregated. I ruled out switching.
Strangely i see the issue dissapear after working hours. Both upload and download saturate the 1 GBit interface from vlan A.
Did a wireshark today during business hours in vlan A while running iperf. Saw a lot of fast retransmissions, dup ack, tcp previous segment not captured, tcp out of order...
Reviewed the complete Fortigate vlan config. Did not see anything wrong... Or at least both vlans seem to be configured alike. Anyone experienced something similar and has some hints?
__PRESENT
__PRESENT
Based on your description for this behavior, it seems like some other host from VLAN A (or else) is saturating the download link. It's not clear how the physical connection are in this setup but I suspect some link saturation is happening on the switch ports. Do you have a monitoring system in place to trace link utilization?
I also performed testing from a distribution switch with an uplink of 10 GBit. From there on it's all 10 GBit to the firewall (and actually aggregated 2 x 10 GBit). On our monitoring, there's merely 150 MBit/s trafic going over there... When i tested on another switch, i changed the port between vlan A and B. And from vlan B everything was fine. So i see no evidence the link is saturated.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.