想请教一下,三层交换机的转发速率。

2019-06-26 20:42:39 +08:00
 ericbize
公司机房的核心交换机 似乎负载很高,但是我还没开始搭建环境测试, 现在想先请教一下 有大佬知道 三层交换机 在 二层交换 和三层交换性能差多少(刚才已经致电了华为售后,售后告知 二层转发速率和三层转发速率不一样,但是差多少要问售前拿资料)
4100 次点击
所在节点    宽带症候群
24 条回复
trepwq
2019-06-26 21:27:14 +08:00
二层一般都是满速,三层惨不忍睹
ericbize
2019-06-26 22:04:28 +08:00
@trepwq 就是很卡,但是没有什么证据,明天看看 华为 售前有没有数据; 准备自己 测了,这种东西,估计别人不好意思拿出来。
CallMeReznov
2019-06-26 23:02:57 +08:00
三层和二层是两个指标的
我个人遇到的实际 CPU 负载在 70%的时候已经很饱和的在工作了,出现各种问题也很正常
你看一下 CPU 负载,在看一下出口负载.
ixiaoyui
2019-06-27 08:53:57 +08:00
核心交换机三层不是线速吗???线速都达不到的设备拿来放核心层???
ericbize
2019-06-27 09:19:24 +08:00
@ixiaoyui N 年前, 公司在机房只有两三个柜, 现在 加到了 9 个,换交换机 有风险
huangmiao233
2019-06-27 17:20:45 +08:00
什么型号呀,我帮你看看文档,版本发下?
intoext
2019-06-27 18:59:14 +08:00
别开玩笑了,10 年前的三层交换机,L2/L3 都是线速转发了。
如果是负载重,除非你们让交换机承担了很多访问控制的功能
Tianao
2019-06-27 19:02:35 +08:00
@intoext #7 +1,或者拓扑变化、网络震荡导致动态路由之类的进程负载太重了。
ericbize
2019-06-27 20:33:40 +08:00
@helijia21 S5700-52C-EI 做了堆叠
ericbize
2019-06-27 20:38:44 +08:00
@intoext 没有设置 acl
@Tianao 没有动态路由, 路由表立都是 直连 和 静态

表现 就是 本地 ping 1.5ms ~ 2ms,然后 ssh 上去 很慢,找不到原因。
其次是
ericbize
2019-06-27 20:39:39 +08:00
@CallMeReznov cpu 负载 30% 左右,
ericbize
2019-06-27 20:42:46 +08:00
@Tianao
CIST topology change information
Number of topology changes :921
Time since last topology change :15 days 3h:39m:32s
Topology change initiator(notified) :GigabitEthernet0/0/1
Topology change last received from :0425-c529-60b0
Number of generated topologychange traps : 80
Number of suppressed topologychange traps: 4


似乎也没有 网络震荡
Tianao
2019-06-27 20:53:53 +08:00
@ericbize 这个情况看起来有点玄学问题,建议先无脑刷一波版本,5700-EI 作核心大部分场景下完全 OK 啊。确定这个延迟不是接入层带来的吗?或者如果方便楼主贴下配置?
ericbize
2019-06-28 15:31:19 +08:00
@Tianao

#
interface Vlanif1
#
interface Vlanif19
ip address 172.31.99.254 255.255.255.0
#
interface Vlanif20
ip address 172.31.100.248 255.255.255.0
#
interface Vlanif21
ip address 172.31.101.254 255.255.255.0
#
interface Vlanif308
ip address 172.18.1.254 255.255.255.0
#
interface Vlanif3700
ip address 172.18.2.225 255.255.255.224
#
interface MEth0/0/1
ip address 10.1.1.1 255.255.255.0
#
interface Eth-Trunk4
#
interface Eth-Trunk5
description to_emmm-emmm-002
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk6
description to_emmm_emmm_058
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk7
description to_emmm_emmm_017
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk8
description to_emmm_emmm_030
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk9
description to_emmm_emmm_037
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk10
description to_emmm_emmm_080
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk11
description to_emmm_emmm_081
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk12
description to_emmm_emmm_082
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 19 308
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3700
port-mirroring to observe-port 1 inbound
port-mirroring to observe-port 1 outbound
#
interface GigabitEthernet0/0/3
eth-trunk 7
#
interface GigabitEthernet0/0/4
eth-trunk 8
#
interface GigabitEthernet0/0/5
eth-trunk 9
#
interface GigabitEthernet0/0/6
eth-trunk 10
#
interface GigabitEthernet0/0/7
eth-trunk 11
#
interface GigabitEthernet0/0/8
eth-trunk 12
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
shutdown
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
description toFTFW
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
description toShiJinFW(89)
port link-type access
port default vlan 3700
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface GigabitEthernet0/0/25
#
interface GigabitEthernet0/0/26
#
interface GigabitEthernet0/0/27
#
interface GigabitEthernet0/0/28
#
interface GigabitEthernet0/0/29
#
interface GigabitEthernet0/0/30
#
interface GigabitEthernet0/0/31
#
interface GigabitEthernet0/0/32
#
interface GigabitEthernet0/0/33
#
interface GigabitEthernet0/0/34
#
ericbize
2019-06-28 15:31:44 +08:00
@Tianao


interface GigabitEthernet0/0/35
port link-type access
port default vlan 308
#
interface GigabitEthernet0/0/36
port link-type access
port default vlan 308
#
interface GigabitEthernet0/0/37
#
interface GigabitEthernet0/0/38
port link-type access
port default vlan 308
#
interface GigabitEthernet0/0/39
#
interface GigabitEthernet0/0/40
description toWAF
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/41
port link-type trunk
#
interface GigabitEthernet0/0/42
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/43
eth-trunk 6
#
interface GigabitEthernet0/0/44
eth-trunk 5
#
interface GigabitEthernet0/0/45
#
interface GigabitEthernet0/0/46
#
interface GigabitEthernet0/0/47
#
interface GigabitEthernet0/0/48
shutdown
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 3700
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
eth-trunk 7
#
interface GigabitEthernet1/0/4
eth-trunk 8
#
interface GigabitEthernet1/0/5
eth-trunk 9
#
interface GigabitEthernet1/0/6
eth-trunk 10
#
interface GigabitEthernet1/0/7
eth-trunk 11
#
interface GigabitEthernet1/0/8
eth-trunk 12
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
#
interface GigabitEthernet1/0/26
#
interface GigabitEthernet1/0/27
#
interface GigabitEthernet1/0/28
#
interface GigabitEthernet1/0/29
#
interface GigabitEthernet1/0/30
#
interface GigabitEthernet1/0/31
#
interface GigabitEthernet1/0/32
#
interface GigabitEthernet1/0/33
#
interface GigabitEthernet1/0/34
port link-type access
port default vlan 20
#
interface GigabitEthernet1/0/35
#
interface GigabitEthernet1/0/36
port link-type access
port default vlan 3700
#
interface GigabitEthernet1/0/37
#
interface GigabitEthernet1/0/38
port default vlan 21
#
interface GigabitEthernet1/0/39
#
interface GigabitEthernet1/0/40
#
interface GigabitEthernet1/0/41
port link-type trunk
#
interface GigabitEthernet1/0/42
port link-type trunk
#
interface GigabitEthernet1/0/43
eth-trunk 6
#
interface GigabitEthernet1/0/44
eth-trunk 5
#
interface GigabitEthernet1/0/45
#
interface GigabitEthernet1/0/46
#
interface GigabitEthernet1/0/47
#
interface GigabitEthernet1/0/48
port link-type access
port default vlan 3700
#
interface NULL0
#
cpu-defend policy arpattcheck
auto-defend enable
auto-defend threshold 30
#
ip route-static 0.0.0.0 0.0.0.0 172.18.2.254
ip route-static 10.230.8.0 255.255.255.0 172.18.2.250
ip route-static 172.16.0.0 255.255.0.0 172.18.2.250
ip route-static 172.30.1.0 255.255.255.0 172.18.2.250
ip route-static 172.30.16.0 255.255.240.0 172.18.2.250
ip route-static 172.30.32.0 255.255.255.0 172.18.2.250
ip route-static 192.168.0.0 255.255.0.0 172.18.2.250
#
snmp-agent

stelnet server enable
ssh authentication-type default password
ssh client first-time enable
ssh client 172.18.2.227 assign rsa-key 172.18.2.227
ssh client 172.31.100.249 assign rsa-key 172.31.100.249
ssh client 172.31.100.250 assign rsa-key 172.31.100.250
ssh client 172.31.100.251 assign rsa-key 172.31.100.251
ssh client 172.31.100.66 assign rsa-key 172.31.100.66
#
cpu-defend-policy arpattcheck global
#
user-interface con 0

user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound all
user-interface vty 16 20
#
return
lirno
2019-06-28 17:02:08 +08:00
我这边思科的核心也是用了挺久,发现高峰时段负荷经常跑到 70-80 以上,内网也只是个简单三层环境,赶紧升级换了新设备就降到 10-20 正常了。
Tianao
2019-06-28 17:08:47 +08:00
@ericbize 看到楼主使能了 cpu auto-defend,建议楼主使用
display cpu-defend statistics
display auto-port-defend statistics
display auto-port-defend attack-source
命令查看下是否有正常报文被误伤。
ericbize
2019-06-28 19:38:50 +08:00
@lirno 线上环境,不是想换就换的啊;经费是一回事;服务暂停又是另外一回事了……
ericbize
2019-06-28 21:53:25 +08:00
>display auto-port-defend att
Attack source table on MPU:
Total : 1
--------------------------------------------------------------------------------
Interface Vlan Protocol Expire(s) PacketRate(pps) LastAttackTime
--------------------------------------------------------------------------------
GE1/0/44 20 arp-request 165 10 2019-06-28 21:50:25
--------------------------------------------------------------------------------
ericbize
2019-06-28 21:54:51 +08:00
display cpu-defend statistics
Statistics on slot 0:
--------------------------------------------------------------------------------
Packet Type Pass(Packet/Byte) Drop(Packet/Byte) Last-dropping-time
--------------------------------------------------------------------------------
arp-miss 121981498 2179095 2019-06-28 08:05:39
NA NA
arp-request 307021137 1414108 2019-03-06 21:45:16
NA NA
dns 89275 0 -
NA NA
fib-hit 9409 0 -
NA NA
ftp 84937 19 2019-04-15 16:15:23
NA NA
http 107546 0 -
NA NA
https 225246 3127 2019-06-15 08:55:35
NA NA
hw-tacacs 0 0 -
NA NA
icmp 2936317 0 -
NA NA
lnp 8003840 0 -
NA NA
ntp 304137 0 -
NA NA
radius 0 0 -
NA NA
snmp 500256 0 -
NA NA
ssh 411008 0 -
NA NA
tcp 1703945 133028 2019-06-28 08:05:39
NA NA
telnet 80136 0 -
NA NA
ttl-expired 13895550 11 2019-03-30 10:55:21
NA NA
vcmp 0 0 -
NA NA
--------------------------------------------------------------------------------

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/577793

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX