这是一个创建于 2343 天前的主题,其中的信息可能已经有所发展或是发生改变。
公司机房的核心交换机 似乎负载很高,但是我还没开始搭建环境测试, 现在想先请教一下 有大佬知道 三层交换机 在 二层交换 和三层交换性能差多少(刚才已经致电了华为售后,售后告知 二层转发速率和三层转发速率不一样,但是差多少要问售前拿资料)
 | 1 trepwq 2019-06-26 21:27:14 +08:00 via iPhone  1 二层一般都是满速,三层惨不忍睹 |
 | 2 ericbize OP @trepwq 就是很卡,但是没有什么证据,明天看看 华为 售前有没有数据; 准备自己 测了,这种东西,估计别人不好意思拿出来。 |
 | 3 CallMeReznov 2019-06-26 23:02:57 +08:00 1 三层和二层是两个指标的 我个人遇到的实际 CPU 负载在 70%的时候已经很饱和的在工作了,出现各种问题也很正常 你看一下 CPU 负载,在看一下出口负载. |
 | 4 ixiaoyui 2019-06-27 08:53:57 +08:00 1 核心交换机三层不是线速吗???线速都达不到的设备拿来放核心层??? |
 | 6 huangmiao233 2019-06-27 17:20:45 +08:00 via Android 1 什么型号呀,我帮你看看文档,版本发下? |
 | 7 intoext 2019-06-27 18:59:14 +08:00 1 别开玩笑了,10 年前的三层交换机,L2/L3 都是线速转发了。 如果是负载重,除非你们让交换机承担了很多访问控制的功能 |
| 10 ericbize OP |
| 11 ericbize OP @CallMeReznov cpu 负载 30% 左右, |
| 12 ericbize OP @Tianao CIST topology change information Number of topology changes :921 Time since last topology change :15 days 3h:39m:32s Topology change initiator(notified) :GigabitEthernet0/0/1 Topology change last received from :0425-c529-60b0 Number of generated topologychange traps : 80 Number of suppressed topologychange traps: 4 似乎也没有 网络震荡 |
 | 13 Tianao 2019-06-27 20:53:53 +08:00 via iPhone @ericbize 这个情况看起来有点玄学问题,建议先无脑刷一波版本,5700-EI 作核心大部分场景下完全 OK 啊。确定这个延迟不是接入层带来的吗?或者如果方便楼主贴下配置? |
| 14 ericbize OP @Tianao # interface Vlanif1 # interface Vlanif19 ip address 172.31.99.254 255.255.255.0 # interface Vlanif20 ip address 172.31.100.248 255.255.255.0 # interface Vlanif21 ip address 172.31.101.254 255.255.255.0 # interface Vlanif308 ip address 172.18.1.254 255.255.255.0 # interface Vlanif3700 ip address 172.18.2.225 255.255.255.224 # interface MEth0/0/1 ip address 10.1.1.1 255.255.255.0 # interface Eth-Trunk4 # interface Eth-Trunk5 description to_emmm-emmm-002 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface Eth-Trunk6 description to_emmm_emmm_058 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface Eth-Trunk7 description to_emmm_emmm_017 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface Eth-Trunk8 description to_emmm_emmm_030 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface Eth-Trunk9 description to_emmm_emmm_037 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface Eth-Trunk10 description to_emmm_emmm_080 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface Eth-Trunk11 description to_emmm_emmm_081 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface Eth-Trunk12 description to_emmm_emmm_082 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 19 308 # interface GigabitEthernet0/0/2 port link-type access port default vlan 3700 port-mirroring to observe-port 1 inbound port-mirroring to observe-port 1 outbound # interface GigabitEthernet0/0/3 eth-trunk 7 # interface GigabitEthernet0/0/4 eth-trunk 8 # interface GigabitEthernet0/0/5 eth-trunk 9 # interface GigabitEthernet0/0/6 eth-trunk 10 # interface GigabitEthernet0/0/7 eth-trunk 11 # interface GigabitEthernet0/0/8 eth-trunk 12 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 shutdown # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 description toFTFW port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 description toShiJinFW(89) port link-type access port default vlan 3700 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface GigabitEthernet0/0/25 # interface GigabitEthernet0/0/26 # interface GigabitEthernet0/0/27 # interface GigabitEthernet0/0/28 # interface GigabitEthernet0/0/29 # interface GigabitEthernet0/0/30 # interface GigabitEthernet0/0/31 # interface GigabitEthernet0/0/32 # interface GigabitEthernet0/0/33 # interface GigabitEthernet0/0/34 # |
| 15 ericbize OP @Tianao interface GigabitEthernet0/0/35 port link-type access port default vlan 308 # interface GigabitEthernet0/0/36 port link-type access port default vlan 308 # interface GigabitEthernet0/0/37 # interface GigabitEthernet0/0/38 port link-type access port default vlan 308 # interface GigabitEthernet0/0/39 # interface GigabitEthernet0/0/40 description toWAF port link-type access port default vlan 20 # interface GigabitEthernet0/0/41 port link-type trunk # interface GigabitEthernet0/0/42 port link-type access port default vlan 20 # interface GigabitEthernet0/0/43 eth-trunk 6 # interface GigabitEthernet0/0/44 eth-trunk 5 # interface GigabitEthernet0/0/45 # interface GigabitEthernet0/0/46 # interface GigabitEthernet0/0/47 # interface GigabitEthernet0/0/48 shutdown # interface GigabitEthernet1/0/1 port link-type access port default vlan 3700 # interface GigabitEthernet1/0/2 # interface GigabitEthernet1/0/3 eth-trunk 7 # interface GigabitEthernet1/0/4 eth-trunk 8 # interface GigabitEthernet1/0/5 eth-trunk 9 # interface GigabitEthernet1/0/6 eth-trunk 10 # interface GigabitEthernet1/0/7 eth-trunk 11 # interface GigabitEthernet1/0/8 eth-trunk 12 # interface GigabitEthernet1/0/9 # interface GigabitEthernet1/0/10 # interface GigabitEthernet1/0/11 # interface GigabitEthernet1/0/12 # interface GigabitEthernet1/0/13 # interface GigabitEthernet1/0/14 # interface GigabitEthernet1/0/15 # interface GigabitEthernet1/0/16 # interface GigabitEthernet1/0/17 # interface GigabitEthernet1/0/18 # interface GigabitEthernet1/0/19 # interface GigabitEthernet1/0/20 # interface GigabitEthernet1/0/21 # interface GigabitEthernet1/0/22 # interface GigabitEthernet1/0/23 # interface GigabitEthernet1/0/24 # interface GigabitEthernet1/0/25 # interface GigabitEthernet1/0/26 # interface GigabitEthernet1/0/27 # interface GigabitEthernet1/0/28 # interface GigabitEthernet1/0/29 # interface GigabitEthernet1/0/30 # interface GigabitEthernet1/0/31 # interface GigabitEthernet1/0/32 # interface GigabitEthernet1/0/33 # interface GigabitEthernet1/0/34 port link-type access port default vlan 20 # interface GigabitEthernet1/0/35 # interface GigabitEthernet1/0/36 port link-type access port default vlan 3700 # interface GigabitEthernet1/0/37 # interface GigabitEthernet1/0/38 port default vlan 21 # interface GigabitEthernet1/0/39 # interface GigabitEthernet1/0/40 # interface GigabitEthernet1/0/41 port link-type trunk # interface GigabitEthernet1/0/42 port link-type trunk # interface GigabitEthernet1/0/43 eth-trunk 6 # interface GigabitEthernet1/0/44 eth-trunk 5 # interface GigabitEthernet1/0/45 # interface GigabitEthernet1/0/46 # interface GigabitEthernet1/0/47 # interface GigabitEthernet1/0/48 port link-type access port default vlan 3700 # interface NULL0 # cpu-defend policy arpattcheck auto-defend enable auto-defend threshold 30 # ip route-static 0.0.0.0 0.0.0.0 172.18.2.254 ip route-static 10.230.8.0 255.255.255.0 172.18.2.250 ip route-static 172.16.0.0 255.255.0.0 172.18.2.250 ip route-static 172.30.1.0 255.255.255.0 172.18.2.250 ip route-static 172.30.16.0 255.255.240.0 172.18.2.250 ip route-static 172.30.32.0 255.255.255.0 172.18.2.250 ip route-static 192.168.0.0 255.255.0.0 172.18.2.250 # snmp-agent stelnet server enable ssh authentication-type default password ssh client first-time enable ssh client 172.18.2.227 assign rsa-key 172.18.2.227 ssh client 172.31.100.249 assign rsa-key 172.31.100.249 ssh client 172.31.100.250 assign rsa-key 172.31.100.250 ssh client 172.31.100.251 assign rsa-key 172.31.100.251 ssh client 172.31.100.66 assign rsa-key 172.31.100.66 # cpu-defend-policy arpattcheck global # user-interface con 0 user-interface vty 0 4 authentication-mode aaa user privilege level 15 protocol inbound all user-interface vty 16 20 # return |
 | 16 lirno 2019-06-28 17:02:08 +08:00 我这边思科的核心也是用了挺久,发现高峰时段负荷经常跑到 70-80 以上,内网也只是个简单三层环境,赶紧升级换了新设备就降到 10-20 正常了。 |
| 17 Tianao 2019-06-28 17:08:47 +08:00 via iPhone @ericbize 看到楼主使能了 cpu auto-defend,建议楼主使用 display cpu-defend statistics display auto-port-defend statistics display auto-port-defend attack-source 命令查看下是否有正常报文被误伤。 |
| 19 ericbize OP >display auto-port-defend att Attack source table on MPU: Total : 1 -------------------------------------------------------------------------------- Interface Vlan Protocol Expire(s) PacketRate(pps) LastAttackTime -------------------------------------------------------------------------------- GE1/0/44 20 arp-request 165 10 2019-06-28 21:50:25 -------------------------------------------------------------------------------- |
| 20 ericbize OP display cpu-defend statistics Statistics on slot 0: -------------------------------------------------------------------------------- Packet Type Pass(Packet/Byte) Drop(Packet/Byte) Last-dropping-time -------------------------------------------------------------------------------- arp-miss 121981498 2179095 2019-06-28 08:05:39 NA NA arp-request 307021137 1414108 2019-03-06 21:45:16 NA NA dns 89275 0 - NA NA fib-hit 9409 0 - NA NA ftp 84937 19 2019-04-15 16:15:23 NA NA http 107546 0 - NA NA https 225246 3127 2019-06-15 08:55:35 NA NA hw-tacacs 0 0 - NA NA icmp 2936317 0 - NA NA lnp 8003840 0 - NA NA ntp 304137 0 - NA NA radius 0 0 - NA NA snmp 500256 0 - NA NA ssh 411008 0 - NA NA tcp 1703945 133028 2019-06-28 08:05:39 NA NA telnet 80136 0 - NA NA ttl-expired 13895550 11 2019-03-30 10:55:21 NA NA vcmp 0 0 - NA NA -------------------------------------------------------------------------------- |
| 21 ericbize OP @Tianao >display auto-port-defend ? attack-source Attack source configuration Current configuration 剩下那个,命令似乎没有 |
| 22 Tianao 2019-06-29 18:41:25 +08:00 @ericbize 命令没有可能是版本问题吧,我也不太熟悉这块的命令…… 不过从 #19、#20 的结果来看,貌似是有来自 GE1/0/44 VLAN20 的 ARP 报文被误伤了,虽然不能确定这个事件是否和现有问题有关,但还是建议楼主检查下这个接口来的报文,或者暂时关闭交换机的 ARP 自动防护功能。 除此以外,恕我无法看出楼主贴出的配置有其他可疑之处。 |
Select Language