Re: Quantum Spark is forwarding traffic to eth0 in...

JDCasCruz

Hello team,

I have recently been checking some traffic on my Quantum Spark (SMB) #, then I noticed that the traffic comes in on the WAN interface, then it is forwarded to the LAN interface, but then it seems to be forwarded again, but to the eth0 interfa
When the traffic is outgoing, this behavior is not evident. I attach a screenshot where you can see the above.
Why is the traffic being forwarded to the eth0 interface, is this the expected behavior? and finally, what are the eth0 and eth1 interfaces used for?
Please help me to understand this behavior.

Regards.

AkosBakos

Hi @JDCasCruz

fw monitor shows tha same?

Try this: fw monitor -F "172.16.27.102,0,0,0,0"

Do you see the "plus" packet on eth0?

Ákos

----------------
\m/_(>_<)_\m/

JDCasCruz

Hello @AkosBakos ,
When I use fw monitor it seems that the traffic goes from the WAN to the LAN, as you can see in the picture. But there is a lot of traffic when I check ifconfig or cpview, which is a bit strange.

Regards.

AkosBakos

Yes, but the offical packet capture tool is fw monitor.

Maybe, the others are misleading in this scenario (because of the traffic is accelerated etc...) Unfortunately I don't have a SPARk appliance yet, but I am really curious now.

Otherwise which port is the eth0 on a Spark appliance? The ports are named like this LAN1-8, MGMT SYNC, aren't they?

But wait: the LAN7 and eth0 have the same MAC!

...and the fw monitor shows the "normal" packet flow.

The SPARK experts will answer it soon. @G_W_Albrecht ?

Akos

----------------
\m/_(>_<)_\m/

the_rock

I noticed that as well when I looked at it. I tagged Gunther, lets see if he can help 🙂

Andy

@G_W_Albrecht

Chris_Atkinson

sk166552 explains the mac-address and likely the other interface reference to an extent.

"All LAN ports/switches share the same MAC address as they are connected via one internal port to the CPU."

CCSM R77/R80/ELITE

Chris_Atkinson

Could you share the firmware version/build used with this appliance so we can check it further.

Is this a cluster or do you have any bridge configured?

CCSM R77/R80/ELITE

JDCasCruz

This is a cluster XL, actually is running R81.10.10 945 and it is centrally managed.
There is nothing configured in bridge mode.

Thanks for checking @Chris_Atkinson

the_rock

I would do what @AkosBakos suggested as well.

PhoneBoy

I've never seen an explanation for this, but I assume it has to do with the fact LANx ports are switch ports that can be remapped.
eth0 is likely the "real" NIC with a single port.

As this has been the case for as long as I remember, my assumption is that this is expected behavior.

JDCasCruz

I “understand” the idea that eth0 is the internal interface, then I think all traffic should be forwarded to that interface, but look at the image below, I'm doing a tcpdump capture, but now our network traffic has a VLAN tag, here I can't see the traffic on eth0, what's going on here?

And I have another question, what is the function of eth1, and how to use SND cores if all the traffic goes through a single interface?
Thanks for your help. @Chris_Atkinson

PhoneBoy

Like I said, I have not seen any explanation of what these interfaces are actually used for.
Perhaps only certain traffic is forwarded to eth0, but don't know the specifics.

The LANx interfaces are "real" insofar as they have a specific driver loaded per ethtool and are listed in fw ctl iflist / fwaccel if.
The ethX interfaces use a different driver from the LANx interfaces and aren't listed in either the firewall or SecureXL.

JDCasCruz

Hello @PhoneBoy ,

My question about eth0 and eth1 started because I am noticing some latency in the network when an SND core starts to have a high load. I increased the number of SND cores (now 3) but I still see that one SDN has the highest load. So I'm thinking, is there any way to use eth1 and do you think that using only eth0 generates the unbalanced utilization behavior of the SND cores?

Regards.

AkosBakos

@JDCasCruz

If the SNDs have high load, maybe you are facing performace issues.

What kind of hardwer is this cluster? And what is the overall throughput? How many cores do you have?

Akos

----------------
\m/_(>_<)_\m/

JDCasCruz

Hi @AkosBakos ,

It is a High Availability ClusterXL consisting of 2 QS 1800. The software is R81.10.10 945 and is centrally managed.

The QS 1800 has 12 cores, we are using 9 CoreXL and 3 as SND. Normally the throughput is about 1 Gbps, but as in all networks there are peaks that generate noticeable latency for users.

Regards.

Are you a member of CheckMates?

Quantum Spark is forwarding traffic to eth0 interface