[MX64] Low speed over interVlan in my local network.

SOLVED
Vbrites
Getting noticed

[MX64] Low speed over interVlan in my local network.

Hello!

After spliting my company network in different Vlans (based on the workstation application) I noticed that the conection speed between the Vlans are very slow: I have a gigabit network and it works fine when a workstation comunicates to another one in the same vlan (I get ~930Mb/s); However, when I try to do the same between Vlan the max speed I have is 140Mb/s.

 

I don't have any traffic shaping rule that limits the bandwidth, just the oposite as the image bellow shows:

Captura de tela 2022-12-12 140810.png

 

Those are the Vlans subnets that I have and I want then to comunicate between each other at full speed.

 

Do you have any ideias?

 

Here are my layer3 firewall rules:

Captura de tela 2022-12-12 141121.png

1 ACCEPTED SOLUTION
ww
Kind of a big deal
Kind of a big deal

In the sizing guide its rated at max 200 Mbps in routed mode. But that was based on 14.x firmware. I would asume it would be a bit lower on 17.x fw.

 

It also depend on what type of test you use, tcp would be a little less throughput then udp testing.

View solution in original post

7 REPLIES 7
ww
Kind of a big deal
Kind of a big deal

In the sizing guide its rated at max 200 Mbps in routed mode. But that was based on 14.x firmware. I would asume it would be a bit lower on 17.x fw.

 

It also depend on what type of test you use, tcp would be a little less throughput then udp testing.

Vbrites
Getting noticed

So you mean that inter-vlan connection is limited at max 200Mbps?

 

Just clear me one thing: why a connection in the same vlan works fine but inter-vlan is limited at max 200Mbps?

ww
Kind of a big deal
Kind of a big deal

Between vlans and between vlan-wan it uses the L3 firewall  and maybe things like ips(depending on you license/config).

 

In the same vlan its just one broadcast domain where clients can talk to eachother without the traffic being inspected 

RaphaelL
Kind of a big deal
Kind of a big deal

Do you have a switch in your setup ? 

 

Trafic from the same vlan won't be routed by the MX , it will be localy switched by the switch.

L2 vs L3 trafic.

Yes, I have 2 switches in my setup. 😐

 

This is a extremelly sad news to me. So it means that I'll be forced to use just one Vlan and make the internet access based on policy groups by mac adresses and the workstations that really needs to be limited to other workstations to be in a different Vlan that will be slower. So sad. The alternative is to buy an expensive meraki, at least an MX75 (700Mbps throughtput).

cmr
Kind of a big deal
Kind of a big deal

@Vbrites if you have a requirement for high speed inter VLAN routing then you might be better served with a L3 switch.  You don't get the same level of control over the traffic between the VLANs, but it is faster.  We usually use the MXs for the WAN traffic, but L3 switches such as the MS355 for the local site's inter VLAN routing.

alemabrahao
Kind of a big deal
Kind of a big deal

Global Bandwidth Limit Considerations

  1.  

Traffic shaping rules can be useful in limiting the amount of bandwidth that various applications and traffic types consume.  Global limits can also be used to enforce bandwidth limits on a per device basis.  A global bandwidth limit applies not only to outbound traffic, but all routed traffic on an MX security appliance or MR access point unless overridden by other configuration settings.  This knowledge base article will describe certain considerations that should be taken into account when configuring the global bandwidth limit and how to use traffic shaping rules to override the global bandwidth limit when necessary.  

Configuration

This knowledge base article describes the configuration steps required to assign a global bandwidth limit to all clients in a network.  In the example that is provided each client is assigned a global bandwidth limit of 1024 kbps download and 512 kbps upload.  This configuration change would apply to all traffic out of the MX to the internet, and it would also be applied to traffic between VLANs on the MX.  For example, if you have file servers in VLAN 2 and clients in VLAN 3, the global bandwidth limit would apply to traffic destined to the internet in addition to traffic between devices in VLAN 2 and 3. The global bandwidth limit applies to all clients in a network unless overridden by a group or billing policy.     

Considerations

In many cases the global bandwidth limit will be utilized to limit a client’s traffic to the internet, but clients will still need to access internal LAN resources without a bandwidth limit.   Traffic shaping rules can be configured to ignore the global bandwidth limit for routed traffic.   

In this example, we will assume a global bandwidth limit of 1024 Kbps down and 512 Kbps up.  There are two VLANs configured on the MX, but we do not want to limit the bandwidth between clients on VLAN 2 (192.168.2.0/24) and VLAN 3 (192.168.3.0/24).  We will create a new traffic shaping rule using Custom expressions to exclude traffic that has a destination IP address in VLAN 2 or 3. Browse to Security & SD-WAN > Configure > SD-WAN &Traffic shaping > Traffic shaping rules (or, for MR access points, Wireless > Configure > Firewall & Traffic Shaping > Traffic shaping rules😞

 

Full doc here: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Global_Bandwidth_Limi...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels