Why would my L3 switch drop 20-80% of my pings?

15 pts.
Layer 3 switches
Network connectivity
Network performance
Hi all, We are moving from a Linux based router to a L3 switch, Dell 6224. I've never configured a router before but I have experience with the Linux firewall, DHCP, DNS, etc. configuration so I was picked to configure the new router/ switch. We have 8+ subnets (labs) in the current configuration and the Linux host provides routing, DNS and firewall for all of them. The Linux host allows routing between the subnets except for one subnet which is has restricted access coming in to all the subnets and blocks all traffic going out. In the new configuration we want to keep the Linux host for the firewall and DNS services and connect all the subnets as before. My first attempt at the configuration created a VLAN for each subnet. Then I created a new subnet/ VLAN for the Linux host. This looked like a very common setup for everyone so I thought I was doing it right. All the VLANs could communicate with each other and so I started the next step. When I changed the NIC address of the Linux host and put it on the new management subnet things stop working – sort of-. I could ping most addresses on other VLANs or the management subnet but I see that 20-80% of the pings are dropped. I cannot verify that my configuration is correct but if some of the pings work I expect I have most of it correct. The ping requests that do succeed have response times of 200-500mS. My first guess was that there is a circular route somewhere and that the pings are getting lost in the complexity of things. But the ping I'm doing is from the Linux host to the new switch so I would not expect it to get lost. What I'm hoping to find from this group of folks is that they have seen something like this before and I need to look at this example configuration. I have tried to telnet to other hosts but they fail to connect. I have changed the switch configuration so many times in the past few days that I don't have a working configuration that I could post right now. I will create a configuration and post it if someone has any ideas where to start debugging this issue. Even if I simplify the network to the Linux host and one VLAN/ subnet the ping problem does not get better. I have tried different cables/ ports/ hosts. I'm not sold on VLANs as the only solution; I just want all the subnets (labs) to communicate. The purpose of using subnets is simply to isolate the labs and keep traffic congestion low. Labs don’t need to share resources on a regular basis; they just copy files or view configurations from/ to each other etc. If there is a better/ simpler solution using this switch I'm all for it. Thanks in advance for any help anyone can provide, Brian

Answer Wiki

Thanks. We'll let you know when a new response is added.

Look for port speed/duplex mismatch. That will cause dropped packets and high ping times. Set all ports, clients and devices to fixed rates if possible.

VLANS may be overkill. You can have separate subnets and each is a broadcast domain and broadcasts don’t cross routers. Simplify your network as much as possible and put a gateway to each of the networks on either the L3 switch (which in a way is like VLANs but you don’t have to put ports in different VLANs) or on the linux router. Was the linux router fast enough to handle all 8 subnets before? You may want to put more than 2 NIC’s in the linux machine and keep the subnets that need to talk the most on the same NIC. Check the processor utilization for the firewall application.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Zork626
    Thanks for the information; this made life so much easier having someone give me some feedback. Well it looks like the Dell GUI has a bug. It claims that the VLAN interface is 10 half and the Port page says 1000 full. Since the LEDs show 1000 and the other end of the cable shows 1000 I'm tending to believe the 1000. Nothing really "fixed" my problem, but power cycling the L3 switch cleared everything up. Pings work and my VLANs work great. As I expected, the VLANs are overkill but we might be able to use this functionally in future for security issues etc. Thanks again, Brian
    15 pointsBadges:
  • Labnuke99
    Glad to assist! Good luck.
    32,960 pointsBadges:
  • Labnuke99
    One thing to note is that GUI's are often faulty. Command line access is still probably the best and most accurate configuration method.
    32,960 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: