Unifi Switch causing network issues

[neufuse]

I have a US-24-240W POE switch which powers a bunch of PoE devices I have. I have noticed some odd things lately with it like RDP lag and blocking (like you get MPEG like artifacts when using RDP to another client on the same switch, almost like it went to a very low bitrate mode). I also noticed recently my 1Gbps internet connection runs around 250 to 450 Mbps randomly up and down (if you do a long running multi site speed test you can watch the NIC status on the client system do a saw tooth like pattern but not that consistent)

 

Last night I plugged my computer right into my internet handoff and it ran exactly at 976Mbps constant, no dips no saw tooth nothing... ran this test multiple times for 5 minutes at a time, perfectly consistent..

 

Next up I plugged my internet handoff into my microtik router and only put my desktop into a switch port on the router... once again perfect 976Mbps with no issues... ok so internet is fine, router is fine...

 

Plugged the router into the US-24-240W switch, and the desktop into that and boom all over the place again...

 

I tried setting all the devices negotiate speed to a fixed 1Gbps and no difference...

 

any ideas? I also posted to the unifi forums but no response from anyone yet.. I also noticed a couple other people ask similar questions and everyone said it was negotiate set to auto, well that wasn't the case for me..... 

[+BudMan]

27 minutes ago, neufuse said:

once again perfect 976Mbps with no issues.

What test are you running exactly to see that speed?  Since that speed is not even possible via tcp and actually moving data.. Too much overhead in to get such a speed.

 

As to hard setting gig, yeah that would be a big NO NO... You would never do such a thing.

[neufuse]

13 minutes ago, BudMan said:

What test are you running exactly to see that speed?  Since that speed is not even possible via tcp and actually moving data.. Too much overhead in to get such a speed.

 

As to hard setting gig, yeah that would be a big NO NO... You would never do such a thing.

I'm doing UDP tests to a private bandwidth test server at work, and yea TCP it gets abount 920Mbps,

[neufuse]

darn it forgot to say the actual link to the internet is 1.25Gbps (overprovisioned 1Gbps fiber) connected to 1.25Gbps GBIC's and the link between my desktop is a 2.5Gbit link... when I said Gig I meant 1.25Gbps always forget these are rated differently

[+BudMan]

So your over fiber... That rating on those things is raw... Payload would still be gig... I don't think you could see 976 over them with tcp.. so that test is udp... 920 would be realistic...  You wouldn't be able to feed 2.5 into those switches they do not support 802.3bz that I am aware of, unless they came out with a new model?

 

So test device - switch -- device for the switch... Is it stable?

[neufuse]

5 hours ago, BudMan said:

So your over fiber... That rating on those things is raw... Payload would still be gig... I don't think you could see 976 over them with tcp.. so that test is udp... 920 would be realistic...  You wouldn't be able to feed 2.5 into those switches they do not support 802.3bz that I am aware of, unless they came out with a new model?

 

So test device - switch -- device for the switch... Is it stable?

good greif I am getting this all messed up today (kids bugging me non stop) 2.5Gbit is on my other switch I have for testing it's a MS510TX... I don't have that one connected with this test..

 

and doing speed tests I am seeing 976Mbps, I don't know what they are counting for that, if its including the entire frame / overhead or what... I'm running dedicated bandwidth servers to test this I'm assuming it's accounting for overhead, when running the test windows network monitor is also reporting the same.

 

but anyways attached is what I am seeing in windows when I copy a file between two systems on the same switch.... you'd think it would be more flat no, its from 200Mbit to 700Mbit constant... put on another switch it stays constant at almost gigabit and flat line basically

unfi has some rating also called "experience index" which for wired devices is showing at 60% which is odd, wifi is showing at 100% I dont know how they calculate that but seems like it's seeing an issue somehow in their system's controller

[+BudMan]

Yeah that is horrible..   I don't have any of their switches to test with..  But file copy has a but more involved then just moving packets... you should do a iperf test..

 

 

 

 

And here is other direction - this is what you should see normally on a gig connection doing testing.

 

 

Have you tried changing the cables?  Rebooting the switch?  You will have to look into why the index is bad - are you seeing a lot retrans or errors on the interface on the switch

[neufuse]

1 hour ago, BudMan said:

Yeah that is horrible..   I don't have any of their switches to test with..  But file copy has a but more involved then just moving packets... you should do a iperf test..

 

 

 

 

And here is other direction - this is what you should see normally on a gig connection doing testing.

 

 

Have you tried changing the cables?  Rebooting the switch?  You will have to look into why the index is bad - are you seeing a lot retrans or errors on the interface on the switch

yes, changed all the cables, did a factory reset on the switch.. same thing... odd thing is iperf I get a flat line at 934Mbps both ways.. but if I use a HTTP bandwidth test hosted locally its all over the place again when its on port 80... change it to port 1000 and flat... change it to 3389 and all over again... 

 

its kinda feels like some type of IPS or other system watching traffic on the switch... which unifi has but I don't have enabled

[neufuse]

Ok, another clue, I moved all the traffic to another VLAN instead of the default VLAN and everything works ok now..

[+BudMan]

they don't have IPS on their switches - you need the USG for that don't you.

[+BudMan]

I would bring this up on their forums.. I wish I had one to test with..

[neufuse]

8 hours ago, BudMan said:

they don't have IPS on their switches - you need the USG for that don't you.

yep, but it is acting like there is something like that on the switch also. There is a firewall on the switch though, which you can configure without the USG... all you can do is port rules between VLANs... kinda like cisco IOS with ACL's between networks...

[+BudMan]

Can you disable it?  Do you have any acls setup?

 

It must be L2, because their switches don't do L3 from my understanding.. So how could you do a L4 acl on them?

 

Maybe its some sort of storm control - which they seem to support.. But having a hard time actually finding spec of what actual protocols they support.

 

Are you running any sort of captive portal or "guest" mode on them?  That could be a huge hit on performance.

If I had to guess when you moved to new vlan you moved out of whatever captive portal/guest networks are setup on the thing.

[neufuse]

46 minutes ago, BudMan said:

Can you disable it?  Do you have any acls setup?

 

It must be L2, because their switches don't do L3 from my understanding.. So how could you do a L4 acl on them?

 

Maybe its some sort of storm control - which they seem to support.. But having a hard time actually finding spec of what actual protocols they support.

 

Are you running any sort of captive portal or "guest" mode on them?  That could be a huge hit on performance.

If I had to guess when you moved to new vlan you moved out of whatever captive portal/guest networks are setup on the thing.

Well their switches are a bit weird... they are SDN, they do basic switching without a controller they do L2 basically.... throw in a cloud key controller and they can do VLAN routing and ACL's.... now their new version US-24-L2  requires the USG for VLAN routing and ACL's... but the standard US-24 can do them... it is an odd switch how it was made, but it's OS is designed for SDN and to do stuff on the switch instead of offloading it to a USG box... they also split out the older US-24 to a newer US-24-L3 model which unlike the US-24-L2 does do inter vlan and basic ACL..

 

I think a lot of the L3/L4 stuff is actually handled by the controller I have..

 

No I don't have the captive portal set up. I did in the past but never used it so turned it off

Edited October 14, 2019 by neufuse

[+BudMan]

Do you have link to this info.. You have an edge switch?  That is not what you stated?

 

So you have SVI setup on these switches?  Not possible to route at the switch without an SVI..

 

And the controller is not going to route either... Either you or I have a misunderstanding here... But sorry the unifi controller software is not going to route any traffic between vlans.. It has no way to setup any sort of IPs in each vlan.  Without an IP in the vlan, its impossible to route between them.