Dell VEP/VMWare Edge/Velo Cloud SD-WAN/VeraCloud VEP1400/VEP1400-X firewall units
- Thread starter j_h_o
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
When my software was scheduling three CPU cores to participate in network card data forwarding, Edge 620 used two 10G interfaces to run 64 byte packets of 10Mpps. At this time, the traffic is approximately 4.5GBps in both directions.
Is this a loopback test or is there an external server involved? Are you concluding that an Edge 620 with 3 allocated cores can't even achieve 50% of line rate? I'm not suggesting that's unrealistic.
Panabit retained one core for software scheduling, so it did not reach a higher speed. But I believe that even if this reserved core is used, it cannot achieve a line speed of 15Mpps. The more reason I think is this C3558 CPU and its PCI-E bus. I hope some friends can remotely test edge 680
I have a 680 with 16 cores. The absolute maximum VM-to-host via SR-IOV is 12.4Gbps. That takes 6 cores to saturate. I have not tried with a software bridge.
I can get 9.5Gbps (4 core VM) with iperf3 straight through. However, as soon as I introduce any routing, the speed drops to 4.5Gbps. Allocating more cores does not make a substantial difference. My host is Proxmox (Debian). The VM is OpenWrt. I must conclude that routers (like desktop PCs) work better with fewer faster cores.
I can get 9.5Gbps (4 core VM) with iperf3 straight through. However, as soon as I introduce any routing, the speed drops to 4.5Gbps. Allocating more cores does not make a substantial difference. My host is Proxmox (Debian). The VM is OpenWrt. I must conclude that routers (like desktop PCs) work better with fewer faster cores.
If you are willing, you can test the ability of Panabit, as it does not require a license file during testing. https://www.panabit.com Download the professional version of Linux. Then install 2 SFP+modules. Perform a loopback test after connecting the fiber optic cable.
Wow, any links to the news?
If that's the case, I can save on some power consumption to avoid using 10GBASE-T transceivers!
I have confirmed that they are talking nonsense.
You mention multiple cores. For some reason I thought that BSD based (PFsense and opnsense) firewalls were effectively single thread limited for NAT and the firewall rules?
About what I expect, but I'm curious as to the "why". Wondering if someone wanted to pull a working 2.5g PFY and swap it on the board if it would work lol
The interface in the VM is PCIe passthrough. It's actually an SR-IOV virtual interface with the Proxmox host owning the parent. SR-IOV works like an internal switch which bridges the parent and associated virtual interfaces. I'm not using any Linux/virtual bridges.
Oh nice, SRIOV actually works? I thought someone said it wasn't. How many VF/IOMMU groups? I'm currently fighting with IOMMU groups where I can't get the VFs into their own IOMMU groups on a supermicro x10 board so just curious if that is working "out of the box"
Not sure if anyone can help, but I've got hold of a VEP1445 and was hoping to run OPNSense. I've been able to install and all the network ports appear to be working, but no traffic can pass. Looking at the (very basic) output from my switch there are no packets being sent to the VEP1445. Wireshark on my laptop confirms that ARPs are being sent, but no response. Ping from the VEP1445 doesn't work either, with the ARP table showing the active interfaces details, but unknown for any other devices.
I've update the BIOS, etc to the latest version and still same issue. Installed Ubuntu server to see if that was any different and same issue. I've tried different ports on the switch. All other devices connect without issue.
Any suggestions would be greatly appreciated.
I've update the BIOS, etc to the latest version and still same issue. Installed Ubuntu server to see if that was any different and same issue. I've tried different ports on the switch. All other devices connect without issue.
Any suggestions would be greatly appreciated.
I haven't done anything explicit with IOMMU groups. When I type
there are 29 different groups.
If there's some other diagnostic you'd like to see, tell me what to type.
Code:
find /sys/kernel/iommu_groups/ -type lIf there's some other diagnostic you'd like to see, tell me what to type.
This would be an Edge 640 model. Things should be easy. You mentioned a laptop. Have you connected the laptop directly to the VEP1445 with compatible network settings?
The interface link LEDs come on when you plug in a cable? The interfaces are visible in your OS? Is it possible that you need to actually configure the interfaces with an IP? Completely disable firewall? Have you tried the bundled Diag-OS?
The interface link LEDs come on and I can see the activity lights flash when doing a ping from Ubuntu. All interfaces (2x 10Gbps and 6x 1Gbps) are visible in the OS on both OPNSense and Ubuntu. I've given the interfaces a static IP and can see interfaces as connected when I plug a cable in.
Not tried a laptop connected directly yet, will give that a go next.
Thanks for the help