General routing implementation

[helpeach0ther31]

Hi,
I was hoping someone can help me with this. I am weak when it comes to TCP/IP or routing.

I have 22 computers, 85 computers and a Netscreen firewall.
Everything is connected with switches to eachother.
computer IPs are 10.158.2.1-254 at 100MBPS
Servers IPs are 10.158.0.1-254 1 Gig
Netscreen/Junipor which is the firewall and gateway of all computers IP is 10.158.0.1 100MBPS
Multiple switches mix of 3com and linksys

I was wondering if i can install a router to get better performance in the network.

This is the results of a ping to the exchange server
Reply =23ms
Reply >1ms
Reply =4ms
Reply >1ms
I am sure there is an issue. Thsi is all internal, no VPN or Remote servers involved.

Thank you in adavanced for any suggestions.

 

[cajuntank]

If your using your Netscreen firewall as your internal core router between you two internal subnets, then that's definitely your problem. You would have to have a "big dog" of a Netscreen to equate to the throughput of a regular layer 3 switch which I'm assuming you do not.

Easy fix... get yourself a good later 3 capable switch. I'm partial to Cisco or HP Procurve, but that's me. Get one with enough port density to handle all of you servers as well as you uplink connections to other switches (even if those other switches don't currently have 1GbE uplinks, your prepared for the future better). Point your default route on this new switch to the Netscreen (you'll have to do a little reconfig on the Netscreen to remove the other subnet from being defined as a local interface) to get Internet access. Create a route on the Netscreen to your 10.158.2.0/24 subnet to use the Layer 3 switches IP address of the local subnet to it and boom your done. So as an example:

10.158.0.1= Netscreen
|_____10.158.0.2= VLAN1 interface of Layer3 switch

_____10.158.2.1= VLAN2 interface of Layer3 switch
|
10.158.2.0/24 subnet with computers

Creating multiple VLANs and assigning each VLAN a ip address gets layer 2 connectivity. Issuing a "ip routing" command enables all vlans on that switch to route between each other. You'll assign ports you want to connect servers and the Netscreen into VLAN1 (you can use whatever VLAN numbering scheme you want) and your computers ports into VLAN2.

Let me know if that helps.

 

[cajuntank]

Also, you might want to start standardizing on a switch manufacturer for better results also as sometimes different manufacturers don't autonegotiate connectivity between each other well.
I'd personally leave Linksys alone except for small network implementations of 24 or less total network machines. Sounds like you have several servers and over 100 machines so I'd be more in the Cisco (yes I know Cisco owns Linksys, but that's like comparing Ford's Festiva and Taurus), HP, 3COM (about to be owned by HP), and like I said before... Juniper makes some mighty fine switching equipment; although you will see the HP and 3COM a little more economically friendly.

 

[burtsbees]

This is the results of a ping to the exchange server
Reply =23ms
Reply >1ms
Reply =4ms
Reply >1ms

From what? A computer in the network? If so, this never touches the firewall.

What model switches are they? Are they manageable? What are the servers plugged into? What are the pc's plugged into? How are all the switches connected to eachother and the firewall?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[burtsbees]

This is the results of a ping to the exchange server
Reply =23ms
Reply >1ms
Reply =4ms
Reply >1ms

From what? A computer in the network? If so, this never touches the firewall.

What model switches are they? Are they manageable? What are the servers plugged into? What are the pc's plugged into? How are all the switches connected to eachother and the firewall?

One more thing---do an extended ping with 100 (-t 100) and post those results.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[helpeach0ther31]

Hi,
SOrry for the delay but i have like 7 switcheds in each row of cubicals with one 1 gig port connected to the core switch. Below the core switch i have another switch which is connected all the server. The uplink are connected with 1gig port but PCs and Netscreen are all 100mbps
The ping results are from my computer to the server.

C:\Documents and Settings\mike>ping pdc2003svr -l 100 -t

Pinging pdc2003svr.brendan.local [10.158.0.2] with 100 bytes of data

Reply from 10.158.0.2: bytes=100 time=22ms TTL=128
Reply from 10.158.0.2: bytes=100 time=3ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time=1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128
Reply from 10.158.0.2: bytes=100 time<1ms TTL=128

I am going to upload a diagram of the network. Maybe it would help you guys help me! thank you so much, i m stuk with a low preformaing network or at least thats what i think

 

[cajuntank]

Burtsbees, he does say his computers are on a 10.158.2.0 subnet, then he states that his servers are on a 10.158.0.0 subnet (him using the syntax of .1-254, I can only assume /24 subnets)... so this does have to traverse a router of some form. Now when I read it the other night, being half asleep, I was reading another zero or two on that reply time...my bad, but I stand by my statement of it not being a good idea (again making some assumptions here) that he uses his Netscreen as his routing device compared to that of a layer3 switch.

Helpeach0ther31, based on your ping replies, after a good night's sleep, they are typical. You are averaging <1ms-1ms reply times which are what you want. Again, I think why you are seeing that initial heavier delay is because of going through the Netscreen (again, an assumption) which would do a poorer job building it's routing table compared to a L3 switch, then of course once all of the info is in memory and it knows where to go, then that's where you <1-1ms reply times are coming in. The real test for you would be transmitting large files. This will give you a better idea of overall throughput. You can test between machines on the same subnet and then test between machines on the different subnets. I would also test between your different switches on the same subnet. This will empower you with a lot more information and feeling if you do have a performance problem.

 

[burtsbees]

OOps...I misread---looked like they were all in the same subnet, cajun...

I totally agree---L3 switch is best, since it routes vlans itself with a 16GB or so backplane (switching fabric).

Also, those ping times are awesome---can't really get better. For example, do an extended ping from one pc to another in the same subnet, and then from one server to another in the same subnet---you will see identical ping times.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!