VyOS 1.2.1 BGP performance problems

bitpoint · April 24, 2019, 10:10am

Hi guys,
I’m new in using VyOS. We are using Cisco in our core backbone. Now we have 2 new DC and I want to use VyOS under VMware vSphere 6.5 for the edge routers. We have full BGP tables (1350231 RIB entries). At the moment there is only one gigabit uplink and we have massiv problems that services are not working properly (mail, ftp and so on).
Does anyone using VyOS with BGP full tables or are there any bugs in this version? Or can you help me to find where the problems could be? Logs and so on.
Thank you for your help
Best Regards,
Martin

rob · April 24, 2019, 3:32pm

can you provide more infos:

about the problems. What happened or don’t happened exactly?
about your virtual environment, Hardware specs, which NIC driver.

bitpoint · April 24, 2019, 9:11pm

Hi Rob,
I think that there are packet loss. I deactivated the router now for the live traffic. When I test it in the lab everything works fine, but there is no high traffic. When I test with iperf I see no errors. But under real traffic I can see that emails are not sent or ftp does not work on servers and so on.
We use the new OVA 1.2.1 image for VMware. VMware nic driver and everything default of the ova image. Hardware nics are 10G and 1G Broadcom, Servers are dell R740 and R710. We use 3 VyOS router. One in each of the 3 datacenter. Real traffic is arround 100 MBit/s.
Greetings
Martin

rob · April 25, 2019, 2:12pm

when you create a VM from the ova file there are 3 types of Hardware (small, medium, large), which do you take?

do you plan to try to test it again?

bitpoint · April 25, 2019, 2:55pm

medium

but I don’t believe anymore that it is no performance problem. I tested something more and found out that when the connection comes in from router1 / uplink 1 and the packet exit on router2 / uplink2. then I have a problems. when I add then a static route on router 2 to exit on router1 where the connections comes in, that it works. Is there a problem with asynchronius routing? but with more routers and uplinks I can’t say the income and outgoin is on the same uplink…

danhusan · April 29, 2019, 2:45pm

Have you enabled the firewall?

hagbard · April 29, 2019, 4:07pm

tcpdump -nne -i any <IP_address>, you’ll see the incoming mac and the outgoing one. Also don’t forget to check your arp table.

bitpoint · May 6, 2019, 12:06pm

I’ve found the problem. It was the NSX Firewall. It was only installed with default rules. Everything allowed. But when traffic comes in from one interface and leaves on a second interface, then there was the described behavior. So with the vm in the exception list of nsx and everything works fine.
thank you
martin

system · May 8, 2019, 12:06pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.