Duplex Issue

We have a Sonicwall firewall that that has the LAN port connecting to one of our core switches (ProCurve 5304XL).

On the Sonicwall, the LAN Link Speed is: Auto Negotiate
On the ProCurve Switch, the port that the Sonicwall connects to is set to: Auto

Question:
I know that sometimes the negotiation does not work correctly, so I wanted to know -- how can I tell if I'm having a duplex issue between these two connections.

Please see the image below for my reasoning to be suspicious of a duplex issue.

Step 1: You see two different SAN (NetApp) NICs (LACP) each at about 15Mbps & 34Mbps.
Step 2: Trk5 & Trk6 are LACP groups for the SAN: "trunk A5,C12 Trk5 LACP" at 15Mbps & 33 Mbps
Step 3: Trk1 on 1st core switch (LACP group that communicates with the 2nd core switch)
Step 4: Trk1 on 2nd core switch (LACP group that communicates with the 1st core switch)
Step 5: All of a sudden a bottle-neck. Traffic is forwarded to the B4 port on i1whl-mdf-c02 switch (2nd core switch). B4 is the port that connects to our firewall.
Step 6: Traffic is forwarded from B4 to LAN port of Sonicwall.
Bandwidth by device
LVL 8
pzozulkaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sanjayrajtCommented:
Hi

“The switch is configured to autodetect the speed and duplex settings on an interface. However, there are several things that can cause the autonegotiation process to fail, resulting in either speed or duplex mismatches (and performance issues). The rule of thumb for key infrastructure is to manually hard-code the speed and duplex on each interface so there is no chance for error. “

THIS IS VERY VERY VERY WRONG go to the article
http://etherealmind.com/ethernet-autonegotiation-works-why-how-standard-should-be-set/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Daniel HelgenbergerCommented:
sanjayrajt is absolutely right!

But Duplex issure? There has to be simplex connections for that. Sorry to ask, has the Sonic Wall only 10Mbit or 100Mbit ports? There it was possible to have simplex connections and packet collisions - but I think packet collisions are a thing from a long gone past.

Now with 1GbE standard almost anywhere there are only Duplex connections.

As for your bottleneck: Are you routing packets from your NetApps to the firewall through WAN, maybe to a remote site? Then there is your bottleneck. The Sonic Wall will not pull more data then it can route...

What occurs to me that X3-WAN on Sonic Wall almost matches the traffic from B4. The rest from the Netapp might just go to other ports of your backbone switches.
0
naderzCommented:
If auto-negotiate was not working you would have had real connectivity issues. You are looking at port utilization as reported. Why the port is not fully used is dependent on the ends points; both receiving and sending. You need to look at end-points.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

AkinsdNetwork AdministratorCommented:
I think there is a little confusion from the responses I read unless I misunderstood the entries.

1st Duplex and speed are 2 completely different things. Collision is not a long gone past issue, just to chip that in. Duplex settings help minimize collision issues tremendously but Collision will still be experienced if you have congestion in your network. That is another topic on its own  with reference to QoS

Duplex is the ability for bi-directional traffic to traverse separate paths. It's  Like a major highway

Speed is the rate at which the traffic travels.
To buttress naderz's point, you will have a network down situation if auto negotiation is not working as there will be no through passage.

I couldn't see the image properly on my phone but I'll check it later from a computer to understand what the exact problem you are experiencing is
0
masnrockCommented:
Have you tried a packet capture tool? And what changed last on the network before the issues started? I would be double checking the configurations of your infrastructure. What model is your Sonicwall, which I assume is configured for failover?

Autonegotiate is great, except when it isn't. Issues will show up in all sorts of ways, such as extreme slowness. That does not mean slowness is always a negotiation issue. The fix could sometimes be updating a driver for the network card in those cases, sometimes something more. We might be in a society of standards, but not everyone follows them the same way, still meaning there is conflict and incompatibility.
0
pzozulkaAuthor Commented:
To answer some of the questions.

1. The Sonicwall is E-series (enterprise class).
2. Since we have a 10 Mbps Ethernet over copper pipe, I would assume that uploading at around 2.5 to 4.5 Mbps could be considered slow, and one could definitely investigate a duplxes mismatch issue.
3. The Sonicwall WAN (X3 port) is connected to a Cisco 1900 series router. The ISP reviewed the router config, and saw this:

interface GigabitEthernet0/0
 description Internet via ETH-WAN$$FW_OUTSIDE$
 ip address xxx.xx.xx.xx 255.255.255.252
 ip access-group 101 in
 no ip redirects
 no ip proxy-arp
 ip verify unicast reverse-path
 ip flow ingress
 duplex auto
 speed 100
 no mop enabled

Here's their response:

Can you hard code the speed and duplex on this interface to 100/full? It is currently set to auto negotiate; we have seen this cause issues.
Change that and see if it makes a difference and let me know what you find.

Before making any changes, I decided to ask you -- the experts -- as well as run show interfaces GigabitEthernet0/0 on the Cisco router, and found this:

Half-duplex, 100Mb/s, media type is RJ45

Do you think this could be the cause of the issue?
0
masnrockCommented:
Before making any changes, I decided to ask you -- the experts -- as well as run show interfaces GigabitEthernet0/0 on the Cisco router, and found this:

Half-duplex, 100Mb/s, media type is RJ45

Do you think this could be the cause of the issue?

That actually is VERY possible. If the ISP specifies that you need to set the router interface to 100 Mbps full duplex, then listen to them. Assuming that they did not initially tell you when service was first set up, shame on them. I've seen issues get caused in terms of internet connectivity when that rule is not followed. There is a reason that they specify you need to not use autonegotiate. Fix that first, and see if a subset of issues get cleared up.

Some people would argue that if you let your router autonegotiate with the copper connection that it should lock into 100 Mbps full. This is definitely not always true... hence why I said autonegotiate is great, except when it isn't.
0
pzozulkaAuthor Commented:
Thanks I will try to change the duplex setting on the router tonight. This is a really weird case because I would assume that if it was a DUPLEX issue on the router, then we would be seeing problems not only in the upload speed, but the download speed as well. However, at this point the download speed is nearly perfect (10 Mbps).
0
naderzCommented:
If the ISP is set manually to 100M/Full Duplex, then you must match that. Did ISP actually confirm that that is their configuration.

Both ends must match the configuration. Either both ends have to be auto negotiate speed and duplex, or both ends manually set to the same speed and same duplex.
0
pzozulkaAuthor Commented:
This is all I have from the ISP -- not rally a confirmation, but more of a "try this out and see if it works"


Your Config:

interface GigabitEthernet0/0
 description Internet via ETH-WAN$$FW_OUTSIDE$
 ip address xxx.xx.xx.xx 255.255.255.252
 ip access-group 101 in
 no ip redirects
 no ip proxy-arp
 ip verify unicast reverse-path
 ip flow ingress
 duplex auto
 speed 100
 no mop enabled

Can you hard code the speed and duplex on this interface to 100/full? It is currently set to auto negotiate; we have seen this cause issues.
Change that and see if it makes a difference and let me know what you find.
0
masnrockCommented:
I know. But still, that does actually cause issues at times. Give your suspicions of duplex, that is nor far fetched. But that would be communication to outside of your location.
0
naderzCommented:
pzozulka; just to rewind and review: your original post was concerning your SonicWall connection to ProCurve. Please make sure both ends on those devices are set at auto/auto or both manually set to 100M/Full Duplex. Again, both ends must have to match.

As far as the ISP and the 1900 router, who owns the 1900? Is that the ISP's router? Does that connect to your SonicWall?

What they have in the 1900 is "duplex auto, speed 100". The 1900, I believe, does not allow changing of the 100M speed, so, essentially they are set to "auto" negotiate. You need to make sure your end is also set to auto negotiate. If they are set to auto, you should NOT go to 100M/Full Duplex manually. That is BAD advice. Pleas double check and make sure that your interface connecting to the 1900 is set to auto-negotiate.

Here is the proof:

They told you they see:

Before making any changes, I decided to ask you -- the experts -- as well as run show interfaces GigabitEthernet0/0 on the Cisco router, and found this:

Half-duplex, 100Mb/s, media type is RJ45

What that means is they are set to auto and you are set to manual. When that happens in ethernet negotiation is the side set to auto goes to half-duplex. And, that is what their side is seeing.

Please check your side and configure for auto. That's what they are set at.
0
pzozulkaAuthor Commented:
naderz:
just to rewind and review: your original post was concerning your SonicWall connection to ProCurve. Please make sure both ends on those devices are set at auto/auto or both manually set to 100M/Full Duplex. Again, both ends must have to match.
Both sides are set to Auto/Auto.

As far as the ISP and the 1900 router, who owns the 1900? Is that the ISP's router? Does that connect to your SonicWall?

Open in new window

The 1900 router is managed/owned by us. The LAN connection from that router connects to the WAN (X3) of the Sonicwall.

Pleas double check and make sure that your interface connecting to the 1900 is set to auto-negotiate.
Our config of the WAN interface of the 1900 router is already set to AUTO DUPLEX:
interface GigabitEthernet0/0
 description Internet via ETH-WAN$$FW_OUTSIDE$
 ip address xxx.xx.xx.xx 255.255.255.252
 ip access-group 101 in
 no ip redirects
 no ip proxy-arp
 ip verify unicast reverse-path
 ip flow ingress
 duplex auto
 speed 100
 no mop enabled
0
naderzCommented:
OK, so the LAN side of the 1900 is connected to WAN of SonicWall. Please confirm again that both ends in this case are set to auto/auto.

Gig 0/0 of the 1900, WAN, is connected to ISP's switch, correct? In that case set the Gig 0/0 interface manually to full duplex. The speed is fine at 100.
0
pzozulkaAuthor Commented:
Last night I changed the duplex to FULL of Gig 0/0 of the 1900 (WAN to ISP).

As for the LAN side, Gig 0/1, the settings are below:

interface GigabitEthernet0/1
 description Inerface to Sonicwall Firewall$ES_LAN$$ETH-LAN$$FW_INSIDE$
 ip address 74.xx.xxx.x 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 duplex full
 speed auto
 no mop enabled

The WAN (X3) on Sonicwall is configured for AUTO. The status shows that the negotiated speed is 1000 Mbps full-duplex.

After changing the Gig 0/0 to FULL duplex last night, I saw improvement only when the pipe is full. In other words, when I'm uploading 10 different files from my computer to 10 different servers, everything is uploading fast -- let's just say all uploads are uploading at 500 KB/second.

However, when uploading only a single file to only one of the servers it's still uploading only at 500 Kbps. And trust me, the remote servers are all on extremely fast connections. They have NO other congestion, and no other entity is using them, so it's not congested on their end.
0
naderzCommented:
On the interface gig 0/1 you need to have duplex set to auto as well. Remember that both sides have to be exactly the same. The sonicwall is auto and Gig0/1 should be too.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.