Subnet transfer speed problems

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Subnet transfer speed problems

aquatarkus

55 posts

Master Geek

# 205848 29-Nov-2016 17:49

Because I work from home I have divided my home network into two subnets, for simplicity's sake I'll call them Work and Home. I have turned off DHCP on the modem/router supplied by my ISP and added a raspberry pi as my DHCP server. I've attached a schematic of the network which shows how several devices are connected together. (The actual network is quite a bit more complex than this but I've reproduced the problems I'm having with the cut-down version shown in this diagram.)

All cables are cat6, both hubs are Dlink DGS1008D (hence gigabit), and every device is connected via a gigabit network connection except for the pi which is 100M.

I am having three issues which are probably related but wonder if anyone can help me with an explanation for what I'm seeing so that I can address them.

1. File transfer speeds are very different depending on the subnet.
a. Transfers between 192.168.0.4 (a Synology Diskstation) and 192.168.0.21 (my homebuilt desktop machine) run at 100Mb/s.
b. Transfers between 172.16.9.5 and 172.16.9.4 run at 10Mb/s.
c. Transfers between 172.16.9.5 and 192.168.0.4 run at 1Mb/s.

2. Although the pi is not on the same hub as either the XPS15 or the Diskstation, when copying files between them - (c) above - the pi receives approximately 10,000 IRQ32 interrupts per second. For comparison, when copying within either subnet - (a) or (b) above - the pi receives approximately 700 interrupts per second, which is the same number as it receives when the network is idle.

3. I don't know whether it is relevant or not but the only difference between the two subnets is that the DHCP service on the pi points machines on the Home subnet to do DNS lookups externally (using my ISP's name server or Google's as a fallback), while machines on the Work subnet use the pi so that they can resolve addresses in the VPN which my work machines are connected to (the pi is running openVPN to enable this). But even if the only activity in the network is copying my backup files from the work XPS15 to the home Diskstation, the 'named' (DNS) and 'openvpn' processes on the pi are CPU bound. When the backup finishes, they revert to 1% cpu at most. This means that when the backup *is* running any other network activity in the work subnet is prone to timeout, and connections to other sites in the VPN are dropped.

Issues 2 and 3 would cease to be problems if the backup transferred at the speed it should be capable of.

Anyone got any helpful ideas?

cheers
T

sbiddle

28260 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

# 1679690 29-Nov-2016 18:54

One person supports this post

Why have the different subnets? With no VLAN's for isolation it's pretty pointless.

BTW you have switches, not hubs. They're two very different things!

gbwelly

846 posts

Ultimate Geek

Subscriber

# 1679692 29-Nov-2016 18:54

One person supports this post

We will need the gateway addresses (and subnet masks for anything that isn't /24) Traceroutes between the hosts would help. I presume the Pi is routing stuff you wouldn't want routed, and possibly routing via your VPN in the worst performing situations.

aquatarkus

55 posts

Master Geek

# 1679749 29-Nov-2016 19:47

To sbiddle:

Yes switches not hubs, sorry.

By organising things this way only the pi needs certification for the VPN and any machines that attach to the work subnet will automatically have access to it. I maintain dhcpd.conf and private.db tables on the pi and that all works. The work machines can access home subnet devices (printers, scanner, NAS, etc.) either by IP address or by qualifying the node name (e.g. br4570cdn.home). Meanwhile the work subnet is effectively invisible to the home subnet.

To gbwelly:

The (work) XPS15
--------------------

Host name: tarkus
Primary DNS suffix:
Node type: Hybrid
IP routing enabled: No
WINS proxy enabled: No
DNS suffix search list: uk.worknetwork.com

Connection-specific DNS suffix: uk.worknetwork.com
IPv4 address: 172.16.9.5
Subnet mask: 255.255.255.240
Default gateway: 172.16.9.1
DHCP server: 192.168.0.1
DNS servers: 172.16.9.1

tracert 172.16.9.4
Tracing route to phaedra.ik.worknetwork.com [172.16.9.4]
1 <1 ms <1 ms <1 ms phaedra.uk.worknetwork.com [[172.16.9.4]

tracert 192.168.0.4
Tracing route to diskstation.home [192.168.0.4]
1 <1 ms <1 ms <1 ms 172.16.9.1
2 1 ms 1 ms <1 ms diskstation.home [192.168.0.4]

The (home) desktop
----------------------

Host name: maestro
Primary DNS suffix:
Node type: Hybrid
IP routing enabled: No
WINS proxy enabled: No
DNS suffix search list: home

Connection-specific DNS suffix: home
IPv4 address: 192.168.0.21
Subnet mask: 255.255.255.0
Default gateway: 192.168.0.254
DHCP server: 192.168.0.1
DNS servers: 8.8.8.8, 8.8.1.1

tracert 172.16.9.5
Tracing route to 172.16.9.5
1 2 ms 3 ms 3 ms 192.168.0.254
2 ~ ~ ~ Request timed out.
3 ~ ~ ~ Request timed out.
etc.

tracert 192.168.0.4
Tracing route to diskstation [192.168.0.4]
1 <1 ms <1 ms <1 ms 192.168.0.4

Obviously uk.worknetwork.com is not the real address :-)

Is there anything else you need?

cheers
T

richms

22497 posts

Uber Geek

Trusted

Subscriber

# 1679755 29-Nov-2016 20:08

So its going thru the pi which has a trash network performance at the best of times.

Richard rich.ms

chevrolux

4202 posts

Uber Geek

# 1679791 29-Nov-2016 20:48

One person supports this post

Yea the 172 network only knows how to get to the 192 network because of the Pi. So all the traffic is pumping through the poor little Pi.

You really want your two networks to come from the main router terminating the internet connection. Or upgrade the Pi to something that can handle the traffic (ie Mikrotik).

But just wondering, is the Pi just NAT'ing the 172 out over the OpenVPN interface? Or is there a proper route for that subnet at both ends? If it is just NAT'ing out over the OpenVPN interface's single IP address then you could just use it as a secondary gateway on your network. Just change the 'Work' PC's to be in the 192 network but manually set the gateway/dns addresses on those machines to the Pi's IP. That way all your local traffic is just going through the switches and internet bound traffic goes over your VPN.

Otherwise, get rid of the 659, put in a proper router with OpenVPN capabilities and set it up properly.

richms

22497 posts

Uber Geek

Trusted

Subscriber

# 1679796 29-Nov-2016 20:56

Buy an odroid - similar to the pi, but a real gig ethernet interface on it not a bodge job of a USB to 100 megabit adapter. They can do pretty damn good speeds and are not much more than a pi.

Richard rich.ms

aquatarkus

55 posts

Master Geek

# 1679861 29-Nov-2016 22:44

Thanks everyone, at least I know what's going on now. The odroid looks interesting, I'd never heard of it before. Have you seen one in the wild?

cheers
T

aquatarkus

55 posts

Master Geek

# 1680175 30-Nov-2016 16:21

The fix is easy when you see it. The Synology NAS has four LAN ports so that it can support link aggregation (which I don't use). So it's easy to run a second cable to it and let the DHCP server allocate one connection to the home network and the other to the work one. There is no pi bottleneck any more, hooray.
Might still look at replacing the pi with an odroid or a NUC in the future though.

Cheers
T

richms

22497 posts

Uber Geek

Trusted

Subscriber

# 1680272 30-Nov-2016 19:47

Problem is if you use the name of it, windows is not that smart at resolving it to the one that is the fastest.

Richard rich.ms