問題描述:
問題1:WAN口的帶寬是千兆下行,過防火牆之前的速度是950Mbps,過防火牆後的隻剩下600+Mbps,已經排除資源下載的問題,確認瓶頸就出現在這台防火牆上,同時CPU也占用比較高,這台設備21年生產,版本是目前24年最新版號稱千兆速率,是什麼原因導致
問題2:LAN口已經劃分為二層口用VLAN關聯起來,同個VLAN下的兩台電腦用SMB協議跑內網傳文件,隻有50+mb/s,也遠遠達不到千兆帶寬
防火牆的上一級設備是MT7621主控,這台能跑滿接近千兆帶寬,無論是WAN口還是純內網
想問下瓶頸是出現在哪裏?
[H3C F1000-T200]%Nov 26 11:32:33:334 2024 H3C F1000-T200 DIAG/1/CPU_RECOVER_THRESHOLD: CPU usage has dropped down to normal levels.
[H3C F1000-T200]display cpu-usage
Slot 1 CPU 0 CPU usage:
70% in last 5 seconds
17% in last 1 minute
51% in last 5 minutes
- 2024-11-26提問
- 舉報
-
(0)
最佳答案
當前型號屬於定製設備,請聯係購買渠道方麵處理。
- 2024-11-26回答
- 評論(2)
- 舉報
-
(0)
確實是運營商定製的專線硬件,目前已經過保,求助一下論壇的大神
開了一些功能後帶寬性能會下降的
- 2024-11-26回答
- 評論(3)
- 舉報
-
(0)
# version 7.1.064, Release 9560P48 # sysname H3C F1000-T200 # clock timezone Beijing add 08:00:00 clock protocol ntp # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # nat log enable nat log flow-begin nat log flow-end nat alg h323 nat alg ils nat alg mgcp nat alg nbt nat alg rsh nat alg sccp nat alg sctp nat alg sip nat alg sqlnet nat alg tftp nat alg xdmcp nat log no-pat ip-usage nat log alarm # dhcp enable # dns proxy enable dns server 114.114.114.114 dns server 202.96.128.86 dns server 223.5.5.5 dns snooping enable # ip subscriber access-user log enable successful-login failed-login logout normal abnormal ipv6 subscriber access-user log enable successful-login failed-login logout normal abnormal # password-recovery enable # vlan 1 # dhcp server ip-pool GE1/0/3-192.168.203.0/24 gateway-list 192.168.203.1 network 192.168.203.0 mask 255.255.255.0 dns-list 192.168.203.1 # dhcp server ip-pool VLAN001 gateway-list 192.168.208.1 network 192.168.208.0 mask 255.255.255.0 dns-list 114.114.114.114 223.5.5.5 202.96.128.86 # dhcp server ip-pool g0 gateway-list 192.168.0.1 network 192.168.0.0 mask 255.255.255.0 dns-list 223.5.5.5 114.114.114.114 # controller Cellular1/0/0 # controller Cellular1/0/1 # interface NULL0 # interface Vlan-interface1 description VLAN1 ip address 192.168.208.1 255.255.255.0 manage ping inbound manage ping outbound # interface GigabitEthernet1/0/0 port link-mode route description GE1/0/0 bandwidth 1000000 combo enable copper ip address dhcp-alloc nat outbound disable undo dhcp select server # interface GigabitEthernet1/0/1 port link-mode route description GE1/0/1 bandwidth 1000000 combo enable copper ip address dhcp-alloc undo dhcp select server # interface GigabitEthernet1/0/2 port link-mode route description GE1/0/2 ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/3 port link-mode route description GE1/0/3 ip address 192.168.203.1 255.255.255.0 manage ping inbound manage ping outbound # interface GigabitEthernet1/0/4 port link-mode bridge # interface GigabitEthernet1/0/5 port link-mode bridge # interface GigabitEthernet1/0/6 port link-mode bridge # interface GigabitEthernet1/0/7 port link-mode bridge # interface GigabitEthernet1/0/8 port link-mode bridge # interface GigabitEthernet1/0/9 port link-mode bridge # interface GigabitEthernet1/0/10 port link-mode bridge # interface GigabitEthernet1/0/11 port link-mode bridge # security-zone name Local # security-zone name Trust import interface GigabitEthernet1/0/3 import interface Vlan-interface1 import interface GigabitEthernet1/0/4 vlan 1 import interface GigabitEthernet1/0/5 vlan 1 import interface GigabitEthernet1/0/6 vlan 1 import interface GigabitEthernet1/0/7 vlan 1 import interface GigabitEthernet1/0/8 vlan 1 import interface GigabitEthernet1/0/9 vlan 1 import interface GigabitEthernet1/0/10 vlan 1 import interface GigabitEthernet1/0/11 vlan 1 # security-zone name DMZ # security-zone name Untrust import interface GigabitEthernet1/0/0 import interface GigabitEthernet1/0/1 # security-zone name Management import interface GigabitEthernet1/0/2 # scheduler logfile size 16 # line class aux user-role network-operator # line class console authentication-mode scheme user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # ip route-static 0.0.0.0 0 192.168.101.1 # customlog format attack-defense customlog format aft customlog format keepalive sgcc customlog format dpi audit customlog format dpi url-filter customlog format dpi netshare customlog format dpi ips customlog format dpi anti-virus customlog format dpi reputation customlog format dpi sandbox # userlog flow export version 5 # snmp-agent snmp-agent local-engineid 800063A280083A38356B5200000001 snmp-agent sys-info version v3 # performance-management # ssh server enable # arp ip-conflict log prompt # ntp-service enable ntp-service refclock-master ntp-service unicast-server 202.118.1.46 version 1 # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$vvK1QaVDmsHbmo9x$VGpxJ9CJUvtfDeaKVRfwqjvnwQIzWVWbXz1uSbA89h9DCiFFD9fjK/CEo/gUFAcxisJc1nT9tyjvB3HxlKJd+w== service-type ftp service-type pad ssh telnet terminal http https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # undo ssl version gm-tls1.1 disable undo ssl renegotiation disable undo ssl version ssl3.0 disable undo ssl version tls1.0 disable # session statistics enable session log flow-begin session log flow-end # ipsec logging negotiation enable # nat policy rule name ALL_GE1/0/0 outbound-interface GigabitEthernet1/0/0 action easy-ip rule name ALL_GE1/0/1 outbound-interface GigabitEthernet1/0/1 action easy-ip # aft log enable aft log flow-begin aft log flow-end # apr signature auto-update update schedule daily start-time 00:00:00 tingle 120 # ike logging negotiation enable # ip https enable web idle-timeout 60 # blacklist global enable blacklist logging enable # url-filter signature auto-update update schedule daily start-time 00:00:00 tingle 120 # ips signature auto-update update schedule daily start-time 00:00:00 tingle 120 # app-profile 1_IPv4 ips apply policy default mode protect data-filter apply policy default url-filter apply policy default file-filter apply policy default anti-virus apply policy default mode protect apt apply policy default # inspect logging parameter-profile av_logging_default_parameter undo log syslog # inspect logging parameter-profile ips_logging_default_parameter undo log syslog log language chinese # inspect logging parameter-profile url_logging_default_parameter # inspect email parameter-profile mailsetting_default_parameter undo authentication enable # loadbalance isp file flash:/lbispinfo_v1.5.tp # loadbalance alg h323 loadbalance alg ils loadbalance alg mgcp loadbalance alg nbt loadbalance alg rsh loadbalance alg sccp loadbalance alg sip loadbalance alg sqlnet loadbalance alg tftp loadbalance alg xdmcp # traffic-policy all-traffic-control enable rule 3 name 1Gbps action qos profile 1gbps profile name 1gbps bandwidth downstream guaranteed 1000000 bandwidth downstream maximum 1000000 bandwidth upstream guaranteed 1000000 bandwidth upstream maximum 1000000 tcp mss 1300 # ip-reputation global enable top-hit-statistics enable # security-policy ip rule 1 name Trust_Untrust_IPv4_01 action pass logging enable counting enable profile 1_IPv4 source-zone Trust destination-zone Untrust rule 2 name Trust_Untrust_IPv4_02 action pass counting enable source-zone Trust destination-zone Untrust rule 0 name GuideSecPolicy action pass logging enable counting enable source-zone Local source-zone Trust source-zone Untrust source-zone Management destination-zone Local destination-zone Trust destination-zone Untrust destination-zone Management # dac log-collect service attack-defense blacklist enable dac log-collect service attack-defense flood enable dac log-collect service attack-defense ipcar_alarm enable dac log-collect service attack-defense ipcar_statistics enable dac log-collect service attack-defense scan enable dac log-collect service attack-defense signature enable dac log-collect service dpi abnormaltraffic enable dac log-collect service dpi reputation enable dac log-collect service dpi terminal enable dac log-collect service dpi traffic enable dac log-collect service dpi waf enable dac log-collect service lb SSL enable dac log-collect service lb cache enable dac log-collect service lb dnsproxy enable dac log-collect service lb dnsresponse enable dac log-collect service lb domain enable dac log-collect service lb http enable dac log-collect service lb link enable dac log-collect service lb linkapp enable dac log-collect service lb linkinfo enable dac log-collect service lb linkmatchclass enable dac log-collect service lb linkstatus enable dac log-collect service lb linkwarning enable dac log-collect service lb member enable dac log-collect service lb memberstatus enable dac log-collect service lb nodewarning enable dac log-collect service lb outbound enable dac log-collect service lb overviewdomain enable dac log-collect service lb overviewlink enable dac log-collect service lb overviewmember enable dac log-collect service lb overviewrs enable dac log-collect service lb overviewsf enable dac log-collect service lb overviewvs enable dac log-collect service lb protectattack enable dac log-collect service lb protectwarning enable dac log-collect service lb realserver enable dac log-collect service lb rsstatus enable dac log-collect service lb serverfarm enable dac log-collect service lb serverfarmstatus enable dac log-collect service lb virtualserver enable dac log-collect service lb virtualserverstatus enable dac log-collect service nat flow_log enable dac log-collect service packet-filter security_policy enable dac log-collect service sandbox detail enable dac log-collect service sandbox log enable dac log-collect service security-policy counting enable dac traffic-statistic user enable verbose dac traffic-statistic application enable verbose # ips policy guideipspolicy object-dir client severity-level critical protect-target WebServer Any protect-target WebServer Apache protect-target WebServer IIS protect-target WebServer Other protect-target WebServer Tomcat protect-target WebServer WebLogic # ips logging parameter-profile ips_logging_default_parameter # anti-virus signature auto-update update schedule daily start-time 00:00:00 tingle 120 # anti-virus logging parameter-profile av_logging_default_parameter # url-reputation signature auto-update update schedule daily start-time 00:00:00 tingle 120 # domain-reputation global enable top-hit-statistics enable # domain-reputation signature auto-update update schedule daily start-time 00:00:00 tingle 120 # ip-reputation signature auto-update update schedule daily start-time 00:00:00 tingle 120 # dac storage service dpi traffic limit usage 60 dac storage service traffic limit usage 60 # cloud-management server domain ops.seccloud.h3c.com # return
現在策略路由裏麵都any-any直通的
# version 7.1.064, Release 9560P48 # sysname H3C F1000-T200 # clock timezone Beijing add 08:00:00 clock protocol ntp # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # nat log enable nat log flow-begin nat log flow-end nat alg h323 nat alg ils nat alg mgcp nat alg nbt nat alg rsh nat alg sccp nat alg sctp nat alg sip nat alg sqlnet nat alg tftp nat alg xdmcp nat log no-pat ip-usage nat log alarm # dhcp enable # dns proxy enable dns server 114.114.114.114 dns server 202.96.128.86 dns server 223.5.5.5 dns snooping enable # ip subscriber access-user log enable successful-login failed-login logout normal abnormal ipv6 subscriber access-user log enable successful-login failed-login logout normal abnormal # password-recovery enable # vlan 1 # dhcp server ip-pool GE1/0/3-192.168.203.0/24 gateway-list 192.168.203.1 network 192.168.203.0 mask 255.255.255.0 dns-list 192.168.203.1 # dhcp server ip-pool VLAN001 gateway-list 192.168.208.1 network 192.168.208.0 mask 255.255.255.0 dns-list 114.114.114.114 223.5.5.5 202.96.128.86 # dhcp server ip-pool g0 gateway-list 192.168.0.1 network 192.168.0.0 mask 255.255.255.0 dns-list 223.5.5.5 114.114.114.114 # controller Cellular1/0/0 # controller Cellular1/0/1 # interface NULL0 # interface Vlan-interface1 description VLAN1 ip address 192.168.208.1 255.255.255.0 manage ping inbound manage ping outbound # interface GigabitEthernet1/0/0 port link-mode route description GE1/0/0 bandwidth 1000000 combo enable copper ip address dhcp-alloc nat outbound disable undo dhcp select server # interface GigabitEthernet1/0/1 port link-mode route description GE1/0/1 bandwidth 1000000 combo enable copper ip address dhcp-alloc undo dhcp select server # interface GigabitEthernet1/0/2 port link-mode route description GE1/0/2 ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/3 port link-mode route description GE1/0/3 ip address 192.168.203.1 255.255.255.0 manage ping inbound manage ping outbound # interface GigabitEthernet1/0/4 port link-mode bridge # interface GigabitEthernet1/0/5 port link-mode bridge # interface GigabitEthernet1/0/6 port link-mode bridge # interface GigabitEthernet1/0/7 port link-mode bridge # interface GigabitEthernet1/0/8 port link-mode bridge # interface GigabitEthernet1/0/9 port link-mode bridge # interface GigabitEthernet1/0/10 port link-mode bridge # interface GigabitEthernet1/0/11 port link-mode bridge # security-zone name Local # security-zone name Trust import interface GigabitEthernet1/0/3 import interface Vlan-interface1 import interface GigabitEthernet1/0/4 vlan 1 import interface GigabitEthernet1/0/5 vlan 1 import interface GigabitEthernet1/0/6 vlan 1 import interface GigabitEthernet1/0/7 vlan 1 import interface GigabitEthernet1/0/8 vlan 1 import interface GigabitEthernet1/0/9 vlan 1 import interface GigabitEthernet1/0/10 vlan 1 import interface GigabitEthernet1/0/11 vlan 1 # security-zone name DMZ # security-zone name Untrust import interface GigabitEthernet1/0/0 import interface GigabitEthernet1/0/1 # security-zone name Management import interface GigabitEthernet1/0/2 # scheduler logfile size 16 # line class aux user-role network-operator # line class console authentication-mode scheme user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # ip route-static 0.0.0.0 0 192.168.101.1 # customlog format attack-defense customlog format aft customlog format keepalive sgcc customlog format dpi audit customlog format dpi url-filter customlog format dpi netshare customlog format dpi ips customlog format dpi anti-virus customlog format dpi reputation customlog format dpi sandbox # userlog flow export version 5 # snmp-agent snmp-agent local-engineid 800063A280083A38356B5200000001 snmp-agent sys-info version v3 # performance-management # ssh server enable # arp ip-conflict log prompt # ntp-service enable ntp-service refclock-master ntp-service unicast-server 202.118.1.46 version 1 # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$vvK1QaVDmsHbmo9x$VGpxJ9CJUvtfDeaKVRfwqjvnwQIzWVWbXz1uSbA89h9DCiFFD9fjK/CEo/gUFAcxisJc1nT9tyjvB3HxlKJd+w== service-type ftp service-type pad ssh telnet terminal http https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # undo ssl version gm-tls1.1 disable undo ssl renegotiation disable undo ssl version ssl3.0 disable undo ssl version tls1.0 disable # session statistics enable session log flow-begin session log flow-end # ipsec logging negotiation enable # nat policy rule name ALL_GE1/0/0 outbound-interface GigabitEthernet1/0/0 action easy-ip rule name ALL_GE1/0/1 outbound-interface GigabitEthernet1/0/1 action easy-ip # aft log enable aft log flow-begin aft log flow-end # apr signature auto-update update schedule daily start-time 00:00:00 tingle 120 # ike logging negotiation enable # ip https enable web idle-timeout 60 # blacklist global enable blacklist logging enable # url-filter signature auto-update update schedule daily start-time 00:00:00 tingle 120 # ips signature auto-update update schedule daily start-time 00:00:00 tingle 120 # app-profile 1_IPv4 ips apply policy default mode protect data-filter apply policy default url-filter apply policy default file-filter apply policy default anti-virus apply policy default mode protect apt apply policy default # inspect logging parameter-profile av_logging_default_parameter undo log syslog # inspect logging parameter-profile ips_logging_default_parameter undo log syslog log language chinese # inspect logging parameter-profile url_logging_default_parameter # inspect email parameter-profile mailsetting_default_parameter undo authentication enable # loadbalance isp file flash:/lbispinfo_v1.5.tp # loadbalance alg h323 loadbalance alg ils loadbalance alg mgcp loadbalance alg nbt loadbalance alg rsh loadbalance alg sccp loadbalance alg sip loadbalance alg sqlnet loadbalance alg tftp loadbalance alg xdmcp # traffic-policy all-traffic-control enable rule 3 name 1Gbps action qos profile 1gbps profile name 1gbps bandwidth downstream guaranteed 1000000 bandwidth downstream maximum 1000000 bandwidth upstream guaranteed 1000000 bandwidth upstream maximum 1000000 tcp mss 1300 # ip-reputation global enable top-hit-statistics enable # security-policy ip rule 1 name Trust_Untrust_IPv4_01 action pass logging enable counting enable profile 1_IPv4 source-zone Trust destination-zone Untrust rule 2 name Trust_Untrust_IPv4_02 action pass counting enable source-zone Trust destination-zone Untrust rule 0 name GuideSecPolicy action pass logging enable counting enable source-zone Local source-zone Trust source-zone Untrust source-zone Management destination-zone Local destination-zone Trust destination-zone Untrust destination-zone Management # dac log-collect service attack-defense blacklist enable dac log-collect service attack-defense flood enable dac log-collect service attack-defense ipcar_alarm enable dac log-collect service attack-defense ipcar_statistics enable dac log-collect service attack-defense scan enable dac log-collect service attack-defense signature enable dac log-collect service dpi abnormaltraffic enable dac log-collect service dpi reputation enable dac log-collect service dpi terminal enable dac log-collect service dpi traffic enable dac log-collect service dpi waf enable dac log-collect service lb SSL enable dac log-collect service lb cache enable dac log-collect service lb dnsproxy enable dac log-collect service lb dnsresponse enable dac log-collect service lb domain enable dac log-collect service lb http enable dac log-collect service lb link enable dac log-collect service lb linkapp enable dac log-collect service lb linkinfo enable dac log-collect service lb linkmatchclass enable dac log-collect service lb linkstatus enable dac log-collect service lb linkwarning enable dac log-collect service lb member enable dac log-collect service lb memberstatus enable dac log-collect service lb nodewarning enable dac log-collect service lb outbound enable dac log-collect service lb overviewdomain enable dac log-collect service lb overviewlink enable dac log-collect service lb overviewmember enable dac log-collect service lb overviewrs enable dac log-collect service lb overviewsf enable dac log-collect service lb overviewvs enable dac log-collect service lb protectattack enable dac log-collect service lb protectwarning enable dac log-collect service lb realserver enable dac log-collect service lb rsstatus enable dac log-collect service lb serverfarm enable dac log-collect service lb serverfarmstatus enable dac log-collect service lb virtualserver enable dac log-collect service lb virtualserverstatus enable dac log-collect service nat flow_log enable dac log-collect service packet-filter security_policy enable dac log-collect service sandbox detail enable dac log-collect service sandbox log enable dac log-collect service security-policy counting enable dac traffic-statistic user enable verbose dac traffic-statistic application enable verbose # ips policy guideipspolicy object-dir client severity-level critical protect-target WebServer Any protect-target WebServer Apache protect-target WebServer IIS protect-target WebServer Other protect-target WebServer Tomcat protect-target WebServer WebLogic # ips logging parameter-profile ips_logging_default_parameter # anti-virus signature auto-update update schedule daily start-time 00:00:00 tingle 120 # anti-virus logging parameter-profile av_logging_default_parameter # url-reputation signature auto-update update schedule daily start-time 00:00:00 tingle 120 # domain-reputation global enable top-hit-statistics enable # domain-reputation signature auto-update update schedule daily start-time 00:00:00 tingle 120 # ip-reputation signature auto-update update schedule daily start-time 00:00:00 tingle 120 # dac storage service dpi traffic limit usage 60 dac storage service traffic limit usage 60 # cloud-management server domain ops.seccloud.h3c.com # return
編輯答案
親~登錄後才可以操作哦!
確定你的郵箱還未認證,請認證郵箱或綁定手機後進行當前操作
舉報
×
侵犯我的權益
×
侵犯了我企業的權益
×
- 1. 您舉報的內容是什麼?(請在郵件中列出您舉報的內容和鏈接地址)
- 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
- 3. 是哪家企業?(營業執照,單位登記證明等證件)
- 4. 您與該企業的關係是?(您是企業法人或被授權人,需提供企業委托授權書)
抄襲了我的內容
×
原文鏈接或出處
誹謗我
×
- 1. 您舉報的內容以及侵犯了您什麼權益?(請在郵件中列出您舉報的內容、鏈接地址,並給出簡短的說明)
- 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
對根叔社區有害的內容
×
不規範轉載
×
舉報說明
這個就建議續保或聯係購買渠道協調技術支持了。