Solved

X440-G2 or X450-G2 as access switch?


Userlevel 3

Hi!

Would the X440-G2 be a suitable access switch in a large network? Segmentation is OK so most places where these would sit have some 15 VLANs and a total of max 2500 MAC addresses. The X440 (non-G2) was not a very good switch in these situations with its tiny little CPU and a nonexistent table space for arp, multicast routes and so on. I know the G2 has much larger tables and probably a better CPU, but is it suitable in this role? There’s no fancy stuff going on, just L2 with ELRP, LAG, and EAPS in some cases (only as transit node). Access is 1 G and uplink will be 2 x 10 G (so 10 G license needed for the X440-G2).

Do you regret not buying the X450-G2 instead? Are you happy with the X440-G2? Please let me know your thoughts!

/Fredrik

icon

Best answer by Tomasz 8 May 2020, 15:19

Hi,

I’ve seen deployments with 4-5 and up to 7 stacked X440-G2s. With 4-5 it was still ok (but rather small network utilization on average - number of APs, cameras, VoIP), with 7 it was tough when we enabled Extreme Policy (ONEPolicy in EXOS docs) and Telemetry at the same time. There was some issue with slice reservation for these features and I was struggling with that a bit. When both features finally got enabled on this huge stack, few times per hour some AP-facing ports were going down for few seconds. And so huge wireless area was down for couple of minutes (AP reboot due to controller loss). With EXOS 30.x couple of slice management and Policy behavior improvements have been introduced (per release notes) so perhaps it could be better now. But still, CPU for X440-G2 as a master node may be some caveat and personally I recommend not more than 5 units in a stack, but in the end it will depend on what features you wish to use and what is the traffic pattern.

 

Hope that helps,

Tomasz

View original

10 replies

Userlevel 4

Hi FredrikB,

It highly depends what are those hosts, if they are some windows hosts which generate a lot of link local service multicast like LLMNR/UPnP/mDNS then switch’s CPU will be always under stress. It is per standards that all those multicast streams should be cached, but any link flap may cause high CPU usage or even CPU congestions, and if you are using stacks at the Edge it will be multiply factor for the issue, as Master’s CPU must process much bigger number of operations. The solution for this is described in the article https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-flood-service-multicast-in-a-hardware-instead-of-lifting-to-the-CPU/?q=LLMNR&l=en_US&fs=Search&pn=1

this ACL should be applied on every single edge switch.

Also I would not recommend to configure aggressive ELRP timers, default values is OK.

If you will follow above recommendations X440G2 should be OK for you.

 

Best Regards,

Nikolay

Userlevel 3

Thanks Nikolay! We have also used these on the X440 (“G1”):

configure igmp snooping filters per-vlan

configure forwarding ipmc lookup-key group-vlan

That has improved the performance quite considerably, CPU-wise.

 

More thoughts, anyone?

 

/Fredrik

Userlevel 3
Badge

my credentials for choosing X440G2 vs. X450...

You should use X450G2 instead of X440G2 when:

  • you have a lot of multicast traffic / applications
  • you want to create stacks with more than 2 units
  • you have a lot of client-client communication between stack-units
  • you have a bigger policy-rule set
Userlevel 3

Thanks for your reply, Peter!

There’s not much multicast other than uPNP and the like from Windows and Mac computers, and intra-client communication is very sparse. Also, the policy rule sets are limited. I still wonder why you say the X440-G2 is not suitable with bigger rule sets; aren’t those handled in hardware anyway? Are you referring to constrained ACL space or something else?

The main concern would be stacks. I do think stacks with more than two -48p units are on the wish-list , so that might be a reason to choose the X450-G2. Do you have personal experience with poor performance in the X440-G2 and larger stacks? I’ve seen problems with the old X450e and the old X440 (non-G2) where memory could get deleted and the CPU would not keep up.

/Fredrik

Userlevel 3
Badge

Thanks for your reply, Peter!

There’s not much multicast other than uPNP and the like from Windows and Mac computers, and intra-client communication is very sparse. Also, the policy rule sets are limited. I still wonder why you say the X440-G2 is not suitable with bigger rule sets; aren’t those handled in hardware anyway? Are you referring to constrained ACL space or something else?

The main concern would be stacks. I do think stacks with more than two -48p units are on the wish-list , so that might be a reason to choose the X450-G2. Do you have personal experience with poor performance in the X440-G2 and larger stacks? I’ve seen problems with the old X450e and the old X440 (non-G2) where memory could get deleted and the CPU would not keep up.

/Fredrik

With policy I mean (one)policy framework (implemented from legacy enterasys) - not ACLs… There are differences in scaling and even in same functions, when I remember right.

Performance in stacks… In general the performance of G2 Devices is much better than G1.

Yes, I’ve experience with poor performance in the X440-G2 and larger stacks.

At least management functions are much slower (CLI, SNMP, and even Radius)...

Userlevel 4

Also, if you want two power supplies the x450-g2 is the nicer solution. Plus they are modular.

Sometimes I had to use  x440-g2 stacks - they were running fine, but had some minor issues with firmware upgrading.

Userlevel 3

Yes, the possibility for dual power is nice, but tends to be expensive. I’ve actually not seen that many power supply failures in Extreme and having a spare or two makes it easy to replace access switches that fail. In a core switch it’s a given to have dual power, but in this case, not in the access layer. This customer even uses single PSU in the distribution since they have an MLAG setup there, so redundancy is there anyway.

my credentials for choosing X440G2 vs. X450...

You should use X450G2 instead of X440G2 when:

  • you have a lot of multicast traffic / applications
  • you want to create stacks with more than 2 units
  • you have a lot of client-client communication between stack-units
  • you have a bigger policy-rule set

Hi Peter,

 

Is X440-G2 not capable of stacking more than 2 units?

Specifications say 8 units in a stack...

ta

Userlevel 3

I think he means that even if it is capable of stacking 8 units, it is not a suitable master in a stack of more than two switches and an X440-G2-only stack should be limited to two members ideally. The X440-G2 has some limitations that make the stack handling problematic and the increased number of clients connected to the stack also increases the stress on the CPU. Other resources, such as multicast routing entries, mac and route learning rate and so on could be factors causing problems with a low-end switch trying to cope with tasks it is not designed for. One way of reducing cost in a large stack could be to use X450-G2s as master and backup (say slot 1 and 2) and use X440-G2s as linecards in, say slot 3-8. The X450-G2 has a better CPU, but it will still not perform as an X450-G2 but more like an X440-G2 in this scenario. This is because it needs to lower table sizes and so on to match the weakest hardware in the stack. The CPU will be utilized to it’s full potential for management like SSH, SNMP and so on.

I’m sure you can find simple setups where an all X440-G2 8 slot stack would be quite sufficient, but in the real world so many factors come into play, like clients misbehaving, chatty OSes and so on, so in the end, large stacks should have more powder under the hood.

I have seen this myself in the previous generations (X450e and X440 non-G2 mainly), but this thread is about the X440-G2 that I don’t have much hands on experience of just yet.

/Fredrik

Userlevel 6
Badge

Hi,

I’ve seen deployments with 4-5 and up to 7 stacked X440-G2s. With 4-5 it was still ok (but rather small network utilization on average - number of APs, cameras, VoIP), with 7 it was tough when we enabled Extreme Policy (ONEPolicy in EXOS docs) and Telemetry at the same time. There was some issue with slice reservation for these features and I was struggling with that a bit. When both features finally got enabled on this huge stack, few times per hour some AP-facing ports were going down for few seconds. And so huge wireless area was down for couple of minutes (AP reboot due to controller loss). With EXOS 30.x couple of slice management and Policy behavior improvements have been introduced (per release notes) so perhaps it could be better now. But still, CPU for X440-G2 as a master node may be some caveat and personally I recommend not more than 5 units in a stack, but in the end it will depend on what features you wish to use and what is the traffic pattern.

 

Hope that helps,

Tomasz

Reply