Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
0
Helpful
3
Replies

frustrating performance issues with CBAC

tato386
Level 6
Level 6

‎08-05-2011 07:59 AM - edited ‎03-11-2019 02:08 PM

I have half a dozen, late model 2800 series routers connected to 30M+ cable modem connections running recent IOS and CBAC firewall.  Very simple config.  NAT overload on the public interface of the router.  Inbound acces-list that allows ICMP traffic.  Inspect lists on inside interface inbound direction.  Very straightforward. Performace for clients behind the CBAC/router is abysmal in all cases except one.  Download at 3-5MB.  Uploads slightly better at 4-8MB but nothing close to 30MB.  One router gets over 20MB up and down but it is the exception.  All routers are identical in IOS version and config.  Cannot figure out for the life of me why only one gets decent speed.

Of course when you connect a PC client directly to the modems they all reach very close to advertised speed.  If all routers where slow then I would think that a 2800 running CBAC simply can't achieve that type of throughtput but we are only talking 30MB here and besides one router does get good speed.

Anybody have any ideas and/or recommendations?

Thanks,
Diego

Labels:
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎08-05-2011 08:48 AM

What do the resource utilizations on the router look like (ie CPU, MEM, NAT Trans)? What is the performance when you plug the PC directly into the router?

0 Helpful

tato386
Level 6
Level 6
In response to Collin Clark

‎08-08-2011 06:48 PM

Resources on the router are all showing very light loads.  Additionaly we do the test after hours in order to achieve the most accurare results possible.   Even with just one PC accessing the Internet we never get more that 5MB or so on a 30MB cable modem connection.

When we connect the PC directly to the cable modem we get 20-25MB downloads which would be fine with us if we could achieve these same speeds from behind the router.

Thanks,

Diego

0 Helpful

lcaruso
Level 6
Level 6

‎08-08-2011 07:07 PM

I'd be inclined to take a peek at sh int for any issues.

If it's recent IOS, why not try ZBF instead?

As far as the one router that works, compare its interface stats, all firmware, etc down to the smaller details against the others and see if you can spot any differences.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card