Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
1
Replies

PIX latency issue

John Trumbell
Level 1
Level 1

‎01-09-2015 12:44 PM - edited ‎03-11-2019 10:19 PM

Hi

I have the following device

Cisco PIX Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)

Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

FW1-Primary up 1 year 161 days
failover cluster up 2 years 32 days

Hardware:   PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB

 

We have a 100Mbps uplink to the internet, yet we always seem not to get the full bandwidtth. I've ruled out a number of other factors, the uplink isn't over utilized I've confirmed this by placing myself outside the FW and I get alot more bandwidth. There's no interface errors, nor high CPU or memory utilzation. I'm just wondering if excessive disabled rules would play a factor? Are usual average rx is around 12Mbps and tx is 5Mbps, yet download speeds are crazy low.

 

Any thoughts, thanks

John

Labels:
0 Helpful
1 Reply 1

joe19366
Level 1
Level 1

‎01-19-2015 04:07 AM

John,

 

Its unlikely you will ever get "the full bandwidth" for so many reasons. most ISP oversubscribe their bandwidth. we just got one large one to admit they have a deal with HULU and youtube to carry their traffic first, causing our citrix vdi traffic to crawl all day between NJ and Missiouri.

 

So, dont worry too much about the fact you are not getting "the full bandwidth".

 

I would go to speedtest.net for your area of the country, run 4-5 speed tests and figure out what you can expect. keep in mind, tcp rtt has a huge effect on how much utilization your tcp/ip stack can load on the network.

 

finally, if you are concerned about the pix -

 

put a server right on the outside and do a bidirectional iperf test with a 1M window size to the server right outside the pix from your inside client

 

on server --

c:\users\admin\downloads\iperf -s -w 1M

 

on client

c:\users\admin\downloads\ipsef -c 65.10.10.10 -w 1M -d  

 

(where 65.10.10.10 is the server's ip on the outside of your Pix)

 

if you get a really low speed - like 20mpbs - check the speed and duplex of all devices in the path.

I recommend auto/auto on all server, pix to switch, pix to router links.

 

thanks,

 

Joe

19366

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card