Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
0
Helpful
1
Replies

ZBFW & Poor TCP Performance

Jonathan Still
Level 1
Level 1

‎12-17-2010 03:44 PM - edited ‎03-11-2019 12:24 PM

Hey all,

I've recently been seeing some issues on an 877W running c870-advipservicesk9-mz.124-24.T4.bin.  With certain sites (YouTube for example) we see transfer rates ramping up to around 6.5Mbps, which is close to the sync rate of the ADSL connection.  However, once at that peak, they start to drop off again and never recover - dropping to around a few bytes/sec.

Originally I suspected this would relate to windowing and/or PMTUD and so disabled the ZBFW.  Having done this, sites that were previously unusable were now working fine with acceptable download rates.  Reinstating ZBFW restores the prior behaviour.  Packet captures made on the host running the download and also on the router via RITE don't show up anything different between the 2 scenarios.

The ZBFW config is very straightforward - ZPs for IN-OUT, OUT-IN. OUT-IN and OUT-VPN/IN-VPN, with a whole bunch of protocols being inspected outbound (incl http, tcp, icmp), and everything else OUT being passed. Inbound, IPSEC protocols are matched and everything else is dropped.

Has anyone seen anything like this before?

Many thanks,

Jon.

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎12-17-2010 07:30 PM

Remove http inspection and try again.

If the problem still continues pls. consider upgrading to the latest 15.x train.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card