891FW Throughput

bcook17 · ‎03-05-2018

What WAN Port speeds should I expect when using a 891FW Router?

Currently the router is maxing out at 230 Mbps Down on a speed test. If I plug directly into my internet I am getting 941 Mb Down and 41 Mbps up.

When I run the speed test the CPU on the router is maxing out and the highest process is c800_dx_mrvl_sta. Any tips for getting the CPU down on this router so I can maximize my throughput.

Leo Laohoo · ‎03-06-2018

50 Mbps.

What is the size of the WAN link?

bcook17 · ‎03-12-2018

It's a 1 GB Down and 40 MB Up Cable Modem Connection which is well over 50 MB.

Leo Laohoo · ‎03-12-2018

890 is not rated to push <50 Mbps of traffic. Good luck trying to download at 1 Gbps.

Joseph W. Doherty · ‎03-07-2018

First be aware, Cisco recommends an 890 for only 15 Mbps of bandwidth, so don't count on getting the same transfer rate as when you connect directly to the Internet.

To maximize the 890's performance, you need to use the fewest features possible and you need to use what you use, if possible, as most efficiently as possible.

If you post your config, we might be able to make additional suggestions.

bcook17 · ‎03-12-2018

Joseph,

I appreciate any help you can provide.

Here is my configuration to get some recommendations on how to improve performance.

I have blanked out all the public IP's that were present.

Joseph W. Doherty · ‎03-12-2018

Oh my, your config is really taking advantage of your router's software features.

I would first look to see if NBAR's deep packet inspection can be minimized. Likewise whether your FW rules and NAT might be simplified. Further minimize usage of the ACL/ACE LOG option. Insure, if possible, ACL's ACE and/or class-map statements are ordered such that the most common matches first.

Your config is so involved, it would take hours to analyze and I don't know the full context of what your network requirements are. Keep in mind the more your router needs to do, the its throughput decreases.

BTW
ip route 10.138.0.0 255.255.240.0 Tunnel2
Also if possible, try to avoid route statement to just an interface.

bcook17 · ‎03-12-2018

Thanks for the feedback.

Yeah my router is doing a lot of things with VPN etc but very limited traffic using them.

On the ACL's it does need to be cleaned up a lot though since several of the ACL's are not applied anywhere now since I removed a few VLAN's and the DMVPN I had on Tunnel 0 and Tunnel 1 and I know that is a mess to go through I have been trying to clean it up.

I will go through and remove the logging on them and see if I can reorder anything that is a great point I didn't think to do that.

Regarding NBAR is this the only configuration you were seeing with that:

ip nbar custom cuva udp 5445

I removed the route with Tunnel 2 and will see if that helps.

Thanks again.

Joseph W. Doherty · ‎03-13-2018

BTW "match protocol", I believe, uses NBAR.

bcook17 · ‎03-13-2018

Ok good to know. I will try and remove that from all places in the config.