All,
I am using iperf to test throughput for server on different network going through my ASA.
Throughput is very low but when I test server to server on the same network its fast.
If I preform a iperf test to server to server on different networks using 100 connections at a time I can max out my bandwidth the entire way.
I ran a packet capture to see if packets were getting dropped as in the video located here:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113393-asa-troubleshoot-throughput-00.html
I do not see anything wrong. The maxim throughput for my ASA is 300 Mbps. I do not have any policeing to limit bandwidth.
Does the ASA have a maxim throughput per connection?
I can see the traffic leaving the server by looking at it interface on the switch port. But I can not tell on the ASA port because of all the other traffic
I know the ASA is not overloaded because if I do the iperf test using 100 connections at once I can see the bandwidth spike on the ASA. I am 99% sure its the ASA limiting per connection
*****more detail if needed****
below is my network
serverA---switch1----ASA----switch1------switch2----ASA----switch2----serverB
switch2---serverC
test1
setup
ServerA one connection via iperf to ServerB
looking at bandwidth on switch1 going to switch2 is see like 20 mbps (10gig link)
test2
setup
ServerA 100 connections via iperf to ServerB
looking at bandwidth on switch1 going to switch2 it maxes out the link (1gig link)
test3
setup
ServerB one connection via iperf to ServerC
The ASA is the DF for both serverB and C
when I do this I get 949 Mbits.
This tells me that the ASA is the issue.