Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
20
Helpful
6
Replies

LAN side 1Gb link reflecting WAN 4Mbps throughput - bandwidth capture

Go to solution
SJ K
Level 5
Level 5

‎07-02-2018 11:06 AM - edited ‎03-08-2019 03:32 PM

Hi all,

I am having this confusion for quite sometime now.

I have a simple setup with a FW connected to L2 switch then to an ISP router. My ISP link has a 4Mb capped on the egress.

[My FW] <-1Gb link-> [p0 L2 Switch p1] <-1Gb link-> [ISP Router] <- 4Mb link ->

Doing a SNMP bandwidth capture on switch2's port1 (facing ISP router), it is reflecting a 4Mb maximum bandwidth usage.

 

But what I don't understand is this as below ->

You might say, the ISP maximum bandwidth is capped at 4Mb, thus the bandwidth capture is correct.

But the link between the switch and the router is a 1Gb link and there isn't any policing/shaping down at the ingress port at the Router.

 

The FW doesn't know the Router has a 4Mb capped, it will just send all the traffic it needs over to the Router at full bandwidth of 1Gbps.

 

So why isn't the bandwidth capture reflect at port1 on the LAN side showing more then 4Mbps ?


p.s. the bandwidth graph show a maxout flat line of 4Mbps usage, so the Firewall is definitely sending more then 4Mbps,  but why isn't it reflecting in the graph since the capture is on the LAN side ?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
SJ K
Level 5
Level 5

‎07-05-2018 09:44 AM - edited ‎07-05-2018 09:45 AM

Hi all,

 

Just want to share if anyone encounter the same doubt as me.

 

The reason is simple, because I am using TCP traffic and TCP will somehow "shape"/"throttle" into the maximum bandwidth at the WAN side.

 

If I am sending UDP traffic, the LAN side bandwidth capture can go as high as the line rate

 

Regards,

Noob

View solution in original post

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to SJ K

‎07-05-2018 11:30 AM

"The reason is simple, because I am using TCP traffic and TCP will somehow "shape"/"throttle" into the maximum bandwidth at the WAN side."

Yup, indeed TCP does. TCP will slow its transmission rate when it detects drops. It will vary its transmission rate around the available bandwidth. Later TCP variants will also slow their transmission rate if they detect a jump in latency.

"If I am sending UDP traffic, the LAN side bandwidth capture can go as high as the line rate"

Yes, true for UDP itself, however some applications that use it will also self regulate their transmission rate. I.e. depending what UDP application you use, you may see it behave like TCP.

View solution in original post

6 Replies 6

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎07-02-2018 11:30 AM

Hi,

What is management software are you using to see the bandwidth usage?

HTH

Go to solution
SJ K
Level 5
Level 5
In response to Reza Sharifi

‎07-02-2018 06:03 PM - edited ‎07-02-2018 06:35 PM

Hi Reza.

 

Thanks for your reply. I tried a couple of tools like whatsup / zabbix but in fact this is happening to all my ISP links. The LAN side is capable of 1Gbps transfer but the bandwidth usage capture is reflecting the ISP's capped limit.

My confusion is our FW on the LAN side has no idea that the Router's Egress is capped at which limit and thus should be sending traffic towards the Router at full 1Gbps.

I checked the Router LAN port and there is no ingress policing/shaping.

So why is the capture at Switchp1 reflecting 4Mbps instead of a full 1Gbps ?

[FW] <--1Gbps--> [Switch p1] <--1Gbps--> [lan ROUTER wan] <--4Mbps cap-->

 

Regards,

Noob

 

 

 

0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎07-02-2018 12:03 PM

Hi,

As you mentioned that there is one Gigabits link till to ISP router and there is no policy etc so all traffic maximum 1gbps (may your firewall not support) forwarded to ISP router. Now ISP router having 4Mbps capping so traffic may put in Queue ( as per QoS configuration) or in the buffer or out of buffer traffic may drop. 

 

So why isn't the bandwidth capture reflect at port1 on the LAN side showing more than 4Mbps?

Ans: This is becuase capping is applied on the wan interface and router is following the traffic follow rules.

 

  1. If IPSec then check input access list  <Not available in your case>
  2. decryption – for CET (Cisco Encryption Technology) or IPSec <Not available in your case>
  3. check input access list <Not available in your case>
  4. check input rate limits <Not available in your case>
  5. policy routing <may Not available in your case>
  6. routing
  7. NAT inside to outside (local to global translation)
  8. crypto (check map and mark for encryption) <Not available in your case>
  9. check output access list <may Not available in your case>
  10. inspect (Context-based Access Control (CBAC)) <may Not available in your case>
  11. TCP intercept
  12. encryption <Not available in your case>
  13. Queueing <Here the limit may applied>
  14. Packet Out

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
SJ K
Level 5
Level 5
In response to Deepak Kumar

‎07-02-2018 06:11 PM - edited ‎07-02-2018 06:36 PM

Hi Deepak,

 

Thanks for your reply. But as you mentioned, the WAN interface of the router is capped but the LAN interface connected to the FW is not capped or policed and it is a full 1Gb link.

The FW has no knowledge that there a capped on the router's WAN interface and if the router is dropping its packet. So the FW should be sending traffic towards the Router at full 1 Gbps right ?

But somehow the bandwidth capture on switch port1 connected to the ISP router's LAN interface is reflecting the capped limit of 4Mbps instead of 1Gbps. ( shouldn't it be showing 1Gbps instead ?)

[FW] <--1Gbps--> [Switch p1] <--1Gbps--> [lan ROUTER wan] <--4Mbps cap-->

 

Any idea why ?

 

Regards,

Noob

0 Helpful

Go to solution
SJ K
Level 5
Level 5

‎07-05-2018 09:44 AM - edited ‎07-05-2018 09:45 AM

Hi all,

 

Just want to share if anyone encounter the same doubt as me.

 

The reason is simple, because I am using TCP traffic and TCP will somehow "shape"/"throttle" into the maximum bandwidth at the WAN side.

 

If I am sending UDP traffic, the LAN side bandwidth capture can go as high as the line rate

 

Regards,

Noob

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to SJ K

‎07-05-2018 11:30 AM

"The reason is simple, because I am using TCP traffic and TCP will somehow "shape"/"throttle" into the maximum bandwidth at the WAN side."

Yup, indeed TCP does. TCP will slow its transmission rate when it detects drops. It will vary its transmission rate around the available bandwidth. Later TCP variants will also slow their transmission rate if they detect a jump in latency.

"If I am sending UDP traffic, the LAN side bandwidth capture can go as high as the line rate"

Yes, true for UDP itself, however some applications that use it will also self regulate their transmission rate. I.e. depending what UDP application you use, you may see it behave like TCP.
Customers Also Viewed These Support Documents