Typical "Slow Network"

cknox1 · ‎05-11-2018

Hi All,

I am working on an apparently slow network for one of our sites - The site consists of 4 x 3650 switches which all have Gigabit speeds, and a Cisco ASA which default traffic is routed to. The ASA's circuit should provide a download speed of around 500mb but the users are seeing just under 100mb for this....

I have checked the port settings and as you can imagine all the trunks, user connections are 1000mb full.. So I am struggling to see what is causing this slowness of the network...

Any help would be great.

Thanks!!!

Julio E. Moisa · ‎05-11-2018

Hi

has the ASA giga ports as well?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

cknox1 · ‎05-11-2018

Hi,

Yes the ASA has gig ports which are connected to the Core swicthes.

Thank you

Joseph W. Doherty · ‎05-11-2018

What's the 500 Mbps connected to? I.e. expected latency?

Might you have a LFN (long fat network)? If so, are you familiar with all the issues that can go along with one?

cknox1 · ‎05-11-2018

Hi Joseph,

Sorry but could you explain your response a little more as I am unfamiliar with the terminology you used.. Apologies for my ignorance.

Thank you for your response

Joseph W. Doherty · ‎05-14-2018

Did you try to search the Internet on "long fat network"?

cknox1 · ‎05-16-2018

I did indeed research this but I don’t think this is the cause.

The users are getting no where near the actual bandwidth which they are paying for

Joseph W. Doherty · ‎05-16-2018

Well then, if you're not bumping into a LFN issue, there can be many, many other causes, starting with a device that cannot handle the necessary throughput or packet drops along the path for some reason.

cknox1 · ‎05-16-2018

Thanks for your response.

Hmm, all ports along the way are gig ports up until the ISP router which the ASA connects to.. so maybe the ISP router could be the limitation. However, when the engineer who installed the isp router done a speed check he was indeed receiving near enough the 500mb download speed...

Joseph W. Doherty · ‎05-16-2018

Are you using the same test as your ISP did? If not, different speed tests can have quite varied results. (Often for may valid reasons.)

BTW, I'm seen ASAs (and other FWs) slow throughput, if not sized properly. The ISP installation check was didn't transit your ASA?

cknox1 · ‎05-16-2018

That is true regarding the speed tests that have been used. I will double check with the users whether they used the same tests.

The speed test that ISP engineer conducted did not traverse the ASA, so this could indeed be causing the slowness. However when checking the configuration there wasn’t anything limiting the speeds.. all ports are also gig

Joseph W. Doherty · ‎05-16-2018

"all ports are also gig"

That only means the interface cannot transmit faster. However, many Cisco devices cannot maintain/sustain full port speed for all their ports. For example the 2821 came with gig ports, but its 170 KPPS wouldn't even support 100 Mbps aggregate throughput for minimum size Ethernet packets.

cknox1 · ‎05-16-2018

That makes perfect sense, I understand.

Would the ASA is a 5508, do you think this would need an upgrade to allow full use of the bandwidth?

Joseph W. Doherty · ‎05-16-2018

It's a 5508-X?

If so and referencing tables 2 and 3 in:
https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

If you have 500 Mbps down and up, your ASA is either borderline or just a bit undersized.

Jith · ‎05-16-2018

Have you checked for band limiter configuration on exit router

Regards

Jith