Re: Iperf test through ASA - Page 2

AirSail · ‎04-27-2024

Hello Folks,

I have a pair of ASA5516 with HA mode, ISP provides a high-speed WAN 500Mbps up/download,

while doing some speed tests recently we noticed that all our tests from the inside network are not bypassing 100mbps,

I checked all inside/outside interfaces "show run inter x/y" and all are showing 1G negotiation, I checked also all interfaces going all the way to the terminals and also to the ISP router. ALL SHOWING 1G negotiation,

to dig deeper, I moved onsite I spoke to ISP to set an Iperf server in his side and give us the pubic IP,

and I set Iperf client on my PC,
* disconnect the outside interface and connect it to my PC (set public IP on my PC) I'm getting full WAN speed,

* disconnect inside interface and connect it to my PC (set an IP address LAN) I'm getting 100Mbps

I'm confused here, there is no bandwidth cap on my configuration,

ASA Gurus, need your assistance?

balaji.bandi · ‎04-29-2024

1000Gbps is all around ??

1. you mentioned directly connected to ISP you getting right throughput.

2. connecting PC behind ASA you get low throughput.

3. how is your network diagram looks like - where is the PC inside connected to switch ?

4 what i was suggesting test to confirm ASA to bottle neck here

PC----switch---ASA---switch---PC what is the outcome ?

5. hope you are not testing inside to remote vpn clients.

6. again if the device in production, what is the utilization of ASA outside or inside interface in the production ?

7. what is use case to test iperf now ?

8. as any remote users to transfer files to inside network, what is the outcome ?

9. last is how is ASA configured 9 show run will help here)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

AirSail · ‎05-07-2024

@balaji.bandi nice and tidy set of questions

1. correct - direct to ISP - getting right values

2/3. correct - connect PC DIRECTLY to ASA inside, getting values around 100mbps

4. PC(iperfclient) --> ASA INSIDE --> edge SWITCH --> ISP Router --> ISP IPERF server **> getting 100mbps

5. of course not

6. how I can determine that ?

7/8. did get the question

9. pretty hard to cleanup the config it super long

Sheraz.Salim · ‎04-27-2024

Thats interesting issue. I would recommand you to takle this issue in this manner.

* disconnect inside interface and connect it to my PC (set an IP address LAN) I'm getting 100Mbps

here run the wireshark at start of the Ipref on your PC and once the Ipref test completed save the wireshark capture.

now when you connect your inside interface to ASA prior to this setup a capture on ASA inside interface with source Ipref server and destination your pc. once then off load it and share the both captures. I think most probably the TCP handshake and the streams are handled differently which cause you to see the different output. There could be a different number of reasons exmaple. service policy setting on ASA etc.

please do not forget to rate.

AirSail · ‎04-29-2024

I don't think it's a service policy setting or image related issue,

that 100mbps max speed we get is reflexing a physical interface issue I would say,

once I get the approval to get the network down for a moment I'll try capturing without any problem

Sheraz.Salim · ‎04-30-2024

@AirSail I agree it not the service policy setting it was more of a slip of typo. I suggest it could be some-where in your switches you might have a half-duplex which triggering this to give you 100Mbps speed.

please do not forget to rate.

AirSail · ‎05-07-2024

I checked all of that, non of the outputs is showing Hlf-duplex