cisco 2911 Comcast 100Mbit WAN line slow

Could be CEF is disabled.

Can you post the config?

here it is.

currently using gigabit 0/0 and 0/1

you can ignore the other ones as they are not in use
EE-ProdComcastRunningConfig.txt

when idle cpu was 0%, downloading a file CPU was 35%

not sure what else to look for on those results

what is your

sh process cpu his

graph show..in idle case

Router   10:09:46 AM Wednesday Jul 3 2013 PCTime





      33333               1111111111111111111122222     11111
  100
   90
   80
   70
   60
   50
   40
   30
   20
   10
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)




            6 13  3  235                               2414 4    1
      232243120673942044222222222222222222222222222223394223432224
  100
   90
   80
   70
   60       *
   50       *          *
   40       *  *  *    *                                * * *
   30       *  *  *   **                               ** * *
   20       *  *  *  *##                               ** * #
   10       # *#* #  *##                               ##*# #    *
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%




      4121213122221212123531222212221133222222221224
      4964190816015691760927904075786811743602234324
  100
   90
   80
   70
   60                    *
   50                    *
   40 *                  *                         *
   30 * *   *  *   *   **** *    ***  ***  *       *
   20 *** ************************************** ***
   10 **********************************************
     0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
               0    5    0    5    0    5    0    5    0    5    0    5    0
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%

if this is idle situation graph...then there is problem because your CPU is at 60%

busy without business...

BTW what is the IOS version you are using??

well it shows the last 60 minutes, so its showing you the parts wheen I put load on it

c2900-universalk9-mz.SPA.153-1.T.bin

try to use M series..

M4 onwards

M series? whats the difference?

check here

http://software.cisco.com/download/navigator.html

ok my contract is expired so it doesn't allow me to download from there. looking for alternate download locations now

I avoid the "T" train IOS versions.

same here

nice, that seems to have helped with the speed tests. they all show 100mbps+ on all tests.

however.. downloads from websites (using microsoft licensing webpage for testing) cant seem to maintain or most of the time reach 11-12MBps download rate that i get when directly plugged in to the modem.


tested 10 times with router and 10 times directly to modem.

everytime with the router it could only mantain about 6-7 then starts dropping the rate while directly plugged to the modem 10 out of 10 times it mantained atleast 11MBps rate which about double of the router.


what else could be making the router slow down the rate?

ok...so now u upgraded the IOS..

so can u see one command on your WAN interface.

can you copy paste

sh run <<wan int>>

#sh run interface gigabitethernet 0/0
Building configuration...

Current configuration : 327 bytes
!
interface GigabitEthernet0/0
 description $ETH-WAN$$FW_OUTSIDE$
 ip address 162.*.*.65 255.255.255.240
 ip access-group 126 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 duplex auto
 speed auto
 no mop enabled
 crypto map SDM_CMAP_1
end

which IOS you used?

Backup. IOS level has nothing to do with this.

Please confirm:

Now after implementing changes I suggested in my previous post the speed test indicates ~100Mbps; correct?

You have indicated that your actual download speed is still not the same; correct? Then please confirm/comment the items below:

When connected to the router your traffic is traveling thru the tunnel connected to 65.*.*.70. Whose address is 65.*.*.70?

On the tunnel interface you are parsing and inspecting all traffic according to "zone-member security gre-zone". Try your test with removing this condition from the tunnel interface. If successful, then you need to evaluate the need for inspecting traffic

int gi0/0

should take this command

rj45-auto-detect-polarity <<enable/disbale>>

just enable it..

also show me..

sh int gi0/0

yes tests show 100mbps

tunel101 65.*.*.70 is a vpn peer in our production 2911. not being used in the comcast 2911 which we are troubleshoting until speed issue is resolved.

right now not going thru any vpn, just directly to the internet

Please try these and test again:

interface GigabitEthernet0/0
no  ip access-group 126 in
no zone-member security out-zone
!
interface GigabitEthernet0/1
no ip access-group 107 in
no zone-member security in-zone

Also, I didn't see a NAT statement in the running-config. Would you please post that? We need to know how you are NATing from inside to outside.

download speed remains the same after removing the commands.  here is the nat

ip nat inside source route-map SDM_RMAP_3 interface GigabitEthernet0/0 overload

Would you please post a brief diagram of your setup?

dont have any diagrams but right now Its pretty simple.

INTERNET<---COMCAST MODEM<---CISCO2911<---CLIENT

Thank you. So, Gig0/1 is connected to the Client when testing?

Please post:

1. Configs for Int Gig0/1

2. Result of "show interface gig 0/1" while the client is connected for testing.

show interface gigabitEthernet 0/1
GigabitEthernet0/1 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is * (bia *                                                                           )
  Description: $ETH-LAN$$FW_INSIDE$$ES_LAN$
  Internet address is 10.*.*.1/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is RJ45
  output flow-control is XON, input flow-control is XON
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:13, output 00:00:13, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 242
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     2820653 packets input, 1238818021 bytes, 216 no buffer
     Received 158754 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 166 multicast, 0 pause input
     4483415 packets output, 1103057231 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     166 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     15 lost carrier, 0 no carrier, 74120 pause output
     0 output buffer failures, 0 output buffers swapped out

guptasan26:

cannot enter that command in the interface 0/0, invalid input

ok..I see few drop at interface...but its fine as they are low...and crc error is 0 means not increasing..

first check:

ping 8.8.8.8 siz 1500 re 1000

if you find lots of drops..show me?

second point to note: on internet link you will not get speed what is on paper...

there is a mathematics..you will get only 1/8 th of speed..

means if I buy 20 mb link..then I will only get approx 2mb of upload speed...

Nothing is blaring. So, when you do a speed test like speedtest.net you get ~100Mbps. But, when you try downloading using the same connection you get less than expected; correct? Is this true for any download from any site, or certain sites?

Haven't found any site with large files that can provide me with 100mbits download other than Microsoft so haven't tried any other site.

Guptasan: that understandable, and the correct case with most home connections, but not the issue with this specific business line. I CAN get the full line speed  down and up if I connect directly to the Comcast SMC branded modem.

From MS I downloaded a 1GB image in 1 minute at a constant speed of 11MBps

A 4GB image in 4 minutes at around the same speed as well. I tested these downloads multiple times and each time I got the same max speed thru the Comcast modem. On the Cisco, I did not achieve the same speeds, not even close.


I will load the router with its factory default config and see what I get. Will report back tomorow morning.

okay so here is the correct mathematic...

20Mbps is equals to 2,25Mbyte/sec (20=8x2,25)--download

yes, but 20 is my upload, download is 100

so with a blank config its just a bit faster than with the whole production config but still cannot maintain a stable fast download

weird. restored the same prod config we were working on and now the speed tests are inconsistent again. and still has all the stuff we did to make it better.

switched everything to the cisco and the 100mbit lan and performance is HORRIBLE

we use veeam for replication to a vpn site and with the 10mbit line we had no issues and ping to that site stayed low (never more than 100)

with the Comcast im getting time outs and pings of 400+ to the vpn site. internet ping still ok.

update.

switched the config to a different 2911 and its performing without any issues. ended up being a hardware issue..

I will still assign points accordingly based on how much it helped me with the issue.

 thanks a lot.