Gigabit Ethernet Bottleneck?
I have recently upgraded to gigabit fiber for our internet connection. Here are the basics of how the network is connected:
The ISP router (Juniper SRX550) is connected to a small gigabit switch (D-Link DGS1016D). This allows me to have a DMZ of sorts off this small switch. Then I have the small gigabit switch connected to the firewall (NSA2400) and behind the firewall are four 50-port gigabit switches (Cisco SG200-50). All patch cables are CAT5e are CAT6.
So here is the weirdness. If I run internet bandwidth tests from computers on the LAN which are connected to one of the 50-port switches behind the firewall, I consistently get around 275-300Mbps on both upload and download. But if I connect a computer to the small switch in the "DMZ" in front of the firewall and configure it with one of our public IPs, I consistently get 850-950Mbps upload/download.
So the gigabit fiber speed that we are paying for is there. But computers on the LAN behind the firewall don't reach that.
Now, I have verified that all the ports in the switches and the firewall are all set to 1000Mbps and full duplex. And everything reports back that the ethernet connections are indeed 1000Mbps. And I have tested this after-hours when I was the only one in the office and using the LAN.
Am I missing something?
The ISP router (Juniper SRX550) is connected to a small gigabit switch (D-Link DGS1016D). This allows me to have a DMZ of sorts off this small switch. Then I have the small gigabit switch connected to the firewall (NSA2400) and behind the firewall are four 50-port gigabit switches (Cisco SG200-50). All patch cables are CAT5e are CAT6.
So here is the weirdness. If I run internet bandwidth tests from computers on the LAN which are connected to one of the 50-port switches behind the firewall, I consistently get around 275-300Mbps on both upload and download. But if I connect a computer to the small switch in the "DMZ" in front of the firewall and configure it with one of our public IPs, I consistently get 850-950Mbps upload/download.
So the gigabit fiber speed that we are paying for is there. But computers on the LAN behind the firewall don't reach that.
Now, I have verified that all the ports in the switches and the firewall are all set to 1000Mbps and full duplex. And everything reports back that the ethernet connections are indeed 1000Mbps. And I have tested this after-hours when I was the only one in the office and using the LAN.
Am I missing something?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yep. You could do an experiment and turn off those features, then see if your throughput improves.
ASKER
Thanks Mike. I have never dealt with these kinds of speeds before so didn't think about processing limitations. Maybe it's time to upgrade the firewall. :o)
ASKER
VPN throughput (3DES/AES) : 300 Mbps
Connection rate : 4000 connections per second
Intrusion prevention throughput : 275 Mbps
Gateway anti-virus throughput : 160 Mbps
Stateful throughput : 775 Mbps
Firewall throughput (IMIX) : 235 Mbps
Unified Threat Management (UTM) throughput : 150 Mbps
Do you think I am running up against that intrusion prevention throughput or some combination?