I'm experiencing a very big degredation in throughput when I route through my FWSM. But it's a strange issue.
We have a 6513 with a FWSM. If I take that vlan out of the firewall group, and don't route through the FWSM, I can hit 900+Mb/s using PerfSonar/Iperf as a testing tool, to another perfsonar box accross the country/WAN. As soon as I put that vlan in the FWSM group, and test to that same box, I get only 50-100Mb/s at best. Sometimes much lower.
Here is the strange part----We've setup a few test scenerios, one with a test box outside the firewall (but conected to the 6513) and one routing through the FWSM. We get acceptable performance 600Mb/s.
If I test from the outside box to a far away host, I get 900Mb/s
If I test from the inside box to that same far away host, less than 100Mbs.
What would be causing that much drop accross the wan ONLY when going through the FWSM. (like i said, directly in front of the FWSM, it's fine)
We have version 4.0.6 and I've tried the 'sysopt np completion-unit' trick.
we (Cisco and I) are inthe process of analying various traffic caps, but I wanted to throw this out there to see if anyone else has experienced this. This isn't a new issue, my client has had this problem since day one, SCP's accross a WAN max out at 250k in some instances and just drop/fail.
After looking at the configs, Cisco says there is nothing out of the ordinary, and nothing overtaxed. Buffer problem? one thing we noticed is window size dropped from 180k to ~50k.