ASA 5520 slows down Internet connection

Unanswered Question
May 13th, 2010
User Badges:

I have a mysterious problem with my Internet connection. The Edge topology is in the attachment so are the most important "show" commands. We have a 50Mb/s symmetric Internet connection. When we use Internet through ASA the download speed does not exceed 3Mb/s whereas the upstream is at about 45Mb/s. When we connect our LAN directly to 2960 the downstream increases dramatically up to 47Mb/s whereas the upstream remains at about 45Mb/s. Duplex is manually set to 1000/full on all interfaces. All that I have noticed are dropped packets on outside interface (Gi0/0). The reason is unclear. Could that be the reason for speed degradation?


What could be the problem?


Any help is appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Thu, 05/13/2010 - 09:15
User Badges:
  • Cisco Employee,

First I would check duplex and speed mismatches between the ASA ports and the devices that are connected to it. Errors under their interfaces will prove that this is the problem.


I hope it helps.


PK

CCOintIPS Fri, 05/14/2010 - 02:19
User Badges:

I don`t think it is a duplex mismatch issue as packets are dropped on logical interface "outside" but not on the physical. The second reason is tha all ports are configured for 1000/Full manually. I`ll try aplying auto-negotiation on this ports may be it will help.


Interface GigabitEthernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Description: -= Internet - Sovintel =-
        MAC address 001a.6d7c.8cd6, MTU 1500
        IP address 62.141.82.195, subnet mask 255.255.255.240
        1771674455 packets input, 1224267434729 bytes, 0 no buffer
        Received 53794 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        19090 L2 decode drops
        1698087161 packets output, 664356941838 bytes, 86 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)
  Traffic Statistics for "outside":
        1028102662 packets input, 682414356148 bytes
        985584489 packets output, 360564996151 bytes
        5526716 packets dropped
      1 minute input rate 704 pkts/sec,  538517 bytes/sec
      1 minute output rate 713 pkts/sec,  316581 bytes/sec
      1 minute drop rate, 6 pkts/sec
      5 minute input rate 642 pkts/sec,  509791 bytes/sec
      5 minute output rate 604 pkts/sec,  183650 bytes/sec
      5 minute drop rate, 6 pkts/sec


If you have any other ideas please let me know.

Panos Kampanakis Fri, 05/14/2010 - 06:37
User Badges:
  • Cisco Employee,

I would focus on


Interface GigabitEthernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Description: -= Internet - Sovintel =-
        MAC address 001a.6d7c.8cd6, MTU 1500
        IP address 62.141.82.195, subnet mask 255.255.255.240
        1771674455 packets input, 1224267434729 bytes, 0 no buffer
        Received 53794 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        19090 L2 decode drops
        1698087161 packets output, 664356941838 bytes, 86 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)


Your outbound aggregate traffic could get very high at some point (underruns). And L2 decode drops could be L2 problems with the switch.


I hope it helps.


PK

CCOintIPS Fri, 05/14/2010 - 06:55
User Badges:

I have cleared the counter information and this L2 counters do not grow. But Internet connection is still very slow. Applying speed and duplex auto-negotiation didnot help.


Any Ideas what else could limit the speed?

tadben2000 Fri, 01/20/2012 - 00:11
User Badges:

ASA 5520 slows down Internet connection

Dear Telecom Engineer

I have faced the same problem in my newly deployed network. I have two ASA5520-AIP20-k9. both connected to IPS and configured as Active standby failover. the ASAs were working fine at first but later on, the internet connection becomes very slow. the ping reply i am getting from my next hop(ISP router) is some times in 2000  msec or above

when I directly connect my laptop to the link that comes from the ISP its ping reply is 1msec and 2msec.

can you please post the solution to this problem you faced 3 years ago. or anyone who have faced and resolved this problem please post the solution.


Tadesse

Ethiopia

Actions

This Discussion

Related Content