I have this problem with slow performance one way copying files from one server to another.
Iperf also shows this performance.
Server1 is connected to a 3560 giga-port in vlan 670, and there is a 1 gig trunk to a 6509.
The 6509 is configured with vrf and fwsm, and this is connected to another 6509 with at 10 gig trunk.
In this last 6509 the other server is connected in vlan 650.
Vlan 650 and 670 belongs to different vrf's, and needs to go thru the fwsm.
One way shows nice perfomance (iperf shows 800-900Mbit/s), but the other way is about half the performance.
There is big and difficult configuration on the switches or the fwsm.
Why does it behave like this?
The accessports are configured auto/auto and has 1000/full, the trunks is a dot1q trunks and the fwsm is permitting ip any any.
Could there be a bug in the fwsm or is it related to the switches?
server1(vlan650/vrf storage)-3560-6509-fwsm-6509-server2(vlan 670/vrf client)
The first 6509 has the fwsm installed.
One more thing;
moving one server to the same vlan or differnt vlan but same vrf, does not impact the performance. Therefor I believe the problem is within the fwsm, but I not sure.
We have upgraded the fwsm to the latest release, but the problem still persists.
Copying files one way gives throuhput as expected, but the other way its just over half the speed.
This also applies when using iperf.
The packets goes from one vlan in one vrf, through the FWSM, to a different vrf and a different vlan.
This problem are only when packets are going through the FWSM. When testing with the servers in the same vlan or different vlans but same vrf, we get good speed both ways.
Any ideas? Any configuration to look for to improve this?
what is the ios version running in FWSM and what is type of traffic getting affected.As i understand traffic will be moving from server--switch--6509(FWSM)--switch-server rite.
The 6509 is running 12.2.33 SXI IP Advanced Services SSH, and the fwsm is now running 4.0(8). The maintenance version is 2.1.(3).
The traffic we want to have nice performance with is CIFS, but we have also tested with iperf (tcp/ 5001). Both give the same results.
Really strange it was a bug CSCsj56795 in previous version but has been fixed in your version for performance issue, what is the cpu utilization and xlate count in FWSM while copying files between zones.
CPU usage is less than 2%
Xlate count is 20850 in use, and 21104 most used
The syslog captures a lot of Deny inbound UDP, Deny inbound (No Xlate), Denied ICMP, regular translation creation failed for icmp. Guess I better look into this also.
Try clear xlate command in FWSM and then try copying files from server to server,see any improve in performance.
Does clear xlate impact any traffic? The fwsm is in production, and at the moment I cannot do anything that creates instability in the network.
Yes existing connection will be breaked but xlate table will built in fast as soon as you clear but suggest you do it in non peak hrs and check the performance.