Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Happy new year, EveryoneSRX-210HE has been setup and run for a while with 2 ISPs and FBF.A new ISP has been introduced due to the high demend on bandwidth and download limits. The new connedction is EFM (copper ethernet) and a PPPoE connection.The new connection works well without the SRX-210HE, however it seems to work with the 1st web request any subsequent web reguests either not working or very very slow.Here are all relavent code for the new connection, namely ISP1 or ISP-1DNS for each ISP:name-server { 61.88.88.88; 202.92.64.76; 203.12.160.36;} Interface configuration for the new connection: fe-0/0/7 { unit 0 { description Port4TPGPPPoE; encapsulation ppp-over-ether; } } pp0 { unit 0 { ppp-options { pap { access-profile ppp; local-name "username for the new connection"; local-password "password for the new connection"; ## SECRET-DATA passive; } } pppoe-options { underlying-interface fe-0/0/7.0; idle-timeout 0; auto-reconnect 30; client; } family inet { mtu 1492; negotiate-address; } } } routing-options rib-groups { isp-instances { import-rib [ inet.0 ISP-1.inet.0 ISP-2.inet.0 ISP-3.inet.0 ]; } } Firewall configuration: term ComputersRoutingToISP-1 { from { source-address { 10.20.3.203/32; } } then { routing-instance ISP-1; } } routing-instances: ISP-1 { description ISP1; instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop [ pp0.0 "external new ISP gw IP" ]; } } } Can someone please shed some light on troubleshooting the issue.Many thanks,Bob
Hi
What about pings to the remote servers on the internet? Traceroutes?
Do you have NAT configured?
Also I don't think you need both of these in the next-hop
[ pp0.0 "external new ISP gw IP" ]
Did you try to just leave pp0.0 ?
Dear
As you are using PPPoE , that means more overhead , so you need to find the optimal MSS size to configure on your SRX for all clear TCP traffic (other than ipsec traffic)
mss 1350 is a good starting point for your testing
you can use the below the command
[edit security flow]
user@host# set tcp-mss all-tcp mss 1350
please check the below link :
http://www.juniper.net/techpubs/en_US/junos12.1x45/topics/example/session-tcp-maximum-segment-size-for-srx-series-setting-cli.html
Regards
Red1
I agree with Red1 that adjusting TCP MSS will increase performance -- let's say, 2 times increase in bandwidth. But the original problem description was "it seems to work with the 1st web request any subsequent web reguests either not working or very very slow" and it does not sound like a fragmentation issue to me...
Hi Red1,
Thanks for your reply.
Following your intruction DOES make the browsing works. However, when i preformed the speed test via speedtest.net, the results are far away from the official rate which is 20/20 Mbps, especially the upload speed is really slow (6~7Mpbs/0.13~0.3Mpbs)
What could the reason for that, please?
Many thanks,
Bob
Hi Bob,
are you getting a good rate without the SRX ?if so , can you post this rate
Without the SRX, about 18 Mbps / 17 Mpbs can be achieved.
Tests are performed with single device connection.
Thanks and Regards,
I post THIS KB for you... I'm sure your have your cables correct.. But just incase.
All the best as you seek answers.
Thanks Red1, I will check it out and provide feedback asap. Cheers, Bob
thanks Red1, "set tcp-mss all-tcp mss 1350" works, test started with 1350 and ended 1450 and i believe the default value was 1460 and the higer the number the better for the perfomance.
Cheers, Bob