SRX Services Gateway
SRX Services Gateway

SRX210 Stuck with interface speed very slow

‎04-23-2014 03:53 PM

 

hi all,

 

first of all, i'm kind of new to the whole CLI setting of Juniper.

I got my way into getting it all work, zones, logging etc.

 

the problem now is: when i use the srx, i get max 12Mb speed.

 

the modem of the ISP is bridged to the srx on ge0/0/0, and other interfaces of the srx are routed.

 

Ge0/0/0 is the WAN-side

Ge0/0/1 is the routed-side

fe0/0/2 not used

fe/0/0/3 is another routed side

 

i can do everything i want, share ping etc etc. the interfaces are also have NAT rules to go outside.

 

the ge0/0/0 is by default set to auto-negotiate, 1000mb fullduplx. so thats nice right. 

 

BUT the ge0/0/1 is 100mb and full-duplx but i cant get the full speed of my WAN, normally i would get 110Mb, when i directly connected to the bridged-modem. it seems like its beiing divided by the count of the port. 120 / 8(ports) or something.

 

i tried to set gigetheroption, speed and to full-duplex, but then i have no connection at all to the SRX, it fails to connect. i had to connect with serial again to undone the operations that have been set.

 

 

 

So could anyone please explain to me, why this speed issue has been occuring?

 

Thx,

 

Serdar

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: SRX210 Stuck with interface speed very slow

‎04-25-2014 01:11 AM

Are duplex and speed correctly configured on ge-0/0/1 ?

Do you see any input or output errors on the interface?

show interfaces ge-0/0/1 statistics | match errors

JNCIA-Junos, JNCIS-SEC, CCNA, LPI1, soon more...
Highlighted
SRX Services Gateway

Re: SRX210 Stuck with interface speed very slow

‎04-25-2014 04:57 AM

Hello,

 


@serdar wrote:

 

 

BUT the ge0/0/1 is 100mb and full-duplx but i cant get the full speed of my WAN, normally i would get 110Mb, when i directly connected to the bridged-modem. it seems like its beiing divided by the count of the port. 120 / 8(ports) or something.

 

<skip>

 

 

So could anyone please explain to me, why this speed issue has been occuring?

 

 




Of course.

Did you disable AN on ge-0/0/1? If not then I have an idea what happened.

SRX Ethernet ports can sense speed but not duplex. So what has happened is that some box connected to ge-0/0/1 is incapable of doing proper AN with SRX and fell to 100/HD. SRX ge-0/0/1 sensed 100Mbps but applied FD on local side.

You will need to go to that box and set its speed/duplex to 100/FD and then also set 100/FD on ge-0/0/1.

HTH

Thanks

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
SRX Services Gateway

Re: SRX210 Stuck with interface speed very slow

[ Edited ]
‎04-27-2014 02:33 PM

hi guys,

 

thx for your answers!!

 

BUT 🙂 it wasnt the interfaces setting!!! i just overlooked the fact that everything was logging. i just deactivated these lines and voila, i got my speed back.

 

set security flow traceoptions file policy_session

set security flow traceoptions file size 1m
set security flow traceoptions file files 3
set security flow traceoptions file world-readable
set security flow traceoptions flag all
deactivate security flow traceoptions

 

 

 

 

there are just 2 lines, thats logging in the conf:

 

set security policies from-zone TRUST to-zone TRUST policy 99 then log session-init

set security policies from-zone UNTRUST to-zone TRUST policy 999 then log session-init

 

these 2 lines are only working for, adresses, that are not defined in conf and the connection and everything is denied.

 

first line is that any new device will be blocked, before entering the network.

the second one, is the last policy that denies everything, if all the policies are not true.

 

so what am i doing/thinking wrong?

 

i want to log, but its killing my speed....

Highlighted
SRX Services Gateway

Re: SRX210 Stuck with interface speed very slow

‎04-27-2014 11:44 PM

I had a simlar issue in a cluster and it turned out to be the ns demon out of control after not deactivating trace options correctly.

 

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX240-Internet-Speed-slow/td-p/182929

 

I am sure I was using 10.r4 or 11.4, but my products did not have an active support agreement so I didnt get JTAC involved.

 

if yours are under warranty maybe you should give them a call, Maybe we should be running a external sys server?

 

Highlighted
SRX Services Gateway

Re: SRX210 Stuck with interface speed very slow

[ Edited ]
‎04-30-2014 10:03 AM

I'm also using my SRX220 for home use connected to my ISP, its a gig interface but only negotiates to 100m since thats what my ISP's modem is only capable of.  Now, my internet connection is the most basic my ISP has to offer, its not fast at all.  Supposedly its 15 down / 1 up buts more like 2-3 down / 1 up, its terrible.

 

Realistically the SRX210 should be able to handle up to 250 Mbps Firewall performance (IMIX), its probably a little more than that, and if your internet connection was more than that you could test it.  For example, I will be getting google fiber soon in my area but I won't be able to take full advantage of the gig connection provided by Google, since my SRX220's IMIX real world firewall performance is around 300 Mbps, maybe a little more. 

 

So I ask you, what type of internet connection do you pay for in terms of up/down, is it the 120 / 8 you mentioned?  Do you realistically see that type of speed without the SRX in play?  How are you measuring the 12 Mbps speed that you see now?  I wouldn't mess too much with hard-setting the speed / duplex on juniper gear, just let it auto-negotiate.

 

I've run security flow logging as well, but mine is an H2 model with 2 gig of ram, but I wouldn't think some logging would bog you down that much, seems odd.

 

Here's a link to the datasheet for SRX, scroll to page 7.

http://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdf

Feedback