SRX Services Gateway
Highlighted
SRX Services Gateway

SRX210 slow web traffic

‎11-26-2015 03:58 PM

I have an SRX210 firewall which I'm using with pppoe, on a FTTC VDSL connection (in the UK). 

 

I've connected a Meraki access point to it and have set up a separate vlan for wireless clients. I have no wired clients at the moment as my laptop has no NIC but am going to try with a wired connection when I plug a server in.

 

Web traffic (http, https) traffic is really very variable. When it works, it's very fast, but certain websites just hang almost forever, then sometimes display without css. Annoyingly, one of the domains that takes forever to load is juniper.net, so I've had to plug in the ISP router in to post this message. 

 

I've set it to allow everything from the wireless to the internet zone. I've turned syslog on for web traffic but can't see anything wrong.  I've disabled all ALG (as dns alg is known to cause problems). I've tried monitoring the vlan interface and the pp0 interface in realtime to see if I could see anything, but can't. 

 

I've posted an edited verison of the config.  I'm sure it's something stupid I've done, but am quite new to Junos and can't work it out right now. 

 

If anyone could offer any advice, it would be greatly appreciated.

Thanks

Attachments

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: SRX210 slow web traffic

‎11-27-2015 05:31 AM

It's been a long time since I have done a pppoe connection so this is based on old memory.  The symptoms sound similar to issues I've had with some carriers having smaler than expected mtu on these lines.  I would try dropping the mtu to 1350 as a test to see if the issues clear.

 

If that seems to work,you may want to contact them and find out what the exact correct number is for their setup.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX210 slow web traffic

‎11-27-2015 06:52 AM

I've had this happen a lot, set the tcp-mss value to 1350 and see if that does the trick. 

 

MTU and MSS are two dfferent things, so ensure MTU is set correctly if that doesn't work change the tcp-mss value.

 

The following KB explains about tcp-mss

 

https://www.juniper.net/techpubs/en_US/junos12.1/topics/example/session-tcp-maximum-segment-size-for...

Highlighted
SRX Services Gateway

Re: SRX210 slow web traffic

[ Edited ]
‎11-28-2015 04:31 AM

Hi, thanks for the replies. I forgot about setting the mtu. I've set to 1492 and the mss adjust to 1400 which I think is recommended for pppoe by Cisco. I remember some time ago having similar issues with ADSL on Cisco routers, and it was fixed with changing mtu and adjust mss size. 

 

I'll have to experiment a bit I think, but hopefully, this is the right track to go down. 

 

Cheers

Tim

Highlighted
SRX Services Gateway

Re: SRX210 slow web traffic

‎11-28-2015 05:02 AM

If this does improve your situation, you will want to take the time to call the carrier and get the specific MTU used on your type of service.  For best performance MTU must match on both devices.  While mss is something you can change independently.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX210 slow web traffic

‎12-03-2015 06:45 AM

Hi,

thanks for the advice again. It's working well now. I'll put in a support ticket with plusnet to find out what they recommend. Unfortunately, their phone support involves an hour on hold, and their stock response is to suggest you use the router they provide.  

 

Anyway, it's very fast now so good enough for me.

 

thanks again

 

Feedback