[c-nsp] Network going really slowly

Sridhar Ayengar ploopster at gmail.com
Sun Aug 19 21:40:12 EDT 2007 

I have a 7505 with an RSP2 running IOS 12.4.  One of the boards is a 
VIP2-50, and on that board is a PA-FE-TX and a PA-4E.  The PA-FE-TX is 
attached to my routed public network, and one of the ports on the PA-4E 
is attached to my NATed private one.

The outbound connection is a PPPoE DSL line at 3Mbps, which is on 
another port of the PA-4E.  All interfaces have full-duplex turned on.

When I download something on the internet using a machine on the public 
network, it downloads more than 10 (probably more than 100) times faster 
than a download of the same file from the same server performed from any 
of the machines on the private network.

Moreover, an SFTP file transfer moving a file from a machine on the 
public network to a machine on the private network only transfers at 
about 150KB/s.  A Windows file sharing transfer doesn't go much faster, 
so it's not the encryption doing it.

My configuration follows:

!
! Last configuration change at XXXXXXXXXXXXXXXXXXXXXXXXXXXX by XXXXXXXXX
! NVRAM config last updated at XXXXXXXXXXXXXXXXXXXXXXXXXXXX by XXXXXXXXX
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service single-slot-reload-enable
!
hostname blackcube
!
boot-start-marker
boot system slot1:rsp-jk9o3sv-mz.124-1a.bin
boot bootldr slot0:rsp-boot-mz.124-1a.bin
boot-end-marker
!
!
redundancy
enable secret XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
ip subnet-zero
!
!
ip cef distributed
ip domain name ikickass.org
ip name-server 168.100.193.130
ip name-server 168.100.250.212
no ip dhcp use vrf connected
!
!
ip multicast-routing distributed
no ip ips deny-action ips-interface
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username XXXXXXXXXXXXXX password X XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
!
!
interface FastEthernet2/0/0
  ip address 168.100.193.129 255.255.255.224
  full-duplex
!
interface Ethernet2/1/0
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mroute-cache distributed
  full-duplex
  pppoe enable
  pppoe-client dial-pool-number 1
  no cdp enable
!
interface Ethernet2/1/1
  ip address 172.22.22.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  full-duplex
!
interface Ethernet2/1/2
  no ip address
  no ip route-cache cef
  no ip route-cache distributed
  no ip route-cache
  shutdown
  full-duplex
!
interface Ethernet2/1/3
  no ip address
  no ip route-cache cef
  no ip route-cache distributed
  no ip route-cache
  shutdown
!
interface Virtual-Template1
  no ip address
!
interface Dialer1
  mtu 1492
  ip address negotiated
  no ip unreachables
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  ip tcp adjust-mss 1452
  no ip mroute-cache
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp authentication pap callin
  ppp chap hostname XXXXXXXXXXXXXXXXX
  ppp chap password X XXXXXXXXXXXXXXXXXXXXXXX
  ppp pap sent-username XXXXXXXXXXXXX password X XXXXXXXXXXXXXX
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 172.22.22.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
  password XXXXXXXXXXXXXXXXX
  transport input ssh
line vty 5 99
  password XXXXXXXXXXXXXXXXXXXXX
  transport input ssh
line vty 100 999
  transport input ssh
!
ntp clock-period 17180016
ntp server 168.100.193.130 prefer
!
end


Peace...  Sridhar

More information about the cisco-nsp mailing list