[c-nsp] Cisco interaction with Netscreen 25

[Peter Hicks]

All,

I have a Netscreen 25 which is behaving strangely.  Between the internal and
DMZ ports, throughout is dreadfully slow.  Between the external and DMZ
ports, throughput is wire-speed (100Mb).

Contention is nonexistant, it's not a duplex issue, it's not cabling
(swapped), not the hardware (swapped with a known-working firewall), not the
switch (tried another on a different part of the network), not the switch
port configs (took it back to a basic speed/duplex/vlan/spanning-tree
portfast config).

I've narrowed the problem down to traffic on a particular VLAN here - when
the internal port is connected via a switch to my laptop, no other kit,
throughput is fine.

I suspect the NS25 is interacting badly with broadcast/multicast traffic in
the network - the DMZ and external ports are in VLANs devoid of HSRP/EIGRP
etc.

Has anyone seen similar issues with Netscreen and Cisco kit?

I can stop EIGRP multicast by setting up neighbor statements in the EIGRP
instance on each of five routers, but this is an administrative burden and
I'd rather not do it until I know it'll help.

Best wishes,


Peter.