topology: PC client-S2700-S5700-USG2230-internet
when access USG2230 to the network, the slow performance occurred when PC access to the internet. It's very slow to open website and send email of OUTLOOK.
1. First check the routing-table and the topology , and confirm there are no loops.
2.And use "display cpu-usage" found that the CPU-usage is low as 17%.
3. Try to change the MTU of the up-link interface to the ISP as 1400. The problem didn't be solved.
4.Customer told us when access to the internet without our FW the performance was good , so it should not be the reason of bandwidth to internet is too small.
5.I found that the Public IP address which ISP gave customer was a private address like "192.168.254.2", and asked customer about that. The customer told me ISP gave him "192.168.254.2 --192.168.254.254" as public address. But when checked the NAT configuration i found that just like this :
ip address 192.168.254.2 24
that means all the users will translate to this one address to access to the internet, and i doubted that the ISP did the rate-limiting to each address. So try to modify the NAT with a address pool "NAT address-group 1 192.168.254.2 192.168.254.200", so that the client will use these 198 IP address to translate to access to the internet. and the problem solved. So i can confirm that the ISP did rate-limiting for each address . And when use one IP to do NAT, all users share the speed rete-limiting as 2M so the problem occurred.
1.The MTU is too large. And the packets were dropped by devices of ISP.
2.The bandwidth is limited.
3.There are loop in the network.
4. The cpu-usage is too high.
5. Cause of the rate-limiting.
When we found that the public address gaved by ISP is private address, we should take notice that whether the ISP do any rate-limiting .