Slow Network Access Due to a Network Bandwidth Limit

Publication Date:  2015-07-03 Views:  229 Downloads:  0
Issue Description

Fault Symptom:

Intranet users connected to the firewall access the Internet at a low speed.
Handling Process
1. NAT is configured on the firewall. It takes several seconds for users to open web pages from PCs connected to the firewall. When the firewall or PC is configured to ping the Internet through 3972-byte packets, no packet is discarded. When the firewall or PC is configured to ping the Internet through ping packets of 3973 bytes or more, packets are discarded.

<USG> ping -s 3972 
13:48:27  2013/05/29
  PING 3972  data bytes, press CTRL_C to break
    Reply from bytes=3972 Sequence=1 ttl=64 time=10 ms
    Reply from bytes=3972 Sequence=2 ttl=64 time=1 ms
    Reply from bytes=3972 Sequence=3 ttl=64 time=1 ms
    Reply from bytes=3972 Sequence=4 ttl=64 time=1 ms
    Reply from bytes=3972 Sequence=5 ttl=64 time=1 ms

  --- ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/2/10 ms
<USG> ping -s 3973 
13:48:36  2013/05/29
  PING 3973  data bytes, press CTRL_C to break
    Request time out

2. Defense against large ICMP packets is enabled on the firewall. The default size of a large ICMP packet is 4000 bytes. Packets longer than 4000 bytes are discarded. After defense against large ICMP packets is disabled on the firewall, large ping packets can be transmitted.

3. Change the TCP MSS on the firewall to 1200 using the firewall tcp-mss 1200 command and continue to test Internet access services. The Internet access is still slow.

4. Check outgoing traffic.

[USG] display interface Ethernet  0/0/0                                                                                              
14:04:44  2013/05/29                                                                                                                
Ethernet0/0/0 current state : UP                                                                                                    
Line protocol current state : UP                                                                                                    
Ethernet0/0/0 current firewall zone : untrust                                                                                       
The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)                                                                      
Internet Address is 60.13.x.y/24                                                                                                  
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0022-a103-b597                                                     
Media type is twisted pair, loopback not set, promiscuous mode not set                                                              
100Mb/s-speed mode, Full-duplex mode, link type is force link                                                                       
Output flow-control is unsupported, input flow-control is unsupported                                                               
QoS max-bandwidth : 100000 kbps                                                                                                     
Output queue : (Urgent queue : Size/Length/Discards)  0/50/0                                                                        
Output queue : (Frag queue : Size/Length/Discards)  0/1000/0                                                                        
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0                                                                     
Output queue : (FIFO queue : Size/Length/Discards)  0/256/0                                                                         
    Last 300 seconds input rate 1552832 bits/s, 268 packets/s          ---->Downstream 1.5M                                                             
    Last 300 seconds output rate 570448 bits/s, 226 packets/s        ------>Upstream 0.5M                                                                  
    Input: 3130297 packets, 2716622072 bytes                                                                                        
           0 broadcasts(0.00%), 0 multicasts(0.00%)                                                                                 
           0 runts, 0 giants,                                                                                                       
           0 errors, 0 CRC,                                                                                                         
           0 collisions, 0 late collisions, 0 overruns,                                                                             
           0 jabbers, 0 input no buffers, 0 Resource errors,                                                                        
           0 other errors                                                                                                           
    Output:2368780 packets, 719977662 bytes                                                                                         
           0 errors, 0 late collisions,                                                                                             
           0 underruns, 0 retransmit limits       

Check whether the fault is caused by bandwidth limit.

5. According to field engineers, it is found that the users have only 2 Mbit/s bandwidth. Therefore, the network access is slow. Users need to apply for higher bandwidth.
Root Cause
The cause of this fault is that user bandwidth is too low.
Inform users to apply for higher bandwidth.