USG5100 access the internet speed slow

Publication Date:  2012-10-09 Views:  287 Downloads:  0
Issue Description
Access internet speed slow.
Alarm Information
None.
Handling Process
1. Use “display CPU – usage” command to check whether the CPU utilization rate is more than 60%. If it is, further check which process is used too high, VIDL is idle process and do not need to be pay attention to. Can try to the following operation to solve the problem:
A, Between the domain, use “undo detect” command turning off unused ASPF function
B, Use command “display firewall defend flag” to check whether opened attack prevention is overmuch, need to accurate open according to the network state.
If the problem cannot be solved, please contact technical support engineer.
2. If the equipment CPU occupancy rate is normal and the internal network mutual access normally, it may be the attack lead to occupy bandwidth.
In system view can try to use “firewall defend” command open part attack prevention function, confirm whether can solve the fault.
3. Adjust the parameters of the attack prevention, such as UDP - Flood parameters, if configuration is too low it will cause the bandwidth the response message can use is limited.
Can adjust the parameter a few bigger, confirm whether can solve the fault.
4. Use “display qos” command, check the configured qos function, whether the traffic car’s “cir” parameters threshold is configured too low.
Root Cause
The possible reasons:
1. The CPU utilization rate is too high, leading to discard part of the packet.
2. Be attacked by Flood, cause forward common message speed slow.
3. Configured attack prevention function, and the threshold configured too low.
4. The configured QOS threshold is too low.
5. ASPF configured undeserved cause a particular business slow.
Appears business slow often related with CPU utilization rate is too high, link flow too big and various speed limit, if the business from the slow gradually to stop, it is likely caused by that the Session table or Server-map entry has been occupied. If the network status continues slowly, first of all should check the CPU utilization rate, interface flow, and various connection number speed limit, flow speed limit configuration, then check whether the Session table number and Server-map table number achieve maximum specifications.
1. The CPU utilization rate is too high will lead to the capacity of forward shortage and discard part of the packets, thus users find Internet speed slow. Can through view which process occupies CPU too much for positioning, usually the causes are as follows:
A, the opened function is too much, general ASPF, NAT ALG, IPSec, UTM, L2TP characteristics occupy a lot of CPU resources.
B, be attacked, tied up a lot of CPU resources.
C, opened too much attack prevention functions.
2. If the equipment CPU occupancy rate is normal and the internal network mutual access normally, it may be the upstream bandwidth be taken up in great quantities.
3. View whether the parameters of attack prevention configuration are too low.
4. Check whether configured QoS and the configured parameters are too low.
Suggestions
Attack prevention and ASPF, and other functions, need to be in complete initial configuration, according to own actual network situation accurately adjusted. Parameter configuration too loose may lead to can't effective attack prevention, configuration is too strict may lead to discard normal message and equipment extra burden.
If the equipment opened all the packet filter, then need not to configure ASPF command. If the packet filter configuration is strict, just opened the well-known port, then need to consider ASPF command. General in the Internet environment, firewall only need configure “detect FTP”; In the 3G network, generally need RTSP’s ALG, in multimedia private network need H.323 ALG; Another DNS ALG just be opened when the “NAT server” command mapping the internal network’s DNS server.
Some attack prevention, if prevent threshold is too small, when business flow increases may cause normal message packet lost, the solution is to increase the threshold value or cancel the speed limit. Such as UDP flood prevention, prevent threshold value too small will lead to packet loss, influence business; IP CAR, IP connection speed limits will influence business because of the threshold is too small.

END