Page 1 of 3

881W firewall limiting port throughput

Posted: Tue Mar 19, 2013 3:49 pm
by stevecinhou
We have a particular need at our stake center for a few days this week and had our internet provider service (Comcast) upgraded to 100Mbps for those few days. If I plug a PC directly into the Comcast modem I get speed test results of around 100Mbps (except the Church's speed test). However running the same tests when plugged into the firewall instead only gives me around 25Mbps. I called GCC and they tried a few things, but none made any difference. They weren't able to get an engineer involved to look at it while I was on the phone. But according to specs all of the ports on that firewall are 10/100. So it seems I should be able to get that unless it's set up somehow to limit bandwidth on the ports. Anyone else seen this before? Any ideas? There has to be a way to fix this, but I'll probably need to find the right person who knows how to do more detailed configuration. Any help would be appreciated.

Thanks,
Steve.

Re: 881W firewall limiting port throughput

Posted: Tue Mar 19, 2013 5:43 pm
by rolandc
Yes,
& you could even compare it to the ASA5505. through put is limited by the security settings. It will get better soon. Maybe :confused:

Its also why they do not stream very well.

Re: 881W firewall limiting port throughput

Posted: Wed Mar 20, 2013 8:12 am
by stevecinhou
But it has to be something more than security settings. They have an impact for sure. But I certainly wouldn't expect them to take 75% of my bandwidth. The guy I was talking to at GSC said the same thing, but couldn't figure out how to view or modify any other settings that may be causing the problem.

Re: 881W firewall limiting port throughput

Posted: Wed Mar 20, 2013 10:17 am
by Mikerowaved
I don't believe it's a configuration or security setting problem as much as it's a hardware limitation. If you look at this Routing Performance PDF document from Cisco's website, you'll see in the 7th line down the 880 Series (of which the 881W belongs) tops out at 25.60 Mbps raw throughput, without any other services or features enabled.

I don't know if the church has considered an alternative firewall option for buildings that have an ISP providing >25 Mbps bandwidth, but I think it should be seriously looked at. We may be going with fiber in the near future and this would throw a serious wet blanket on the whole plan.

Re: 881W firewall limiting port throughput

Posted: Wed Mar 27, 2013 12:00 pm
by JamesAnderson
This is going to become an issue, the 25mbps limit.

Comcast has in fact upped the speeds on the 15-20mbps tier to 25-30mbps, I regularly am now getting as high as 32mbps speeds.

Also, the FCC in the US is working to try to get everyone 100mbps by the end of the decade, not just in the metro areas, but nationwide.

The biggest complaint I hear at family history centers is the sluggish load times for FamilySearch and other Church websites. When we did software downloads through LANdesk, download speeds were much slower than downloading a minor update (such as to FamilyInsight), often taking three times what it takes to download the update from the software itself. Fresh installs is where I found this out.

Tivoli appears to have taken care of most of the download speed problems, but not all, on fresh installs.

Re: 881W firewall limiting port throughput

Posted: Wed Mar 27, 2013 2:18 pm
by stevecinhou
I agree - this limitation is going to start causing problems in the next couple years. Thanks, Mikerowaved, for the link to the Cisco performance info. I hadn't seen that before. On a subsequent call to the GSC one of the engineers also confirmed that 25 Mbps is a hardware limitation on those routers. Very unfortunate. We had to "be creative" in order to get access to our full 100 Mbps bandwidth for our genealogy conference last weekend.

Re: 881W firewall limiting port throughput

Posted: Wed Mar 27, 2013 2:28 pm
by JamesAnderson
Was that genealogy conference one of the test sites for the RootsTech satellite conferences? I was made aware of one of them, genealogykc.org. Saw the maps showing the 16 sites and the 600 they want to do hopefully next year.

Re: 881W firewall limiting port throughput

Posted: Wed Mar 27, 2013 2:58 pm
by stevecinhou
Yes, we were one of the pilot stakes for RootsTech. In the end it was very successful. But it was painful getting to that point, and there are certainly improvements that will need to be made before rolling it out more broadly (but hey, that was the point of doing the pilot).

Re: 881W firewall limiting port throughput

Posted: Wed Mar 27, 2013 5:18 pm
by johnshaw
Hey....We were also a pilot for RootsTech... we had a 4G hotspot providing about 4D, we had a different hotspot for Guest Access 4D speeds, our DSL dedicated to streaming 1.5D directly to the RS room, and we had another hotspot in front of our Firewall for Presenter access.....

I would've died to have that kind of access...... in my wildest dreams I couldn't get 25D yet alone 100

Re: 881W firewall limiting port throughput

Posted: Wed Mar 27, 2013 6:17 pm
by stevecinhou
Yeah, we were certainly fortunate with what we had available. We wanted to make it flexible as possible going in, not knowing what we'd end up needing. We did have 3 live/VOD streams going in parallel at one point + 15 PCs with consultans that were occupied and active all day long + some attendees with their own devices trying out things real-time during classes (although the classes weren't really hands-on, so that wasn't necessary). We ended up with about 400 attendees total. So not sure how low we could have gone and still been OK. That being said, I know there are other geneaology events being planned that are supposed to be very hands on for most attendees, and expections of hundreds of attendees. I think that's going to be a problem with current setups.