|
Cisco 887VA on Plusnet Fibre gives slow up/download speedsHi Everyone, Using the BT openreach router and the supplied router I was able to achieve 52mb down and around 18mb upload. This was consistent across various speed test websites. I have now replaced both routers with a Cisco 887VA and configured it the best I can however the best speed I can get is about 18mb down and 3-4mb up.
It's like it's an ADSL connection and not fibre! As soon as I plug the old routers in then I get full speed again. Could somone please look at my config below and please advise,
Thanks Shayne
Building configuration...
Current configuration : 5374 bytes ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Cisco ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login default local ! aaa session-id common memory-size iomem 10 ! crypto pki trustpoint TP-self-signed-1584283943 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1584283943 revocation-check none rsakeypair TP-self-signed-1584283943 ! ! crypto pki certificate chain TP-self-signed-1584283943 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 D954924B CCA37141 2FD5A7BF 50DD75 quit ! ip dhcp excluded-address 192.168.0.1 192.168.0.10 ip dhcp excluded-address 192.168.0.50 192.168.0.255 ! ip dhcp pool HOME network 192.168.0.0 255.255.255.0 default-router 192.168.0.2 dns-server 192.168.0.2 192.168.0.203 8.8.8.8 lease 0 8 ! no ip domain lookup ip domain name yourdomain.com ip ips config location flash:/IPS retries 1 ip ips notify SDEE ip ips name sdm_ips_rule ! ip ips signature-category category all retired true category ios_ips basic retired false ! ip cef no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO887VA-K9 sn FG********* license boot module c880-data level advipservices ! ! username admin privilege 15 secret 5 $1$IJSC$l********. ! crypto vpn anyconnect flash:/webvpn/sslclient-win-1.1.4.179-anyconnect.pkg sequence 1 ! crypto vpn csd flash:/webvpn/sdesktop.pkg ! crypto key pubkey-chain rsa named-key realm-cisco.pub key-string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
quit ! controller VDSL 0 firmware filename flash:vdsl.bin-35d_d23j modem ukfeature ! ip ssh version 2
!
interface Ethernet0 no ip address ! interface Ethernet0.101 encapsulation dot1Q 101 ip virtual-reassembly in pppoe enable group global pppoe-client dial-pool-number 1 ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface FastEthernet0 no ip address duplex full speed 100 ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface Vlan1 ip address 192.168.0.2 255.255.255.0 ip nat inside ip ips sdm_ips_rule in ip ips sdm_ips_rule out ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Dialer0 description Infinity mtu 1508 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip flow ingress ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname **********@plusdsl.net ppp chap password 0 ************ ppp pap sent-username ***********@plusdsl.net password 0 ********** ppp ipcp header-compression ack ppp ipcp dns request ppp ipcp address accept no cdp enable ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list 1 interface Dialer0 overload ip route 0.0.0.0 0.0.0.0 Dialer0 ! access-list 1 permit 192.168.0.0 0.0.0.255 no cdp run ! control-plane ! line con 0 no modem enable line aux 0 line vty 0 4 privilege level 15 transport input telnet ssh ! ! end |
|
your moderator at work
hidden : Friendly delete
|
1 edit |
to ShayneG
Re: Cisco 887VA on Plusnet Fibre gives slow up/download speedsThat's about the speed of an 887 with NAT running in my experience. 887's, like their brothers the 29xx and 39xx run *everything* via the processor. Whilst your router is configured with the minimum needed to make it work on an ADSL line, it's still enough to bog down the processor and drag down the speeds. I know you're using the ethernet ports but it doesn't make any odds, all the traffic hits the processor. For what it's worth I iPerf'd my 887 with a PC hanging off two of the LAN ports, so not even going anywhere near the internet side and the best I saw was around 25Mb/s between the two PC's and mine is configured almost identically to yours. There are two documents worth a look. The first one has a fair stab at realistic traffic throughputs: » anticisco.ru/pubs/ISR_G2 ··· ance.pdfThe second document deals with bare bones speeds of the ISR platform: » www.cisco.com/web/partne ··· ance.pdf |
|
|
hmmm, I'm sure I read somewhere an 887 had managed 70mb down. What's the point of this router having a VDSL2 port if it maxes out at 20mb? so I'm guessing I should keep the BT VDSL router in place and use 2 ethernet ports for the LAN/WAN routing or is the 20-25 mb restriction down to the processor? If so this is very disappointing as the BT home hubs are more than cable of this and they can't cost more than £50 to manufacture. |
|
|
Down to the processor. If you have a VDSL (BT Infinity or similar) then you *might* get away with an 1841 with an ADSL WIC card but I'm 99% sure the 887 won't see much more than 25Mb/s. Check the second documentn I linked to. Even Cisco themselves say 25Mb/s and that's bare bones. As for why it has a VDSL port yet a "low top speed" there are plenty of folk hanging off the end of a long line and I'm sure there are areas in the world where ISP's offer different speeds for different prices. The 887 would be a good fit here if a new router is required. Me, I'd chance an 1841 from eBay for 30 quid for anything up to 50Mb/s down. |
|
|
to markysharkey
It looks like this person has around 50mb down with the config he's posted but I can't workout which bits in his config actually make the speed difference: » damn.technology/cisco-88 ··· roughput |
|
|
to ShayneG
Immediate thought about your config : 1) remove IPS from your VLAN1ip ips sdm_ips_rule in
ip ips sdm_ips_rule out
I suspect that's where you're losing most of your speed, IOS IPS is a CPU / throughput killer, bar none. 2) remove "ip virtual-reassembly" from the interface configurations. 3) remove "ip route 0.0.0.0 0.0.0.0 Dialer0" -- as you're already getting a DHCP address on Dialer0, and a default route, this config's pointless. Honestly, nuke the config and strip to barebones and loadtest and see what speeds you get. If even on a barebones config it doesn't get any faster than what you've tested so far, you're limited by the platform itself and may have to go to a higher end platform. Honestly, for 52/18Mbit speeds, about the only 8xx series device I'd trust to get to that speed is the 89x series. said by ShayneG:as the BT home hubs are more than cable of this and they can't cost more than £50 to manufacture. ...can the home hubs do CallManager, WAN Acceleration, IPS, VPN, QOS, MPLS in one box? Understandable about your frustration OP, but just trying to set your expectations here ;) :) said by markysharkey:you *might* get away with an 1841 with an ADSL WIC card ...I was about to dispute that then I recalled that a friend claimed that with a 2801 (exact same CPU as an 1841) and CBAC config they hit around 60Mbps. I'll have to get some time to break out my 2801 and loadtest that the same way as when I tried with my 1811. My 00000010bits Regards |
|
|
Thanks for your help everyone, I have now ordered a Cisco ASA 5505 from here: » www.ebay.co.uk/itm/32158 ··· IDX%3AITI'm told these are good for 100-150mb on the firewall through put but I'll have to leave the BT openreach router in place for the WAN termination. |
|
SimplePandaBSD Premium Member join:2003-09-22 Montreal, QC |
to ShayneG
said by ShayneG:hmmm, I'm sure I read somewhere an 887 had managed 70mb down. What's the point of this router having a VDSL2 port if it maxes out at 20mb? so I'm guessing I should keep the BT VDSL router in place and use 2 ethernet ports for the LAN/WAN routing or is the 20-25 mb restriction down to the processor? If so this is very disappointing as the BT home hubs are more than cable of this and they can't cost more than £50 to manufacture. Cisco hardware performs on "packets per second". According to the matrix, PPS on the 880 series is 50,000 using CEF. If you start adding packet filtering, NAT, etc you're going to start losing performance. Cisco has only recently started bucking this trend with the "G3" ISR units, which they quote in Mbps of performance regardless of configuration. At full, 1500 byte packets, 50,000 pps = ~71Mbps. If you use "Internet Mix" (» en.wikipedia.org/wiki/In ··· rnet_Mix) you're getting closer to 25Mbps, which is what Cisco quotes for that device. Make the router do PPPoE, NAT, etc - again you're going to start see that performance slip off. |
|
|
to ShayneG
ASAs have their own idiosyncracies, like "every feature as a licence" ... But if you're willing to give em a crack config-wise, and can bridge the openreach device or put the ASA in transparent mode, throughput-wise on a standard config ASA's'll run fairly reliably. Regards |
|
|
|
At the moment I have a Draytek 2820 after the openreach modem. The drayteks's WAN port is an RJ45 and just recieves a STATIC WAN IP straight from the BT openreach modem. I'm hoping to configure the ASA in the same way and have the firewall rules on the ASA. I only have 8 rules so shouldn't be too much hassle. The main reason for the Cisco is to get used to using them more as I have to support one at work - LOL |
|
|
to ShayneG
Rules-wise, can do interface-based or the fancy-schmancy "global acl." I presume all the rules on the draytek were on the interface connecting to the openreach in the INBOUND direction to your internal LAN?
If so, should be pretty easy to transplant over.
...let us know how it goes and/or if you need any help with the ASA.
Regards |
|
|
Yeah that's exactly how the Draytek worked. Thanks for your help so far I have a nice 800 page book turn up today on programming IOS so hopefully might work some of this stuff out in the near future |
|
|
to ShayneG
said by ShayneG:but I'll have to leave the BT openreach router in place for the WAN termination You mean the white modem, right? That will give you an ethernet hand-off which can go straight in to the ASA. If you're well versed with IOS then the ASA won't present too many hurdles but don't underestimate it. It'll be a STEEP learning curve becuase as Hellfire has said elsewhere, whilst it looks like IOS, it will mess with your head. If I had a choice, I'd leave the ASA out of it and use CBAC or ZBFW on an 1841 or 2900 to do what it needs. Also most of the Call Manager stuff can be done in the CLI as can the CUE stuff but the CUE to me is easier in the GUI. Call Manager is easier although a bit labour intensive in the CLI. But I find the Call Manager GUI less than intuitive so I avoid it. |
|
|
to ShayneG
I've been using an ASA with a UK BT Fibre... I get like 65/15 and is stable. ASAs can do PPPoE so you will be good if you leave the modem.
However 887VAs are good, have used them for many VDSL set-ups... |
|