Pfs - ASA poor performance
-
pfs side is 75/15 meg cable. I do see close to those speeds. ASA side is a 100/100meg direct fiber internet.
pfs is running on a Netgate 7541. IPsec is set up for AES192 both phases. perfect forward secrecy of 1 on the phase 2. Check out these iPerf numbers:
ASA to pfs:
bin/iperf.exe -c 172.20.10.145 -P 1 -i 1 -p 5001 -f m -t 30
–----------------------------------------------------------
Client connecting to 172.20.10.145, TCP port 5001
TCP window size: 0.01 MByte (default)[180] local 172.20.1.68 port 63747 connected with 172.20.10.145 port 5001
[ ID] Interval Transfer Bandwidth
[180] 0.0- 1.0 sec 0.26 MBytes 2.16 Mbits/sec
[180] 1.0- 2.0 sec 0.16 MBytes 1.38 Mbits/sec
[180] 2.0- 3.0 sec 0.14 MBytes 1.18 Mbits/sec
[180] 3.0- 4.0 sec 0.15 MBytes 1.25 Mbits/sec
[180] 4.0- 5.0 sec 0.14 MBytes 1.18 Mbits/sec
[180] 5.0- 6.0 sec 0.15 MBytes 1.25 Mbits/sec
[180] 6.0- 7.0 sec 0.15 MBytes 1.25 Mbits/sec
[180] 7.0- 8.0 sec 0.14 MBytes 1.18 Mbits/sec
[180] 8.0- 9.0 sec 0.14 MBytes 1.18 Mbits/sec
[180] 9.0-10.0 sec 0.15 MBytes 1.25 Mbits/sec
[180] 10.0-11.0 sec 0.14 MBytes 1.18 Mbits/sec
[180] 11.0-12.0 sec 0.15 MBytes 1.25 Mbits/sec
[180] 12.0-13.0 sec 0.15 MBytes 1.25 Mbits/sec
[180] 13.0-14.0 sec 0.14 MBytes 1.18 Mbits/sec
[180] 14.0-15.0 sec 0.14 MBytes 1.18 Mbits/sec
[180] 15.0-16.0 sec 0.12 MBytes 0.98 Mbits/sec
[180] 16.0-17.0 sec 0.13 MBytes 1.11 Mbits/sec
[180] 17.0-18.0 sec 0.11 MBytes 0.92 Mbits/sec
[180] 18.0-19.0 sec 0.11 MBytes 0.92 Mbits/sec
[180] 19.0-20.0 sec 0.14 MBytes 1.18 Mbits/secpfs to ASA:
bin/iperf.exe -s -P 0 -i 1 -p 5001 -f m
–----------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 0.01 MByte (default)[280] local 172.20.1.68 port 5001 connected with 172.20.10.145 port 53176
[ ID] Interval Transfer Bandwidth
[280] 0.0- 1.0 sec 0.47 MBytes 3.94 Mbits/sec
[280] 1.0- 2.0 sec 0.54 MBytes 4.52 Mbits/sec
[280] 2.0- 3.0 sec 0.55 MBytes 4.65 Mbits/sec
[280] 3.0- 4.0 sec 0.53 MBytes 4.46 Mbits/sec
[280] 4.0- 5.0 sec 0.54 MBytes 4.52 Mbits/sec
[280] 5.0- 6.0 sec 0.55 MBytes 4.59 Mbits/sec
[280] 6.0- 7.0 sec 0.55 MBytes 4.58 Mbits/sec
[280] 7.0- 8.0 sec 0.56 MBytes 4.72 Mbits/sec
[280] 8.0- 9.0 sec 0.53 MBytes 4.45 Mbits/sec
[280] 9.0-10.0 sec 0.57 MBytes 4.79 Mbits/sec
[280] 10.0-11.0 sec 0.54 MBytes 4.52 Mbits/sec
[280] 11.0-12.0 sec 0.57 MBytes 4.79 Mbits/sec
[280] 12.0-13.0 sec 0.58 MBytes 4.85 Mbits/sec
[280] 13.0-14.0 sec 0.59 MBytes 4.92 Mbits/sec
[280] 14.0-15.0 sec 0.53 MBytes 4.46 Mbits/sec
[280] 15.0-16.0 sec 0.60 MBytes 5.05 Mbits/sec
[280] 16.0-17.0 sec 0.51 MBytes 4.27 Mbits/sec
[280] 17.0-18.0 sec 0.47 MBytes 3.92 Mbits/sec
[280] 18.0-19.0 sec 0.51 MBytes 4.25 Mbits/sec
[280] 19.0-20.0 sec 0.40 MBytes 3.35 Mbits/secThe upload is faster than the download. I'm befuddled. Any ideas?