Hi, Once you have identified the traffic type i.e. web traffic port 80, you may wish to consider turning on some of the traffic management features within the Cisco router. This could be a change in queuing strategy and the use of Cisco's committed access rate feature.
By using CAR, you can prioritise the traffic and drop any less important traffic if it reaches a certain threshold. Incidentally it is good to use CAR to drop inbound UDP traffic in case of DDOS attacks. The other thought with regard to this could be that your NAT pool in your PIX is not big enough to cope with your outbound requirements. Try increasing your pool size so that you have many translation slots available. Also look at the session timeout values and make sure that you have timeouts to unwanted connections within a reasonable timeframe. Another point to look at is your Ethernet interfaces. Make sure that they are forced connections rather than using auto (100 meg full duplex). If these are causing you any issues, you would see a high number of collisions on the Ethernet port counters. This could also account for a high number of retransmissions and poor throughput on your Internet connection. Regards Paul Benedek Director Excis Networks Limited http://www.excis.co.uk -----Original Message----- From: Mitchell Rowton [mailto:[EMAIL PROTECTED] Sent: 08 July 2003 19:27 To: Jane Han; [EMAIL PROTECTED] Subject: Re: where should I start? help! The bandwidth on the S0 interface is "BW 2048 Kbit" which is higher than a T1. This doesnt have any negative impact per say but it does change the routers perceived load. The router says it is using a "rxload of 188/255" But this is assuming it has 2048K. A T1 is only 1.544 MB, so the real rxload is higher than that. The first step I would take is to put a sniffer online and discover what machines are doing the most bandwidth, what protocols are doing the most bandwidth. And then decide if this is acceptable to you. If the chatty stuff is needed, then upgrade bandwidth or live with it. The PIX NAT shouldnt be a problem unless you have more than 30 internet speaking host, do you? Mitchell ____________________________________________________ http://www.attackprevention.com Information Security documents, articles, and policy > Hi, all > > I am relatively new to this field. We have full T1 > but the internet speed is very slow. > Sometimes it's even slower than dial-up speed when > downloading files. > E1 E0 E0 s0 > Switch --- PIX ------Cisco 2600 Router------Internet > > (E1 and E0 are Ethernet Interface and S0 is serial > interface) (please see the following status on s0) > > Serial0/0 is up, line protocol is up > Hardware is QUICC Serial > Internet address is X.X.X.X/30 > MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec, > reliability 255/255, txload 26/255, rxload > 188/255 > Encapsulation HDLC, loopback not set > Keepalive set (10 sec) > Last input 00:00:02, output 00:00:00, output hang > never > Last clearing of "show interface" counters never > Input queue: 0/75/9199/0 (size/max/drops/flushes); > Total output drops: 3307 > Queueing strategy: weighted fair > Output queue: 0/1000/64/3307 (size/max > total/threshold/drops) > Conversations 0/57/256 (active/max active/max > total) > Reserved Conversations 0/0 (allocated/max > allocated) > 30 second input rate 1510000 bits/sec, 235 > packets/sec > 30 second output rate 214000 bits/sec, 173 > packets/sec > 76598509 packets input, 1523011153 bytes, 0 no > buffer > Received 104544 broadcasts, 0 runts, 0 giants, 0 > throttles > 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 > ignored, 0 abort > 66685034 packets output, 4044743843 bytes, 0 > underruns > 0 output errors, 0 collisions, 1 interface resets > 0 output buffer failures, 0 output buffers > swapped out > 0 carrier transitions > DCD=up DSR=up DTR=up RTS=up CTS=up > > I checked the S0 interface status on the internet > router. What info does the above indicate? > What does input and output packets mean in case > internal users download files from internet? > > I really do not know how to find out where all traffic > are from? I bet there are lots of downloads > from internet. Where should I start? > > BTW, we have one block class C public address. But > the PIX only use 30 for NAT and one > global pool address: > global (outside) 1 x.x1.x2.201-x.x1.x2.230 > global (outside) 1 x.x1.x2.200 > > Could this cause the slowness on internet speed also? > > Thanks in advance, > > Jane --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
