cancel
Showing results for 
Search instead for 
Did you mean: 

MX Devices Not Living Up to Spec for Throughput

Getting noticed

MX Devices Not Living Up to Spec for Throughput

The rated throughput on the MX 90 is 500 Mbps for firewall, 250 Mbps for advanced security. I'm using one in simple bridge mode. Despite both interfaces on the MX and the NIC on the client device under test all connecting at Gig, the MX 90 is acting as a 100 Mbps +/- 10 Mbps bottleneck. Take the 90 out, throughput goes back up to almost full gig. The WAN uplink setting is for 500 Mbps, and there are no traffic controls whatsover set. It appears that the MX just doesn't deliver what spec says it should. Any thoughts or similar experiences?

20 REPLIES 20
Kind of a big deal ww
Kind of a big deal

Re: MX Devices Not Living Up to Spec for Throughput

sounds not normal. are you sure that 1 interface didnt negotiate to 100Mbit.

 

did you just noticed this and not before? or did it work before with other software versions?

Kind of a big deal

Re: MX Devices Not Living Up to Spec for Throughput

I agree with @ww - it sounds like you have an interface operating at 100Mb/s.

 

You could also try the 14.x firmware as it has a number of performance improvements,

Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

If I do, it's on the MX side where you can't see what's really going on. GUI says 1 Gbps for that interface, and its absolutely 1 Gig on uplink

Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

This is a new topology

Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

14.x is beta- absolutely won't run beta here for fear of Cisco code culture of suck having settled in to Meraki.

Kind of a big deal

Re: MX Devices Not Living Up to Spec for Throughput

My experience has quite the opposite.  When testing with an MX64 that's rated for 200/250 I've regularly seen 300M.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Highlighted
Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

I have MX 64s, 65s, 80s, 84s, 90, 100, 250, and 400s- this is the first of seen of this, but also the first time I'm using an MX in bridge mode. Not sure if there is anything related to what I'm seeing, but it's extremely easy to show the defect condition right now.

Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

I agree it sounds like something is wrong.  We've always consistently pushed all of our MX's way beyond what they are rated for and they've always handled it like champs.

Kind of a big deal

Re: MX Devices Not Living Up to Spec for Throughput


@wirednot wrote:

I have MX 64s, 65s, 80s, 84s, 90, 100, 250, and 400s- this is the first of seen of this, but also the first time I'm using an MX in bridge mode. Not sure if there is anything related to what I'm seeing, but it's extremely easy to show the defect condition right now.


@PhilipDAth observation seems most likely.  Most likely something upstream or your WAN port is hard coded or negotiated at 100M instead of 1G.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

Not at all. Not leaving local network, and as I mentioned you take the bridge mode MX out and the connection goes back to near gig traffic.

Meraki Employee

Re: MX Devices Not Living Up to Spec for Throughput

It may be worth checking the devices local status page just to make sure your Internet port didn't get defaulted to a 100Mbps Link negotiation. You can check this remotely by doing a client VPN into the MX and going to setup.meraki.com

Kind of a big deal

Re: MX Devices Not Living Up to Spec for Throughput


@wirednot wrote:

Not at all. Not leaving local network, and as I mentioned you take the bridge mode MX out and the connection goes back to near gig traffic.


Maybe I'm not understanding something correctly but when you are in bridge mode wouldn't the gateway move off of the MX to a different device?  Where is your gateway?  Possibly L3 switch?  If the gateway is on a Layer 3 switch then the traffic shouldn't even be traversing the MX regardless of what mode it is in.  You said LAN based traffic, how are you testing the throughput, iPerf?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

Interesting. Could it be at 100 on local config page but show Gig in MX status GUI?

Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

Think inline L2 bridging firewall.


@Adam wrote:

@wirednot wrote:

Not at all. Not leaving local network, and as I mentioned you take the bridge mode MX out and the connection goes back to near gig traffic.


Maybe I'm not understanding something correctly but when you are in bridge mode wouldn't the gateway move off of the MX to a different device?  Where is your gateway?  Possibly L3 switch?  If the gateway is on a Layer 3 switch then the traffic shouldn't even be traversing the MX regardless of what mode it is in.  You said LAN based traffic, how are you testing the throughput, iPerf?


 

Meraki Employee

Re: MX Devices Not Living Up to Spec for Throughput

That would be anomalous behavior for it to be locked at 100Mbps and showing as Gig, but UI errors have happened before. Always worth checking all your bases.
Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

Think inline L2 bridging firewall.


@Adam wrote:

@wirednot wrote:

Not at all. Not leaving local network, and as I mentioned you take the bridge mode MX out and the connection goes back to near gig traffic.


Maybe I'm not understanding something correctly but when you are in bridge mode wouldn't the gateway move off of the MX to a different device?  Where is your gateway?  Possibly L3 switch?  If the gateway is on a Layer 3 switch then the traffic shouldn't even be traversing the MX regardless of what mode it is in.  You said LAN based traffic, how are you testing the throughput, iPerf?


 

Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

Back from vacation- I did check the admin pages- there is no option to "nail" the interface to Gig- auto is only choice. For 100 and 10 you can specify duplex etc, but for Gig, auto is it. Given that the MX shows no stats or counters (which is complete BS after all of these years) and the switch side reports Gig with no errors, I have to assume that all is well at Gig between MX and switch. This is further evidenced by what follows:

 

On the advice of TAC support engineer- turned off advanced security and retested. Throughput is essentially doubled, now in the neighborhood of 225 Mbps. Still less than half of what's expected on the MX90 firewall throughput capacity. 

Kind of a big deal

Re: MX Devices Not Living Up to Spec for Throughput

What is the uplink speed configured as on the Traffic Shaping page in Dashboard?

MRCUR | CMNO #12
Getting noticed

Re: MX Devices Not Living Up to Spec for Throughput

It is set to the max of 500 Mbps. Every test I throw at this (and I have deployed a lot of MXs in the last nine years) says that this MX is not living up to spec.

Kind of a big deal

Re: MX Devices Not Living Up to Spec for Throughput

You can always request an RMA from Support and see if they go for it. 

MRCUR | CMNO #12
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.