Meraki

TNAComputers

Hi Everyone,

I'm having an issue with a MX105, and wanted to see if anyone else has seen this behavior.

I have a ONT fiber 1gbx1gb connection with a 2.5gbps port to a MX105 in WAN2 (Ethernet hand off to me on WAN2). The MX sees the port at 2.5 gbps, and the ONT sees the same. Both are set to auto negotiate. I have seen some threads talking about setting the port speed to 1gbps if that's the max speed of your internet connection. I have logged into the local status page, and tried changing it to 1gbps, but it dosent do anything. It still continues negotiate at 2.5 gbps.

The reason why im asking is that if I do a speed test, download speeds show 500-600mbps, but upload tests always show 950+mbps. Im wondering if this is because I need to force it to 1gbps instead of 2.5. The symptoms that im seeing are when downloading large files, it caps out around 500mbps. Uploading large files always uploads around 850-900mbps.

MX is on firmware 19.2.3 stable release candidate. It has done this in prior versions. WAN1 is only 600mbpsx45mbps and always reports correctly if I force the traffic over it (WAN2 is the default internet route). Both WAN connections are copper Ethernet direct the ONTs/modems.

Here are a couple of random speed tests to show what im talking about to different providers through the MX on WAN2:

I know the next steps would be to hook into the ONT directly bypassing the firewall, but its a pain because this provider binds the MAC of the WAN2 connection to the ONT, and I have to call to change MAC addresses to "test" directly hooked up. I can try that, but would like to look at the MX side first. They say everything is good on the provider side.

ww

Do you have any global or client shaping limit on the SD-WAN & traffic shaping page?

You could try with unlimited and 1Gb up/down there

Did you also try another speed test website?

Ping time in speedtest is also pretty high, maybe you can manually select a nearby server

TNAComputers

Hi @ww I did try 5 different Speedtest providers sites. I tried fast.com as well:

Bandwidth is set to 5Gbps (platform max) no shaping polices (default disabled), global bandwidth limits are unlimited. I did set WAN2 on shaping page to 1gbx1gb with no difference. Client wise, this MAC is on the allow list for filtering etc. I thought maybe it was this PC, but tested from another PC on the same equipment with the same results.

ww

Maybe you can clone the wan2 mac address of the mx to a computer, and test on the wan2 ont connection. Dont forget to remove the mac clone after testing

TNAComputers

I will try this and let you know

RWelch

When testing uplink speeds using an Internet-based speed test, the best practice is to test each uplink separately by connecting only a single uplink during the test.

This will avoid the interface preference issue described earlier and allow for a more accurate measurement of the uplink's throughput.

MX Load Balancing and Flow Preferences

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

TNAComputers

Thanks. I will try this with one link, but my setup is probably a little unique. WAN2 was an afterthought so it was all designed around WAN1. The primary uplink is wan1, but all of the routing rules route certain destinations and ports out of WAN1 and all internet traffic out WAN2.

I had an issue when they bumped the speeds up on the MXs (firmware) where it enabled multicore support which is how im assuming they did this. It killed some VPNs that were running and support disabled multicore support. When they did this, I noticed similar issues where the download speeds on WAN2 would be half, but upload still normal. VPNs worked correctly with multicore disabled. A couple of firmware updates later, everything went back to working again and they turned it back on.

Im willing to bet money that if I move WAN2 to WAN1 , everything would work as intended, but the issue would follow WAN2. I think its how they are doing PBR but cannot prove it.

I have a Cisco FTD 1120 that I hooked up previously and I get advertised speeds off of it from either connection using PBR to route certain traffic. I also have a M250 that does the same thing with the same setup that I have now. I cloned this network, and setup the 250 to test. Similar behavior.

rhbirkelund

Single-Client throughput testing isn't really a valid way of testing whether or not you are able to achieve whatever speed you're testing. Instead you might want to try and do speedtests with multiple clients simultanously, and aggregate the results.

Also you may want to test the uplink speeds by ensuring that all NGFW features are disabled (Content Filtering, IDS/IPS, AMP, etc).

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

TNAComputers

@rhbirkelund Thank you for your suggestions. I have disabled AMP/IPS/Content/Geo for some time now. I will say in the past, and at other sites with MXs, they get the full speed from an individual client. The tests are normally done after hours when its just that one PC online. Even now, all MXs (not 105s) get full advertised bandwidth from a single client even with IPS/AMP etc turned on. Even so, how can upload be almost 100% of the link, but download would be half? That would suggest that the single client can support it. Traffic throughout the day is nominal on the download so I would account for that as well taking off of the aggregate.

Meraki

Community

MX Port Speeds-Download tests

MX Port Speeds-Download tests