Meraki MX Speed Issues with Cox Communications

DBlum
Getting noticed

Meraki MX Speed Issues with Cox Communications

We originally saw speed issues utilizing the MX67W where the throughput on a 100MB connection was at best 5MB/s.  This is what we have tried so far:

 

1. We are on our fourth meraki mx67w that support keeps sending us and still have the issues

2. I have put a new cable modem in and still have the issues

3. I have disabled the wireless and still have the same issues

4. Replaced all network cables and tried with no devices connected and portal still shows 5mb/s

5. Plugging meraki mx into home network I get full connection speed

 

If we plug in another router (netgear) we get the full 100mb connection.  Meraki support has no clue and wondering if anyone else is experiencing similar issues or has any other suggestions.

12 REPLIES 12
PhilipDAth
Kind of a big deal
Kind of a big deal

What does a packet capture show?

 

Retransmits, out of order packets, or some other issue?

 

Have you tried disabling AMP and IPS for a test?

Nothing abnormal on packet capture, is there anything I should be looking for besides what you put?  I tried disabling AMP and IPS and get the same speed drop.  I can attach pcap if you think that will help? Thank you

PhilipDAth
Kind of a big deal
Kind of a big deal

If you can attach a capture that would be great. 

DBlum
Getting noticed

Weird thing is I bring the device to my home office and use same cox broadbank and 200+ on throughput test

DBlum
Getting noticed

Wireshark will not allow me to obfuscate public ip's 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Sorry I can't analyze that.  I need something that I can load into Wireshark.  Never mind.

Roger_Beurskens
Building a reputation

Checked for duplex mismatch and MTU size issues?

Yes, again it is the weirdest thing because the appliance at my home office is getting 200mb on dashboard and plugging in either third party router or laptop directly into cable modem at office gets the proper 100 down.

DBlum
Getting noticed

So I think I found the issue but I cant explain it...I disabled the site to site vpn because there was a ton of UDP hits on it and as soon as I did that the speed is back to normal.  The UDP hits is due to a testing apparatus at one office sending the data to the the main office.  Is there any reason this high hit of UDP packets would cause this issue?  Here is a sample of the packets (ip addresses have been modified):

 

1682 7.535586 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424
1683 7.535598 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424
1684 7.535624 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424
1685 7.536136 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424
1686 7.536139 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424
1687 7.536161 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424


1898 7.567805 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88
1899 7.567849 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88
1900 7.567898 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88
1901 7.568474 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88
1902 7.568530 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88

PhilipDAth
Kind of a big deal
Kind of a big deal

Is this AutoVPN between Meraki devices, or a non-Meraki VPN?

Auto vpn 

cmr
Kind of a big deal
Kind of a big deal

Was the autoVPN working correctly?  It is common for firewalls to treat a high frequency of UDP packets as a DOS attack and back off to attempt to mitigate it.  We had to disable the UDP DOS trigger on some other brand firewalls as their own IPSEC client VPN experienced very choppy performance due to the DOS continually shutting it down...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels