WAN throughput on MX67C running MX 17.6 firmware

harmankardon
Building a reputation

WAN throughput on MX67C running MX 17.6 firmware

I've been testing MX 17.6 firmware on a MX67C to take advantage of the several improved cellular features in 17.x and it looks promising but I happened to notice wired WAN throughput is around half of what it was on 15.44 (capping out around 275Mbps on a 1Gbps connection).

 

I've checked the sliders on the SD-WAN page and they are set to 600 Mbps, I'm not expecting to get 600 but on 15.44 I was getting around 550 Mbps so 275 Mbps is a pretty noticeable drop. 

 

Anyone else seeing this? Is there anything I may be missing? A bit disappointing since the rest of 17.6 looks pretty good so far!

17 Replies 17
PhilipDAth
Kind of a big deal
Kind of a big deal

Any chance you are measuring the speed to something over IPv6 when you were measuring it over IPv4 before?

 

Bearing in mind 17.6 has native IPv6 support, and 15.x has zero IPv6 support.

harmankardon
Building a reputation

Good thought but its still IPv4 from what I can tell (IPv6 is disabled on VLAN and Addressing page and ran a packet capture to verify).

PhilipDAth
Kind of a big deal
Kind of a big deal

I was able to get just under 530Mb/s on my MX68 on 17.5

 

PhilipDAth_0-1647651248066.png

 

harmankardon
Building a reputation

If I disable AMP and Intrusion detection, I get 610 down and 775 up, so one of those features seems to have regressed perhaps.

 

What do you have AMP/Intrusion set to?

PhilipDAth
Kind of a big deal
Kind of a big deal

PhilipDAth_0-1647652145742.png

 

harmankardon
Building a reputation

Strange. When I configure mine that same as what you have there, I end up capped at 275 Mbps.

 

 

Mario0603
Here to help

Thank you for your information!!!

PhilipDAth
Kind of a big deal
Kind of a big deal

I just upgraded to 17.6 and retested.  Got a little bit slower, but not enough for me to call significant.

 

PhilipDAth_1-1647652027056.png

 

harmankardon
Building a reputation

I've isolated it to Intrusion detection and prevention (SNORT) which isn't surprising, that feature is expected to reduce throughput. Meraki documentation does list 300 Mbps max for the MX67C when all security features are enabled, so I suppose I can't complain, although it doesn't really explain why 15.44 performed so much better with the same security configuration.

Ryan_Miles
Meraki Employee
Meraki Employee

I just tested a MX67C with 15.44, 16.16, and 17.6. Tested with all security features off then on. Rebooted between all tests. Also, while running the tests 2 TVs in the house are streaming as well as many MV2 cameras with Cloud Archive uploading video.Screen Shot 2022-03-19 at 3.32.42 PM.png

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

Big effort @Ryan_Miles .  Double kudos for you!

harmankardon
Building a reputation

Interesting, how were you able to exceed the 600 Mbps hard limit by such a significant amount? Also very surprised to see that you are seeing higher throughput numbers with security enabled vs. disabled, that doesn't seem to make sense.

 

Either way, I re-tested again tonight and discovered that right after a reboot, I get 600 Mbps even with security features enabled. Some period of time later after doing some minimal browsing and cellular testing, I tried the speedtest again and I'm back to down to 275 Mbps. No change in the WAN connection, if I take the uplink cable out of the MX and plug it into laptop I get 1 Gbps. I rebooted the MX again and speeds went back up to 600 Mbps.

 

Fortunately none of the sites I'll be deploying MX 17.6 to have anything greater than 200 Mbps so not an issue for now. Perhaps I'll just wait and see if this resolves as MX 17.x matures.

 

Side note: each time I reboot the MX67C, when it comes back online it starts out on cellular for about 30 seconds (status light purple and confirmed via tracert) before switching to wired uplink. 

GIdenJoe
Kind of a big deal
Kind of a big deal

Way to run the extra Miles, Miles 😉

PhilipDAth
Kind of a big deal
Kind of a big deal

On another note, I also don't find the Ookla speed test that accurate for speeds over 500Mb/s (just my personal experience).  The test fails to fully saturate the link.

However, I also used the Ookla speedtest knowing the test itself has an issue so ...

 

I find nperf.com works better for those with Gigabit style Internet connections (at least in my country).

https://www.nperf.com/ 

 

Perhaps give nperf.com a test and see if you get the same performance issue.  It may be the testing platform you are using that has the issue rather than the MX67C itself.

harmankardon
Building a reputation

I'm using Ookla and using my ISP's speedtest server, I have no trouble saturating the link if I bypass the MX67C. I tried nperf but closest server is almost 1000km away, not able to saturate even when bypassing the MX.

Inderdeep
Kind of a big deal
Kind of a big deal

@harmankardon : Here is full description for the new firmware MX 17.6

https://community.meraki.com/t5/Security-SD-WAN/New-MX-17-6-stable-release-candidate-firmware-no-lon... 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Preben_Knudsen
Here to help

Old post, but the issue still persists on MX17.10.2...!

 

And when testing performance: rember to move alle non complient NBAR AP and switche out of the network with the MX running MX17 software - (but within the same Org is OK). NBAR cannot run with non wifi6 AP within the same network as the MX...! NBAR in used as part on Next-Gen classification of traffic and when this feature is enabled, it will affect performance...  and this might be the cause for different performance results in above postings.

 

See prerequisites here:
https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Next-gen_Traffic_Anal...

Kind regards.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels