#
Hi guys
I'm running JUNOS 12.1X44-D30.4 and am connected to Voyager internet via "enable fibre" and tagged as vlan 10, my connection speed I choose for UFB is 100/50 and am after some advise on the following issue.
When performing a speed test at either speedtest.net or speedtest.telecom.co.nz I seem to have limited inbound traffic which wont go past around 25 - 30 mbit however upload speed is completely fine topping out at 50mbit as expected.
Here is the interesting thing , I also have a ZyXel VMG8324-B10A router that I have been using for a few tests,
Test 1.
If I remove the SRX110 and replace it with the ZyXel my speeds shoot up to 95mbit / 50Mbit first and every time. (Using the same ONT , cables etc)
Test 2.
With both routers combined ie ZyXel to "Bridge mode and vlan 10" then use the SRX110 to do PPPoE only with tagging removed from SRX then the SRX110 will also output 95mbit / 50Mbit
Test 3.
Testing the SRX110 on Chorus UFB with exact same config and still connecting to Voyager this works perfectly too no speed issues.
So from my tests above it seems that the SRX is performing poorly only on inbound traffic and only through "enable fibre" and only when the SRX is doing the vlan tagging.
Has anybody else had this issue on an SRX110 on the "enable network" ?
Any feedback appreciated...
My sanitized config is below
root@larry> show configuration
## Last commit: 2014-02-22 22:21:21 NZDT by root
version 12.1X44-D30.4;
system {
host-name larry;
domain-name local;
time-zone Pacific/Auckland;
root-authentication {
encrypted-password "$XXXXXXXXXXXXXXY."; ## SECRET-DATA
}
name-server {
210.55.31.111;
114.23.1.1;
114.23.2.2;
}
services {
ssh;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
pool 192.168.0.0/24 {
address-range low 192.168.0.128 high 192.168.0.200;
name-server {
210.55.31.111;
}
router {
192.168.0.1;
}
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands info;
}
}
max-configurations-on-flash 49;
max-configuration-rollbacks 49;
archival {
configuration {
transfer-on-commit;
archive-sites {
"ftp://XXXXXXXXXX:/juniper-backups" password "XXXXXXXXXXXXXXXX"; ## SECRET-DATA
}
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server 114.23.1.1;
server 114.23.2.2;
}
}
interfaces {
interface-range default-vlan-members {
member-range fe-0/0/1 to fe-0/0/7;
description "### LAN Interfaces ###";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/0 {
vlan-tagging;
unit 0 {
description "### WAN Interface ###";
encapsulation ppp-over-ether;
vlan-id 10;
}
}
pp0 {
no-per-unit-scheduler;
unit 0 {
ppp-options {
chap {
default-chap-secret "XXXXXXXXXXXXXX"; ## SECRET-DATA
local-name "XXXXXXXX@ufb.vygr.net";
passive;
}
}
pppoe-options {
underlying-interface fe-0/0/0.0;
auto-reconnect 20;
client;
}
family inet {
mtu 1492;
filter {
input internet-inbound;
}
negotiate-address;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.0.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
protocols {
rstp;
}
policy-options {
prefix-list voyager-management {
114.23.64.130/32;
210.55.30.56/32;
}
}
security {
flow {
tcp-mss {
all-tcp {
mss 1452;
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool homepc {
address 192.168.0.69/32;
}
rule-set nat-translations {
from zone untrust;
rule homepc-3389-tcp {
match {
destination-address 0.0.0.0/0;
destination-port 3389;
}
then {
destination-nat pool homepc;
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy xbox-block-internet {
match {
source-address xbox;
destination-address any;
application any;
}
then {
deny;
}
}
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy homepc-nat {
match {
source-address VoyagerLan;
destination-address homepc;
application vygr-3389-tcp;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
address-book {
address homepc 192.168.0.69/32;
address xbox 192.168.0.160/32;
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
address-book {
address priLan XXX.XXX.XXX.XXX/32;
}
screen untrust-screen;
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
fe-0/0/0.0;
pp0.0;
}
}
}
}
firewall {
filter internet-inbound {
term management-ssh-only {
from {
source-prefix-list {
voyager-management;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term deny-ssh {
from {
protocol tcp;
destination-port ssh;
}
then {
reject;
}
}
term allow-all {
then accept;
}
}
}
applications {
application vygr-3389-tcp {
protocol tcp;
destination-port 3389;
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
Trusted
ID Verified
