Slow HTTP downloads through Cisco ASA 5500

Recently we noticed weird behavior downloading files from certain sites. The transfer would start out fast (around 10 MB/s), then after a couple of seconds it would plummet to around 9 KB/s. It didn’t happen for every file or every site: downloads from S3 buckets were still particularly fast. But some files that I remember being particularly fast were now showing this weird fast/slow/fast/slow behavior, for example the Sun JDK and ISOs from rit.edu that used to saturate our pipe were now getting all cRAzY.

After some poking around I decided to test HTTP versus FTP to see if it could be an application/protocol-level issue. The easiest way to do this was to find a file available via both FTP and HTTP and download it via both protocols. This is where mirrors.rit.edu came in handy. I used cURL to download it and noticed that via HTTP it was much slower than over FTP:

[evan@boba 16:07:03 ~]$ curl -O ftp://mirrors.rit.edu/pub/centos/6/isos/x86_64/CentOS-6.2-x86_64-netinstall.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  227M  100  227M    0     0   9.8M      0  0:00:22  0:00:22 --:--:-- 7816k
[evan@boba 16:07:33 ~]$ rm CentOS-6.2-x86_64-netinstall.iso 
[evan@boba 16:07:39 ~]$ curl -O http://mirrors.rit.edu/centos/6/isos/x86_64/CentOS-6.2-x86_64-netinstall.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  227M  100  227M    0     0  5686k      0  0:00:40  0:00:40 --:--:-- 6269k

22 seconds via FTP at 9.8MB/s average, 40 seconds over HTTP at 5.6 MB/s average (which was one of the better HTTP runs).

This was affecting all machines on our network, and had nothing to do with the per-machine iptables rules (verified by flushing all rules). The only thing I could think of that might affect all machines, but only HTTP and not FTP would be something like packet inspection. Well, turns out that http packet inspection is on by default on the ASA. So I disabled it as described here:

Zeus(config)# conf t
Zeus(config)# policy-map global_policy
Zeus(config-pmap)# class inspection_default
Zeus(config-pmap-c)# no inspect http
Zeus(config-pmap-c)# write mem
Building configuration...

Since then HTTP transfers have been consistently fast.

iPad drops WiFi connection to Verizon FiOS Actiontec Router

I got my wife an iPad 2 for Christmas and she soon started complaining about the Wifi dropping its connection. I suggested she try turning off the “auto join” wifi setting, but that didn’t help. She’d be doing something and get the “Sorry, there’s no internet connection” error every 5-10 minutes. We’ve had FiOS for quite a while and we have 8 or 9 other devices connected (including Macs & iPhones) to the router without issue, so this seemed weird. I was starting to think it was a problem with the iPad, but we went to a friend’s house and used his wifi (with a Netgear router) and the iPad had no issues.

Back home, I logged into the router and tried assigning her iPad a static IP through DHCP. I had her release and renew and she got the new IP but the problem continued. Since we ruled out a problem with the iPad and I knew there was nothing “wrong” with the router, I figured I’d check and see if there are any reported issues with iPads and the Verizon router. Sure enough, there are. The first thing I clicked on, Fix for Verizon FIOS vs. iPad Wi-Fi Issues, suggested changing the wifi channel from “Automatic” to “6” (it also suggests switching from WEP to WPA2-PSK, which I’ve always been using). I did that and it hasn’t dropped the wifi connection at all in the past 3 hours. Very odd issue. If I could get into the Actiontec (or the iPad for that matter) I’d like to check the logs and see what’s actually happening, but a win’s a win.

My first trip to Walt Disney World – March 2011

Last week I returned from my first trip to Walt Disney World. We had a great time, and I figured it might be helpful to relay some of the things that helped make the trip better.

  • Walt Disney World with Kids 2011 – I had my doubts about this book but it had lots of good info for someone who’s never been to Disney World before, like which rides are best for kids. If you’ve never been to Disney World, this is worth reading. I didn’t know Fastpass existed until I read this.
  • Disney World Wait Times Free iPhone App – GPS-integrated iPhone app with wait times reported by other app users. Very helpful.
  • Disney’s own mobile phone site – Disney’s smartphone page. They have wait times here, but I found them to be pretty inaccurate. E.g. the page may say a wait time is “see now” (i.e. no wait) but there’s actually a 15 minute wait. However, this page was very useful for finding character locations and Fastpass availability.

The best tip for maximizing park enjoyment is to get there as early as possible. We got to Magic Kingdom at 8:30 AM, which was already kind of late compared to the book’s suggestion of arriving 30 minutes before the park opens, but the lines were pretty moderate and we got almost everything we wanted to do (Dumbo, race cars, Philharmagic, Buzz, a few others) done by noon and spent the rest of the day walking around exploring.

Update: I forgot to mention that if you stay at Disney’s resorts, there is no wifi internet. This was a big shock to us, since the hotels we stayed at on the way down (and up) all had free wifi. Disney’s resorts charge $10/day for internet access, which is available through a single ethernet port in each room. There are usually a couple of ethernet ports, but only one works for data (the phones use RJ45 connectors as well). This was pretty annoying because we had two computers and only one port, and the 3G signal in our room was pretty weak so I would have liked to connect my phone to wifi. If you want wifi at a Disney resort, I suggest bringing your own router. I’ve been having good luck with the TP-Link TL-WR841ND Wireless-N router, which Amazon usually has for under $40. I haven’t tried this at Disney so I can’t say for sure it works, but it’s worth a try if you want wireless.

TP-Link TL-WR841ND v7 802.11n router, wireless dies after a few days

I mentioned in a previous post that I got the TP-Link TL-WR841ND 802.11n wifi router and it solved the speed problems I was noticing with wifi connections since going from FiOS to Cablevision. This seems to be the case still, however I’ve now had another problem with the TP router. Basically, wireless becomes unusable and the web UI becomes inaccessible. The SSID still shows up but I can’t get an IP address. When accessing it from the wired LAN via a browser, the connection times out – apparently whatever’s going on inside the router is also crashing its internal webserver.

Power-cycling the router resolved the issue both times it occurred (most recently tonight), but twice is two times too many. Tonight I downloaded and installed DD-WRT v24-sp2 and configured it. It only took a few minutes – I was pretty impressed with dd-wrt – though I was surprised not to see SNMP monitoring included. Not sure if I missed it in the UI but I assumed it would be under “Services,” and I didn’t see it there. I tried snmpwalk against the router and it returned nothing, so it’s not on by default.

Anyway, hopefully dd-wrt will give me better luck than the native TP-Link firmware. It seems to be a good router hardware wise, but crashing every few days negates that.

Update: April 19, 2011: I’ve had DD-WRT running for a few weeks now on the TP-Link router and it’s been great. No reboots required. For some reason DD-WRT doesn’t seem to have SNMP available, at least not through the web UI, but other than that it’s far better than the default TP-Link software.

http://rcm.amazon.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=evanhoffmasho-20&o=1&p=8&l=as4&m=amazon&f=ifr&ref=ss_til&asins=B0034CN0AS

Speed comparison: Optimum Boost vs Verizon FiOS

Optimum Boost advertises 30 Mbps down, 5 Mbps up. Here’s a speed test I just ran at Ookla’s SpeedTest.net:

(My desktop is plugged into the router, the router is plugged into the Arris cablemodem.)

Here’s one of the last speed tests I did with Verizon, on 2/15. I had the 25/15 internet package:

(Desktop was plugged into 8-port Linksys 100 Mbit switch, the switch was plugged into the FiOS/ActionTec router.)

Continue reading “Speed comparison: Optimum Boost vs Verizon FiOS”