We are using the basic speed test and iperf results yes there is a policy that allows outbound traffic but whats bothering us is if it is the VR/routing instance or the SRX 210 is the issue how does that only affect the outbound traffic and not the inbound.
Here's what we have done so far
- Connected a computer directly to the SRX.
- Applied the configuration to allow external access using ports ge-0/0/0 as external and fe-0/0/2 as internal.
- The latency was not being observed when the EX switch is by passed. (but in this scenario no firewall policies and routing instances were checked)
- Tested the general health of EX.
- Checked for other L2 errors on EX.
- Connected a computer directly to the EX by passing SRX and no latency was observed.
- tested the general health of SRX at that time.
- CPU and PFE seems to be stable.
- Observed few Input error, L2 channel errors: 212863 on primary node interfaces fe-2/0/4.
- now as per our topology ISP----EX----SRX cluster
- Issue seems to be with routing-instances configuration and implementation on SRX 210.
- When the traffic is going towards internet from VR Internet then download speed of 15 Mbps and upload speed of 25 Mbps is observed.
- When the traffic is going towards internet from VR WANOPT then download speed of 1.8 Mbps is observed.
- Few L2 channel errors are observed too.
We are opening a ticket with Juniper on this as this seems to be an issue with the VR instance filters applied to the interfaces and it seems the 210 does not like the VR's that much.