Wireshark-users: Re: [Wireshark-users] I think this is outrageous, but am i wrong?
From: Phil Paradis <Phil.Paradis@xxxxxxxxxxxxxx>
Date: Wed, 17 Feb 2010 19:10:35 -0800
One thing to keep in mind regarding duplex is that auto-detection on 10/100Mbit Ethernet requires both sides to be set to auto-negotiate. If one end is manually configured and the other end is set to auto-negotiate, the end set for auto-negotiation will always select half-duplex, regardless of the manually configured setting. If the manually configured interface is set to full duplex, this will cause packet loss problems because the full-duplex interface will have disabled collision detection.

In this specific case, it is possible that the switch port to which the firewall is connected is set for either auto-negotiate or half-duplex. The firewall and switch port should be configured to match. If the switch cannot be configured, the firewall must be set to either auto or half to avoid a mismatch.

On Feb 17, 2010, at 5:44 PM, Ryan Zuidema wrote:

> I do not agree that half duplex will prevent T-1 overrun. Half duplex can only introduce additional delay/loss over the link. With the collisions associated with half duplex you will have a lot more garbage going across your T-1 (retransmits etc…). Also you’ll have delays as the computers back off during the retransmission process. Half duplex has no positive effect in your situation, and could be contributing to the issues your having.
>  
> I strongly recommend switching it over to Full duplex. It’s probably a negotiation issue. During your next outage window force it to Full duplex and test it out.
>  
> That said, you probably have other issues in play here; it is quite easy to overuse a T-1.
>  
> -Ryan
>  
> From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of jack craig
> Sent: Wednesday, February 17, 2010 2:37 PM
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-users] I think this is outrageous, but am i wrong?
>  
> its a cisco pix 506, not new, but capable of full/half duplex.
> 
> one response i got was that the half duplex would keep the t1 from being overrun as much.
> you dont agree? 
> 
> personally, i find it hard to imagine a case where half duplex is better than full,
> but i have learned other new information today.
> 
> Thx very much for your response, jackc....
> 
> On 02/17/2010 12:42 PM, Ryan Zuidema wrote:
> The bottleneck to the cloud is your T-1. No firewall being set to 10Mbs/100Mbs/1Gbps will make any difference there. In your situation 10Mbps is more than enough. I wouldn’t be shocked to see 10Mbps dealing with WAN type equipment, precisely because it’s more than enough to fill the average pipe.  *10Mb = Not outrageous at all*
>  
> Half duplex could be an issue with high packet rates. This is possible even at low bandwidth utilization. If you’re running VoIP, terminal emulation or any other type of high packet rate streaming you could see a lot of collisions. Half-duplex is more unusual and something I would change. *HDx = Not outrageous, but worth fixing/changing*
>  
> Is the firewall capable of full duplex? Perhaps it just failed to properly auto-negotiate? What type of firewall is it (make/model)?
>  
> -Ryan
>  
> From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of jack craig
> Sent: Wednesday, February 17, 2010 10:22 AM
> To: Community support list for Wireshark
> Subject: [Wireshark-users] I think this is outrageous, but am i wrong?
>  
> Hi Wireshark Folks,
> 
> The below query is not Wireshark specific, just a basic networking topic.
> Pls hit delete if you dont care to read more.
> 
> I pose this query to this forum just because the collection of talent here should vindicate or refute my own sanity.
> 
> pls consider this network topology? 
> 
> a site has a T1 to the cloud. following that T1 into the domain, we first encounter the T1 router,
> then on to a firewall, and arriving finally at a 10/100 Mbps switch where its distributed to internal users.
> 
> our access to the cloud has been degraded so we look for reasons why?
> 
> we find that the firewall is configured on both input/output sides to be 10 Mbps, half duplex.
> 
> AFAIK, upgrading the firewall interfaces to 100 Mpbs/FDx would increase the throughput by 10 times (ideally) 
> and enable bidirectional traffic (as opposed to limiting to a single direction at once).
> 
> am i missing something obvious here? is there any reason a 10 Mbps/HDx link is better than 100Mbps/FDx ??
> 
> tia, jackc...
> 
> 
> -- 
> Jack Craig
> Software Engineer
> 831.461.7100 x120
> www.extraview.com 
>  
>  
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>  
> 
> -- 
> Jack Craig
> Software Engineer
> 831.461.7100 x120
> www.extraview.com 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

--
Phillip Paradis / Network Engineer / United Tote
Phone +1 502 509 7445 / Email phillip.paradis@xxxxxxxxxxxxxx