Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Throughput issues

Copy Link
Copy Doc ID 8391206d-966e-11eb-b70b-00505692583a:453775
Download PDF

Throughput issues

This section helps you identify throughput issues and suggests actions to address them.

Link testing

You can identify delays or lost packets by sending ping packets from your wireless client. If there is more than 10 ms of delay, there may be a problem with your wireless deployment, such as:

  • The client transmits a week signal. The host does not reach the AP.
  • The AP utilization is too high. Your AP is saturated with connected clients.
  • There is interference in the wireless network. Third-party signal can degrade your AP or the client's ability to detect signals between them.
  • The AP has a weak transmit power. The AP does not reach the host. This problem is not common in a properly deployed network, unless the client is too far away.

Performance testing

If the FortiAP gives poor throughput to the client, the link can drop. You can measure the link throughput or performance between two devices by using third-party application tools such as iPerf and jPerf.

Measuring the file transfer speed

Another way to get a sense of your throughput issues is to measure the speed of a file transfer on your network. Create a test file at a specific size and measure the speed at which Windows measures the transfer. The command below creates a 50 MB file. The file name is test.txt.

  • fsutil file createnew test.txt 52428800

The following image shows a network transfer speed of just over 24 Mbps. The theoretical speed of 802.11g is 54 Mbps, which is what this client is using. A wireless client is never likely to see the theoretical speed.

TKIP limitation

If you find that throughput is a problem, avoid WPA security encrypted with Temporal Key Integrity Protocol (TKIP) as it supports communications only at 54 Mbps. Use WPA-2 AES instead.

Speeds are very much based on what the client computer can handle as well. The maximum client connection rate of 130 Mbps is for 2.4 GHz on a 2x2, or 300 Mbps for 5 GHz on a 2x2 (using shortguard and channel bonding enabled).

If you want to get more than 54 Mbps with 802.11n, do not use legacy TKIP, use CCMP instead. This is standard for legacy compatibility.

IP packet fragmentation prevention in CAPWAP tunnels

TKIP is not the only possible source of decreased throughput. When a wireless client sends jumbo frames using a CAPWAP tunnel, it can result in data loss, jitter, and decreased throughput. For more details, see IP fragmentation of packets in CAPWAP tunnels.

Slow DTLS response

The following elements are involved in the CAPWAP association:

  • request
  • response
  • full of DTLS (Datagram Transport Layer Security) tunnel establishment
  • join
  • configuration

All of these element are bidirectional. If the DTLS response is slow, there could be a configuration error or an issue with a certificate during the discovery response. For details about the CAPWAP Protocol Specification, see RFC 5415 and RFC 5416.

Throughput issues

This section helps you identify throughput issues and suggests actions to address them.

Link testing

You can identify delays or lost packets by sending ping packets from your wireless client. If there is more than 10 ms of delay, there may be a problem with your wireless deployment, such as:

  • The client transmits a week signal. The host does not reach the AP.
  • The AP utilization is too high. Your AP is saturated with connected clients.
  • There is interference in the wireless network. Third-party signal can degrade your AP or the client's ability to detect signals between them.
  • The AP has a weak transmit power. The AP does not reach the host. This problem is not common in a properly deployed network, unless the client is too far away.

Performance testing

If the FortiAP gives poor throughput to the client, the link can drop. You can measure the link throughput or performance between two devices by using third-party application tools such as iPerf and jPerf.

Measuring the file transfer speed

Another way to get a sense of your throughput issues is to measure the speed of a file transfer on your network. Create a test file at a specific size and measure the speed at which Windows measures the transfer. The command below creates a 50 MB file. The file name is test.txt.

  • fsutil file createnew test.txt 52428800

The following image shows a network transfer speed of just over 24 Mbps. The theoretical speed of 802.11g is 54 Mbps, which is what this client is using. A wireless client is never likely to see the theoretical speed.

TKIP limitation

If you find that throughput is a problem, avoid WPA security encrypted with Temporal Key Integrity Protocol (TKIP) as it supports communications only at 54 Mbps. Use WPA-2 AES instead.

Speeds are very much based on what the client computer can handle as well. The maximum client connection rate of 130 Mbps is for 2.4 GHz on a 2x2, or 300 Mbps for 5 GHz on a 2x2 (using shortguard and channel bonding enabled).

If you want to get more than 54 Mbps with 802.11n, do not use legacy TKIP, use CCMP instead. This is standard for legacy compatibility.

IP packet fragmentation prevention in CAPWAP tunnels

TKIP is not the only possible source of decreased throughput. When a wireless client sends jumbo frames using a CAPWAP tunnel, it can result in data loss, jitter, and decreased throughput. For more details, see IP fragmentation of packets in CAPWAP tunnels.

Slow DTLS response

The following elements are involved in the CAPWAP association:

  • request
  • response
  • full of DTLS (Datagram Transport Layer Security) tunnel establishment
  • join
  • configuration

All of these element are bidirectional. If the DTLS response is slow, there could be a configuration error or an issue with a certificate during the discovery response. For details about the CAPWAP Protocol Specification, see RFC 5415 and RFC 5416.