Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1696
Views
0
Helpful
0
Replies

Slow FTP on C3560-CX (TCP Window Size issue)

vv0bbLeS
Level 1
Level 1

‎09-19-2019 12:38 PM - edited ‎09-20-2019 05:58 AM

Hello all,

New to Cisco, but trying to figure out exactly why my C3560-CX is having slow FTP performance. The switch is brand new, with barely any config, and I'm FTP-ing a new image file to upgrade the IOS. However, the transfer was painfully slow, and upon looking at it with WireShark, I notice the TCP Window Size stays at around 1500 through the file transfer, because the 3560 seems to be too slow at ACK-ing the received data, so the 3560's requests for increasing the TCP Window Size are ignored by the server.

 

I tried the same brief config (a separate VLAN, SVI, and a trunk) and transferred the same file on a new 9300, and the transfer was much faster.

 

Could the issue be just a slower CPU on the 3560, as opposed to the 9300? Or could the default QoS on the 9300 be helping? Is there some command I can run on the 3560 to increase the ACK speed, or is it a QoS issue?

 

For reference, below is the brief config that was used on both switches, as well as 2 screenshots from the respective WireShark traces:

 

3560 config:

3560-Switch#sh run
Building configuration...

Current configuration : 1266 bytes
!
! Last configuration change at 18:28:28 UTC Thu Sep 19 2019
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3560-Switch
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
 ! This is the interface that is used for the FTP transfer
 switchport trunk native vlan 240
 switchport mode trunk
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan240
 ip address dhcp
!
ip forward-protocol nd
ip http server
ip http secure-server
!
no vstack
!
line con 0
 logging synchronous
line vty 0 4
 login
line vty 5 15
 login
!
end

3560-Switch#

 

9300 switch config:


9300-Switch#sh run
Building configuration...

Current configuration : 9752 bytes
!
! Last configuration change at 19:25:32 UTC Thu Sep 19 2019
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname 9300-Switch
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!         
no aaa new-model
switch 1 provision c9300-48u
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
!
login on-success log
!
!
! !!! A few CRYPTO PKI commands were here but I ommitted them for brevity !!!!!
!
!
license boot level network-essentials addon dna-essentials
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
transceiver type all
 monitoring
!
!
! !!! This QoS is all default to the 9300 switch, I did not configure any of this !!!!
!
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
  description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
  description High Rate Applications 
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 shutdown
 speed 1000
 negotiation auto
!
interface GigabitEthernet1/0/1
 ! This is the interface that is used for the FTP transfer
 switchport trunk native vlan 240
 switchport mode trunk
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!         
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!         
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/5
!
interface TenGigabitEthernet1/1/6
!
interface TenGigabitEthernet1/1/7
!
interface TenGigabitEthernet1/1/8
!
interface FortyGigabitEthernet1/1/1
!         
interface FortyGigabitEthernet1/1/2
!
interface TwentyFiveGigE1/1/1
!
interface TwentyFiveGigE1/1/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan240
 ip address dhcp
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
control-plane
 service-policy input system-cpp-policy
!
!
line con 0
 stopbits 1
line vty 0 4
 login
line vty 5 15
 login
!
!
end

9300-Switch#

 

This first screenshot is the FTP using the slow 3560, and you can see the TCP window becomes pretty static at around 1500. Also notice the time delay of the ACK's from the 3560, much slower than the 9300 (some ACK responses are above the RTT value, which was 0.00369):

 

3560-ftp-stream.JPG

 

 

 

 

The second screenshot is for the faster FTP using the 9300, and you can see that the TCP Window stays well above 1500. Also notice the timestamps of the ACK's and the Window Update messages - blazing fast, much faster than the above 3560:

 

9300-ftp-stream.JPG

0xD2A6762E
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents