New to Cisco, but trying to figure out exactly why my C3560-CX is having slow FTP performance. The switch is brand new, with barely any config, and I'm FTP-ing a new image file to upgrade the IOS. However, the transfer was painfully slow, and upon looking at it with WireShark, I notice the TCP Window Size stays at around 1500 through the file transfer, because the 3560 seems to be too slow at ACK-ing the received data, so the 3560's requests for increasing the TCP Window Size are ignored by the server.
I tried the same brief config (a separate VLAN, SVI, and a trunk) and transferred the same file on a new 9300, and the transfer was much faster.
Could the issue be just a slower CPU on the 3560, as opposed to the 9300? Or could the default QoS on the 9300 be helping? Is there some command I can run on the 3560 to increase the ACK speed, or is it a QoS issue?
For reference, below is the brief config that was used on both switches, as well as 2 screenshots from the respective WireShark traces:
3560 config: 3560-Switch#sh run Building configuration... Current configuration : 1266 bytes ! ! Last configuration change at 18:28:28 UTC Thu Sep 19 2019 ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname 3560-Switch ! boot-start-marker boot-end-marker ! no aaa new-model system mtu routing 1500 ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface GigabitEthernet0/1 ! This is the interface that is used for the FTP transfer switchport trunk native vlan 240 switchport mode trunk ! interface GigabitEthernet0/2 ! interface GigabitEthernet0/3 ! interface GigabitEthernet0/4 ! interface GigabitEthernet0/5 ! interface GigabitEthernet0/6 ! interface GigabitEthernet0/7 ! interface GigabitEthernet0/8 ! interface GigabitEthernet0/9 ! interface GigabitEthernet0/10 ! interface GigabitEthernet0/11 ! interface GigabitEthernet0/12 ! interface GigabitEthernet0/13 ! interface GigabitEthernet0/14 ! interface GigabitEthernet0/15 ! interface GigabitEthernet0/16 ! interface Vlan1 no ip address shutdown ! interface Vlan240 ip address dhcp ! ip forward-protocol nd ip http server ip http secure-server ! no vstack ! line con 0 logging synchronous line vty 0 4 login line vty 5 15 login ! end 3560-Switch#
9300 switch config: 9300-Switch#sh run Building configuration... Current configuration : 9752 bytes ! ! Last configuration change at 19:25:32 UTC Thu Sep 19 2019 ! version 16.9 no service pad service timestamps debug datetime msec service timestamps log datetime msec service call-home no platform punt-keepalive disable-kernel-core ! hostname 9300-Switch ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! no aaa new-model switch 1 provision c9300-48u ! call-home ! If contact email address in call-home is configured as email@example.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr firstname.lastname@example.org profile "CiscoTAC-1" active destination transport-method http no destination transport-method email ! login on-success log ! ! ! !!! A few CRYPTO PKI commands were here but I ommitted them for brevity !!!!! ! ! license boot level network-essentials addon dna-essentials ! ! diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! transceiver type all monitoring ! ! ! !!! This QoS is all default to the 9300 switch, I did not configure any of this !!!! ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description Inter FED, EWLC control, EWLC data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-high-rate-app description High Rate Applications class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! policy-map system-cpp-policy ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address shutdown speed 1000 negotiation auto ! interface GigabitEthernet1/0/1 ! This is the interface that is used for the FTP transfer switchport trunk native vlan 240 switchport mode trunk ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 ! interface GigabitEthernet1/0/6 ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 ! interface GigabitEthernet1/0/9 ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface GigabitEthernet1/0/29 ! interface GigabitEthernet1/0/30 ! interface GigabitEthernet1/0/31 ! interface GigabitEthernet1/0/32 ! interface GigabitEthernet1/0/33 ! interface GigabitEthernet1/0/34 ! interface GigabitEthernet1/0/35 ! interface GigabitEthernet1/0/36 ! interface GigabitEthernet1/0/37 ! interface GigabitEthernet1/0/38 ! interface GigabitEthernet1/0/39 ! interface GigabitEthernet1/0/40 ! interface GigabitEthernet1/0/41 ! interface GigabitEthernet1/0/42 ! interface GigabitEthernet1/0/43 ! interface GigabitEthernet1/0/44 ! interface GigabitEthernet1/0/45 ! interface GigabitEthernet1/0/46 ! interface GigabitEthernet1/0/47 ! interface GigabitEthernet1/0/48 ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/5 ! interface TenGigabitEthernet1/1/6 ! interface TenGigabitEthernet1/1/7 ! interface TenGigabitEthernet1/1/8 ! interface FortyGigabitEthernet1/1/1 ! interface FortyGigabitEthernet1/1/2 ! interface TwentyFiveGigE1/1/1 ! interface TwentyFiveGigE1/1/2 ! interface Vlan1 no ip address shutdown ! interface Vlan240 ip address dhcp ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! ! control-plane service-policy input system-cpp-policy ! ! line con 0 stopbits 1 line vty 0 4 login line vty 5 15 login ! ! end 9300-Switch#
This first screenshot is the FTP using the slow 3560, and you can see the TCP window becomes pretty static at around 1500. Also notice the time delay of the ACK's from the 3560, much slower than the 9300 (some ACK responses are above the RTT value, which was 0.00369):
The second screenshot is for the faster FTP using the 9300, and you can see that the TCP Window stays well above 1500. Also notice the timestamps of the ACK's and the Window Update messages - blazing fast, much faster than the above 3560: