C3825 WAN Internet Performance

googol2013 · ‎02-15-2014

Hello everyone,

I am in a new position and evaluating the existing network infrastructure and looking into performance issues, and starting to pinpoint it to our WAN link and router, possibly firewall and IPS is designed to be able to handle high levels of pps and throughput..but you never know.

We currently have a WAN router, Cisco 3825 with IOS 12.4(25b) with a 100MB WAN internet link running in BGP with another 3825 (same IOS version) 10MB WAN internet link for redundancy purposes only as the 100MB is prioritized and the 10MB link hardly handles any traffic as verified by Solarwinds NPM.

That being said, I can run speedtest.net and download will be around 90 Mbps, but upload is around 6-8 Mbps. Now, that might just be our WAN internet provider failing to provide a true symmetric line or is it due to our network infrastructure? Was looking at the performance routers document, which state that it can go up to 179, but been reading several other threads and posts on various sites and people are not getting anywhere on those numbers. We do not see the CPU on the router going high and this router is not handling things like VPNs, encryption, that sort of thing. We will be switching from our current Internet provider soon, thank god, to a much better one, which might just solve the problem as I do not think they are truly providing our upstream. Am I wrong?

Is the 3825 able to handle this load?

Looking at Solarwinds, I am seeing about 35 Mbps (Avg bps InOut) on the primary router interface going to the internet circuit. It has peaked over the last 7 days a few times around 45 Mbps, basically the speed of a T3 line. Avg Packets per Second is typically in the 5k-6k range during business hours. Hopefully I am reading this values correctly, but if you need me to look at specific metrics on specific interfaces, I can certainly do that or any other information that may assist.

I am seeing slow performance connecting in via VPN, then doing a speedtest and only seeing like 1 Mbps during business hours. Obviously this is creating a bad remote access experience through the VPN and overall for everyone.

Thanks in advance.

Leo Laohoo · ‎02-15-2014

3825 is not meant to push 100 Mbps of data in both direction.

Read the attachment. 3825 is rated at 179 Mbps. This figure is expressed in half duplex (one-direct traffic) and without any encryption. To get the value of both ways, half the value.

googol2013 · ‎02-15-2014

No encryption, no NAT, nothing fancy going on, its essentially just forwarding traffic from the Internet provider to the firewall. From my research, it looks like it would be better to place a Layer3 switch it seems, but we currently need the BGP routing between the two providers.

The 10MB internet link is the provider with our IP block and cannot get rid of it until we shift things over to a new IP block.

Joseph W. Doherty · ‎02-15-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The 179 Mbps, for a 3825, is based on the CPU's theoretical maximum PPS, (usually) for minimum size Ethernet packets. If you're drawing the 179 Mbps from the often referenced Router Performance document, the header notes the bps is based on pps * 64 bytes * 8 bits/byte, but Ethernet has additional L2 overhead so "wire" bandwidth is higher. 100 Mbps Etherent, for minimum size packets, requires 148.89 Kpps, or twice that for duplex, about 300 Kpps. The 3825's 350 Kpps, in theory, supports 100 Mbps duplex Ethernet even for minimum size Ethernet packets.

PPS rate drops, for same "bandwidth", as packet sizes increase, so maximum throughput often is much better. As most traffic isn't all minimum size packets, you often might see 2 to 4 times the worst case performance.

The forgoing is the good news. The bad news is all the above is based on just forwarding packets without additional overhead often found due to the configuration. Also, the above assume all "fast path" forwarding. On the 3825, process switching is over 10 times slower, so it doesn't take many process switched packets to impact throughput.

The above is a long way of saying, the 3825 is a bit light for 100 Mbps, duplex, but monitoring CPU will tell the real story. If you can stay, on average, below about 75% utilization, you haven't maxed out the router.

Unless there's something very strange about your configuration, the 3825 doesn't really care much about up vs. down bandwidth. If you can get 90 Mbps down, but not even a tenth of that up, there's some other issue. What kind of Ethernet Internet do you have?

googol2013 · ‎02-15-2014

Lets just say it is a cheaper, lesser quality Internet provider as we all know, but we are switching off of that ASAP anyhow to a premium Internet provider. I have reached out to such Internet provider for the meantime until we can complete the move, to check their upstream for us.

Am I monitoring it correctly? It has been a while since I did networking and slowly getting into it full time. It will all come back to me, but how is it a speedtest providers 92 Mbps down, 9 Mbps Up, but then the router interface is just cruising along. Am I supposed to take the sum of the two interfaces?

What is an accurate way of measuring % of available bandwidth, utilization of such bandwidth (assuming provider is given specified speeds), or a true level of Mbps at any given time. Is this where netflow comes into play? I would have to configure some things.

As far as CPU, the Avg CPU load has only been 7% (95th Percentile) over the last 7 days, assuming NPM is reporting it correctly. We have not seen anything of high utilization which I know would send alarms. All the WAN router is doing is forwarding traffic essentially from the Internet provider to our firewall, in which a Layer 3 switch would probably be better due to ASIC switching and all. Also I forgot to mention that the line is currently setup in full-duplex.

It might be a weird configuration, but unfortunately it is what it is now.

Joseph W. Doherty · ‎02-16-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

You take the sum of all interface ingress PPS, to determine what the router has to process.

Measuring % of bandwidth depends on "knowing" what the available bandwidth is supposed to be. Often it's just the interface's capacity, but it can also be "known" transit bandwidth.

Again, getting 90+ Mbps down sounds fairly accurate, but again, there's some issue if you cannot exceed 9 Mbps up. Your Ethernet is via sometime like a cable modem? You're also sure you're not using your 10 Mbps backup for up path?

If you're stats only show 7% average CPU utilization, your router sounds sufficient, but you do want to confirm you're not hitting sustained peaks of 100% too.