Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2209
Views
16
Helpful
28
Replies

Latency issue with 4431

Go to solution
ELLE22
Level 1
Level 1

‎10-17-2022 10:59 AM

Hello everyone, please need your help.

we had an old 2921 router, everything worked fine, we had 2 DMVPN tunnels via ipsec and isakmp.

we had to change the router 2921 to isr 4331, and keep the same configuration, after changing to 4431, the employees noticed a big latency problem, we tried to troubleshoot, we had the same configuration as 2921 the only difference was the isakmp key , on the new 4331 the key was encrypted, but in the other routers and the old one the key was not encrypted.

According to  your experience, can a bad isakmp  key cause latency?

thank you in advance . 

Labels:
28 Replies 28

Go to solution
khorram1998
Level 1
Level 1

‎01-24-2023 09:27 AM

It is unlikely that an encryption key would cause significant latency on its own. However, there could be other factors that are contributing to the latency issue. It would be beneficial to investigate other potential causes such as the network topology, routing, and QoS configurations, as well as the overall health of the network. Additionally, it would be a good idea to check if there is any difference in the performance of the new ISR 4331 router compared to the old 2921 router, such as CPU and memory usage, to ensure that the new router is able to handle the traffic load.

Please rate this and mark as solution/answer, if this resolved your issue
All the best,
AK

0 Helpful

Go to solution
ELLE22
Level 1
Level 1
In response to khorram1998

‎01-24-2023 10:48 AM

Thank you for you response ,  the configuration is the same as 2921 , Qos ,too . 

we have mpls (20 mbps ) , when we did the speed test from a desktop with the 2921 we got 8mbps , 10 mbps down and 15 mbps up , but with the new router we got 0.12 mbps , 3mbps down and 17 mbps up .

4331 throughput  is 100 mbps 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-24-2023 10:04 AM

What throughput license, if not using the Boost license, is your 4331 running?

Interestingly, Cisco documents a 2921 can (actual RFC-2544 test) hit 3.5 Gbps throughput (in an ideal setup), but notes the 4331, with Boost license, can "over 2 Gbps".  I.e. perhaps the 2921 has more raw performance than a 4331 (personally, I doubt it does).  If so, this might account for a slow down.

Oh, and as even the 4331 Performance license limits throughput to 300 Mbps, that might really add latency (as the license shapes transit traffic's bandwidth) vs. your old 2921 (which Cisco documents of providing up to 72 Mbps, IMIX traffic, across IPSec, not exceeding 75% CPU load).

BTW, Miercom testing often shows many ISR 4Ks struggling with IPSec traffic around their "Performance" level of throughput.  I.e. even with a Boost license, an ISR 4K might be unable, again with IPSec traffic, to much exceed their "Performance" level of throughtput.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎01-24-2023 10:12 AM

Oh, BTW, is issue with 4331 or 4431 or both?  The latter is a more "powerful" router than the former, and it (4431) should be able, I believe, outperform a 2921.

0 Helpful

Go to solution
ELLE22
Level 1
Level 1
In response to Joseph W. Doherty

‎01-24-2023 10:48 AM

just 4331

0 Helpful

Go to solution
ELLE22
Level 1
Level 1
In response to Joseph W. Doherty

‎01-24-2023 10:49 AM

just 4331 in 8 locations now , the strange thing we have 4 location with 4331 and they re working properly , but the 8 others no , we checked the config  , the license everything is same 

Go to solution
MHM Cisco World
VIP
VIP
In response to ELLE22

‎01-24-2023 11:23 AM

ip mtu 1400 <<- this your config under tunnel 

the 4 sites with issue, please ping with size 1350-1400 df-set 
if the ISP is different then the issue can be MTU ISP accept.  

0 Helpful

Go to solution
ELLE22
Level 1
Level 1
In response to MHM Cisco World

‎01-24-2023 11:55 AM

yes ip mtu 1400 under tunnels 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ELLE22

‎01-24-2023 12:15 PM

reduce the MTU and check.

0 Helpful

Go to solution
ELLE22
Level 1
Level 1
In response to MHM Cisco World

‎01-24-2023 12:26 PM

i tried to reduce the mtu and still same issue

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ELLE22

‎01-24-2023 12:56 PM

do you ping using set df-bit ?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ELLE22

‎01-24-2023 02:48 PM

I believe (???) there's a command to determine if the license cap is, in fact, limiting throughput.  Unfortunately, if there is such a command, I don't recall what it is.

If command exists, likely worthwhile to try on your problematic (in performance) routers.

0 Helpful

Go to solution
ELLE22
Level 1
Level 1
In response to Joseph W. Doherty

‎01-24-2023 03:02 PM

the throughput of the routers impacted  is 100 mbps , and we have just  20 mbps via mpls  and 4 other 4331 are working fine with the same throughput , same config same everything

0 Helpful

Go to solution
ELLE22
Level 1
Level 1

‎01-27-2023 07:48 AM

another update , i had the ISP tech tested our MPLS circuit and our router , everything was good , but still connection slow with 4331 and normal with 2921 . i plugged my laptop in the Lan interface of the 4331 and it was working fine , i got the normal speed ... in the Lan side we have aruba switch 2930 .the aruba is working fine with 2921 router . tried to change the interface speed on aruba but still slow connection  

Any Idea ? 

Thank you in advance 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card