Re: Migration of Cisco2811 to Cisco2911

chetanyp1995 · ‎10-13-2022

Hi Friends,

I have cisco 2811 router with ipsec tunnel configured. Now as I am using B/W of 20mbps we are facing slowness.

Now I want to migrate the 2811 to 2911. Could you please suggest that apart from securityk9 license what other things I need to keep ready?

If anyone has done it before please share your observations.

balaji.bandi · ‎10-13-2022

Other than License i do not see anything else you need.

Make sure backup the config, and build the new 2911 offline, make sure it accept all the config befor you put them in production.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

chetanyp1995 · ‎10-13-2022

Hi Balaji,

Thanks for the reply. Yes, I am aware of the command line changes and I will keep that in mind. Apart from this is there anything need to be change in the config. If yes, please elaborate a bit to get clear idea.

balaji.bandi · ‎10-13-2022

Since when you move from OLD to new. some command syntax may changed, so test offline as suggested.

Also as other suggestion tweaking MTU is also good practice to get optimal results.

what kind of performance you see ? is 20MB full used.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎10-13-2022

20 mbps and slowness in 2811? can you share more detail ?

chetanyp1995 · ‎10-13-2022

Slowness as in router performance. CPU utilization is going up to 90% the moment we change the b/w to 20mbps.

However I could not see the cpu utilization due to particular service. (Talking about 2811 - EOL)

MHM Cisco World · ‎10-13-2022

Yes I know but can you reduce MTU 40 bytes and check CPU again ?

chetanyp1995 · ‎10-13-2022

Currently, On tunnel interface and physical interface of WAN the MTU is configured at 1400.

Will it impact if we change it 40?

MHM Cisco World · ‎10-13-2022

reduce it by 40 to be 1360
and also config ip tcp-mss

Joseph W. Doherty · ‎10-13-2022

Most likely your high CPU utilization, for 20 Mbps, on a tunnel, is due to fragmentation, which is why the other posters have made suggestions about MTU and adjust-MSS.

If fragmentation is the problem, and if it's mainly TCP traffic, IP TCP adjust-mss 1360 is possibly the best thing to do to mitigate the issue. Setting the tunnel interface's IP MTU to 1400 (not MTU) can help somewhat too, but only with traffic that has set the DF bit (often only found set on TCP traffic). Non-TCP traffic, is not helped by adjust-mss and w/o DF set, will be fragmented.

Otherwise, yes, 20 Mbps traffic, being fragmented, may overload a 2811. The 2911 should do better as it offers about 3x the forwarding performance of a 2811.

Oh, and if you don't see a "process" using all this extra CPU, it's likely all under "interrupt" CPU usage, which I believe the later IOS versions, fast path, now include IP fragmentation.

chetanyp1995 · ‎10-16-2022

Hey Hi Joseph,

Thanks for your reply. I will try reducing the MTU on tunnel interface to 1360. Do I need to change the MTU on physical interface ???

And yes, I will try to upgrade the IOS as well and will let you all know about the status.

Waiting for your reply on "I will try reducing the MTU on tunnel interface to 1360. Do I need to change the MTU on physical interface???"

Joseph W. Doherty · ‎10-16-2022

"Do I need to change the MTU on physical interface ???"

Normally no.

"I will try reducing the MTU on tunnel interface to 1360."

No, not MTU.

interface tunnel #
tcp adjust-mss 1360 !ip mtu less 40
IP MTU 1400 !overhead for tunnel - usually 1500 less 100 is good

chetanyp1995 · ‎10-16-2022

I tried configure the "ip tcp adjust-mss 1360" but still there is no change. I will upgrade the IOS version as well. If still the issue persist then I think it would be better to move on 2911.