Hi, I have two isr4331 with isp channel about 300 mbit, and I needed to connect two vlans, I decided to use xconnect over l2tpv3 with ipsec and after configuring and testing I noticed that with 100 mbit traffic qfp = 70-80%, is it normal for xconnect? Because via dmvpn/flexvpn between them with the same ipsec policy for 100 mbit performance qfp = about 30% Maybe xconnect isn't optimize?
Solved! Go to Solution.
I recall xconnect can suffer from fragmentation. That might account for some of the throughput reduction.
On the transport tunnel I have
tcp adjust mss
mtu for this tunnel 1454 (sh int tunnel 100 | i mtu), over wan
without fragmentation. What do you think? Maybe gre will be more useful?
If you can use GRE, it could be better because you can utilize IP MTU and TCP adjust-mss on tunnel interface.
If there's an IP interface in the end-to-end path, you might take advantage of the aforementioned commands, but, I believe, not on the xconnect interface itself (as it's L2).
BTW, did you see the reference I provided in my edited prior reply? It well discusses the l2tp fragmentation issue, including possible mitigation approaches.
as @Joseph W. Doherty mention
the L3 interface can deal with packet higher than egress interface but if you use xconnect then you bridge traffic and there is no L3 interface can frag/defrag the packet/frame pass though.
I think under the pseudowire-class you config the MTU which must least than the MTU of interface you use to connect two router
It is important that you configure a Maximum Transmission Unit (MTU) appropriate for each L2TPv3 tunneled link. The configured MTU size ensures the following:
The lengths of the tunneled Layer 2 frames fall below the MTU of the destination attachment circuit.
The tunneled packets are not fragmented, which forces the receiving PE to reassemble them.
L2TPv3 handles the MTU as follows:
The default behavior is to fragment packets that are larger than the session MTU.
If you enable the
ip dfbit set
command in the pseudowire class, the default MTU behavior changes so that any packets that cannot fit within the tunnel MTU are dropped.
If you enable the ip pmtu command in the pseudowire class, the L2TPv3 control channel participates in the path MTU (PMTU) discovery.
the guide I share is recommend not use df bit, I share it if you use stop that.
but this give use indication that the issue is really the MTU here
the l3tpv3 overhead is approximant 74-80 add to that there is IPsec which also can more overhead, it hard to calculate the MTU here so I will run lab check the best mtu size.