Showing results for 
Search instead for 
Did you mean: 

VRF Issue

I was wondering if anyone could offer any ideas \ insight for an issue we currently have at the company I work for (basically poor performance on DMVPN tunnels i.e download \ upload speeds). 

We have an overlay network which operates on a hub \ spoke model per region e.g North America, Europe etc. If in NOAM, site A wants to communicate with site B, it creates a spoke-to-spoke connection. If site A wants to talk to site C in Europe (for example) it goes to the hub (AWS VPC) and transits AWS to Europe and then connects from there to the site C. So within region = spoke to spoke and across regions = hub & spoke.

Just last piece of info if it helps, we have taken WOC's out of the equation, so performing test from L3 switch \ router and also applied 'shaping' for outbound traffic to help manage upload performance speed. So main problem is download speed which is inconsistent and very low considering router capabilities and bandwidth on last mile circuits and transit (AWS Internet backbone)

We use DMVPN and Amazon AWS regional PoP where we have a VPC to transit across regions e.g NOAM to Europe and vice versa.


For priority traffic we have MPLS with Verizon and this traffic performs well. For remaining traffic we use Internet circuits at each site (DIA) and create tunnels using DMVPN being either spoke to spoke or hub \ spoke for this traffic. The problem is the performance, specifically download speed is very poor, typically less than 10mbps even though the access circuit ranges from 50mb upwards. Utilisation on the circuit is fine but performance for DMVPN is very poor. iPerf from one client on LAN side to server on receiving side (site A to site C for example) shows similar results to speedtest applications.

We use VRF's to separate traffic e.g office, mobile, Guest etc. Hence my interest in the VPN and VRF topics

We have HSECK9 licenses installed to support the throughput on Cisco 4k series - mainly 4331 router.



3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame

I've only skimmed your info, but often whenever you have network transfer rate "performance" issues when working with tunnels and/or trans oceans/continents networks, the former might be due to MTU reduction while the latter might be due to distance based latency.

Also, when doing DMVPN, spoke-to-spoke, there's some considerations for that, that can impact transfer rate performance too.

I.e. I suspect the above, is more likely to impact network transfer performance than VRF.

BTW, with your iPerf tests, were they TCP based?  I.e. have you also tried UDP with non-max MTU sized packets?  (The latter, of course, wouldn't match "normal" traffic, but if you see a large transfer rate difference, the above mentioned issues, generally impact TCP.)

Hello Joseph,


Thanks for your reply. Will check all the issues & try the solution you have given if they may work or not

So, have you yet tried a UDP transfer rate test?

Review Cisco Networking for a $25 gift card