Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
1
Helpful
4
Replies

SDWAN throughput between ISR 4400 - C8000v

Go to solution
MsmanXY
Level 1
Level 1

‎04-03-2024 08:46 PM - edited ‎04-03-2024 08:47 PM

Dear friends, 

We are facing an issue with throughput IPsec between ISR4400- C8000v, the topology as below : 

Site A ISR4400 ---------SDWAN ---------C8000v Site B

- Version Router Edge 17.9.4a  ( latest )

- Tunnel restrict ( biz, pub )

- ipsec preference : default ( value 0 )

- Uplink ISR 4400 ( Transport ) : x2 links 500 Mbps ( biz, pub )

- Uplink C8000v ( Transport ) :  x2 links 1000 Mbps ( biz, pub ).

- License Hsec unlock , enable

The issue : When we use Iperf to  measure throughput between site A --Site B, BW record is ~  500 Mbps, ( 50 % ) of transport )

As I know that : By default SDWAN use two links and traffic will consume two link , because that I think the target bandwidth must be ~ 1000 Mbps between site A and site B.

Anyone  here is facing the same issue with me ?, let's dissucss to find the rootcause .

Thank you so much!

 

 

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎04-04-2024 01:04 AM

Hi,

Go to Monitor, Network Device, select one of the devices, on the left side select Tunnels option, check only required two tunnels from the list, click on "Octets" to show diagram only octets based (data size). Time frame > real time

Run iPerf again and you will see which tunnels are getting utilized.

When you have two tunnels, still flow based ECMP is done. Traffic is going through one of the tunnels (return can be the same or another tunnel).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

Go to solution
Kanan Huseynli
VIP
VIP
In response to MsmanXY

‎04-05-2024 02:30 PM

So, your tests utilize biz-internet based on ECMP result.

ECMP is per-flow depends on hashing result (internally selected). Try to use different server port on iperf server and let client to connect. Re-check.

Before testing you can verify routing by

show ip route vrf [subnet_X] > will show next-hop sdwan router systemIP

show sdwan bfd sessions | inc [systemIP] > should show both tunnels

show sdwan omp route [subnet_X] > should show two routes as C,I,R

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kanan Huseynli
VIP
VIP

‎04-04-2024 01:04 AM

Hi,

Go to Monitor, Network Device, select one of the devices, on the left side select Tunnels option, check only required two tunnels from the list, click on "Octets" to show diagram only octets based (data size). Time frame > real time

Run iPerf again and you will see which tunnels are getting utilized.

When you have two tunnels, still flow based ECMP is done. Traffic is going through one of the tunnels (return can be the same or another tunnel).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Go to solution
MsmanXY
Level 1
Level 1
In response to Kanan Huseynli

‎04-04-2024 06:21 PM - edited ‎04-04-2024 07:43 PM

Dear Kanan Huseynli, 

Thank you for your help,

When I click octets, I see Bandwith on  Tunnel Biz internet utilized over Pub internet like

700 MB - Site A- Site B Tunnel Biz

20-30 MB - Site A - To B tunnel Pub 

So, what is next step ?, ecmp is not enable by default ?, or something wrong with my ecmp ?

From Tx site ( Iperf client )

MsmanXY_0-1712280739729.png

From Rx site ( Iperf server ).

MsmanXY_0-1712281904322.png

 

Thank you so much.

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP
In response to MsmanXY

‎04-05-2024 02:30 PM

So, your tests utilize biz-internet based on ECMP result.

ECMP is per-flow depends on hashing result (internally selected). Try to use different server port on iperf server and let client to connect. Re-check.

Before testing you can verify routing by

show ip route vrf [subnet_X] > will show next-hop sdwan router systemIP

show sdwan bfd sessions | inc [systemIP] > should show both tunnels

show sdwan omp route [subnet_X] > should show two routes as C,I,R

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
ww4686101
Level 1
Level 1

‎04-04-2024 09:30 PM

Hi,

To analyze tunnel utilization, navigate to Monitor > Network Device, choose a device, then select the Tunnels option on the left. Check the boxes for the two required tunnels from the list, and click on "Octets" to display the diagram based on octets (data size). Set the time frame to real-time.

Afterward, run iPerf again to observe which tunnels are being utilized. Even with two tunnels, flow-based ECMP (Equal-Cost Multipath) is still applied. Traffic will be distributed across one of the tunnels, and the return path may be the same or another tunnel.

Hope this helps! If you found this information helpful, please consider rating and marking it as an accepted solution.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card