11-26-2013 03:54 PM - edited 03-07-2019 04:48 PM
I have a pair of 5010 switches. On the switch is an OpenVPN server (That can operate in UDP or TCP mode) and a Juniper VPN appliance. We experience the same problem with both VPNs.
We connect to this VPN to access secure network segments, it's all high speed 1GB+ local area network.
How to produce the problem:
* Connect to either VPN in UDP mode.
* Start pinging a a machine through the VPN.
* Copy a large file from workstation to another server behind VPN.
* Watch pings go from 1ms to 50-125ms, including MANY dropped packets. (Probably 5-10 percent loss)
* CPU utilization on the OpenVPN server is low, about 20 percent.
* File transfer speed is ~5 to 6 mb/sec.
Now, switch OpenVPN over to TCP mode (which I would expect to be much slower, especially on high speed reliable networks) and repeat.
* Ping times stay sub 12ms and there are no dropped packets.
* CPU on OpenVPN box is 100 percent.
* File transfer speed.... 22 mb/sec!
I haven't taken the time to switch the Juniper VPN to TCP mode, it's kind of time consuming and I'd rather skip it.
My firewall doesn't indicate anything abnormal or special going on and I want to rule out the Nexus if I can.
EDIT: Don't know if this stuff matters, I'm not an expert, but I wanted to include it here.
class-map type qos class-fcoe
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
11-26-2013 05:46 PM
These commands are default QOS commands on all Nexus devices and don't have anything to do with slowness you are encountering.
HTH
11-27-2013 04:43 PM
OK... Is there *anything* else on a Nexus that could cause behaviour like this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide