HTTP (possibly other also) traffic causes RTT increase and packet drops on webvpn
I have a network where I get an access with webvpn. VPN concentrator is:
System image file is "flash:/c2800nm-advipservicesk9-mz.124-20.T4.bin" Cisco 2821 (revision 53.50) with 509952K/14336K bytes of memory. 4 FastEthernet interfaces 2 Gigabit Ethernet interfaces 16 terminal lines 2 Virtual Private Network (VPN) Modules DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 250880K bytes of ATA CompactFlash (Read/Write)
After I initialize the session, I can get an access easily to the internal network. Problem starts when I use a browser to get an access to any HTTP server inside. I get a increased RTT (up to 10000 ms and more) and packet drops (up to 40%). At the same time there is no drops on a way to VPN concentrator's external interface
This VPN concentrator also routes traffic between VLANs in internal network. For this multiple subinterfaces are created. I also have AIM-VPN/SSL-2 board installed
I checked traffic rate, CPU load and free RAM amount on both internal and external interfaces - everything seems to be normal (10-20% CPU load, >200 MB free RAM, traffic - not even 1 MB/s). The only possible issue I saw was enabled ip inspect with large timeouts which caused a lot of udp sessions to be held in memory. I disabled inspection and reloaded the router, but things haven't improved - HTTP/HTTPS traffic still causes drops and RTT increase
I also tried to start downloading something from the internet from inside and simultaneously ping internal server from outside over VPN - no drops/high RTT, even though download utilized nearly the whole bandwidth given by ISP
UPD I made another experiment: I was pinging internal server from outside over webvpn and then started HTTP download in loop from one internal server to another so, that traffic would go through this router. And when there was an HTTP stream, I observed packet drops and RTT increase in a window with pings. So I guess I can re-name this topic to "HTTP traffic being routed causes packet loss and RTT increase"