Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
983
Views
0
Helpful
1
Replies

7206 VXR VPN and MTU size

leesutcliffe
Level 1
Level 1

‎05-13-2011 03:52 AM

Hi,

I have two 7206 VXR routers with the VPN Service Adapter either side of a leased line (i.e. no provider between, pure layer two connectivity)

A requirement is that traffic traversing the link is encrypted so I've configured an IPSec VPN between the two endpoints.

During load testing we noticed a very severe performance hit when the VPN was enabled, disabling it again saw we were able to use almost 100% of the 1000Mbs line.

The performance hit looks to be due to the increased MTU size when using IPSec, possible due to fragmentation.

I've read that the 7206 VXR can support 980Mbs (or there abouts) of throughput using AES providing the MTU size is 1400.

Configuring this manually on each server in each data centre isn't feasible.

As the link is effectively a point to point and we have control over the MTU size between the two routers, what options are available to increase the performance when the VPN is enabled?

Many thanks

Lee

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎05-13-2011 06:03 AM

Lee,

The marketing numbers indeed put VSA at 950Mbps.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns171_Networking_Solutions_Brochure.html

But I doubt the testing was done with IMIX traffic. It was most likely 1400 bytes UDP packets.

That being said, normally we make sure that no fragmentation takes place my lowering MSS values for TCP.

What are you sending over the tunnels and what was going on apart from fragmentation?

Marcin

0 Helpful
Customers Also Viewed These Support Documents