DMVPN one way speed issue.

Amjad Hashim · ‎09-13-2012

Hello All,

I have setup a DMVPN between site A and site B, site A is the headend of the DMVPN and site B is branch. The problem i am encountring is one way speed, when i use ftp or sftp client to copy file from site A to Site B i am only getting 400-500 KB/s but when i initiate the traffic from Site B to Site A it is around 2.4 - 2.8 MB/s.

I am not sure what is wrong with it and why it is doing it.

Please find below the running-config of the tunnel interface from site A.

interface Tunnel0

bandwidth 64000

ip address 192.168.247.225 255.255.255.224

no ip redirects

ip mtu 1420

ip flow ingress

ip nhrp authentication $*****$

ip nhrp map multicast dynamic

ip nhrp map multicast 10.129.188.16

ip nhrp map 192.168.247.226 10.129.188.16

ip nhrp network-id 1

ip nhrp holdtime 360

delay 1

qos pre-classify

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN_PROFILE

!

This is the running-config of tunnel interface from site B, please note i added hold-queue statement just to check if increasing queue length make any difference but invain.

interface Tunnel0

bandwidth 64000

ip address 192.168.247.226 255.255.255.224

no ip redirects

ip mtu 1420

ip flow ingress

ip nhrp authentication $******$

ip nhrp map multicast dynamic

ip nhrp map multicast *.*.*.*

ip nhrp map 192.168.247.225 *.*.*.*

ip nhrp network-id 1

ip nhrp holdtime 360

ip nhrp nhs 192.168.247.225

delay 1

qos pre-classify

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 1

tunnel protection ipsec profile DMVPN_PROFILE

hold-queue 2000 in

hold-queue 2000 out

I am not using any routing protocol just static routes. If u need any other information please feel free to contact.

Thanks in advance for your help.

Regards,

Amjad Hashim.

Javier Portuguez · ‎09-13-2012

Hi Amjad,

I would suggest to get packet-captures when you try from one site and from the other.

Then you compare the captures.

- Is fragmentation occurring?

- Loss-packets?

- Retransmission?

Is the bandwidth (speed) the same on both sites?

Thanks.

Portu.

Amjad Hashim · ‎09-13-2012

Hello Javier,

Thanks for your reply.

The only difference between the two sites is that on site B the router is connected to a 100 meg switch and on site A it is connected to a gig switch port.

I think it would be an issue if the speed was slow from B to A as B is connected to 100 meg switch but the case is otherway around.

It is ftp traffic so there is possiblity that fregmentation is occuring but we can eliminate this by increasing the MTU size to 1500.

There were quite high output drops on input queue so i increased the queue length. See the new output below from site B

Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 10

this output drop was quite high before, i increased the queue length and reset the counters to see if it makes any difference.

I tried ftp only once after increasing queue size so it is showing 10 ouput drops. I am sure it will increase if we keep copying files.

This output drops are from tunnel interface and i think they are because router can't send all the data received from tunnel source interface to receipient so is dropping some packets.

I hope this will help understand the problem.

Any other suggestion will be highly appreciated

Regards,

Amjad Hashim.

Javier Portuguez · ‎09-13-2012

Hi,

So one site has a Gig port and the other one a Fast port? It reduces the performance.

Fragmentation must be avoided, you may want to adjust the TCP MSS value according to the MTU value.

You can check:

Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC

Thanks.

Portu.