Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2616
Views
0
Helpful
1
Replies

DMVPN PPPOE Slow TCP

kostyacroc
Level 1
Level 1

‎10-25-2010 12:37 AM - edited ‎02-21-2020 04:55 PM

Hello,

I've trouble with slow TCP in one way between two sites with DMVPN.

Site A (hub) connected to Internet via Ethernet, Site B (Spoke) via PPPoE.

TCP speed from A to B is slow (100kbps), UDP is well (10Mbps).

TCP speed from B to A is well 2 Mbps, UDP is well (10Mbps).

Delay between sites = 100ms.

Other spokes of DMVPN work well. Only site with PPPoE. I suggest Windows or MSS is incorrect. But where?

Some configs:

Site A.

interface Tunnel0
ip address 172.17.1.1 255.255.255.0
  ip mtu 1400

---
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN

Site B.

interface FastEthernet0/1
description Internet
no ip address
load-interval 30
duplex auto
speed 10
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable

interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username --- pass ---

interface Tunnel10
ip address 172.17.1.20 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication MyNet
ip nhrp map multicast dynamic

---
ip tcp adjust-mss 1352
ip ospf network broadcast
ip ospf cost 1500
ip ospf priority 0
cdp enable
tunnel source Dialer1
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-25-2010 05:03 AM

Performance cases can be quite time consuming. Let's give it a try but if it will come down to captures I guess it will be best you open a TAC case.

Rememeber that it doesn't have to be fragmenation, but it's a good call ;-)

I'd suggest to watch "show ip traffic" and monitor fragmented packet count.

Regarding fergmentation it should be enough to set MSS on tunnel interfaces.Both endpoints will always pick lowest MSS value of the two introduced in TCP headers in SYN and SYN ACK.

What I would do first of all is check the tunnel to see what is maximum data you can send.

For example:

ping 1.1.1.1 sou 2.2.2.2 df-bit size 1300

Ping from both your hub and spoke 1.1.1.1 and 2.2.2.2 should be tunnel IP addresses.

Increase the size in incrementes of 10 to see where it will start failing.

This is how you can check the path MTU between hub and spoke (of course one of possible ways).

Marcin

0 Helpful
Customers Also Viewed These Support Documents