03-10-2022 06:49 AM
Hi @All,
we´ve a backup connection between to DC´s over an XCONNECT over IPSEC Tunnel.
This run stable for several years on two 3845ISR, with a max performance ~180MBit/s (limited by CPU).
This was long time enough, but we decide to change the router with 3945, which have much more power
and so we get more bandwith. But after the Hardware change we got not more than 180-200MBit/s.
I can´t see any errors, CPU usage max 20%.... I´ve no more ideas....
Here some configuration parts:
pseudowire-class DCCONNECTION
encapsulation l2tpv3
protocol none
ip local interface Loopback0
interface Loopback0
ip address 10.255.1.19 255.255.255.255
ip ospf 255 area 0
int tun 1
ip address 10.255.255.41 255.255.255.252
no ip redirects
ip mtu 1360
no ip split-horizon eigrp 1
ip tcp adjust-mss 1320
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 abc
ip ospf network point-to-point
ip ospf mtu-ignore
ip ospf 255 area 0
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination x.x.x.x
tunnel vrf OUTSIDE
tunnel protection ipsec profile DC
int gi0/1 (Interface to LAN Switch/Trunk)
no ip address
load-interval 30
duplex auto
speed auto
media-type rj45
xconnect 10.255.1.20 1 encapsulation l2tpv3 manual pw-class DCCONNECTION
l2tp id 111 222
The ISP speed is on both sides 1GBit/s, so there is enough bandwith to the Internet.
The physical distance between both DC are ~15km and on both sides is the same ISP.
So we´ve only 3 hops on ISP side and low latency.....
Does any one has an idea...?
Thanks a lot....
03-10-2022 07:29 AM - edited 03-10-2022 07:29 AM
Define slow means ? provide some test results to understand the issue ?
who provided that MTU Settings ?
Look at some MTU settings :
03-10-2022 07:54 AM
As I´ve wrote, slow means 180-200 MBit/s over the Tunnel.
I use IPERF for measuring.
The MTU sizes are from the CISCO TAC several years ago, when we´ve installed the old routers....
03-10-2022 09:23 AM
what License you have also check performance report
03-10-2022 08:55 AM
check the license
SEC-K9
HSEC-K9
I thing SEC-K9 is limit the router throughput.
03-10-2022 11:00 AM
The license was my first idea also,
but both routers has a hsec license and the router works as an DMVPN router before and there was a lot of traffic on.
And I don´t see any bandwith errors on sh logging.
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: uck9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: datak9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 5 Feature: FoundationSuiteK9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: AdvUCSuiteK9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 7 Feature: LI
Index 8 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 9 Feature: SNASw
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 10 Feature: hseck9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 11 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 12 Feature: mgmt-plug-and-play
Index 13 Feature: mgmt-lifecycle
Index 14 Feature: mgmt-assurance
Index 15 Feature: mgmt-onplus
Index 16 Feature: mgmt-compliance
What you mean with performance report ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide