vpn traffic slower than expected

Discussion in 'Cisco' started by psychogenic, Dec 12, 2006.

  1. psychogenic

    psychogenic Guest

    I set up a site to site vpn tunnel between a 2621x router and an ASA
    5510 (T3 line for router and E1 for ASA). Speeds are expected to be
    slower but what I am seeing is very very very slow speeds. This happens
    with anything from downloading (large and small) files across the
    tunnel, citrix connections across the tunnel, remote desktop
    controlling a machine across the tunnel, etc. Pings across the tunnel
    result in these times:

    bytes=32 time=206ms TTL=127
    bytes=32 time=177ms TTL=127
    bytes=32 time=202ms TTL=127
    bytes=32 time=229ms TTL=127

    Both endpoints are outside interfaces that all internet traffic also
    passes through from the respective sites. The MTU setting on the router
    is 4470 and the ASA is the default 1500. I'm not sure if that should
    have an effect on anything. I also disabled pre-fragmentation and no
    luck.

    Anythign else I can look for and can do to get this to improve?

    Thanks.
     
    psychogenic, Dec 12, 2006
    #1
    1. Advertisements

  2. psychogenic

    Wil Schultz Guest

    I did some testing with back2back 2621's a while back using the ethernet
    as the "WAN". IIRC I couldn't get over half a meg at best, the router is
    not built for encryption. There is, however, a slot to put an encryption
    card int there that will bring you up to a reasonable speed. Might need
    a memory upgrade tho...

    http://www.cisco.com/univercd/cc/td...3/123newft/123t/123t_7/gtaimvpn.htm#wp1027173

    Watch the CPU when you do an xfer, the encryption process is probably
    going through the roof.

    -Wil
     
    Wil Schultz, Dec 12, 2006
    #2
    1. Advertisements

  3. psychogenic

    psychogenic Guest

    Thanks Wil. That's bad news. However I'm not even getting half a meg.
    It's more like it peaks at 200k.
     
    psychogenic, Dec 12, 2006
    #3
  4. psychogenic

    Wil Schultz Guest

    The testing I spoke of was several years ago so I am rather fuzzy on the
    details but I would expect about the same performance that you are
    seeing. Look at the CPU, it will tell you the story.

    show proc cpu

    -Wil
     
    Wil Schultz, Dec 12, 2006
    #4
  5. psychogenic

    psychogenic Guest

    This is what I get. Unfortunately this loosk Greek to me. :) Its
    hovering around 29-39%. What would constitute something should be
    looked at? I scrolled through the various processes and the highest % i
    see are 1.5 or so.

    internetrouter#show proc cpu
    CPU utilization for five seconds: 29%/27%; one minute: 30%; five
    minutes: 28%
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    1 20 31 645 0.00% 0.00% 0.00% 0 Chunk
    Manager
    2 11459460 2361288 4853 0.08% 0.10% 0.10% 0 Load
    Meter
    3 140 3609 38 0.00% 0.00% 0.00% 0 TACACS+
    4 0 1 0 0.00% 0.00% 0.00% 0
    EDDRI_MAIN
    5 35193124 2099949 16759 0.00% 0.32% 0.30% 0 Check
    heaps
    6 94572 36659 2579 0.00% 0.00% 0.00% 0 Pool
    Manager
    7 0 2 0 0.00% 0.00% 0.00% 0 Timers
    8 136488 215722 632 0.00% 0.00% 0.00% 0 ARP
    Input
    9 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle
    Timer
    10 12 15953 0 0.00% 0.00% 0.00% 0 AAA
    high-capacit
    11 0 1 0 0.00% 0.00% 0.00% 0
    AAA_SERVER_DEADT
    12 0 1 0 0.00% 0.00% 0.00% 0 Policy
    Manager
    13 0 4 0 0.00% 0.00% 0.00% 0 DDR
    Timers
    14 4 3 1333 0.00% 0.00% 0.00% 0 Entity
    MIB API
    15 450820 348448 1293 0.00% 0.40% 0.33% 0 EEM ED
    Syslog
    16 626216 2600273 240 0.00% 0.00% 0.00% 0 HC
    Counter Timer
    17 0 14 0 0.00% 0.00% 0.00% 0 Serial
    Backgroun
    18 0 1 0 0.00% 0.00% 0.00% 0 RO
    Notify Timers
    19 0 1 0 0.00% 0.00% 0.00% 0 Crash
    writer
    20 3416 393978 8 0.00% 0.00% 0.00% 0
    Environmental mo
    21 230680 11805789 19 0.00% 0.00% 0.00% 0 GraphIt
    22 0 2 0 0.00% 0.00% 0.00% 0 Dialer
    event
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    23 0 1 0 0.00% 0.00% 0.00% 0 SERIAL
    A'detect
    24 0 2 0 0.00% 0.00% 0.00% 0 XML
    Proxy Client
    25 0 2 0 0.00% 0.00% 0.00% 0 SMART
    26 0 1 0 0.00% 0.00% 0.00% 0 Critical
    Bkgnd
    27 111388 2983706 37 0.00% 0.00% 0.00% 0 Net
    Background
    28 313936 129732 2419 0.00% 0.22% 0.18% 0 Logger
    29 357716 11805792 30 0.00% 0.00% 0.00% 0 TTY
    Background
    30 3623704 11806028 306 0.08% 0.04% 0.01% 0
    Per-Second Jobs
    31 256 98509 2 0.00% 0.00% 0.00% 0 DHCPD
    Timer
    32 0 1 0 0.00% 0.00% 0.00% 0 AggMgr
    Process
    33 0 1 0 0.00% 0.00% 0.00% 0
    dev_device_inser
    34 0 1 0 0.00% 0.00% 0.00% 0
    dev_device_remov
    35 11516 1969171 5 0.00% 0.00% 0.00% 0 mxt5100
    36 0 1 0 0.00% 0.00% 0.00% 0
    sal_dpc_process
    37 0 1 0 0.00% 0.00% 0.00% 0 ARL
    Table Manage
    38 0 2 0 0.00% 0.00% 0.00% 0 ESWILPPM
    39 0 2 0 0.00% 0.00% 0.00% 0 Eswilp
    Storm Con
    40 0 2 0 0.00% 0.00% 0.00% 0 SM
    Monitor
    41 0 2 0 0.00% 0.00% 0.00% 0 VNM
    DSPRM MAIN
    42 0 1 0 0.00% 0.00% 0.00% 0 DSPFARM
    DSP READ
    43 0 2 0 0.00% 0.00% 0.00% 0 FLEX
    DNLD MAIN
    44 0 2 0 0.00% 0.00% 0.00% 0
    NM-1VSAT-GILAT M
    45 0 1 0 0.00% 0.00% 0.00% 0 HDV
    background
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    46 0 2 0 0.00% 0.00% 0.00% 0
    Multi-ISA Event
    47 0 1 0 0.00% 0.00% 0.00% 0
    Multi-ISA Cleanu
    48 3372 393978 8 0.00% 0.00% 0.00% 0 Call
    Management
    49 0 2 0 0.00% 0.00% 0.00% 0 Net
    Input
    50 4477396 2361299 1896 0.08% 0.06% 0.06% 0 Compute
    load avg
    51 14942036 199288 74977 0.00% 0.17% 0.12% 0
    Per-minute Jobs
    52 0 1 0 0.00% 0.00% 0.00% 0 AAL2CPS
    TIMER_CU
    53 0 1 0 0.00% 0.00% 0.00% 0 IGMP
    Snooping Pr
    54 0 1 0 0.00% 0.00% 0.00% 0 IGMP
    Snooping Re
    55 57656 429342 134 0.00% 0.00% 0.00% 0 CRYPTO
    IKMP IPC
    57 221100 11805811 18 0.00% 0.00% 0.00% 0 Crypto
    Device Up
    58 294948 11805806 24 0.00% 0.00% 0.00% 0 Kontrol
    Common H
    59 0 2 0 0.00% 0.00% 0.00% 0 AAA
    Dictionary R
    60 1756 9281 189 0.00% 0.00% 0.00% 0 AAA
    Server
    61 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT
    Proc
    62 0 1 0 0.00% 0.00% 0.00% 0 ACCT
    Periodic Pr
    63 0 1 0 0.00% 0.00% 0.00% 0 AC Mgr
    64 264984 1203944 220 0.00% 0.00% 0.00% 0 CDP
    Protocol
    65 12756540 9476699 1346 1.14% 0.25% 0.12% 0 IP Input
    66 0 1 0 0.00% 0.00% 0.00% 0 ICMP
    event handl
    67 88 19662 4 0.00% 0.00% 0.00% 0 MOP
    Protocols
    68 0 5 0 0.00% 0.00% 0.00% 0 PPP
    Hooks
    69 220 53 4150 0.32% 0.05% 0.01% 66 Virtual
    Exec
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    70 0 1 0 0.00% 0.00% 0.00% 0 SSS
    Manager
    71 11720 1575727 7 0.00% 0.00% 0.00% 0 SSS Test
    Client
    72 0 1 0 0.00% 0.00% 0.00% 0 SSS
    Feature Mana
    73 88368 46174890 1 0.00% 0.00% 0.00% 0 SSS
    Feature Time
    74 0 1 0 0.00% 0.00% 0.00% 0 VPDN
    call manage
    75 0 1 0 0.00% 0.00% 0.00% 0 L2X
    Socket proce
    76 0 1 0 0.00% 0.00% 0.00% 0 L2X SSS
    manager
    77 0 2 0 0.00% 0.00% 0.00% 0 L2TP
    mgmt daemon
    78 0 1 0 0.00% 0.00% 0.00% 0 X.25
    Encaps Mana
    79 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA
    80 0 1 0 0.00% 0.00% 0.00% 0 IPv6 RIB
    Redistr
    81 0 2 0 0.00% 0.00% 0.00% 0 Dot11
    auth Dot1x
    82 4 1 4000 0.00% 0.00% 0.00% 0 Dot11
    Mac Auth
    83 0 2 0 0.00% 0.00% 0.00% 0 dot1x
    84 0 2 0 0.00% 0.00% 0.00% 0 DTP
    Protocol
    85 230368 11805797 19 0.00% 0.00% 0.00% 0 PI MATM
    Aging Pr
    86 7336 1181676 6 0.00% 0.00% 0.00% 0
    EtherChnl
    87 0 1 0 0.00% 0.00% 0.00% 0 L2X Data
    Daemon
    88 0 2 0 0.00% 0.00% 0.00% 0 EAPoUDP
    Process
    89 393800 281203 1400 0.00% 0.00% 0.00% 0 IP
    Background
    90 79896 198781 401 0.00% 0.00% 0.00% 0 IP RIB
    Update
    91 8 6 1333 0.00% 0.00% 0.00% 0 PPP IP
    Route
    92 0 6 0 0.00% 0.00% 0.00% 0 PPP IPCP
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    93 0 1 0 0.00% 0.00% 0.00% 0 Asy FS
    Helper
    94 0 2 0 0.00% 0.00% 0.00% 0 SNMP
    Timers
    95 16 2 8000 0.00% 0.00% 0.00% 0 SCTP
    Main Proces
    96 0 1 0 0.00% 0.00% 0.00% 0 IUA Main
    Process
    97 507500 11805828 42 0.00% 0.00% 0.00% 0 RUDPV1
    Main Proc
    98 0 1 0 0.00% 0.00% 0.00% 0
    bsm_timers
    99 212412 11805812 17 0.00% 0.00% 0.00% 0
    bsm_xmt_proc
    100 0 1 0 0.00% 0.00% 0.00% 0 CES
    Client SVC R
    101 0 1 0 0.00% 0.00% 0.00% 0 IP
    Traceroute
    102 46420 11805185 3 0.00% 0.00% 0.00% 0 Socket
    Timers
    103 5356 51324 104 0.00% 0.00% 0.00% 0 TCP
    Timer
    104 7252 3955 1833 0.00% 0.00% 0.00% 0 TCP
    Protocols
    105 0 1 0 0.00% 0.00% 0.00% 0 COPS
    106 8781468 23610370 371 0.08% 0.08% 0.06% 0 DHCPD
    Receive
    107 0 2 0 0.00% 0.00% 0.00% 0 Dialer
    Forwarder
    108 226188 197001 1148 0.08% 0.00% 0.00% 0 Adj
    Manager
    109 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM
    Input
    110 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM
    TIMER
    111 1273684 371157 3431 0.00% 0.00% 0.00% 0 HTTP
    CORE
    112 28680 196769 145 0.00% 0.00% 0.00% 0 IP Cache
    Ager
    113 0 1 0 0.00% 0.00% 0.00% 0 RARP
    Input
    114 0 1 0 0.00% 0.00% 0.00% 0 PAD
    InCall
    115 0 2 0 0.00% 0.00% 0.00% 0 X.25
    Background
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    116 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
    117 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
    118 624048 117968981 5 0.00% 0.00% 0.00% 0 RBSCP
    Background
    119 378288 2361290 160 0.00% 0.00% 0.00% 0 L2F
    management d
    120 12 1 12000 0.00% 0.00% 0.00% 0 PPTP
    Mgmt
    121 0 2 0 0.00% 0.00% 0.00% 0 PPTP
    Data
    122 0 1 0 0.00% 0.00% 0.00% 0 Inspect
    Timer
    123 3344 197006 16 0.00% 0.00% 0.00% 0 DHCPD
    Database
    124 4815852 15156811 317 0.00% 0.00% 0.00% 0 CEF
    process
    125 4 2 2000 0.00% 0.00% 0.00% 0 L2MM
    126 0 1 0 0.00% 0.00% 0.00% 0 MRD
    127 0 1 0 0.00% 0.00% 0.00% 0 IGMPSN
    128 0 2 0 0.00% 0.00% 0.00% 0 DDP
    129 80 39404 2 0.00% 0.00% 0.00% 0
    Authentication P
    130 0 1 0 0.00% 0.00% 0.00% 0
    Auth-proxy AAA B
    131 0 1 0 0.00% 0.00% 0.00% 0 IPS
    Timer
    132 0 2 0 0.00% 0.00% 0.00% 0 SDEE
    Management
    133 0 1 0 0.00% 0.00% 0.00% 0 IPv6
    Inspect Tim
    134 0 2 0 0.00% 0.00% 0.00% 0 URL
    filter proc
    135 4 3 1333 0.00% 0.00% 0.00% 0 Crypto
    HW Proc
    136 0 2 0 0.00% 0.00% 0.00% 0 ENABLE
    AAA
    137 0 1 0 0.00% 0.00% 0.00% 0 EM
    Background Pr
    138 0 1 0 0.00% 0.00% 0.00% 0 Key
    chain liveke
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    139 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
    140 7036 7266 968 0.00% 0.00% 0.00% 0 LOCAL
    AAA
    141 25636 16433 1560 0.00% 0.04% 0.01% 0 TPLUS
    142 0 2 0 0.00% 0.00% 0.00% 0 VSP_MGR
    143 100 2 50000 0.00% 0.00% 0.00% 0
    CCVPM_HDSPRM
    144 9560 4374681 2 0.08% 0.00% 0.00% 0 FLEX
    DSPRM MAIN
    145 5432 4374679 1 0.00% 0.00% 0.00% 0 FLEX DSP
    KEEPALI
    146 920 472846 1 0.00% 0.00% 0.00% 0
    CRM_CALL_UPDATE_
    147 4 4 1000 0.00% 0.00% 0.00% 0 HDA
    DSPRM MAIN
    148 195756 62663 3123 0.00% 0.00% 0.00% 0 Crypto
    Support
    149 0 1 0 0.00% 0.00% 0.00% 0 encrypt
    proc
    150 0 3 0 0.00% 0.00% 0.00% 0 Crypto
    WUI
    151 0 1 0 0.00% 0.00% 0.00% 0
    CCSWVOICE
    153 0 1 0 0.00% 0.00% 0.00% 0 http
    client proc
    154 8 2 4000 0.00% 0.00% 0.00% 0
    CCAAL2_CT
    155 8 2 4000 0.00% 0.00% 0.00% 0
    CCFRF11_CT
    156 24 2 12000 0.00% 0.00% 0.00% 0
    CCH323_CT
    157 0 1 0 0.00% 0.00% 0.00% 0
    CCH323_DNS
    158 76 14 5428 0.00% 0.00% 0.00% 0
    CCSIP_SPI_CONTRO
    159 0 1 0 0.00% 0.00% 0.00% 0
    CCSIP_DNS
    160 16 13 1230 0.00% 0.00% 0.00% 0
    CCSIP_UDP_SOCKET
    161 8 1 8000 0.00% 0.00% 0.00% 0
    CCSIP_TCP_SOCKET
    163 4 1 4000 0.00% 0.00% 0.00% 0
    QOS_MODULE_MAIN
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    164 0 1 0 0.00% 0.00% 0.00% 0
    RPMS_PROC_MAIN
    165 0 1 0 0.00% 0.00% 0.00% 0 VoIP AAA
    166 0 1 0 0.00% 0.00% 0.00% 0
    CCVPM_HTSP
    167 0 2 0 0.00% 0.00% 0.00% 0
    VPM_MWI_BACKGROU
    168 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_R2
    169 8 13135 0 0.00% 0.00% 0.00% 0 FB/KS
    Log HouseK
    170 3708 3616 1025 0.00% 0.00% 0.00% 0 Crypto
    ACL
    171 0 1 0 0.00% 0.00% 0.00% 0 CRYPTO
    QoS proce
    172 0 1 0 0.00% 0.00% 0.00% 0 Crypto
    INT
    173 6347492 3105057 2044 0.00% 1.45% 1.35% 0 Crypto
    IKMP
    174 31840 608440 52 0.00% 0.00% 0.00% 0 IPSEC
    key engine
    175 0 1 0 0.00% 0.00% 0.00% 0 IPSEC
    manual key
    176 4 3 1333 0.00% 0.00% 0.00% 0 Crypto
    PAS Proc
    177 3704 7003 528 0.00% 0.00% 0.00% 0 Crypto
    Delete Ma
    178 141452 1726406 81 0.00% 0.00% 0.00% 0 Key Proc
    179 1956 5742 340 0.00% 0.00% 0.00% 0 crypto
    engine pr
    180 24 4 6000 0.00% 0.00% 0.00% 0 Crypto
    CA
    181 0 1 0 0.00% 0.00% 0.00% 0 Crypto
    PKI-CRL
    182 0 1 0 0.00% 0.00% 0.00% 0 Crypto
    SSL
    183 0 1 0 0.00% 0.00% 0.00% 0 DATA
    Transfer Pr
    184 0 1 0 0.00% 0.00% 0.00% 0 DATA
    Collector
    185 5588 9808 569 0.00% 0.00% 0.00% 0 AAA SEND
    STOP EV
    186 0 3 0 0.00% 0.00% 0.00% 0 EEM ED
    CLI
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    187 0 2 0 0.00% 0.00% 0.00% 0 EEM ED
    Counter
    188 0 2 0 0.00% 0.00% 0.00% 0 EEM ED
    Interface
    189 0 3 0 0.00% 0.00% 0.00% 0 EEM ED
    IOSWD
    190 0 2 0 0.00% 0.00% 0.00% 0 EEM ED
    Memory-th
    191 0 2 0 0.00% 0.00% 0.00% 0 EEM ED
    None
    192 0 2 0 0.00% 0.00% 0.00% 0 EM ED
    OIR
    193 4 2 2000 0.00% 0.00% 0.00% 0 EEM ED
    SNMP
    194 800 197371 4 0.00% 0.00% 0.00% 0 EEM ED
    Timer
    195 1268032 2364422 536 0.00% 0.00% 0.00% 0 EEM
    Server
    196 0 1 0 0.00% 0.00% 0.00% 0 Syslog
    Traps
    197 0 1 0 0.00% 0.00% 0.00% 0 PM
    Callback
    199 220 3304 66 0.00% 0.00% 0.00% 0
    IpSecMibTopN
    200 0 2 0 0.00% 0.00% 0.00% 0 EEM
    Policy Direc
    201 251244 98043 2562 0.00% 0.13% 0.12% 0 Syslog
    202 0 1 0 0.00% 0.00% 0.00% 0 VPDN
    Scal
    203 544600 11804264 46 0.00% 0.00% 0.00% 0 trunk
    conditioni
    204 4 1 4000 0.00% 0.00% 0.00% 0 trunk
    conditioni
    205 4 2 2000 0.00% 0.00% 0.00% 0 VLAN
    Manager
    207 0 1 0 0.00% 0.00% 0.00% 0 TCP
    Driver
    208 0 1 0 0.00% 0.00% 0.00% 0 TCP
    Listener
    209 15240 9853 1546 0.00% 0.00% 0.00% 0 SSH
    Event handle
    210 21708 409732 52 0.00% 0.00% 0.00% 0 CEF
    Scanner
    211 37220 23079662 1 0.00% 0.00% 0.00% 0 IP NAT
    Ager
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    212 0 1 0 0.00% 0.00% 0.00% 0 IP NAT
    WLAN
    213 25312 212165 119 0.00% 0.00% 0.00% 0 IP VFR
    proc
    214 0 2 0 0.00% 0.00% 0.00% 0 IP Flow
    Backgrou
    215 858880 368591958 2 0.00% 0.01% 0.00% 0 PPP
    manager
    216 643840 368591964 1 0.00% 0.01% 0.00% 0 PPP
    Events
    217 199208 11806265 16 0.00% 0.00% 0.00% 0
    Multilink PPP
    218 24 38 631 0.00% 0.00% 0.00% 0 IP SNMP
    219 20 28 714 0.00% 0.00% 0.00% 0 PDU
    DISPATCHER
    220 84 29 2896 0.00% 0.00% 0.00% 0 SNMP
    ENGINE
    221 0 1 0 0.00% 0.00% 0.00% 0 SNMP
    ConfCopyPro
    222 0 1 0 0.00% 0.00% 0.00% 0 SNMP
    Traps
    223 0 1 0 0.00% 0.00% 0.00% 0 NAT MIB
    Helper
    224 28784 11821104 2 0.00% 0.00% 0.00% 0 NTP
    225 481352 152244935 3 0.00% 0.03% 0.03% 0 IP SLA
    Mon Event
     
    psychogenic, Dec 12, 2006
    #5
  6. psychogenic

    psychogenic Guest

    Come to think of it, the way the tunnel is setup is that it has 2 peers
    (2 ISPs), both being NAT addresses of the outside interface of the ASA.
    I have it configured as such on my 2621x router:

    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key somepassword address 10.1.1.1
    crypto isakmp key somepassword address 20.1.1.1
    !
    crypto ipsec transform-set TUNNEL esp-3des esp-md5-hmac
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description SiteToSite Tunnel to Remote Site
    set peer 10.1.1.1
    set peer 20.1.1.1
    set transform-set TUNNEL
    match address 107

    What this should do, I think, is that it will only connect to one peer,
    and if that fails, should connect to the other. The dynamics behind I
    don't know like its whoever gets connected first will be the endpoint
    or there is some priority. In anycase, each time I will only see one
    endpoint being connected but is the traffic being "split" in half
    between the two? Is that why it would be slow?
     
    psychogenic, Dec 12, 2006
    #6
  7. psychogenic

    Wil Schultz Guest

    Not sure exactly what would happen there, I would suspect that the first
    match would come up and the 2nd might never come up. This more than
    likely is not the cause of your frustrations however.

    -Wil
     
    Wil Schultz, Dec 13, 2006
    #7
  8. psychogenic

    Bod43 Guest

    Regarding ping time:-

    How far apart are your devices?
    200ms is OK for say California to Europe.

    If they are nearer:-
    The usual cause for this is for a packet queue to have formed
    somewhere.

    Since your CPU is only 30% the router looks OK.

    My guess is that your T1 is full.

    sh int and look at the "rate".

    Note that the "5 min" rate includes data for over 15 mins.

    I also guess that it is not full of crypto traffic since as
    has been said a 2600 is not very good at crypto.
    However it may do the job you want.
    You say 2621x - a 2621 is quite a bit faster than a 2611 and
    if I recall correctly an XL quite a bit faster again.

    "CPU utilization for five seconds: 29%/27%; one minute:
    30%; five minutes: 28% "

    29%/27% further supports the ides that the router is NOT
    doing much crypto.

    This means that the TOTAL load is 29% of which 27%
    is "fast switching" packets. This is all good.
     
    Bod43, Dec 13, 2006
    #8
  9. psychogenic

    AM Guest

    Just my suggestion out of all that the other guys gave you is to have a look to the debugs enabled.

    HTH Alex.
     
    AM, Dec 13, 2006
    #9
  10. psychogenic

    psychogenic Guest

    Thanks all for the generous help.

    Local site is New York and remote site is Romania. However I have
    exisitng VPN tunnels between myself and France and the UK and both ping
    times are twice as responsive. :(

    I checked the debug logs and did not notice anything out of the
    ordinary as well. At least from what I could see.
     
    psychogenic, Dec 13, 2006
    #10
  11. psychogenic

    Bod43 Guest

    To the OP.
    I am in London and the RTT to www.unibuc.ro [80.96.21.9]
    is 52ms minimum. We are an ISP (v.small) with good connectivity.

    Maybe your links are wandering about a bit. We had a link to the US
    from London
    that went via Spain a while back. 100ms RTT Lon - NY.

    Maybe yours goes via Africa, or Poland.

    tracert 80.96.21.9
    <..snipped..> to protect the guilty

    8 3 ms 4 ms 3 ms ldn-b3-geth2-0.telia.net
    [213.248.100.141]
    9 3 ms 3 ms 3 ms ldn-bb1-pos6-1-0.telia.net
    [213.248.65.237]
    10 18 ms 18 ms 17 ms hbg-bb1-link.telia.net [80.91.249.11]
    11 37 ms 37 ms 37 ms bpt-b2-link.telia.net [213.248.64.18]
    12 38 ms 37 ms 37 ms dante-109059-bpt-b2.c.telia.net
    [213.248.103.62]

    13 * * * Request timed out.
    14 51 ms 51 ms 51 ms 217.73.160.209
    15 52 ms 51 ms 52 ms 217.73.160.213
    16 53 ms 53 ms 52 ms 141.85.5.130
    17 56 ms 53 ms 52 ms www.unibuc.ro [80.96.21.9]

    Sometimes you can get an idea of the locations from the router names.
    ldn is definately London
    hbg ? Hamburg, Heidleburg (spelling? sorry)
     
    Bod43, Dec 13, 2006
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.