Cisco VPN :: 3925e / IPsec Packet Batching - Increase Latency
Jun 14, 2011
I just installed a new ISR G2 3925e (spe200 integrated) in a VPN environment it works well but I lost latency (it adds around 8-10 ms in the VPN) because of " IPsec packet batching" :Queues multiple packets at the interrupt service routine level after being processed by crypto engine Reduces interrupt context switching by allowing one crypto interrupt for multiple crypto packetsIt's not very good specaly if you tunnel ToIP and/or video streamsI'm trying to find a solution how to disable it without impact other things or is there something planned soon to improve itfyi I use IOS c3900e-universalk9-mz.SPA.151-4.M.bin
View 3 Replies
ADVERTISEMENT
Feb 19, 2011
I have one hub router connected to an ISP cloud and then a spoke router connected to the same ISP cloud. There is a dmvpn connection from the spoke to the hub router and i have attempted to do a few tests from the spoke to the hub router.
When i do a ping from the wan interface (tunnel source) of the spoke router to the wan interface (tunnel source) of the hub router i get a return time of about 700ms on the average. However when i ping from the LAN of the spoke to the LAN side of the HUB, my return time increases to 1000ms and sometimes as high as 3000ms. I suspect the hughes modem HN7700 on the wan side of my spoke to be the cause of the problem.
View 4 Replies
View Related
Nov 8, 2011
I have installed a Catalyst 3560 as my internal router. I have created 4 vlans to route the traffic.
Here are the interface "show run"
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
spanning-tree portfast
[code].....
I have been getting notifications of large packet loss and latency for itnernal traffic going to servers. I have a simple setup of nagios who pings servers and will notify me of large packet loss or complete packet loss. I have implemented this L3 switch a few hours ago, I am currently running a constant ping to my servers, but I am not niticing packet loss right now.This packet loss happened 4 time spans within the last hour of many large packet losses to all my servers within all subnets. It is now stopped.
I am not sure why this would be happening, the predessor of the internal router was just a normal linux box with 3 NICs on it. Nothing crazy going on since the business is closed.
View 11 Replies
View Related
Jul 12, 2012
Isn't there a way to increase the TTL of an OSPF Hello packet or am I thinking of a different protocol? Or is it only with virtual links? I can't seem to find it in my ROUTE cert book or on the Intarwebz outside of setting TTL security, but I could have sworn I remembered configuring something like this in my ROUTE lab book that I unfortunately do not have at work.
View 8 Replies
View Related
Feb 21, 2012
I have two 1410 bridges installed in a point to point link using external directional antennas. The distance between the bridges is only 200M. As you can see below from the output the RSSI and SNR are excellent with a good fade margin available. These stats are almost identical to what my path profile calculated out to be. During normal operation the latency on this link sub 2ms, during certain conditions the latency jumps to 40+ms and starts dropping packets. I say certain conditions because we have not been able to pinpoint it. Unfortunately at this time the customer does not have the ability to do any SNMP polling or collect any statistical information (working on getting this setup). There are an excessive number of data retries and am not sure if that is normal. During the issues I have observered the below command output and the numbers did not change, which leads to me believe that it is not a RF issue. It almost looks like it's serialization delay, but I have no data to back that up. During iperf performance testing of this wireless link I could push 54Mbps of UDP traffic no problem, no errors, no CRC's.
Bridge Parameters
Encryption: WPA-PSK w/TKIP
Distance parameter: Configured to 1
[Code].....
View 4 Replies
View Related
Jan 27, 2013
My network Infrastructure consists of 2 core switches(cisco 3950, 24 port) and 3 access switches (cisco 2960G, 48port). No distribution layer.Both Core switches are connected to the BVI of a VPN router.PVST is running in all switches. The STP results are all good. We have 3 VLAN's in the LAN an IP routing is enables in the core switch. The network diagram is attached.
The issue we are facing is that , we get intermittent packet drops while pinging towards the access switches, and there is always a higher latency towards these assess switches.These issues are present even with no other users using the LAN. But these issues are not present while pinging towards the GW.
I guess, it is because of this, we have issues the accessing file server in the LAN. How do we go ahead with the troubleshooting. Will upgrading the IOS resolve this.The present version details is..
WS-C2960G-48TC-L 12.2(44)SE6 C2960-LANBASEK9-M
View 2 Replies
View Related
Apr 26, 2012
I have an asa 5510 that has many(17)ipsec vpn site tunnels on it. One of the tunnels, one running to a c1900isr at the other end, is experiencing 400 to 500ms latency through it. It does appear to be the tunnel only because there is no latency to the internet. I cleared the tunnel group out and readded it to no effect. isp says everything fine. any other known causes for this
View 2 Replies
View Related
Mar 24, 2013
I need to set up several L2L ipsec tunnels using ASA 5540 (8.2) as a central node and ASA 5505s (8.4) for branch offices. So far I've configured ipsec for the sake of testing between a 5540 and one of 5505, but it blocks ICMP between hosts behind ASAs. Although there's an echo response from 5540's inside interface (172.30.0.1) to echo requests from a host behind ASA 5505 and I see ipsec counters growing. I still can't figure it out despite hurting my eyes with cisco manuals for the relevant ASA software versions.
One thing I couldn't understand in the 8.4 documentation - it says I need ACLs to allow ipsec traffic on outside if I don't NAT/PAT it. Isn't it achieved with "sysopt connection permit-vpn" or do I have to do it manually? I've actually tried adding access-groups for the "in" traffic on outside and those ACLs get hits on both ASAs.
The packet-tracer shows some weird DROP at phase 6 on 5505, but I see no rule denying this traffic and the description doesn't mention implicit rules. [code]
View 1 Replies
View Related
Oct 23, 2012
I have a 1841 router connected to an ISP (currently SDSL EFM 10Mbps through an ISP modem, the router and the model are connected with a FastEthernet interface). On another location I have a linux server.There is an ipsec tunnel (3des-sha esp) between the router and the linux server (actually done with a crypto mac).The router has a hierarchical QOS policy on the egress interface.When sending traffic from the network inside the router to the linux host without the ipsec tunnel, everything is working fine and throughput is correct.When sending traffic from the inside network to the linux host internal ip through the ipsec tunnel, some packets are lost and the traffic throughput decrease.When sending traffic through the tunnel in the reverse direction (from the linux host to the internal network), everything is fine.I looked at the QOS statistics and the dropped packets counters don't increase. I looked at the egress/ingress interface statistics and no packets dropped there.I lowered the MTU on the egress interface, but it didn't solve the problem. I played by sending various ping icmp packets size, but even small packets are sometimes lost.I tried to check the router CPU, but it seems relatively fine (<= 10%)I captured the traffic on both side, and I see the packets emitted, and then I can see that some of the esp packets of the corresponding side are not received, so it looks like the cisco router is the culprit. This 1841 router is running: 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(24)T4,How can I troubleshoot where and why those packets are lost?
View 0 Replies
View Related
Feb 22, 2011
I have an existing site-2-site VPN between a Cisco 2621 router (IOS 12.3) and Cisco 1841 (IOS 12.3) and I can ping packet size of 17000 over the IPSec tunnel without any issue:c2621#ping 192.168.230.254 source f0/1 repeat 20 size 17000,Type escape sequence to abort.Sending 20, 17000-byte ICMP Echos to 192.168.230.254, timeout is 2 seconds:Packet sent with a source address of 192.168.208.254!!!!!!!!!!!!!!!!!!!!Success rate is 100 percent (20/20), round-trip min/avg/max = 144/146/148 msc2621#I replaced the Cisco 2621 with a more powerful ASR 1002 running IOS version asr1000rp1-adventerprisek9.03.01.00.S.150-1.S.bin. However, I can not ping packet size larger than 9200 over the IPSec tunnel:Feb 24 02:42:52.362: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:015 TS:00000015834854465792 %IPSEC-3-PKT_TOO_BIG: IPSec Packet size 10072 larger than maximum supported size 9216 hence dropping it.Success rate is 0 percent (0/10)asr1002# Why is not working? Basically the more expensive ASR router can not perform the same task as the old Cisco 2621 router.
View 6 Replies
View Related
Jan 23, 2013
I´ve try to configure a VPN IPSEC between a Cisco 7200 and Juniper ISG2000.The tunnel looks like good but when a ping is sending, I´ve packets lost and getting the next error:IPSEC(epa_des_crypt): decrypted packet failed SA identity check.My configuration en both sites is the follow: [code] What is the possible problem here. mea be in the Cisco 7200 configuration or in ISG Configuraton??
View 4 Replies
View Related
Mar 15, 2013
I'm trying to troubleshoot a random packet drop issue for an IPSec tunnel between two VTIs. For over a month, we didn't see any issue, and starting today, we have up to 30% packet loss across an IPSec tunnel.
After some analysis, I concluded that the packet loss happens somewhere on the path from the uc520 to the 2921. Packet counts show up correctly on the uc520 physical egress interface, but the packet count is low on the ingress interface on the 2921.
Pings outside the tunnel along the same path are fine.
I also cleared the tunnels on both ends and after they reestablished, the issue was still present.
Any pointers on finding where the packets get lost?
rr-hq-2921#ping 10.1.13.1 source g0/1 rep 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.1.13.1, timeout is 2 seconds:
[Code].....
View 3 Replies
View Related
Apr 25, 2013
I'm trying to setup a GDOI based IPsec connection between a cisco AS901 (advanced Metro lic - asr901-universalk9-mz.152-2.SNI ) and a 7606-S.What I see is that the ASR901 is capable of decrypting the IPsec packet but I cannot encrypt the ICMP packet back, so the question is if the AS901 can support IPsec in software. What I could not find in the docs on CCO. [code]
View 1 Replies
View Related
Jan 9, 2013
i looked but didn't find anything. I'm looking for a configuration guide, similar to the ASA Configuration Guide, that that can provide documentation on how to configure a Cisco 3925e router. I have my CCNA and a fair amount of real world experience configuring routers but ultimately what I am looking for is guidance on how to configure BGP on this beast. I learned a great deal about ASAs by running through the ASA Configuration Guide and I am hoping to do the same with the 3900 series ISRs.
View 5 Replies
View Related
Sep 28, 2011
I have an LMS 4.0.1 server (on Windows 2008 R2) with all the LMS and device updates applied that fails when trying to do an Inventory Collection on a Cisco 3925E router. The router is running IOS Version 15.1(1)T2. This device is apparently supported according to:
[URL]
Some 'show ver' info:
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.1(1)T2, RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 15.1(1r)T2, RELEASE SOFTWARE (fc1)
System image file is "flash0:c3900e-universalk9-mz.SPA.151-1.T2.bin"
Cisco CISCO3925-CHASSIS (revision 1.0) with C3900-SPE200/K9 with 689152K/293888K bytes of memory.
'show inv':
NAME: "CISCO3925-CHASSIS", DESCR: "CISCO3925-CHASSIS"
PID: CISCO3925-CHASSIS , VID: V02, SN: FGL152610R8
[Code]....
View 2 Replies
View Related
Aug 1, 2012
I cant find the maximum number of vrf supported on a 3925E ?
View 1 Replies
View Related
Mar 14, 2012
I found a new bug in cisco IOS 15.1(4)M3 when running EEM script with syslog event detector.If system logging performed using the "logging discriminator" and run concurrently EEM script with syslog event detector, then Cisco router crash and goes to reboot.
Cisco ISR G2 3925E.
View 4 Replies
View Related
Jan 30, 2013
terms of Performance for 3925, 3925E and 3945.
didn't see much different between 3925 and 3925E except an additional port.
View 5 Replies
View Related
Mar 14, 2012
How do I find the default throughput supported by the Router 3925E?I need a router that supports 400Mbps line 3900.The 3925E supports? If so, you need to upgrade or add a EHWIC? If so, what can I addto support that throughput?
View 6 Replies
View Related
Feb 22, 2012
I play an online game, and latency is critical. I usually play at one server, and typically I get around 100ms ping. Today, when I joined the server I noticed my ping is now 40-45ms. My IP has not changed, internet service has not changed, service of server has not changed. It's almost as if the latency *just got better*. I know there are probably a huge number of factors regarding this, but I'm wondering how I could investigate this. Preferably, I'd like to keep my latency at 40ms, but I have no idea how it got there.
View 1 Replies
View Related
Jan 12, 2013
I run windows 7 on a Gateway DX4860 desktop and my problem has been occurring for a long time. I casually play games like league of legends and I believe my problem lies within my computer rather than the network itself because my problem is latency spikes where when I start games with 90 ping, it quickly spikes to 300+ ping ~ 5 minutes into the game and then into the thousands making it absolutely unplayable. I have had this problem on 3 different internet providers and the problem still remains; HOWEVER, while hooked directly to my computer with an Ethernet cord, I have ZERO problems. The house I am living at now doesn't allow me to connect directly.
View 2 Replies
View Related
Sep 10, 2011
I have reason to be suspicious as to the game's relevance. These spikes are characterized by no packet loss, as measured by pingplotter and winmtr (more specifically, there is packet loss, but I've come to understand that because it does not continue on to subsequent jumps it's not an issue), and latency leaping to between 250 and 600ms across multiple hops, seemingly without pattern or form, for intervals
Here are some summaries of some extended pingplotter sessions. The suspicion that this is not entirely WoW related is recent, so I'm working on seeing if I can get similar results from some other sources.
[code]...
View 1 Replies
View Related
Aug 14, 2011
Over the last couple of weeks I've been noticing high amounts of jitter and latency over my home network. I've come to some conclusions but am not 100% sure if they are correct or not.When one computer on the network opens a web page, loads a video off youtube or downloads something all of the computers on the network have considerably increased latency for a short period.I've tested 3 computers over WiFI watching ping commands and will show some below in a moment. Tested 1 computer using ethernet to connect to the router and its still affected by the issue. Ive also actually used the router to ping an outside source while the ping is increased and this is also affected. This has only been happening for the last 2 weeks.
Heres a list of hardware being used/software and os.
Windows 7 with a Belkin G enabled usb NIC
Windows XP with a realtek rtl8139/810x
Windows 7 (Friends laptop)
Router = Netgear dg834g
Settings
[code]...
So I've read up on QoS and understand that my router doesnt support it but I still dont understand how 1 person using youtube can affect my network that much. As before 2 weeks ago it did not affect it what so ever, and it didnt in my old house either. So what this means is that browsing is fine on the network, just whenever you try and play a game or anything that requires low latency anyone touching the network means you get massive jitter.
View 6 Replies
View Related
Mar 13, 2012
Start PC.Login to Windows.Programs start. (Only Steam and Windows programs, nothing else.)PC runs normally, and starts with low DPC.After several hours of running I check the DPC and it is much higher at a constant rate.After keeping PC on all night I wake up and the DPC is way high in the yellows and reds with audio popping.Restart PC, rinse and repeat all the above.I've turned off every device that would have any confliction with this. (Also I am connected through Ethernet and I am using onboard sound. My mobo is M2N SLI-Deluxe)
View 8 Replies
View Related
Aug 24, 2011
I recently built a new computer, this computer is running Windows 7 (64 bit), playing games such as World of Warcraft I get from 250-350 ms Latency, on my old Windows XP built hooked to the same router gets about 80ms stable.
View 3 Replies
View Related
Apr 29, 2013
I tried any type of combination and just couldn't make it works. Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?
View 11 Replies
View Related
Apr 16, 2013
I am wondering what is Latency value for Cisco ASA 5585X and 5555X . I can see on websites that it says "low latency firewall" but I dont see any value.
View 1 Replies
View Related
Apr 26, 2012
We used the SG 200-26P (firmware 1.1.1.8 ) as our main LAN switch. We have a few other 100Mb switches but our servers and nodes in our cluster are all on this switch. If you log onto a machine on one of the other 100Mb switches and then Remote Desktop to a virtual machine that is running off the SG 200-26P, and then copy say a large file (500Mb) your you will get major delays in the response time. For instance mouse clicks, screen paints, etc. Remote Desktop to a VM is unusable during this time period. This also happens for instance during backups when files are being copied from a machine to a VM.
As mentioned the other switches are 100Mb switches from HP, a bit old. I didn't change much in the setup of the SG 200-26P our of the box. Jumbo frames is disabled, RSTP is enabled, with Flooding for BPDU handling.
View 1 Replies
View Related
Apr 21, 2013
I have an end user who uses the Anyconnect VPN client to connect to our network through an ASA5510. He has a satellite ISP provider and is experiencing latency issues. Since latency issues are inherent with satellite services and since he has no other ISP alternative, any tweaks that may boost performance/reduce latency with his connection. Typcally, he sees slow performance and also network drives being intermittently available on his Windows 7 computer. he also has an internal wireless router at his home when he connects remotely. Performance when connected through a standard cable broadband connection is fine.
View 2 Replies
View Related
Jan 26, 2012
When I play games that are downloaded to my PC from Aeria games I run into intermittent latency. It happens every 6 minutes and last for about 4 minutes so for every ten minutes I get to play about 6 minutes. It only happens with Aeria games; all of them.Is this an issue with my connection to the server or is it possible that it is due to security software?
View 13 Replies
View Related
Jun 25, 2011
About two days ago my latency to games and when I ping sites such as google I would have about 20-30ms more than usual. But my ping is steady and doesnt fluctuate, so say I would normally have 70ms to a game server I would now get 100 or so. I have tried all the standard things such as as resetting my router but to no avail. Also nobody else is on the connection only me. Normally I would ping google and get a 19-21ms response time and now im getting about 36-38 screenshot below.
View 4 Replies
View Related
Dec 23, 2012
we just switched to a DIR-655 from a terrible Rosewill router a few weeks ago. We've been having some problems, and I've been trying desperatly to figure out what exactly is causing them so I can fix it.
Problem:
The router will periodically, and seemingly at random, dive into huge latency spikes. As of writing this, I am running a one thousand ping latency run from CMD, and I've watched response times go from 15ms average to 300ms average. The time of day seems irrelevant, as is what anyone on the network is doing. After a fresh restart of the router, everything runs smoothly for about 10 minutes, at which point everything goes ham.
Details:
I am using a DIR-655 D-Link router with a Cisco DPC3008 modem provided by Comcast.
Router P/N: BIR655ANA....B1
Router S/N: F35F5BC0019A777
Router Firmware: 2.10NA
Connection Type: DHCP
I've run the Modem directly into my PC, the connection is perfect. I've hard resetted multiple times, as well as run it with all of the above settings on/off. Updating the firmware does nothing. I've moved the router/modem apart so as not to cause signal interference.
Things I Can Try
I want to try running the router with wireless disabled to see if some sort of interference is being caused by the other computers on the network, or if one of them is hogging bandwidth.
I want to try running a program that can monitor or analyze each stage of the connection to see where the problem is.
I want to downgrade to an earlier firmware.
View 7 Replies
View Related
Mar 21, 2011
last weekend i configured HSRP on our default gateway(Cisco 2600) and now i have the problem that the latency is constantly at 3ms and from time to time it goes up to 10 ms. Is that something i should have expected or is there someting wrong with my configuration? The standby ip adresses are the same adresses as the router interfaces had before and the CPU utilization is at 10 % so i do not know what happend here. I atached the config file so if you need further information i will gladly provid it.
View 4 Replies
View Related
