cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
648
Views
0
Helpful
9
Replies

Do i need a new router?

edgar-quintana
Level 1
Level 1

Hi,

I've a new lmds 4mbps simetric connection.

I have a vpn with 2 cisco 1721

First (full of memory, vpn module and 3des encryption)This router is connected directly to the lmds device with a 4port wic

Second (full of memory, without vpn module 3des encryption)This router has a adsl 3mbps/512Kb.

I do not know but transfer rate is only 60-70-80KB..

This is the stat:

vpn1#show crypto engine accelerator statistic

C1700_EM:

ds: 0x82A94354 idb:0x82A908B8

Statistics for Virtual Private Network (VPN) Module:

914035 packets in 914035 packets out

27 paks/sec in 27 paks/sec out

112 Kbits/sec in 116 Kbits/sec out

0 packets decompressed 0 packets compressed

0 compressed bytes in 0 uncompressed bytes in

0 compressed bytes out 0 decompressed bytes out

0 packets bypass compression 0 packets abort compression

rx_no_endp: 0 rx_hi_discards: 0 fw_failure: 0

invalid_sa: 0 invalid_flow: 0 cgx_errors 0

fw_qs_filled: 0 fw_resource_lock:0 lotx_full_err: 0

null_ip_error: 0 pad_size_error: 0 out_bound_dh_acc: 0

esp_auth_fail: 0 ah_auth_failure: 0 crypto_pad_error: 0

ah_prot_absent: 0 ah_seq_failure: 0 ah_spi_failure: 0

esp_prot_absent:0 esp_seq_fail: 0 esp_spi_failure: 0

obound_sa_acc: 0 invalid_sa: 0 out_bound_sa_flow: 0

invalid_dh: 0 bad_keygroup: 0 out_of_memory: 0

no_sh_secret: 0 no_skeys: 0 invalid_cmd: 0

dsp_coproc_err: 0 comp_unsupported:0 pak_too_big: 0

pak_mp_length_spec_fault: 0

tx_lo_queue_size_max 2 cmd_unimplemented: 0

32853 seconds since last clear of counters

Interrupts: Notify = 533255, Reflected = 521840, Spurious = 0

cgx_cmd_pending:0 packet_loop_max: 240 packet_loop_limit: 512

WHY?

Is the sender not potent enough?

9 Replies 9

wong34539
Level 6
Level 6

To display the statistics and error counters for the onboard hardware accelerator of the router for IP Security (IPSec) encryption, use the show crypto engine accelerator statistic command in privileged EXEC mode and I think you need a router.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017cf1d

The link you gave did not work

Richard Burts
Hall of Fame
Hall of Fame

Edgar

There might be a couple of things that are impacting the throughput. I would take a look at the link capacity of the second router. I wonder if the mismatch between its capacity (3mbps/512Kb) is part of the issue. But I suspect that the major issue is that the second router does not have the VPN acceleratoin module. This means that all of the processing for encryption and decryption must be done in software. The 1721 is not a particularly strong router and doing the encryption and decryption in software would tend to bog it down.

HTH

Rick

HTH

Rick

Hi,

I have installed a vpn module for my 1721

Edgar

If both routers now have the VPN module then I would expect performance to improve. Please let us know what happens.

HTH

Rick

HTH

Rick

Hi,

This is our scenario:

-Headquarters with a 1721 (64mb memory module,vpn module wic 1adsl and wic 4 port lan) running IOS c1700-k9o3sy7-mz.124-8a.bin

Office A with a same 1721.. same hard(only wic 1adsl installed) same IOS version

Office B 837 nothing improved and IOS c837-k9o3sy6-mz.124-10a.bin

Between Headquarters and A and Heardquarters and B is a VPN 3des ipsec stablished nothung between A-B.

A and B have 3mbps adsl and Headquarters 4mbps lmbs connection.

From this ftp.rediris.es lmds makes 430KB/s and adsl 3mbps 310-320KB/s.

In headquarters, a ftpserver under linux is configured and connected from A and B ... B gives 130KB/s--160KB/s

If ths ftpserver is configured under windows 2003r2 at headquarters this rates goes down to 60KB/s or 70KB/s

I dont know if the slow problem is the router which can not send as quickly as lmds or config or ios incorrect version... I do not know

Edgar

Maybe I am not understanding something correctly. But it sounds to me like you are saying that at headquarters if you use a linux server for FTP then A and B get 130 to 160 KBs. But if you use a Windows server at headquarters for FTP then A and B get only 60 or 70 KBs. If that is the correct understanding then the issue is not anything in the router. The issue is that the performance of the Windows server is worse than the performance of the linux server.

HTH

Rick

HTH

Rick

This is the first thing...

If both are power servers, I do not know why occurs this.

Second one is... using a linux ftp server I do not know why the rate is only 150-160Kb/s when it would be at least 200..250KB/s or more the middle of a ldms connection

why?

hi,

I ve been doing probes with/without encription and with/withoutintegrity

There is the same velocity (140-150KB/s) using esp_3des-md5-hmac or des-nothing or esp_null-md5-hmac

Then... where is the problem where is the problem? the 1721 is not stronger enough?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: