DMVPN and FTP issue

Unanswered Question
Oct 25th, 2008

Hi,

Using DMVPN phase 3, using one Cisco 3845 as a hub and one Cisco 2851 as Spoke, connected to MPLS cloud CE routers that belong to provider and we have no access to them-

For testing the line, we use the ping and works with no problem with no drops and with latency of 8 ms from the Ottawa Hub to Montreal spoke.

But when we start FTP session with size of the file equal to 16 meg, the FTP paused for at least 4 seconds and we notice that the ping "from Ottawa to Montreal using the same laptop as FTP" latency was going from 80 ms to 145 ms with TTL=126.

To troubleshoot we :

1) Checked the speed and duplex with the provider "CE routers", all are OK "no errors and collisions on their interfaces and the same on our C routers".

2) Connected our laptop directly to CEs in Ottawa and Montreal and did FTP worked with no pause and no lost of the connection where doing the ping and the latency was the same going from 80 ms to 145 ms. We know now that the problem is in our side in the "Hub and Spoke" routers.

3) Remove these commands in the tunnel0 in our Hub and spoke with no success "Still losing connection when doing FTP"

no ip tcp adjust-mss 1360

no ip mtu 1400

I attached the configs of the Hub and spoke.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tmesbah Sat, 10/25/2008 - 09:25

Thanks Giuseppe. Did I need to do this change inside the Tunnel o interface

Thanks

Giuseppe Larosa Sat, 10/25/2008 - 10:07

Hello Tayeb,

do the change inside the tunnel interface on both ends (hubs and spokes)

Hope to help

Giuseppe

tmesbah Sat, 10/25/2008 - 17:05

Thanks Guiseppe. I will try it tomorow, we have a power shutdown on the complex today.

Is this tunning -MTU and MSS- will be done regardeless of the interface bandwidth. We have 3 Meg in spoke and 30 Meg on the Hub.

Thanks

tmesbah Sun, 10/26/2008 - 08:24

Did change the MTU to 1380 and MSS to 1340 and did not fix our problem !!!!! still losing ping while doing ftp.

Any other suggestions

Giuseppe Larosa Sun, 10/26/2008 - 13:20

Hello Tayeb,

I've given you the right link but a little wrong info

120 bytes should be the overhead in transport mode

It is 140 bytes in tunnel mode (the default mode)

to configure transport mode:

crypto ipsec transform-set XXXX_transform_set esp-aes 256 esp-sha-hmac

mode transport

take care that you have AES 256 so probably you need to reduce more

256 bits are 32 byte

the calculations in the SRND were done for 3DES.

3DES = 56*3 = 168 bits

AES 256 uses 11 bytes more

Use

int tunnel 10

ip mtu 1340

ip tcp mss-adjust 1300

Hope to help

Giuseppe

tmesbah Sun, 10/26/2008 - 09:12

Did change the MTU to 1380 and MSS to 1340 and did not fix our problem !!!!! still losing ping while doing ftp.

Any other suggestions

Actions

This Discussion