Why MTU sizes are different on the same interface?

Unanswered Question
Apr 22nd, 2009
User Badges:

MYRO#show ip int tu0

Tunnel0 is up, line protocol is up

Internet address is 10.10.110.22/30

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1395 bytes

!

MYRO#show int tu0

Tunnel0 is up, line protocol is up

Hardware is Tunnel

Description: IPSec VTI to HIM via SibirTCOMM

Internet address is 10.10.110.22/30

MTU 1514 bytes, BW 512 Kbit/sec, DLY 500000 usec,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Wed, 04/22/2009 - 11:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Tim


Your outputs are a generic show interface and a show ip interface. Would I be correct is assuming that the tunnel interface included a config command of ip mtu 1395?


I believe that the difference that you are seeing is the difference between the physical interface MTU and the MTU used by IP processing on that interface.


HTH


Rick

SludnevTN_2 Wed, 04/22/2009 - 11:36
User Badges:

Thank you Rick.

Here is tunnel configuration

MYRO#show run int tu0

Building configuration...


Current configuration : 267 bytes

!

interface Tunnel0

description IPSec VTI to HIM via SibirTCOMM

bandwidth 512

ip address 10.10.110.22 255.255.255.252

qos pre-classify

tunnel source 87.103.133.13

tunnel destination 89.175.97.74

tunnel mode ipsec ipv4

tunnel protection ipsec profile KM4

!

What I am trying to find out:

As you see this is the tunnel from point A to point B via Internet.

I am experiencing a low rate smb file transfers (20 - 40 kbytes/sec - or 160 Kbits/s - 255 Kbits/s).

Point A Internet bandwidth 10 Mbit/s; C3845

Point B Internet bandwidth 512 Kbit/s; C2621XM

But why it is so slow? I am expecting file transfer about 60 Kbyte/s or 480 Kbit/s. Is it encryption overhead?

Richard Burts Wed, 04/22/2009 - 11:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Tim


I would guess that it is primarily the encryption overhead. Would I be correct in assuming that the 2621XM (and perhaps the 3845) does not have the module (AIM or VPN module) for the hardware assist with encryption processing? If the encryption processing is being done in the router CPU there is likely to be a performance hit while doing this.


[edit] I see that there is not an ip mtu command as I had thought there might be. But I am pretty sure that this is being done automatically as a result of the tunnel protection ipsec processing.


HTH


Rick

SludnevTN_2 Wed, 04/22/2009 - 11:56
User Badges:

Rick, is it possible to speed up file transfers?

MYRO#show inventory

NAME: "2621XM chassis", DESCR: "2621XM chassis"

PID: C2621XM-2FE , VID: 1.0, SN: JAE073000HE


NAME: "Voice AIM with 4 DSPs 0", DESCR: "Voice AIM with 4 DSPs"

PID: 59-03 , VID: 1.0, SN: JAE07220ZZC

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

HIM#show inventory

NAME: "3845 chassis", DESCR: "3845 chassis"

PID: CISCO3845 , VID: V01 , SN: FCZ094872UH


NAME: "c3845 Motherboard with Gigabit Ethernet on Slot 0", DESCR: "c3845 Motherboard with Gigabit Ethernet"

PID: CISCO3845-MB , VID: V03 , SN: FOC0945267B


NAME: "4 Port FE Switch on Slot 0 SubSlot 0", DESCR: "4 Port FE Switch"

PID: HWIC-4ESW , VID: V01 , SN: FOC11122SRN


NAME: "One port E1 voice interface daughtercard on Slot 0 SubSlot 1", DESCR: "One port E1 voice interface daughtercard"

PID: VWIC-1MFT-E1= , VID: 1.0, SN: 35568679


NAME: "PVDMII DSP SIMM with four DSPs on Slot 0 SubSlot 4", DESCR: "PVDMII DSP SIMM with four DSPs"

PID: PVDM2-64 , VID: NA , SN: FOC09430DHX

Yes, there is no ip mtu command. I think this is not necessary. Am I correct?

SludnevTN_2 Wed, 04/22/2009 - 12:05
User Badges:

Also, I am monitoring file transfer in WIRE-SHARK.

I see a lot TCP retransmits.

Блять нахуй заебало все, спать пойду.

Richard Burts Wed, 04/22/2009 - 12:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Tim


If you add the hardware accelerator to the routers I believe that it would speed up the file transfers. This link discusses the hardware accelerator for the 2621XM:

http://www.cisco.com/en/US/prod/collateral/routers/ps259/product_data_sheet0900aecd800fa5be.html

and look for references to AIM-VPN


This link discusses the hardware accelerator for the 3845:

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers_ps5855_Products_Data_Sheet.html

and again look for references to AIM-VPN


HTH


Rick

Richard Burts Wed, 04/22/2009 - 12:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Tim


I now see your post which says you are monitoring with wireshark. If you are seeing lots of TCP retransmits then these would also impact the performance of the file transfer.


I am a bit puzzled about this. If the router is using IPSec to protect traffic through the tunnel, then I would expect that wireshark would see IPSec traffic using the ESP protocol rather than using TCP traffic.


HTH


Rick

Richard Burts Wed, 04/22/2009 - 12:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Tim


Monitoring the inside interface would certainly explain why you are seeing TCP rather than ESP.


If there are TCP retransmissions they would impact the performance of the file transfer. And I am not sure that the hardware assist for encryption would change anything about the retransmissions.


HTH


Rick

Actions

This Discussion