SCP throughput

Unanswered Question
Nov 29th, 2009

I have been transferring files using SCP over our WAN.  My configuration consist of an IPSEC tunnel and a physical IP encryption device therefore I could possibly have problems with MTU settings but haven't identified any at this time.  My servers are connected via 1Gb links and the WAN consists of 10Gb links and a OC-192 backbone.  I'm having a problem determining what transfer rates I should expect to see.  I'm wondering what are the limitations of SCP.  From my source server to my destination server I have about 15 to 20 ms delay.  On average I'm getting transfer rates of approx. 5-8MB/s in one direction and 1-3MB/s in the other direction.  Any idea if these transfer rates are reasonable?   I was thinking that I should get upwards of 30MB/s transfer rates.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Reza Sharifi Sun, 11/29/2009 - 16:24

Have you compared SCP to FTP by transferring a file with the same size?  The reason is that since SCP uses a 3DES encryption algorithm, it is process intensive and slow.  You also have IPsec which has its own overhead and also a physical IP encryption device which also adds more overhead.



ppalmerjr Sun, 11/29/2009 - 16:46

I have tried FTP and the times (as expected are better) but I'm really just not sure of what rates I should expect when transferring files over the WAN.  When I transfer files locally (<1ms delay) I get rates close to 40MB/s.  When transferring over the WAN (17ms delay) I can only get rates of 5-8MB/ this expected behavior because of TCP acknowlegements or is there a possible issue on my WAN?

I also tried changing the cypher to arcfour which is supposed to be the lowest overhead encryption when using SCP but this didn't increase my speeds.  Another weird thing is that I'm getting much faster rates in one direction than another.

I'm really trying to find out if this is a problem and where I should point as the culprit...either the server configuration or the network.  You know its the normal story right now of the server guys pointing to the network and the network guys pointing to the server :-)


Paolo Bevilacqua Mon, 11/30/2009 - 04:10

What exactly are the ipsec and "ip encryption" devices?

If not Cisco, you should complain the the respective vendor, not here.

ppalmerjr Mon, 11/30/2009 - 10:35

The IPSEC device is a Cisco and the IP encryption if a third party vendor.

Just to be clear, I am not "complaining" I am just trying to get a ball park figure of what sort of transfer rates I should expect to see.


This Discussion