I've a new lmds 4mbps simetric connection.
I have a vpn with 2 cisco 1721
First (full of memory, vpn module and 3des encryption)This router is connected directly to the lmds device with a 4port wic
Second (full of memory, without vpn module 3des encryption)This router has a adsl 3mbps/512Kb.
I do not know but transfer rate is only 60-70-80KB..
This is the stat:
vpn1#show crypto engine accelerator statistic
ds: 0x82A94354 idb:0x82A908B8
Statistics for Virtual Private Network (VPN) Module:
914035 packets in 914035 packets out
27 paks/sec in 27 paks/sec out
112 Kbits/sec in 116 Kbits/sec out
0 packets decompressed 0 packets compressed
0 compressed bytes in 0 uncompressed bytes in
0 compressed bytes out 0 decompressed bytes out
0 packets bypass compression 0 packets abort compression
rx_no_endp: 0 rx_hi_discards: 0 fw_failure: 0
invalid_sa: 0 invalid_flow: 0 cgx_errors 0
fw_qs_filled: 0 fw_resource_lock:0 lotx_full_err: 0
null_ip_error: 0 pad_size_error: 0 out_bound_dh_acc: 0
esp_auth_fail: 0 ah_auth_failure: 0 crypto_pad_error: 0
ah_prot_absent: 0 ah_seq_failure: 0 ah_spi_failure: 0
esp_prot_absent:0 esp_seq_fail: 0 esp_spi_failure: 0
obound_sa_acc: 0 invalid_sa: 0 out_bound_sa_flow: 0
invalid_dh: 0 bad_keygroup: 0 out_of_memory: 0
no_sh_secret: 0 no_skeys: 0 invalid_cmd: 0
dsp_coproc_err: 0 comp_unsupported:0 pak_too_big: 0
tx_lo_queue_size_max 2 cmd_unimplemented: 0
32853 seconds since last clear of counters
Interrupts: Notify = 533255, Reflected = 521840, Spurious = 0
cgx_cmd_pending:0 packet_loop_max: 240 packet_loop_limit: 512
Is the sender not potent enough?
To display the statistics and error counters for the onboard hardware accelerator of the router for IP Security (IPSec) encryption, use the show crypto engine accelerator statistic command in privileged EXEC mode and I think you need a router.
There might be a couple of things that are impacting the throughput. I would take a look at the link capacity of the second router. I wonder if the mismatch between its capacity (3mbps/512Kb) is part of the issue. But I suspect that the major issue is that the second router does not have the VPN acceleratoin module. This means that all of the processing for encryption and decryption must be done in software. The 1721 is not a particularly strong router and doing the encryption and decryption in software would tend to bog it down.
If both routers now have the VPN module then I would expect performance to improve. Please let us know what happens.
This is our scenario:
-Headquarters with a 1721 (64mb memory module,vpn module wic 1adsl and wic 4 port lan) running IOS c1700-k9o3sy7-mz.124-8a.bin
Office A with a same 1721.. same hard(only wic 1adsl installed) same IOS version
Office B 837 nothing improved and IOS c837-k9o3sy6-mz.124-10a.bin
Between Headquarters and A and Heardquarters and B is a VPN 3des ipsec stablished nothung between A-B.
A and B have 3mbps adsl and Headquarters 4mbps lmbs connection.
From this ftp.rediris.es lmds makes 430KB/s and adsl 3mbps 310-320KB/s.
In headquarters, a ftpserver under linux is configured and connected from A and B ... B gives 130KB/s--160KB/s
If ths ftpserver is configured under windows 2003r2 at headquarters this rates goes down to 60KB/s or 70KB/s
I dont know if the slow problem is the router which can not send as quickly as lmds or config or ios incorrect version... I do not know
Maybe I am not understanding something correctly. But it sounds to me like you are saying that at headquarters if you use a linux server for FTP then A and B get 130 to 160 KBs. But if you use a Windows server at headquarters for FTP then A and B get only 60 or 70 KBs. If that is the correct understanding then the issue is not anything in the router. The issue is that the performance of the Windows server is worse than the performance of the linux server.
This is the first thing...
If both are power servers, I do not know why occurs this.
Second one is... using a linux ftp server I do not know why the rate is only 150-160Kb/s when it would be at least 200..250KB/s or more the middle of a ldms connection
I ve been doing probes with/without encription and with/withoutintegrity
There is the same velocity (140-150KB/s) using esp_3des-md5-hmac or des-nothing or esp_null-md5-hmac
Then... where is the problem where is the problem? the 1721 is not stronger enough?