[c-nsp] Pix to Pix tunnel performance w/Windows File Sharing

Church, Chuck cchurch at netcogov.com
Thu Feb 17 14:31:25 EST 2005 

You could try correcting that.  Another thing I thought of is you're
using multiple links.  Are you doing per-packet load balancing?  Not
sure how the Pix's would respond to out of order IPSec packets.  'sh cry
ips sa' should tell you.   


Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
cchurch at netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D


-----Original Message-----
From: Tony Mucker [mailto:Tony at tonymucker.com] 
Sent: Thursday, February 17, 2005 11:04 AM
To: Tony Mucker
Cc: Church, Chuck; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Pix to Pix tunnel performance w/Windows File
Sharing

It would appear I spoke to soon.  I didn't see any re-transmits under 
the netstat while I was using Linux, but I am seeing them in the 
Ethereal dump I just did.  Looks like the MTU on one of the routers 
(both using MultiLink Framerelay) is at 1500 while the other is at 4470.

Tony Mucker wrote:

>Thanks for the pointers Chuck.  The TFTP session was less than stellar.

>It was even worse than the Windows file sharing, averaging about 
>12KB/sec.  I didn't see any re-transmits during the Windows/SMB file 
>transfer either.  I did an SCP transfer, and that flew.  Using SCP I
was 
>able to max out the T1 bundle.
>
>Church, Chuck wrote:
>
>  
>
>>Sounds like an MTU issue (keep in mind the IPSec overhead).  VNC I
>>assume uses UDP.  File transfers in Windows would be TCP.  Try putting
a
>>TFTP server on one machine, and pulling a file across.  (A tftp client
>>comes with W2K and above).  If UDP flies and TCP doesn't, it sounds
like
>>a windowing problem caused by the MTU.  Netstat -s will show you
>>re-transmits on the windows devices.  Might want to watch them during
>>transfers.
>>
>>
>>Chuck Church
>>Lead Design Engineer
>>CCIE #8776, MCNE, MCSE
>>Netco Government Services - Design & Implementation
>>1210 N. Parker Rd.
>>Greenville, SC 29609
>>Home office: 864-335-9473
>>Cell: 703-819-3495
>>cchurch at netcogov.com
>>PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
>>
>>
>>
>> 
>>
>>    
>>
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>  
>

More information about the cisco-nsp mailing list