1. Home
  2. Cisco Systems
  3. Bonding rethink

Bonding rethink

I've been recently trying to improve bandwidth to a remote site with mixed results.

At my head office I have a full duplex 8Mbps uncontented Internet connection and at the remote site I've got access to multiple ADSL-based Internet connections.

I've initially tried connecting a pair of basic DSL routers into two Fastethernet interfaces on the 2600 at the remote site and then established two GRE tunnels back to a 3745 at the head office. I've then established IPSEC for the GRE traffic and configured identical routes at both ends. While I've managed to get traffic passing over both DSL links, the performance has not been especially impressive.

I'm wondering whether the basic design is optimal and whether anyone on the list has taken different approaches.

One additional complication is that the branch site is not in a fixed location - it basically moves to several sites in a few countries and so I need an option that's ISP agnostic...

Cheers in advance, Chris

Reply to
Can2002
Loading thread data ...

Chris -

Take a look at CEF per-packet load balancing and/or turning off route caching. Turning off route caching & CEF will result in increased CPU load, and most likely your throughput will be limited by that factor. In addition IPSEC traffic on a 2600 will peak at about 1000Kbps without a hardware accelerator chip.

This might also be what is affecting your performance.

Take a look at this old web page...it is for T1s, but some of the principles are the same.

formatting link
Do you have two route statements of eqaul metric to your destination IP address? I believe this might help as well. I've used EIGRP over GRE tunnels to do this successfully.

Michael

Can2002 wrote:

Reply to
Kitingfox

Optimized Edge Routing should do the trick:-

formatting link
James

Reply to
James

formatting link

Reply to
Kitingfox

formatting link
>

Reply to
James

Hi Michael,

Thanks for the response, I was away for a few days, hence the delayed response.

I did try switching off route caching and wonder now whether I was seeing a throughput limitation on the 2600. I've got a 3640 spare too so I may give that a try instead.

I did have a pair of static routes with equal metrics, I will definitely take a look at that page.

Thanks again for your feedback, Chris

Reply to
Can2002

Chris -

Do you run MRTG on this router to see the throughput on both of the links? That would be a worthwhile endeavor. You can also monitor CPU (I can send you a sample config page if you need one).

Do a show proc cpu and see what your CPU is like and also if your encryption process is upwards of 30% CPU or more...that would mean that it is the encryption process that is taking all of your CPU and limiting your throughput. Remember that the most IOS can do with software IPSec is about 1 megabit total encrypted throughput.

I just swapped a 2621 for a 3640 the other day and found that without a hardware encryption module we were still having throughput problems. This was a 2621 balancing 4 t1s, rather than just 2.

Good luck!

Michael

Can2002 wrote:

Reply to
Kitingfox

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.