vpn/ipsec loss of packets with iperf
flurkiz
Registered Users Posts: 1 ■□□□□□□□□□
in CCNA & CCENT
Hi all,
I'm trying to learn vpn using ipsec. I have two routers directly connected and have managed to establish an ipsec vpn connection (can ping both ways, and wireshark show the expected traffic, the router logs tell me the traffic is encrypted).
Everything works fine, except when I try to measure the throughput using iperf. I connect two laptops - one to each router - and run iperf between them. The tcp test seems to work fine but the udp test is strange because the bandwidth drops to zero, and the packet loss is extreme.
This is the UDP test, done using
This is the TCP test, done using
Any idea why UDP bandwidth drops? I know that UDP is stateless and that this will cause some packet loss but I'm surprised it is this high, and above all I cannot grasp why the bandwidth gets lower and lower rather than staying at the same level (even if it would be low).
Any help would be highly appreciated!
(Post had been edited to include the code snippets.)
I'm trying to learn vpn using ipsec. I have two routers directly connected and have managed to establish an ipsec vpn connection (can ping both ways, and wireshark show the expected traffic, the router logs tell me the traffic is encrypted).
Everything works fine, except when I try to measure the throughput using iperf. I connect two laptops - one to each router - and run iperf between them. The tcp test seems to work fine but the udp test is strange because the bandwidth drops to zero, and the packet loss is extreme.
This is the UDP test, done using
iperf3 -c 192.168.240.10 -u -b 100M
----------------------------------------------------------- Accepted connection from 192.168.241.10, port 49291 [ 5] local 192.168.240.10 port 5201 connected to 192.168.241.10 port 60305 [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 5] 0.00-1.00 sec 344 KBytes 2.82 Mbits/sec 55.062 ms 25/68 (37%) [ 5] 1.00-2.00 sec 192 KBytes 1.57 Mbits/sec 40.821 ms 1189/1213 (98%) [ 5] 2.00-3.00 sec 224 KBytes 1.84 Mbits/sec 31.882 ms 1507/1535 (98%) [ 5] 3.00-4.00 sec 208 KBytes 1.70 Mbits/sec 36.552 ms 1463/1489 (98%) [ 5] 4.00-5.00 sec 208 KBytes 1.70 Mbits/sec 35.369 ms 1508/1534 (98%) [ 5] 5.00-6.00 sec 192 KBytes 1.57 Mbits/sec 41.073 ms 1488/1512 (98%) [ 5] 6.00-7.00 sec 192 KBytes 1.57 Mbits/sec 40.673 ms 1500/1524 (98%) [ 5] 7.00-8.00 sec 200 KBytes 1.64 Mbits/sec 39.240 ms 1523/1548 (98%) [ 5] 8.00-9.00 sec 216 KBytes 1.77 Mbits/sec 34.439 ms 1482/1509 (98%) [ 5] 9.00-10.00 sec 200 KBytes 1.64 Mbits/sec 38.041 ms 1536/1561 (98%) [ 5] 10.00-11.00 sec 80.0 KBytes 655 Kbits/sec 108.943 ms 1499/1509 (99%) [ 5] 11.00-12.00 sec 0.00 Bytes 0.00 bits/sec 108.943 ms 0/0 (-nan%) [ 5] 12.00-13.00 sec 0.00 Bytes 0.00 bits/sec 108.943 ms 0/0 (-nan%) [ 5] 13.00-14.00 sec 0.00 Bytes 0.00 bits/sec 108.943 ms 0/0 (-nan%) [ 5] 14.00-14.77 sec 0.00 Bytes 0.00 bits/sec 108.943 ms 0/0 (-nan%) - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 5] 0.00-14.77 sec 118 MBytes 67.1 Mbits/sec 108.943 ms 14720/15002 (98%) -----------------------------------------------------------
This is the TCP test, done using
iperf3 -c 192.168.240.10
----------------------------------------------------------- Accepted connection from 192.168.241.10, port 49292 [ 5] local 192.168.240.10 port 5201 connected to 192.168.241.10 port 49293 [ ID] Interval Transfer Bandwidth [ 5] 0.00-1.00 sec 2.14 MBytes 18.0 Mbits/sec [ 5] 1.00-2.00 sec 3.01 MBytes 25.3 Mbits/sec [ 5] 2.00-3.00 sec 2.96 MBytes 24.8 Mbits/sec [ 5] 3.00-4.00 sec 2.88 MBytes 24.2 Mbits/sec [ 5] 4.00-5.00 sec 2.94 MBytes 24.7 Mbits/sec [ 5] 5.00-6.00 sec 2.98 MBytes 25.0 Mbits/sec [ 5] 6.00-7.00 sec 2.97 MBytes 25.0 Mbits/sec [ 5] 7.00-8.00 sec 2.94 MBytes 24.7 Mbits/sec [ 5] 8.00-9.00 sec 2.82 MBytes 23.6 Mbits/sec [ 5] 9.00-10.00 sec 2.98 MBytes 25.0 Mbits/sec [ 5] 10.00-10.23 sec 758 KBytes 27.0 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 5] 0.00-10.23 sec 29.4 MBytes 24.1 Mbits/sec sender [ 5] 0.00-10.23 sec 29.4 MBytes 24.1 Mbits/sec receiver -----------------------------------------------------------
Any idea why UDP bandwidth drops? I know that UDP is stateless and that this will cause some packet loss but I'm surprised it is this high, and above all I cannot grasp why the bandwidth gets lower and lower rather than staying at the same level (even if it would be low).
Any help would be highly appreciated!
(Post had been edited to include the code snippets.)
Comments
-
james43026
Member Posts: 303 ■■□□□□□□□□
I don't think enough info was provided. I can try to help further if you can provide more info. Is IPSEC running in tunnel or transport mode? Can you post the full configs between the routers / ASA's that you are running IPSEC on? If not then at least tell us if you have any ACL's / firewalls that you have setup on either device, and the details on them.