Bandwidth Issue with Site-to-Site VPN

SOLVED
Eman
Here to help

Bandwidth Issue with Site-to-Site VPN

We are trying to set up a tunnel to a remote site that currently has a 100Mb symmetrical connection but when we put in the VPN the connection gives 85 down but only about 12 up. The main site has a 600 Mb symmetrical. We tried changing the MTU on a client machine at the remote location but it did not make a difference. This is set up as a full tunnel with all traffic exiting at the main site.

1 ACCEPTED SOLUTION

I upgraded to 14.38. That finally resolved the extremely slow traffic over the VPN tunnel.

View solution in original post

12 REPLIES 12
PhilipDAth
Kind of a big deal

How did you measure the speed?

PhilipDAth
Kind of a big deal

Also what model MX units are you using?

The remote is a MX67c and the main is a MX100. The speeds measured were using speedtest. The actual speeds within the network moving a file to and from remote and local machines was essentially unusable. We were able to pull the file at about 2MB/s but pushing it back from the remote was only moving at about 350KB/s. 

 

Update: We have put in a pair of WatchGuard T70's for the tunnel as a test and temporary until we can resolve the Meraki issue. These devices are having no issue with speeds.

PhilipDAth
Kind of a big deal

This really sounds like an MTU issue.  What did you try reducing the MTU down to on the client (or server)?  I would try an MTU of 1300.

 

I would use a proper speed test tool like iperf3 and test performance over just the VPN leg.

https://iperf.fr/iperf-download.php

 

What version of code is the MX67 running? I had found a major VPN bug in 14.37 and older for the MX67/68. My MX65 would do 120/12 all day long for tunnel traffic, swap for the MX68 and it barfed.

 

Any easy test is to enable split tunnel so internet speed tests are local, not over the tunnel. If you see improvements you know you are hitting the same bug, as the issue exists only the tunnel.

 

@Aaron_Wilson Was there a solution/fix for that issue you are referencing?

Nolan Herring | nolanwifi.com
TwitterLinkedIn

I upgraded to 14.38. That finally resolved the extremely slow traffic over the VPN tunnel.

Is the 14.38 production ready or still in beta?

NolanHerring
Kind of a big deal

14.39 is currently Stable release candidate, so I think you'll be safe going to that one.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

After upgrading to the 14.39 Stable release candidate our internal speed as measured by iperf doubled on the upload to the main site from 7.6MB/s to 15MB/s

Looking at the release notes for 14.38 there is no mention of VPN performance issues being addressed. 

Eman
Here to help

There is no mention of it in the release notes, but I can verify that it does make a difference in site-to-site VPN speeds.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels