Slow throughput on CCR1009-8G-1S-1S+

Hi,

I have a CCR1009-8G-1S-1S+ doing the primary job of terminating L2TP connections and passing this traffic to our upstream carrier, some NATd some routed using public IPs.

Everything works and the setup is stable on v6.37.1

I seem to be seeing some issues with throughput and am struggling to troubleshoot what the root cause may be. The CCR is setup as:

eth1 - Uplink to internet transit (1GBps copper)
eth2 - Uplink to server (1GBps copper)
sfp1 - Uplink to private peering (1GBps fibre)

We take traffic in on private peer and route out to internet on eth1.

Using the bandwidth test to btest.planetcoop.com I get tx/rx figures in the +800Mbps range which is what I would expect. On the default bridge configure with eth2 I see throughput of around 35Mbps/10Mbps using online speed tests and public iPerf servers

I have double checked MTU on interface facing transit is set to 1500, and no errors are observed on any interface. All clients seem to exhibit the same symptom - both private IP NAT’d out to internet or public IP routed to internet.

CPU usage is alway below 5% and my firewall has 50 rules in it - I have no QOS setup.

Any suggestions on where I should focus on to resolve?

Thanks,
PK

Got to the bottom of this - VMQ needed to be disabled on the HyperV box. Once this was done and the server was restarted speed tests are at normal speeds.

Is this L2TP/IPsec? In that case, update to 6.39.2, it fixes a re-ordering problem in the IPsec accelleration that
can severely reduce throughput on TCP implementations that do not like re-ordered packets (MS Windows).

No the L2TP is not using IPSEC - it is a feed from a mobile network, one session per device. We terminate this and assign a public or private IP depending on use and transit this out via the data centre transit connection.

We will be adding another CCR1009 and do BGP to the DC provider for our own IP range in the next month so at this time I will update to the latest ROS.

Thanks,
PK