Documente Academic
Documente Profesional
Documente Cultură
1
About test
The main purpose of this examination was to find out the router performance in Layer 2 tunnel mode during
transmission of packets with different length. Some background information is present in document also for better
understanding.
Measured L1 Rate [Mbps] results in tables are rounded. However, it is sufficient for the review. A more accurate value
you can get out from Frame Measured Rate.
For example: for 64-Byte frames L1 Rate is 14,9 Mbps and frame rate is 22172 frames per seconds, In this case
14,9Mbps is rounded. A more accurate value is 22172 [frames/s] x 84 [bytes on wire] x 8 [bits in byte] =
14.899584Mbps.
Background
Each layer have own unit of measure.
PDU – Protocol Data Unit
Layer 1 Physical Layer - Bit
Layer 2 Data Link Layer - Frame
Layer 3 Network Layer - Packet
Destination Source
Preamble Ethertype Payload CRC-32 Interframe gap
MAC MAC
8 Bytes 6 Bytes 6 Bytes 2 Bytes 46 - 1500 Bytes 4 Bytes 12 Byte times
2
Maximum throughput
The inter frame gap is inserted between frames during transmitting (Figure 2)
#4 #3 #2 #1 Frames
Interframe gap
12 Byte times
Preamble 8 Bytes + Destination MAC 6 Bytes + Source MAC 6 Bytes + Ethertype 2Bytes + Payload 1500 bytes + FCS 4
Bytes + Inter frame Gap “12 Bytes” = 1538 Bytes. In this way 1538 bytes are needed to transmit 1518 bytes untagged
frame.
Layer 3 maximum throughput can’t reach 100% wire speed and depends from packet length.
1538 Bytes are needed for transmitting 1500 bytes of L3 data -> 1500/1538*100% = 97,53% @ untagged frame.
84 Bytes are needed for transmitting 46 bytes of L3 data -> 64/84*100% = 76,19% @ untagged frame.
L2TP encapsulation
3
Performance test
L2 Tunnel topology
Cisco 892 router has 2 routed ports and 8-port LAN switch. SVI is configured for creation of 3rd routed port.
Connections Fa7-Fa7 and Gi0-Gi0 are tunnels and must have Layer 3 MTU 1538 bytes (1500 + 38 bytes L2TP overhead).
SVI MTU by default is 1514 bytes. It included L3 packet 1500 bytes + L2 MAC header 14 bytes and without CRC.
Because SVI involved in tunneling, then MTU must be 1552 bytes (1538 + 14).
NB! Bug with MTU was found during SVI testing. It described below.
Router R1
interface FastEthernet8
no ip address
xconnect 2.2.2.2 123 encapsulation l2tpv3 manual pw-class L2_TUNNEL <- define xConnect
l2tp id 10 20 <- define tunnel session ID
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface GigabitEthernet0
mtu 1538 <- tunnel MTU
ip address 192.168.2.1 255.255.255.0
interface FastEthernet7
switchport access vlan 100
mtu 1538 <- tunnel MTU
interface Vlan100
mtu 1552 <- tunnel MTU
ip address 192.168.1.1 255.255.255.0
4
router bgp 10 <- BGP configuration
bgp router-id 1.1.1.1
bgp log-neighbor-changes
redistribute connected
neighbor 192.168.1.2 remote-as 20
neighbor 192.168.2.2 remote-as 20
neighbor 192.168.2.2 weight 10 <- path via Gi0 is preferred (primary)
no auto-summary
Router R2
interface FastEthernet8
no ip address
xconnect 1.1.1.1 123 encapsulation l2tpv3 manual pw-class L2_TUNNEL <- define xConnect
l2tp id 20 10 <- define tunnel session ID
interface Loopback0
ip address 2.2.2.2 255.255.255.255
interface GigabitEthernet0
mtu 1538 <- tunnel MTU
ip address 192.168.2.2 255.255.255.0
interface FastEthernet7
switchport access vlan 100
mtu 1538 <- tunnel MTU
interface Vlan100
mtu 1552 <- tunnel MTU
ip address 192.168.1.2 255.255.255.0
The #sh processes cpu sorted 1min and #sh processes cpu history were used for CPU statistics
gathering. Please see the example below:
5555555555555555555555556666655555555555555511111 333332
777777777666666666666666333336666666666666669999911111333339
100
90
80
70
60 ********************************************
50 ********************************************
40 ********************************************
30 ******************************************** ******
20 ************************************************* ******
10 ************************************************* ******
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
CPU% per second (last 60 seconds)
The CPU utilization for five seconds: 57%/55%; should be read as "Total CPU usage"/"CPU Usage Caused by traffic".
5
Test results
You can see that performance fell fast for 1518-byte frames. It was strange. I began to look for the cause and saw some
interesting information.
6
I began to capture traffic with Wireshark.
For start, frames are captured for the path through the Gi0 interfaces.
Frame size 1518 bytes. Wireshark shows 1514 bytes – without CRC. Payload pattern is 0xAA. Each frame contains 4
bytes (red selection) in the end of DATA.
2. Frame from R1 to R2 through interface Gi0 (Figure 6). MTU 1552 bytes.
7
MTU is correct. New MAC header 14bytes + New IP header 20 bytes + L2TP header 4 bytes + Original frame
without CRC 1514 bytes = 1552 bytes (without CRC). Each frame contains 4 bytes (red selection) in the end of
DATA.
3. Frames from R2 to tester 2, from Tester 2 to R2, from R2 to R1 and from R1 to Tester 1.
Frames are correct and have right MTU. In general, changing the frame size is shown in Figure 7.
Figure 7. Frame length change during transmission thru tunnel (via Gi0)
Next step, frames are captured for the path through the Fa7 interfaces.
8
Figure 8. L2TP frame. Path through Fa7
NB! But further steps are an anomaly. In general, changing the frame size is shown in Figure 9.
Figure 9. Frame length change during transmission through tunnel (via Fa7)
9
NB! This anomaly starts only from frame length 1493 bytes with CRC (1489 without CRC). Frames with length up to
1492 bytes are forwarded correctly.
Added DATA is shown in yellow frame in Figure 10. These 4 bytes are outside of the Layer 3 packet length.
Please note, my NIC card sends frames without CRC to Windows and Wireshark also. Wireshark shows a value
“bytes on wire” without 4 bytes of CRC.
Wireshark decodes frame and sees that length of Layer 3 payload is 1500 bytes. But additional bytes are
present after End of packet. Wireshark thinks that they are CRC and starts check it. Check fails, because these
bytes are not Layer 2 CRC. Warning message is shown [Ethernet Frame Check Sequence Incorrect].
7. Frames from R2 to R1
Next step. Tester 2 receives frames with inserted 4 bytes from R2, and sends them back toward Tester1.
Because incoming port Fa8 is tunnel port, Router 2 does not check any Layer 3 payload. Router encapsulates
all incoming bytes into L2TP packet and forward to Router R1 via tunnel. This procedure does not add
additional bytes (Figure 11).
10
Figure 11. L2TP frame. Direction from R2 to R1. Tunnel through Fa7.
11
Figure 12. Frame with additional 8 bytes.
Tester receives long frames but ignores any data after End of Packet. This is same situation as padding is ignored for
short packets. In this case tester does not show error or lost packets. Only can be seen in the tester that the received
frames are recognized as >1518/1526, but must be as 1024-1518/1526.
MTU tuning
MTU are increased for Fa7 and VLAN 100 interfaces - 1542 bytes for Fa7 and 1556 for VLAN 100. Throughput test was
repeated after MTU increasing. Now performance is much better (Table 3). However anomaly with additional bytes is
remained. Router still adds 4 bytes during de-encapsulation from Tunnel to output port for frames with length 1493-
1518 bytes.
12
Original L2 Tunnel Test results. Tunnel via SVI port
L2 Frame Frame Measured CPU CPU usage Measured
Length Length L1 Rate total usage caused by Rate
[Bytes] [Bytes] [Mbps] [%] traffic [%] frame/sec
64 102 10.0 99 97 14880
128 166 17.0 99 97 14358
256 294 30.0 99 97 13587
512 550 59.5 99 97 13980
1024 1062 96.5 93 92 11552
1280 1318 97.1 84 83 9336
1518 1556 97.3 72 71 7908
random 60 64 60 avg. 11530
Summary
The Graph 1 is summary graph for RFC2544 tests. This graph shows a maximum throughput. The Graph 2 shows a
router performance for random frames, this gives more close result to a real throughput.
13
70 Mbps
70
60 Mbps
60
50
L1 Rate [Mbps]
40
CPU utilization CPU utilization
60% 64%
30
20
10
Juri Jestin
9.02.2014
14