• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Upstream bandwidth problem?

Started by macd81, December 29, 2010, 11:59:26 AM

Previous topic - Next topic



Myself and a few friends set up new accounts on the TunnelBroker service a few days ago and have been playing with the service.  Two of us are in central Illinois, connecting from Comcast cable internet to the Chicago server at (both of us are using Cisco 871 routers with fully open outbound, inbound blocked except for all icmp and a specific service eg ssh or web.  We use stateful firewalling to allow return traffic from outgoing connections back in.).  We have a 3rd friend in Maryland connecting to the NYC server at using a Linux router with currently no firewall.

We all seem to get decent download speeds, usually around 1-2 megabits.  However, upload speeds are severely limited.  We have services enabled, eg web and ssh, and I can download from my friend in Maryland at about 4-4.5 kilobytes per second. More strangely though, scp'ing a file to my local friend's server I only got 2.2K/sec average.  The scp often would "spurt and stall".  It took 28 minutes to send a 3.8M tarball.

It feels like the tunnels are capped at 1500/50, but I saw in another forum post from Dec 13 that indicated there were no limits.

I'm trying to determine if this is expected performance, or if there is a problem in our configurations, or a problem upstream.

Thanks for any input/thoughts!



No saturation or congestion on the tserv interfaces/uplinks.
No bandwidth throttling is done on tunnels.
Everything depends on the IPv4 path when dealing with tunnels.

your v4 path -> tserv -> (and if needed, our backbone -> a different tserv ->) v4 path to other tunnel

and then the return path of all of that.


Thanks for the reply.

I set up a second tunnel to a Mac OS X system on a different network.  Found out I could xfer to/from the Maryland peer at full rates. Found out there's a nasty little bug in the ipv6 CBAC stateful firewall in the  a good number of IOS revisions, eg see:


Doh!  Oh well, can be worked around the old-fashioned non-privileged port way.

Maybe this information will help someone else.