Configure TCP Optimization
Feature Name |
Release Information |
Description |
---|---|---|
Added Support for TCP Optimization on the Cisco ISR1100 6G Platform |
Cisco SD-WAN Release 20.3.1 |
Added support for TCP Optimization on the Cisco ISR1100 6G platform. |
Supported Platforms
TCP Optimization is supported on the following platforms:
-
Cisco vEdge 1000
-
Cisco vEdge 2000
-
Cisco ISR1100 6G
TCP Optimization is not supported on the following platforms:
-
Cisco vEdge 100
-
Cisco vEdge 100b
-
Cisco vEdge 100m
-
Cisco vEdge 100mw
-
Cisco vEdge 5000
-
Cisco ISR1100 4G
-
Cisco ISR1100 4GLTEGB
-
Cisco ISR1100 4GLTENA
-
Cisco ISR 1100X Series Integrated Services Routers
For more information on supported software features and protocols, see Platform architecture and capabilities.
Note |
TCP optimization is not supported on DNS traffic. |
TCP optimization fine-tunes the processing of TCP data traffic to decrease round-trip latency and improve throughput. You can optimize TCP traffic in service-side VPNs on vEdge routers. Optimizing TCP traffic is especially useful for improving TCP traffic performance on long-latency links, such as transcontinental links and the high-latency transport links used by VSAT satellite communications systems. TCP optimization can also improve the performance of SaaS applications.
With TCP optimization, a vEdge router acts as a TCP proxy between a client that is initiating a TCP flow and a server that is listening for a TCP flow, as illustrated in the following figure:
This figure shows two vEdge routers acting as proxies. vEdge-1 is the proxy for the client, and is called the client proxy. vEdge-2 is the proxy for the server, called the server proxy. Without TCP optimization, the client establishes a TCP connection directly to the server. When you enable TCP optimization on the two routers, vEdge-1 terminates the TCP connection from client and establishes a TCP connection with vEdge-2. The vEdge-2 router then establishes a TCP connection to the server. The two vEdge routers cache the TCP traffic in their buffers to ensure that the traffic from the client reaches the server without the TCP connection timing out.
It is recommended that you configure TCP optimization on both the vEdge routers, the router closer to the client and the router closer to the server. This configuration is sometimes referred to as a dual-ended proxy. While it is possible to configure TCP optimization only on the vEdge router closer to the client, called single-ended proxy, this configuration is not recommended because the TCP optimization process is compromised. TCP is a bidirectional protocol and operates only when connection-initiation messages (SYNs) are acknowledged by ACK messages in a timely fashion.
If both the client and the server are connected to the same vEdge router, no TCP optimization is performed.
To use TCP optimization, you first enable the feature on the vEdge router. Then you define which TCP traffic to optimize.
-
To use TCP optimization on a vEdge router, you must enable it:
vEdge(config-system)# tcp-optimization-enabled
On vEdge 1000 and vEdge 2000 routers, enabling TCP optimization carves out a separate CPU core to use for performing TCP optimization, which is a CPU-intensive process.
-
To enable TCP optimization for all TCP traffic in a VPN, include the following command when configuring service-side VPNs on a vEdge router:
vEdge(config-vpn)# tcp-optimization
For example, to enable TCP optimization in VPN 1:
vEdge# show running-config vpn 1 vpn 1 interface ge0/4.1 ip address 10.20.24.15/24 no shutdown ! tcp-optimization !
To display information about the TCP flows that the vEdge router is optimizing, use the show app tcp-opt active-flows command to view flows that are currently active and the show app tcp-opt expired-flows command to view flows that were active but have expired.
- Reboot the vEdge
router.
vEdge# reboot
To enable TCP optimization for a specific flow of TCP traffic in a VPN, create a centralized data policy that includes the tcp-optimization action. Use the match conditions in the data policy to define the VPN in which to optimize the TCP traffic and the traffic properties to match.
The following example enables TCP optimization on all TCP traffic destined to port 22, which is used for SSH sessions:
vSmart# show running-config policy data-policy tcp_optimization_data_policy policy data-policy tcp_optimization_data_policy vpn-list vpn_2 sequence 100 match destination-port 22 ! action accept count sample_count tcp-optimization ! ! default-action accept ! ! ! vSmart# show running-config apply-policy apply-policy site-list tcp_optimization_sites data-policy tcp_optimization_data_policy all
Note |
The TCP optimization feature is enabled based on the data policy. The data policy match needs to be created for the TCP flows in both directions. For example, if the TCP flow is from 10.20.24.17:30000 -> 10.20.25.18:5001, the data policy to enable TCP optimization must be created to match the reverse direction also. That is from 10.20.25.18:5001 -> 10.20.24.17:30000. |