TCP Optimization: Cisco vEdge Devices

TCP optimization fine-tunes the processing of TCP data traffic to decrease round-trip latency and improve throughput. Optimizing TCP traffic is especially useful for improving TCP traffic performance on long-latency links, such as transcontinental links and the high-latency transport links used by VSAT satellite communications systems. TCP optimization can also improve the performance of SaaS applications.

Configure TCP Optimization

Table 1. Feature History

Feature Name

Release Information

Description

Added Support for TCP Optimization on the Cisco ISR1100 6G Platform

Cisco SD-WAN Release 20.3.1

Added support for TCP Optimization on the Cisco ISR1100 6G platform.

Supported Platforms

TCP Optimization is supported on the following platforms:

  • Cisco vEdge 1000

  • Cisco vEdge 2000

  • Cisco ISR1100 6G

TCP Optimization is not supported on the following platforms:

  • Cisco vEdge 100

  • Cisco vEdge 100b

  • Cisco vEdge 100m

  • Cisco vEdge 100mw

  • Cisco vEdge 5000

  • Cisco ISR1100 4G

  • Cisco ISR1100 4GLTEGB

  • Cisco ISR1100 4GLTENA

  • Cisco ISR 1100X Series Integrated Services Routers

For more information on supported software features and protocols, see Platform architecture and capabilities.


Note

TCP optimization is not supported on DNS traffic.

TCP optimization fine-tunes the processing of TCP data traffic to decrease round-trip latency and improve throughput. You can optimize TCP traffic in service-side VPNs on vEdge routers. Optimizing TCP traffic is especially useful for improving TCP traffic performance on long-latency links, such as transcontinental links and the high-latency transport links used by VSAT satellite communications systems. TCP optimization can also improve the performance of SaaS applications.

With TCP optimization, a vEdge router acts as a TCP proxy between a client that is initiating a TCP flow and a server that is listening for a TCP flow, as illustrated in the following figure:

This figure shows two vEdge routers acting as proxies. vEdge-1 is the proxy for the client, and is called the client proxy. vEdge-2 is the proxy for the server, called the server proxy. Without TCP optimization, the client establishes a TCP connection directly to the server. When you enable TCP optimization on the two routers, vEdge-1 terminates the TCP connection from client and establishes a TCP connection with vEdge-2. The vEdge-2 router then establishes a TCP connection to the server. The two vEdge routers cache the TCP traffic in their buffers to ensure that the traffic from the client reaches the server without the TCP connection timing out.

It is recommended that you configure TCP optimization on both the vEdge routers, the router closer to the client and the router closer to the server. This configuration is sometimes referred to as a dual-ended proxy. While it is possible to configure TCP optimization only on the vEdge router closer to the client, called single-ended proxy, this configuration is not recommended because the TCP optimization process is compromised. TCP is a bidirectional protocol and operates only when connection-initiation messages (SYNs) are acknowledged by ACK messages in a timely fashion.

If both the client and the server are connected to the same vEdge router, no TCP optimization is performed.

To use TCP optimization, you first enable the feature on the vEdge router. Then you define which TCP traffic to optimize.

  1. To use TCP optimization on a vEdge router, you must enable it:

    vEdge(config-system)#  tcp-optimization-enabled

    On vEdge 1000 and vEdge 2000 routers, enabling TCP optimization carves out a separate CPU core to use for performing TCP optimization, which is a CPU-intensive process.

  2. To enable TCP optimization for all TCP traffic in a VPN, include the following command when configuring service-side VPNs on a vEdge router: 

    vEdge(config-vpn)# tcp-optimization

    For example, to enable TCP optimization in VPN 1:

    vEdge# show running-config vpn 1
vpn 1
interface ge0/4.1
  ip address 10.20.24.15/24
  no shutdown
!
tcp-optimization
!

    To display information about the TCP flows that the vEdge router is optimizing, use the show app tcp-opt active-flows command to view flows that are currently active and the show app tcp-opt expired-flows command to view flows that were active but have expired.

  3. Reboot the vEdge router.
    vEdge# reboot

    To enable TCP optimization for a specific flow of TCP traffic in a VPN, create a centralized data policy that includes the tcp-optimization action. Use the match conditions in the data policy to define the VPN in which to optimize the TCP traffic and the traffic properties to match.

    The following example enables TCP optimization on all TCP traffic destined to port 22, which is used for SSH sessions: 

    vSmart# show running-config policy data-policy tcp_optimization_data_policy
policy
 data-policy tcp_optimization_data_policy
  vpn-list vpn_2
   sequence 100
    match
     destination-port 22
    !
    action accept
     count            sample_count
     tcp-optimization
    !
   !
   default-action accept
  !
 !
!

vSmart# show running-config apply-policy
apply-policy site-list tcp_optimization_sites data-policy tcp_optimization_data_policy all

Note

The TCP optimization feature is enabled based on the data policy. The data policy match needs to be created for the TCP flows in both directions. For example, if the TCP flow is from 10.20.24.17:30000 -> 10.20.25.18:5001, the data policy to enable TCP optimization must be created to match the reverse direction also. That is from 10.20.25.18:5001 -> 10.20.24.17:30000.

Monitor TCP Optimization

If TCP optimization is enabled on a router, you can view information about how the optimization is affecting the processing and throughput of TCP data traffic on the router:

  1. From the Cisco vManage menu, choose Monitor > Devices.

    Cisco vManage Release 20.6.x and earlier: From the Cisco vManage menu, choose Monitor > Network.

  2. Choose a vEdge router.

  3. Click TCP Optimization–WAN Throughput. The right pane displays the WAN throughput, in megabits per second.

The right pane contains the following elements:

  • Chart Options—This includes the Filter Options drop-down and time periods. Click Filter to limit the data to display based on VPN, local TLOC color, destination IP address, remote TLOC color, and remote system IP address. Click a predefined or custom time period for which to display data.

  • Average optimized throughput information in graphical format.

  • WAN graph legend—Identifies non-optimized and TCP optimized packet throughput.

The right pane shows the hourly average throughput and the total optimized throughput, both in megabits per second.

Click TCP Optimization–Flows in the left pane to display information about TCP-optimized traffic flows. The right pane contains the following elements:

  • Chart Options—This includes the Filter drop-down and time periods. Click Filter to limit the data to display based on VPN, local TLOC color, destination IP address, remote TLOC color, and remote system IP address. Click a predefined or custom time period for which to display data.

  • Average optimized throughput information in graphical format.

  • Flows graph legend—Identifies traffic flows.

The right pane contains the following elements:

  • Set perspective—Select the flow direction.

  • Search box—Includes the Search Options drop-down, for a Contains or Match string.

  • Flow table that lists the flow destination, usage, and percentage of total traffic for all TCP-optimized flows. By default, the first six flows are selected. Check the checkbox for the flows to select and deselect flows to display. The graphical display in the right pane plots information for the selected flows.

Click TCP Optimization–Connections in the left pane to display status information about all the tunnels over which the most TCP-optimized traffic is flowing. The right pane contains the following elements:

  • TCP Optimization Connections in graphical format

  • Connection State boxes—Select the connection state or states to display TCP optimization information about.

The right pane contains the following elements:

  • Filter criteria.

  • Flow table that lists information about each of the tunnels, including the tunnel's connection state.