Optimal configuration for a Cisco Router over Satelite

Posted on 2010-08-17
Last Modified: 2012-05-10
We have a number of remote sites that only have internet access via satelite. Obviously the internet will never be excellent but we would like to squeeze as much performance out of them as possible.

Anyone know any tricks or configuration changes that will improve performance over satelite connections using stock Cisco routers?

Is it best to run detailed or simple QoS policies?

Does the overhead of running a VPN tunnel over the connection add much latency? Is there any way to optimize this?
Question by:PerimeterIT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 24

Accepted Solution

rfc1180 earned 250 total points
ID: 33464449
Having a point to point satellite system you can use:

However, there is not much that you can do with a direct satellite connection to the Internet; the physics limiting what you can actually do. Using VPNs does add overhead, but not enough to notice the difference, and obviously, using TCP on a very long BDP you will notice a degradation in performance, especially with any type of packet loss.

LVL 57

Assisted Solution

giltjr earned 250 total points
ID: 33465063
As rfc1180 stated, the overhead of a VPN does not add enough to notice.

However, latency of the satellite could cause problems with the VPN.  Some VPN's technology does not work well with high latency and satellites have HIGH latency.

The issues you will encounter really have nothing to do with the type of router you have, its all about the latency of the satellites.  Minimum RTT for a satellite connection is going to be 500ms.

Author Comment

ID: 33468870
Giltjr: Yeah sadly there is no router currently in production (that I'm aware of) that can send data faster than light. :)
We have some existing AES256 VPNs in production over satelite and they're stable, but the performance isn't great. Most of that is the latency, but I would like to squeeze as much out of performance as I can.

RFC1180: Have you used the Cisco solution before? How is it?
We already use Citrix branch repeaters in house, but it isn't really worth it for us to install $10000 worth of hardware for a site that has 1 user...

Has anyone tried using smaller MTU sizes over satelite? I heard that can help.

Any answers to my question on QoS?
LVL 57

Expert Comment

ID: 33471135
I don't think that smaller MTU's would help.  Now smaller window sizes may help if you have a lot of dropped packets.

What type of traffic are you sending?  The only way I can think that QOS could help is if you are doing voice, but even then it may not help that much.  Especially if there is only 1 user.

I believe that the 2800's have some WAN optimization bundles.
LVL 24

Expert Comment

ID: 33471160
>Most of that is the latency, but I would like to squeeze as much out of performance as I can.
As stated, there is not much you will be able to do (Even with QoS), changing the MTU will not have much of an affect; in short, what you need to be concerned with is the BDP, RWIN (Window scaling and autotuning); You want the largest maximum MTU, based on the MSS, RWIN, CWIN, etc will maximize the efficiency end to end large BDP paths.

You can try to utilize RBSCP via the VPN; the protocol (RBSCP) does work ok, better without it. I am not sure how it would work via a vpn. (Both ends to need to be Cisco and and the tunnel mode rbscp


Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question