Cisco 1921 Logging Capability

I have some general questions about the logging capability on the Cisco 1921 router.  Here is the deal, I'm having some problems with a PC and a server communicating with each other over a site to site connection that is established between 2 Cisco 1921 routers(we manage both).  The PC's can ping each other just fine(sub 10ms response), but can't run an application over the network efficiently..what should take the app a second or 2 to respond takes over a 1 minute, and what should load in a minute or 2 takes about 15 minutes.  I ran wireshark on the main server and I'm getting a barrage of DUP Ack errors and retransmission Errors which seems to indicate packet loss.  I've asked my cisco engineer to look into it, and he tells me that he can't really log those type of errors on the cisco devices??  Also, that a VPN tunnel either works or it doesn't, there is no possibility of data packet loss if the tunnel is up.  This seems odd, I'll admit I don't know much about what the Cisco routers can do, but it would seem like this would be something that we should be able to look into or at least view the logs or no?   Thanks for your help.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would add that DUP ACKS and retransmissions also indicate not only packet loss but a congested network. How much bandwidth is available via the VPN tunnel?

You state that the application should take 2 seconds to respond, is that number based on the client and server being on the same network/location with 100/1000Mbps available?

Network performance can be impacted by several things, bandwidth, latency, window sizes, etc.... So, how much bandwidth is available to the VPN and/or the internet connection at each site? what is the latency between sites? Which operating systems are involved in the client server interaction?

Wireshark captures will provide you the best information on the flows between sites.
Look for MTU, latency, and the system that first complains about the connection.
I would also make sure the system it self is not overworked causing the delay in responding to packets received.

harbor235 ;}

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GoNatsAuthor Commented:
Thanks Harbor, I think there is definite packet loss, but I'm not a cisco guy and am unable to troubleshoot, and my cisco engineer says this type of issue is not logged on the Cisco device, which to me seems unlikely.  I'm also being told that VPN tunnels work or don't work, and if it's up then there is no possibility of packets dropping.  I guess what i'm trying to determine is if I need a new cisco engineer....  

To answer your other questions, both sites have a full dedicated T1, and the traffic between the 2 is minimal, this is the workstation (windows CE) communicating with the server (2003).  Outbound traffic between the 2 sites is minimal as well, maybe 2 or 3 or PC's on the network with minimal internet usage.  I don't know how much bandwidth was allotted for the VPN but I have asked.  Response to ping times between the 2 devices are usually sub 10ms, but they do spike upwards of 1000ms at times and occasional time outs

Thanks again for your help.
What type of traffic is it between the client and the server ?

If you packet capture on both sides, do you see the same errors ?

You can expose dropped VPN packets using SNMP, however if you suspect packet loss, the first test I would run is with ping/mtr to soo if any ICMP packets are being dropped, if ICMP is not being dropped, then it would be unlikely* that TCP/UDP was being dropped.

*usually you would configure ICMP to be dropped before application traffic, however is not an explicit rule.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

Are you measuring latency between router to router and server to client?

During typical application operation you should not only capture packets via wireshark on both ends but I would also capture interface stats via the router as well.

What application is in use between client and server?

I would love to see the VPN config as well as any policing/shaping profiles applied if any on the router. Truly, the issue could be in several places. I asked about the OSs because typically newer OSs support auto scaling which would ensure the best TCP window between client and server.

harbor235 -}
GoNatsAuthor Commented:
Thanks for the reply Arne, the traffic back and forth is for a Point of Sale system(Micros) and unfortunately I'm not able to capture packets from the workstation as I'm unable to remote into it.  I did run WinMTR and it showed no packet loss to the workstation from the server.  However wireshark consistently shows DUP Ack errors along with Re-transmit errors.  

We have physically put the workstation on the same network as the server and that works, so there doesn't appear to be any problem with the load on the hardware on either side.  The issue is only when the traffic goes over the tunnel.

Thanks again for your help.
I wonder if you are experiencing an artefact of the application timing out on packets rather than actual TCP errors
GoNatsAuthor Commented:
@Harbor, the issue seems to be between the server and the client, as of yet, there have been no testing done or logs of traffic between the routers.  The application is Micros Point of Sale applicaton, although the workstation is just for clocking in(no CC transactions)  I will see if I can get the VPN config.

@Arne, how would I know if it is artifact of the application timing out on packets vs TCP errors?  I did run WinMTR, and it came back with 0 packet lost after 300+ attempts..

thanks again for both of your help.
If WinMTR is not showing any dropped packets, then it points the finger at the application timing out

To see if it is the application timing out, you have two options, either speak to the application developers, or setup a test where you can vary the RTT latency between the client and the server.

Setting up a latency test is significantly more complex than a bandwidth test...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.