Cisco 887VA VDSL2 throughput

I recently migrated ISP from an ADSL2+ to a VDSL2 connection, providing “up to” 80Mbps downstream and 20Mbps upstream. Under ADSL2+ (Annex-A) with interleaving on and fastpath off, results from various “speed test” websites would show around 15mbps Down, 1mbps up. The pre-migration controller information is as follows:

                  DS Channel1     DS Channel0   US Channel1       US Channel0
Speed (kbps):             0            19228             0              1235

As I started looking into the capabilities of my 887VA, I discovered that the routing performance is listed as 25.6Mbps (According to the Cisco routing performance product sheet). I had seen blogs discuss the negotiated max attainable rate, but not the throughput people have been getting.

With the new FTTC connection (VDSL2 – Profile 17a) I’m seeing a great “attainable rate” and should Profile 30A be enabled by my ISP (pretty unlikely) I’m theoretically capable of 130Mbps:

Attainable Rate:        135036 kbits/s           42711 kbits/s
...
                  DS Channel1     DS Channel0   US Channel1       US Channel0
Speed (kbps):             0            79987             0             20000

I expected the bottleneck not to be on the VDSL2/ADSL chipset side of things, but on the Cisco 887VA itself. After checking some line information and making sure I had a 1500, I headed off to test the throughput. I decided to test downloading an Ubuntu ISO over HTTP, resulting in transfer speeds of 9M, Bps (~72Mbps), with various speedtest websites also showing 72Mbps with under 25ms latency.

So there you have it, the Cisco 887 is certainly capable of running an 80Mbps FTTC connection

Published by

Dave Hope

Dave is a Principal Software Analyst for a UK based retirement developer, in his spare time he enjoys digital photography and rock climbing.

13 thoughts on “Cisco 887VA VDSL2 throughput”

  1. I’d be keen to see your configuration as I am only seeing about 25Mbps using the BT Wholesale Performance tester (http://speedtest.btwholesale.com/. The VDSL line is trained at 51876 kbps down and 7200 kbps up. With the BT modem and the homehub I am getting 50Mbps. I do have NAT and IP Inspect enabled but was hoping the 887VA wasn’t the bottleneck. If I disable IP inspection I get about 31Mbps.

    1. The config is pretty basic, but I suppose I can post it.I’ve removed some bits completely and have just blanked out other bits, but there’s nothing clever going on:


      !
      ! Last configuration change at 18:03:52 UTC Thu Aug 1 2013
      version 15.3
      service timestamps debug datetime msec
      service timestamps log datetime msec
      no service password-encryption
      !
      hostname R01
      !
      boot-start-marker
      boot system flash c800-universalk9-mz.SPA.153-2.T.bin
      boot-end-marker
      !
      !
      !
      no aaa new-model
      !
      !
      ip cef
      !
      !
      !
      !
      ip dhcp pool dhcp-lan
      network 10.99.99.0 255.255.255.128
      default-router 10.99.99.1
      dns-server 10.99.99.1
      !
      !
      !
      ip domain name int.hope.mx
      ip name-server 212.159.13.49
      ip name-server 212.159.13.50
      ip name-server 212.159.6.9
      ip multicast-routing
      login block-for 100 attempts 5 within 60
      login delay 10
      no ipv6 source-route
      ipv6 unicast-routing
      ipv6 cef
      ipv6 multicast rpf use-bgp
      !
      !
      !
      energywise domain HOME security ntp-shared-secret 0 REDCATED
      license udi pid C887VA-W-E-K9 sn REDCATED
      license boot module c800 level advsecurity
      !
      !
      object-group network DNS-Servers
      description Contains DNS servers external to the network. Used for reflexive ACL.
      host 212.159.13.49
      host 212.159.13.50
      host 212.159.6.9
      !
      object-group network Remote-Management
      host REDCATED
      host REDCATED
      host REDCATED
      !
      vtp version 2
      username REDCATED
      !
      !
      !
      !
      !
      controller VDSL 0
      operating mode vdsl2
      firmware filename flash:vdsl.bin-A2pv6C035d_d23j
      !
      ip tftp source-interface Vlan100
      ip ssh version 2
      !
      !
      !
      !
      !
      !
      !
      !
      !
      interface ATM0
      no ip address
      shutdown
      no atm ilmi-keepalive
      !
      interface Ethernet0
      no ip address
      ip virtual-reassembly in
      !
      interface Ethernet0.101
      encapsulation dot1Q 101
      pppoe enable group global
      pppoe-client dial-pool-number 1
      !
      interface FastEthernet0
      switchport access vlan 100
      no ip address
      spanning-tree portfast
      !
      interface FastEthernet1
      switchport access vlan 100
      no ip address
      spanning-tree portfast
      !
      interface FastEthernet2
      switchport access vlan 100
      no ip address
      spanning-tree portfast
      !
      interface FastEthernet3
      switchport access vlan 100
      no ip address
      spanning-tree portfast
      !
      interface Wlan-GigabitEthernet0
      description Internal switch interface connecting to the embedded AP
      switchport access vlan 100
      switchport trunk native vlan 100
      switchport trunk allowed vlan 1,2,100,1002-1005
      switchport mode trunk
      no ip address
      !
      interface wlan-ap0
      description Embedded Service module interface to manage the embedded AP
      ip unnumbered Vlan100
      !
      interface Vlan1
      no ip address
      !
      interface Vlan100
      description "Internal LAN"
      ip address 10.99.99.1 255.255.255.128
      ip pim dense-mode
      ip nat inside
      ip virtual-reassembly in
      ip igmp join-group 239.255.255.250
      ip igmp version 3
      !
      interface Dialer0
      ip address negotiated
      ip access-group Inbound-IPv4 in
      ip access-group Outbound-IPv4 out
      ip nat outside
      ip virtual-reassembly in
      encapsulation ppp
      dialer pool 1
      dialer-group 1
      ppp authentication chap callin
      ppp chap hostname REDCATED
      ppp chap password 7 REDCATED
      ppp ipcp dns request
      ppp ipcp route default
      !
      ip forward-protocol nd
      ip forward-protocol udp echo
      ip forward-protocol udp discard
      no ip http server
      ip http authentication local
      no ip http secure-server
      !
      ip dns server
      ip nat inside source static tcp 10.99.99.5 3074 interface Dialer0 3074
      ip nat inside source static udp 10.99.99.5 3074 interface Dialer0 3074
      ip nat inside source static udp 10.99.99.5 88 interface Dialer0 88
      ip nat inside source list 1 interface Dialer0 overload
      ip nat inside source static tcp 10.99.99.9 3389 interface Dialer0 3389
      ip nat inside source static tcp 10.99.99.9 8080 interface Dialer0 8080
      ip nat inside source static tcp 10.99.99.18 3389 interface Dialer0 3388
      ip nat inside source static udp 10.99.99.9 7 interface Dialer0 7
      ip nat inside source static tcp 10.99.99.12 7777 interface Dialer0 7777
      !
      ip access-list extended Inbound-IPv4
      permit tcp any any eq 22
      permit icmp any any echo
      permit icmp any any echo-reply
      permit icmp any any packet-too-big
      permit icmp any any time-exceeded
      permit icmp any any unreachable
      evaluate Mirror
      permit udp host 146.185.21.74 eq ntp any
      permit 41 any any
      permit tcp object-group Remote-Management any eq 8080
      permit udp object-group Remote-Management any
      permit ip object-group DNS-Servers any
      permit tcp object-group Remote-Management any eq 3389
      permit tcp any any eq 7777
      ip access-list extended Outbound-IPv4
      permit ip any any reflect Mirror timeout 300
      !
      access-list 1 permit 199.180.250.35
      access-list 1 permit 10.99.99.0 0.0.0.127
      access-list 10 permit 199.180.250.35
      access-list 10 permit 92.234.9.18 log
      access-list 101 permit tcp any any eq 3074
      access-list 101 permit tcp any any eq 88
      !
      line con 0
      no modem enable
      line aux 0
      line 2
      no activation-character
      no exec
      transport preferred none
      transport input all
      stopbits 1
      line vty 0 4
      login local
      transport input all
      !
      scheduler allocate 20000 1000
      ntp server 146.185.21.74
      !
      end

  2. I’ve ordered a Cisco 887VA for my VDSL connection.
    What was your processor utilization at 80Mbps?
    Also did you experience any errors on the interfaces?

    Thanks!

    1. Graham, My CPU usage would hit 80% using BitTorrent at max throughput. Maxing throughput using HTTP did not see this problem.

      No VDSL interface errors, though I was lucky to have a similar chipset in my 887VA to what was in the DSLAM so compatibility was good.

      1. Thanks for the quick reply. This information is very helpful.

        I’m using this Cisco router to connect my Sophos UTM to the VDSL circuit so the config should be basic too.

        I’m also considering using RFC1483 Pure Bridging if it helps performance. The UTM supports PPPOE

        1. I’m not sure what country you’re from, but on the off-chance it’s the UK why not use the Huawei/ECI CPE/Modem provided by the ISP (white box)? All you’d need to do is plug your Sophos UTM into it and configure it to do PPPoE.

  3. I’m in the UK but the ISP (not BT) say no equipment will be provided.
    Sounds strange, so to be on the safe side I’ve bought a second hand Cisco 887 on Ebay.
    If a Huawei/ECI modem turns up I’ll resell Cisco on Ebay.

  4. Have been trying for 5 hours and I cannot manage more than 37Mbps.

    I have even added 512MB RAM to the router, I have updated to the latest IOS, I have downloaded the latest modem firmware… Nothing. Cannot get past 37.

      1. There has been some development… I attached an old BT Openreach modem and a Netgear WNDR3700v4m and I managed to achieve… 37Mbps! So I called my ISP (Plusnet) to complain (sync was showing 79957 and 19999).

        Apparently there was an error (?) during provisioning. 5 minutes later after they “changed something” I was achieving 65 Mbps with the Netgear and the Cisco.

  5. Hi All,

    I get the whole VDSL configuration, the bit I am confused with is. I have a block of 6 usable IP’s and a BT openreach connection.

    I want to be able to connect my firewall to an interface on the 800 series, and the firewall be presented with a public IP address. what would the config look like?

    presumably no ‘IP NAT Inside’ and then assign the first usable IP to the VLAN that I intend to use on the inside?

    Many thanks

Leave a Reply

Your email address will not be published. Required fields are marked *