Background:
My company is switching to an MPLS provider. The MPLS provider is providing both internet and MPLS. This is done with one ethernet drop by using two dot1q sub interfaces, one for the private MPLS portion and one for the internet.
The old setup was a bunch of site-to-site IPSEC VPN tunnels going over the internet and static routes. The new setup is using eigrp.
Problem:
The performance of the new MPLS network seems to be slower. There is a web application used internally that has pages that take 10 seconds longer to load then they used to. The odd thing is, that when I stop using the MPLS, and set up a site-to-site vpn tunnel over the new internet connection (same physical ethernet ports), that is also faster. The provider said that the tunnel ends up taking pretty much the same routes as the MPLS would.
What we have tired and found:
Ping latency is stable and decent. Traceroutes look normal. Everything still works, but seems to be slower. The provider and us don't see packet loss or errors on the interface stats. There were some clocking issues but they fixed it.
Where to go from Here:
I know networking probably requires a lot of detail about the setup, so really I am just looking for ideas and things to look at and consider. The next step I am going to take with the provider is to get cisco support on the case, and both my company and our provider our going to open or routers to them. But in the meantime, I am open to any ideas to consider looking into as to why this might be.
Best Answer
I would look for an MTU issue.
With an MPLS tunnel the packets must be slightly larger than the payload -- 4 bytes for the MPLS label, for each encapsulation (ie if you're going to put MPLS tunnels into an MPLS tunnel, the outside tunnel will be 8 bytes larger than the payload). Here's a discussion of this.
Hopefully you're not filtering ICMP messages -- if you are you'll be dropping the "use a smaller MTU" packets the network will be sending to your hosts if indeed you are sending too-large packets over the wire. This discusses issues related to MTU...
One thing you can try on your end without involving your ISP is you can shrink your MTU on your border device -- that way it negotiates a proper MTU with your inside network for traffic going over the MPLS link.