Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Slow SCP to IOS

I expected TFTP to be slow on IOS. Switched to SCP and I'm topping out at ~45Kbps. I get consistently slow speed on 3560(X), 3750(X) and similar vintage devices.

Doing sh proc cpu hist suggests the switch's CPU is bottlenecking on the encryption cycles. I looked at changing the ciphersuite to a less cpu-intensive one such as RC4, but didn't get very far.


72% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1

Vintage devices

SCP is slow

CPU hammered by cipher

Sounds on par.

level 2
Original Poster1 point · 2 months ago

Thanks for the confirmation

level 3

I had the same thing happen to me you did. 2960-S got maxed out of CPU and kept dropping the TCP session. 3750-X did the same in terms of the CPU but at least managed to keep the session open and crunch through the transfer eventually.

Needless to say, never going to do this in production, ever.

level 1
3 points · 2 months ago

Why not use ftp or http?

level 2
Original Poster1 point · 2 months ago

In this case I'm using python to kick off the transfer, which is currently built around scp. I could refactor for http, but I want to be sure there isn't an easier way first.

level 1

Any CoPP policy configured by chance?

level 2
Original Poster1 point · 2 months ago


level 3

Have you tried sourcing the copy from the device?

level 4
Original Poster1 point · 2 months ago

Not SCP. I did try that via HTTP and managed ~200Kbps

level 1
Comment deleted2 months ago
level 2
Moderator of r/networking, speaking officially1 point · 2 months ago

Thanks for your interest in posting to this subreddit. To combat spam new accounts can't immediately submit or post.

Please DO NOT message the mods requesting your post be approved.

You are welcome to resubmit your thread or comment in ~24 hrs or so.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

level 1

Is your key size enormous?

level 2
Original Poster1 point · 2 months ago

2048, but that's just key exchange. Looks like the session negotiates aes-128

level 1

try FTP

level 1
CCIE1 point · 2 months ago

It took 3 hours and change to SCP an image to an off-site ASR the other day.

level 1

I've had similar performance of around 75kbps on FTP on 3560cx switches. I get much better performance on ISR4400, c3850, c9300, 2960x, and isr2951, and other more modern devices.

Community Details





###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
Rule #1: No Home Networking.
Rule #2: No Certification Brain Dumps / Cheating.
Rule #3: No BlogSpam / Traffic re-direction.
Rule #4: No Low Quality Posts.
Rule #5: No Early Career Advice.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.