Solved

VPN, DSL, and MTU

Posted on 2006-10-23
6
415 Views
Last Modified: 2008-03-06
I have a VPN server connected to a DSL line. I connec to it from many sources. I feel that the performance is not always as good as it should be. Some functions are very quick, others are slow.

I have read that there may be a MTU issue. I am wondering if there is a way to monitor the MTU and see if packets are being fragmented. Is there some sort of packet monitor? What is the best way to troubleshoot this problems?

Thanks.
0
Comment
Question by:sypder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 3

Author Comment

by:sypder
ID: 17792237
Our VPN server has a static IP address (I believe this means we are not using PPPoE).
0
 
LVL 6

Accepted Solution

by:
austinstace earned 300 total points
ID: 17792302
Wireshark( http://www.wireshark.org/ ) is a network protocol analyzer. It's pretty flexible to filter out the packets you are looking for and provides some in depth information on them.

Stace
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17792674
Just because you have a static IP addresss does not mean you are not using PPPoE.  If you are using ADSL, SDSL or HDSL, you are using PPPoE.

Assuming you are using ADSL you do realize that this is Asymentical.  Meaning that you have to different speeds.  From you to the Internt (upstream) and from the Internet to you (downstream).    Genrally upstream is limited to 384 Kbps and downstream is anywhere from 786 Kbps up to 3 Mbps.  Something like:

                  |<------ 768 - 3000 Kbps -----|
     SERVER |                                              | Internet
                  |--------- 384 Kbps  -------->|


So if you have ADSL  you are limited to 384 Kbps from your VPN server to the Internet.   The more people you have connecting to the VPN server, the slower it will get.  The more data you are sending from the server side, the longer it will take.
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 3

Author Comment

by:sypder
ID: 17793557
Yes, I am aware of ADSL. The performance is still much slower than it should be. 10 seconds to open a few line text file is pretty slow. We also have the "premium" DSL package.

Thanks for the PPPoE clarification.

I will take a look at wireshark now.
0
 
LVL 3

Author Comment

by:sypder
ID: 17793601
Thanks for the wireshark link. Basically, I had about 78 packets recorded, and saw quite a few errors like:

"This is a TCP duplicate ack"

I don't see anything about broken packets, but maybe I don't know where to look.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17794895
You are most likely going to get packet fragmentation no matter what you do.

Say you have:

   "application server" <---- VPN Server ----> Internet <-----> Your PC

Most likely all of the devices are setup with a MTU of 1500.  However when you connect to the VPN server with your client, you create an virtual connection between your PC and the VPN server.  The data that flows in the tunnle is real IP packets.  These IP packets must fit within a "normal" IP packet.  Sort of like putting an letter in an envlope and then putting that envlope inside another envlope.

The problem is that the application sever does NOT know that there is a tunnle, so it sends out a 1500 byte packet.  So when the server sends out data (the letter) it puts it into an IP packet of 1500 bytes (the 1st envlope).  The VPN server must put that IP packet into a second IP packet (the 2nd envlope), but it can't put 1500 bytes into 1500 bytes, so it must break down the 1st packet ("tear up the 1st envlope into smaller pieces") and put into smaller packets.  This is what causes the fragmentation.  There is really no way to get around this without causing other perfromance problems.

What type of DSL do you have?  What is the speed?

How many people can also connect to the VPN sever?

Are you the person in charge of the VPN sever/network?
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
The viewer will learn how to count occurrences of each item in an array.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question