Solved

VPN, DSL, and MTU

Posted on 2006-10-23
6
412 Views
Last Modified: 2008-03-06
I have a VPN server connected to a DSL line. I connec to it from many sources. I feel that the performance is not always as good as it should be. Some functions are very quick, others are slow.

I have read that there may be a MTU issue. I am wondering if there is a way to monitor the MTU and see if packets are being fragmented. Is there some sort of packet monitor? What is the best way to troubleshoot this problems?

Thanks.
0
Comment
Question by:sypder
  • 3
  • 2
6 Comments
 
LVL 3

Author Comment

by:sypder
ID: 17792237
Our VPN server has a static IP address (I believe this means we are not using PPPoE).
0
 
LVL 6

Accepted Solution

by:
austinstace earned 300 total points
ID: 17792302
Wireshark( http://www.wireshark.org/ ) is a network protocol analyzer. It's pretty flexible to filter out the packets you are looking for and provides some in depth information on them.

Stace
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17792674
Just because you have a static IP addresss does not mean you are not using PPPoE.  If you are using ADSL, SDSL or HDSL, you are using PPPoE.

Assuming you are using ADSL you do realize that this is Asymentical.  Meaning that you have to different speeds.  From you to the Internt (upstream) and from the Internet to you (downstream).    Genrally upstream is limited to 384 Kbps and downstream is anywhere from 786 Kbps up to 3 Mbps.  Something like:

                  |<------ 768 - 3000 Kbps -----|
     SERVER |                                              | Internet
                  |--------- 384 Kbps  -------->|


So if you have ADSL  you are limited to 384 Kbps from your VPN server to the Internet.   The more people you have connecting to the VPN server, the slower it will get.  The more data you are sending from the server side, the longer it will take.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 3

Author Comment

by:sypder
ID: 17793557
Yes, I am aware of ADSL. The performance is still much slower than it should be. 10 seconds to open a few line text file is pretty slow. We also have the "premium" DSL package.

Thanks for the PPPoE clarification.

I will take a look at wireshark now.
0
 
LVL 3

Author Comment

by:sypder
ID: 17793601
Thanks for the wireshark link. Basically, I had about 78 packets recorded, and saw quite a few errors like:

"This is a TCP duplicate ack"

I don't see anything about broken packets, but maybe I don't know where to look.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17794895
You are most likely going to get packet fragmentation no matter what you do.

Say you have:

   "application server" <---- VPN Server ----> Internet <-----> Your PC

Most likely all of the devices are setup with a MTU of 1500.  However when you connect to the VPN server with your client, you create an virtual connection between your PC and the VPN server.  The data that flows in the tunnle is real IP packets.  These IP packets must fit within a "normal" IP packet.  Sort of like putting an letter in an envlope and then putting that envlope inside another envlope.

The problem is that the application sever does NOT know that there is a tunnle, so it sends out a 1500 byte packet.  So when the server sends out data (the letter) it puts it into an IP packet of 1500 bytes (the 1st envlope).  The VPN server must put that IP packet into a second IP packet (the 2nd envlope), but it can't put 1500 bytes into 1500 bytes, so it must break down the 1st packet ("tear up the 1st envlope into smaller pieces") and put into smaller packets.  This is what causes the fragmentation.  There is really no way to get around this without causing other perfromance problems.

What type of DSL do you have?  What is the speed?

How many people can also connect to the VPN sever?

Are you the person in charge of the VPN sever/network?
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
move expression web site to a new server 13 77
what are list of ebay api errors 1 35
CSS: How do I override in-line styling 11 30
ASP.NET data base connection 35 40
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question