Solved

VPN, DSL, and MTU

Posted on 2006-10-23
6
406 Views
Last Modified: 2008-03-06
I have a VPN server connected to a DSL line. I connec to it from many sources. I feel that the performance is not always as good as it should be. Some functions are very quick, others are slow.

I have read that there may be a MTU issue. I am wondering if there is a way to monitor the MTU and see if packets are being fragmented. Is there some sort of packet monitor? What is the best way to troubleshoot this problems?

Thanks.
0
Comment
Question by:sypder
  • 3
  • 2
6 Comments
 
LVL 3

Author Comment

by:sypder
ID: 17792237
Our VPN server has a static IP address (I believe this means we are not using PPPoE).
0
 
LVL 6

Accepted Solution

by:
austinstace earned 300 total points
ID: 17792302
Wireshark( http://www.wireshark.org/ ) is a network protocol analyzer. It's pretty flexible to filter out the packets you are looking for and provides some in depth information on them.

Stace
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17792674
Just because you have a static IP addresss does not mean you are not using PPPoE.  If you are using ADSL, SDSL or HDSL, you are using PPPoE.

Assuming you are using ADSL you do realize that this is Asymentical.  Meaning that you have to different speeds.  From you to the Internt (upstream) and from the Internet to you (downstream).    Genrally upstream is limited to 384 Kbps and downstream is anywhere from 786 Kbps up to 3 Mbps.  Something like:

                  |<------ 768 - 3000 Kbps -----|
     SERVER |                                              | Internet
                  |--------- 384 Kbps  -------->|


So if you have ADSL  you are limited to 384 Kbps from your VPN server to the Internet.   The more people you have connecting to the VPN server, the slower it will get.  The more data you are sending from the server side, the longer it will take.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 3

Author Comment

by:sypder
ID: 17793557
Yes, I am aware of ADSL. The performance is still much slower than it should be. 10 seconds to open a few line text file is pretty slow. We also have the "premium" DSL package.

Thanks for the PPPoE clarification.

I will take a look at wireshark now.
0
 
LVL 3

Author Comment

by:sypder
ID: 17793601
Thanks for the wireshark link. Basically, I had about 78 packets recorded, and saw quite a few errors like:

"This is a TCP duplicate ack"

I don't see anything about broken packets, but maybe I don't know where to look.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17794895
You are most likely going to get packet fragmentation no matter what you do.

Say you have:

   "application server" <---- VPN Server ----> Internet <-----> Your PC

Most likely all of the devices are setup with a MTU of 1500.  However when you connect to the VPN server with your client, you create an virtual connection between your PC and the VPN server.  The data that flows in the tunnle is real IP packets.  These IP packets must fit within a "normal" IP packet.  Sort of like putting an letter in an envlope and then putting that envlope inside another envlope.

The problem is that the application sever does NOT know that there is a tunnle, so it sends out a 1500 byte packet.  So when the server sends out data (the letter) it puts it into an IP packet of 1500 bytes (the 1st envlope).  The VPN server must put that IP packet into a second IP packet (the 2nd envlope), but it can't put 1500 bytes into 1500 bytes, so it must break down the 1st packet ("tear up the 1st envlope into smaller pieces") and put into smaller packets.  This is what causes the fragmentation.  There is really no way to get around this without causing other perfromance problems.

What type of DSL do you have?  What is the speed?

How many people can also connect to the VPN sever?

Are you the person in charge of the VPN sever/network?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Read about why website design really matters in today's demanding market.
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now