Solved

VPN, DSL, and MTU

Posted on 2006-10-23
6
409 Views
Last Modified: 2008-03-06
I have a VPN server connected to a DSL line. I connec to it from many sources. I feel that the performance is not always as good as it should be. Some functions are very quick, others are slow.

I have read that there may be a MTU issue. I am wondering if there is a way to monitor the MTU and see if packets are being fragmented. Is there some sort of packet monitor? What is the best way to troubleshoot this problems?

Thanks.
0
Comment
Question by:sypder
  • 3
  • 2
6 Comments
 
LVL 3

Author Comment

by:sypder
ID: 17792237
Our VPN server has a static IP address (I believe this means we are not using PPPoE).
0
 
LVL 6

Accepted Solution

by:
austinstace earned 300 total points
ID: 17792302
Wireshark( http://www.wireshark.org/ ) is a network protocol analyzer. It's pretty flexible to filter out the packets you are looking for and provides some in depth information on them.

Stace
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17792674
Just because you have a static IP addresss does not mean you are not using PPPoE.  If you are using ADSL, SDSL or HDSL, you are using PPPoE.

Assuming you are using ADSL you do realize that this is Asymentical.  Meaning that you have to different speeds.  From you to the Internt (upstream) and from the Internet to you (downstream).    Genrally upstream is limited to 384 Kbps and downstream is anywhere from 786 Kbps up to 3 Mbps.  Something like:

                  |<------ 768 - 3000 Kbps -----|
     SERVER |                                              | Internet
                  |--------- 384 Kbps  -------->|


So if you have ADSL  you are limited to 384 Kbps from your VPN server to the Internet.   The more people you have connecting to the VPN server, the slower it will get.  The more data you are sending from the server side, the longer it will take.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 3

Author Comment

by:sypder
ID: 17793557
Yes, I am aware of ADSL. The performance is still much slower than it should be. 10 seconds to open a few line text file is pretty slow. We also have the "premium" DSL package.

Thanks for the PPPoE clarification.

I will take a look at wireshark now.
0
 
LVL 3

Author Comment

by:sypder
ID: 17793601
Thanks for the wireshark link. Basically, I had about 78 packets recorded, and saw quite a few errors like:

"This is a TCP duplicate ack"

I don't see anything about broken packets, but maybe I don't know where to look.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 17794895
You are most likely going to get packet fragmentation no matter what you do.

Say you have:

   "application server" <---- VPN Server ----> Internet <-----> Your PC

Most likely all of the devices are setup with a MTU of 1500.  However when you connect to the VPN server with your client, you create an virtual connection between your PC and the VPN server.  The data that flows in the tunnle is real IP packets.  These IP packets must fit within a "normal" IP packet.  Sort of like putting an letter in an envlope and then putting that envlope inside another envlope.

The problem is that the application sever does NOT know that there is a tunnle, so it sends out a 1500 byte packet.  So when the server sends out data (the letter) it puts it into an IP packet of 1500 bytes (the 1st envlope).  The VPN server must put that IP packet into a second IP packet (the 2nd envlope), but it can't put 1500 bytes into 1500 bytes, so it must break down the 1st packet ("tear up the 1st envlope into smaller pieces") and put into smaller packets.  This is what causes the fragmentation.  There is really no way to get around this without causing other perfromance problems.

What type of DSL do you have?  What is the speed?

How many people can also connect to the VPN sever?

Are you the person in charge of the VPN sever/network?
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question