[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco VPN Client and system responce time

Posted on 2009-02-09
9
Medium Priority
?
620 Views
Last Modified: 2012-05-06
Hi,

I have a problem with Cisco VPN Client. When I'm in my company everything works fast and nice. When I'm using Cisco VPN Client remotelly regartless if it is a 512k or 5Mbps internet connections I always get very long responce time from the system. Starting from opening my documents (folder redirected to network share but also it is a "offline folder"), my computer, everyting. What can be done to make it work faster? I see that things get better when I use csccmd.exe to force offline mode. But when I have to access a network share I do have to make myself online and the problem is back.

Can you suggest something?

Thanks
0
Comment
Question by:kamsuj
  • 5
  • 4
9 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 23600226
How slow is "slow"?  Can you define in seconds?

Going over a VPN connection via a WAN will be slower than when you are on a LAN.  Your LAN is most likely 100 Mbps.  Even if your Internet connection is a "fast" 5 Mbps it is much slower than 100 Mbps.  They you have other factors that slow it down.  On your LAN latency is probably around 1ms.  On a Internet connection it will vary depending on how may hops there are between site you are at and the server site.  The higher the latency the slower the response will be.  You also have the overhead of encrypting and decrypting the traffic, which slows things down also.

When you have a 5 Mbps connection it is a true 5 Mbps or is it a broadband connection?  If broadband, then you have to also realize that most likely your speed is asymmetrical.  The 5 Mbps is from the Internet to you, the speed from you to the Internet is most likely somewhere between 384Kbps - 768 Kbps.  Which will affect your speed.  

When you are using a shared folder, all the traffic must go over the WAN and using shared folders has a lot of overhead.

It also sounds like you have these files in a "brief case", which means there is a copy locally and remotely.  When this is done, there is a constant stream of traffic to keep the files updated.  When you go to offline mode only the local files are accessed, the remote files are  left untouched.  When you go back online, the remote files must be synced with the local files.  If your upstream speed (from you to the Internet) is low and you have big files, it will cause performance problems.

Also, the VPN  server could be setup to throttle how much bandwidth you use so that a single VPN user does not use up all of the bandwidth.

To put it bluntly, remote access to files will be slower than local access.  Depending on a LOT of factors it could be a little slower or a LOT slower.

To do a directory listing on a shared folder the client (your PC) tells the server to give you a list of all the files in the folder.  Then for each file within the folder, it tells the server to tell you the information about the file (create date, last modified date, last access date, attributes, ect.).  There is a unique request for EACH file in the directory. So if you have 100 files, there are 100 unique requests.  
0
 
LVL 3

Author Comment

by:kamsuj
ID: 23604683
how slow is slow? hmm... i can agree that when i'm listening remote share that have 100 or 500 files it will be slow. But it takes about 20 to 30 secunds to open "my computer" which has 4 shares maped to drive letters and that is slow and i thing based on this that it should work faster.

As for connection speed i've tested connections from wimax which is asymetric 1 Mbps down and 128kbps up with latency about 150ms and professional "pipe" wirh symetric 10Mbps.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 23604858
What I would suggest is getting a packet capture (I use wireshark, www.wireshark.org) and do a packet capture on the VPN's virtual interface and see what is going on.  This will show how much traffic is flowing and hopefully where the delays are.

I will say in some of my VPN testing it can take 5-10 seconds to open my desktop with 3 mapped shares and that is in a LAB where the client, VPN server, file server, and DC's are all on 100 Mbps LAN connection with 1-2 ms latency.

    Client <-- switch 1 --> VPN server <-- switch 2 --> File server and DC.

So with it taking 5-10 seconds in the above setup, I can see it take 20-30 going across WAN connections that are slower and have higher latency, especially with 150 ms.

I will have to check, but I believe it takes 10-15 seconds for one of our remote offices to open "my desktop" with 2-3 mapped shares over a 768 Kbps symmetrical link and 100ms of latency.

Windows does a lot of "stuff" under the covers, which end up generating a lot of small little requests that really get bogged down when latency is anything above 50ms.




0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:kamsuj
ID: 23604902
ok will test tomorrow with wireshark. is it generally possible to make windows less "chatty" on slow links?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 23605516
Unfortunately there is no way to make Windows (NETBIOS) less chatty that I am aware of.
0
 
LVL 3

Author Comment

by:kamsuj
ID: 23605583
what about turning off netbios in a active directory environment?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 23606612
Well, "NETBIOS" does not always mean "NETBIOS".  When Windows disables "NETBIOS" it only disables pieces of it.  The piece is really turns of is the way that "NETBIOS" finds resources.  Turning this off tells the computers not to use NBNS (NETBIOS NAME Seaches) broadcasts or WINS to looks up names, only use DNS.

It still uses NETBIOS, well technically CIFS which is MS implementation of Server Message Block (SMB, a.k.a SAMBA) to get information about files and to transfer files using network shares.

Here is the Wikipedia on Server Message Block, which is SMB which is "pronounced" SAMBA, which is really what most people mean when they say NETBIOS.  It gives brief description of SMB and where NETBIOS, WinNFS, and CIFS come into play.

0
 
LVL 3

Author Comment

by:kamsuj
ID: 23609505
ok so turning off netbios will only allow me to find computers, shares using FQDN (or hosts file) but on the other hand will reduce broadcasts?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 23610661
It will reduce them some, but I don't think it will reduce them a whole lot.

A packet capture would show how many you send and receive.  However, over a VPN connection it should not be receiving a whole lot of broadcasts.

If you computers default domain name is the same as AD's domain name you can still just use the host name, but using FQDN would be a bit faster.  Using just the host name your computer will send two name look ups, one with just the host name, then one with your computers domain name appended to the end of the host name.  So you have to wait for the first one to fail before the second one is sent.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question