?
Solved

3Com VPN problem - Terminal server, citrix SQL traffic slow or fails

Posted on 2009-02-18
9
Medium Priority
?
338 Views
Last Modified: 2012-05-06
Hi, I have been searching the KB but I have not found an answer.

I have 3 3Com routers.  Network A, (corporate headquarters) is an MSR20-40 with several connections.

Branch office 1 i(Network B) is connected with a Point to Point t-1 between the MSR20-40 at network A and 3Com 30-16 at network B.  This connection works perfectly.  It is fast and reliable.  It is used to connect SQL, Citrix, and Exchage servers to clients at the branch office.

Branch office 2 (Network C) is connected via a VPN tunnel.  The router at Network C is a 3Com 30-40.  The endpoint of the tunnel at Network C is a DSL connection.  The endpoint of the same VPN at Network A is the ethernet 1 interface. The tunnel is used for the same services as the point to point t-1 between Network A and Network B (SQL, Citrix, Exchange)

The problem that I am having is that the connection between Network C and my Citrix Server at Network A will intermittantly become slow or timeout.  The same is true for RDP traffice to the same Citrix server.  If I force the traffic to not use the VPN tunnel by tweaking DNS, it will work fine.  If I connect to a different server at Network A using RDP, it will work fine.  Also, lately I have had users experience timeouts connecting to the SQL server at Network A.  It seems as though the problem is only happening through the VPN tunnel.

3com tech support is a bit stumped and they are investigating possible QOS issues. (I have QOS rules in place to expidite Citrix traffic).

Has anybody had any experience with intermittant issues on a 3Com VPN like this?

I can supply router configs & visio drawing if necessary.

Thanks,

Jim

0
Comment
Question by:JMerical
  • 7
  • 2
9 Comments
 
LVL 7

Expert Comment

by:Maeros
ID: 23682763
Check the network throughput and load on the appliances using the VPN tunnel during the problem times and see if there is any consistency in throughput between problem times and clear times.  If the problems only occur during periods where there is a higher throughput, then there is a good chance that the networking hardware is being pushed at its limits.  Throughput limits on the hardware will always be lower with VPN instead of regular traffic due to the extra processing and memory required by the hardware to encrypt/decrypt and encapsulate the traffic.  Between SQL, Citrix, and Exchange, you'll get a lot of traffic for the hardware to secure.
0
 

Author Comment

by:JMerical
ID: 23683046
Good point.  I will run some tests today.  I am assuming that you are speaking of the two routers when you say "appliances", and not referring to the Citrix, SQL & Exchange servers. In testing thus far, it does not look like the problem occurs during normally heavy load times, but I will find a way to measure traffic volume going across the VPN and load on the routers during good and bad periods.  

The interesting thing is, that if I redirect the Citrix or RDP traffic to use the public IP address, I am actually using the same physical interfaces as the VPN, and response times are fast.  Do you think that the VPN could be adding so much extra load on the router?  
I will check the loads & post info as soon as I get numbers on good and bad periods.
Thanks,

Jim
0
 

Author Comment

by:JMerical
ID: 23694272
I am stil working on some conclusive test results, but initial tests indicate the the processors are well under their limits.

I will setup some SNMP management on the routers today to monitor bandwidth usage and process usage.

JIm
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 7

Expert Comment

by:Maeros
ID: 23698281
If you can, also look at the memory usage as well for the network appliances.  Those tend to be culprits as well.

If you are redirecting through the public IP address without using the VPN, then you have definitely isolated something.  

For network throughput, there are two values: standard max throughput and VPN throughput.  Every device with VPN has these two values, and the VPN throughput is always smaller (sometimes by a significant margin) than the standard max throughput.  Also note that in terms of network throughput, the max throughput in the appliance's specs are only theoretical maximums - there will always be overhead involved, and what is written on paper never quite makes it in the real environment.
0
 

Author Comment

by:JMerical
ID: 23700513
Good point.  I will setup the SNMP monitor to watch memory usage on the routers too.

Thanks for the good ideas.  I will update on Monday as soon as I have some data.

Jim
0
 

Author Comment

by:JMerical
ID: 23749436
I finally got some statistics & found that both CPU and memory utilization were low during the problem times.  last night I took the backbone switch back to factory settings to get rid of some QOS programming that had been done in it.  

I also noticed that if I changed the IP address of my Citrix server, then I could get connected to it just fine, even during the problem times. Very strange.  It seems as though when the problem is happening, it follows the IP address.  This makes me suspect some config issue in the router, as there is QOS setup to expidite traffic to & from the IP address of the Citrix server.
0
 

Author Comment

by:JMerical
ID: 23777239
After further testing I have found that traffic across the VPN to my SQL server is also slow or times out.  The strange this is that sometimes the problem accessing the SQL server is sometimes durint the Citrix issue, but othertimes independent.

3Com has sent a new router to replace one end & I will install it today, but I am not holding out much hope that this will make a difference.

If anybody has any suggestions - I am open ...

Thanks,

Jim  
0
 

Author Comment

by:JMerical
ID: 23876379
The router on one end has been replaced, and the router on the other end has been updated to the latest operation system.  

Problem still persists.

I am curently setting up some SNMP on all router and switches to see if we can find anything strange while the problem is happening.

Jim Merical
0
 

Accepted Solution

by:
JMerical earned 0 total points
ID: 23960213
To date, I have found issues with SQL, Exchange Citrix and FTP traffic as noted above.  I have bee able to determine that traffic works fine if I am not going through the VPN.  

3com is still looking into why the VPN performance is so bad/failing.

Does anybody have any further comments before I close this question?

Thanks in advance,

Jim Merical
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question