Solved

Help with tunnel bandwidth

Posted on 2009-06-30
6
1,137 Views
Last Modified: 2012-05-07
Dear expert I am confuse with physical actual size and  VPN tunnel bandwidth.For example office has  a T1 mpls ckt 1536. At this location we are using DMVPN tunnel with a bandwidth size of 512k. I had a report about slow performance, when I did a sho interface  the physical interface reliable tx load was 50/255 and rx load was 125/255 when I checked tunnel interface the tx load was 10/255 and  rx load was 255/255 I wonder if  this mean that the tunnel is rece  100% of traffic in the amount of 512k and any traffic over will be place in a buffer or dropped  until space is available, please explain as this office normally report slow perform any time when tunnel  tx or rx load is max out, once tunnel  tx or rx load is not max out office works fine. I also checked in concord ehealth and did notice if the graph for the physical interface is 50 % the tunnel will be at 100% do this mean 1005 of the 512k what is on tunnel interface bandwidth
0
Comment
Question by:rcollie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 24754359
Think of each direction, Tx and Rx, as a separate pipe. In a full duplex environment such as modern ethernet or ADSL, a composite utilization number is nearly useless or worse. Always look at each direction separately. 100% Rx utilization for anything other than a momentary burst will nearly guarantee performance problems and extensive packet loss, since the buffers in the network devices will surely become overrun in milliseconds or seconds, and packets then have no where to go but on the floor. Not only will you lose data inbound to you, but when ACKs for transmitted data are dropped, you will consume more Tx bandwidth with unnecesary retransmissions.

And you are correct in noticing that your physical interface utilization is of minimal value if your VPN pipe is rate-limited below your physical pipe. Only your vpn tunnel utilization will accurately reflect your network performance experience.

Your most cost effective choice to improve your network performance would be to analyze your traffic, determine which applications are critical and which are not, perhaps even by time of day, and shape your traffic accordingly. For instance, if your Rx traffic is primarily http responses to non-business related web browsing, use your firewall, router, or a proxy to limit hours of the day that open web browsing is permitted.

Your next choice is to increase bandwidth. But performing that traffic pattern analysis will benefit you no matter what.
0
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 24814751
How's your search for knowledge progressing, rcollie ? :)
0
 

Author Comment

by:rcollie
ID: 24831638
I need more info on the tunnel and how traffic is affected as I said when using some type of monitoring tool it show the physical interface not used that much but when I check the tunnel interface it shows it at 100 percent. I just need to be able to explain this before I show others output from monitoring tool
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 24898839
"...we are using DMVPN tunnel with a bandwidth size of 512k" Which carrier are you using? Most stateside carriers who provide this type of service offer management utilities as a part of your rate. They should have something optimized to show the actual bandwidth being utilized with respect to the bandwidth available in your rate limited tunnel. I thikn this should achieve your goal of displaying an accuraterepresentation of the tunnel utilization?
0
 

Author Comment

by:rcollie
ID: 24904774
Dear expert I have change tunnel bandwidth to equal the size of the physical circuit for example on the t1 1536 bw I have also set this value on tunnel now when I check concord it shows a more accurate readying . but I am still confuse on with tunnel banwidth if the tunnel was default 8k and I hard code bandwidth to 1536k in which example will the traffic flow through quicker or is it just routing metric that the bandwidth is use for
0
 
LVL 8

Accepted Solution

by:
Nothing_Changed earned 500 total points
ID: 24917725
depending on if you changed that bandwidth (not sure what commands you used?) in the T1 controller or in the VPN config or the router interface, you wither changed what size pipe the tunnel would max out at, or you changed a routing parameter that doesnt really affect actual performance at all, jsut how the router reports bandwidth used.

If it's a vendor provided vpn solution, and that vpn shares bandwidth with some voice circuits, your network changes , depending on where you make them, could impact your voice circuits. If it is a "bundle circuit" as some vendors call it, for instance.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New office setup 2 38
SSH setup on ASA 5505 17 126
VNC stopped working when I log off the PC connected via VPN 20 54
Fortigate: access IPSEC remote site over ssl-vpn 4 22
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question