advancedmd
asked on
small tcp session packet on phone line
we have a 200mb connection to our office from XO communications and my home office has a 25/3mb connection from AT&T. when I connect to office using VPN I only get 1 - 3 mb connection. using iperf and working with the phone company we found that the bandwidth to each end is what it is suppose to be but the tcp session from XO comm. main office to my home office is only about 3mb at max and have to create 7 sessions to fill the bandwidth. of course VPN only uses 1 session so I only get 3mb at the most. can any one tell me what would cause the tcp session to max out at such a low rate?
ASKER
we are using a sslvpn and the data is sensitive so it must be encrypted.
as for the bandwidth, we were able to prove we were getting at least 20mb by running 7 sessions simultaneously so it is not a bandwidth issue. the problem is I need a single tcp session that will not be so small.
as for the bandwidth, we were able to prove we were getting at least 20mb by running 7 sessions simultaneously so it is not a bandwidth issue. the problem is I need a single tcp session that will not be so small.
ASKER
more info: we did some tests from a home office only 3 hops on phone line from office and he was able to get 90mb tcp session (of course he has a 100/100mb). But others we tested seem to have the same problem I did of getting anything from 1 - 3mb tcp session (more than 3 hops) . is it possible that a NNI (network to network connection) could cause this? and if so, is there any way to track it?
what kind of hardware is at each site?
ASKER
at the main office we have 2 sslvpn websites. one is using a juniper sa2500 and for the other we are using a Juniper mag410. at my home office I am just connecting to the internet using a AT&T uverse 2wire modem. the sslvpn sends some software to the pc and then they connect on the vpn. but laying all that aside, the test I was doing with the XO phone company, we just used the software iperf from the phone company main office to my house and that is where we saw the problem.
hmmm,
try a unrestricted packet from ofc to home, see what the speed is. also try from alt location to your home over the ssl packet.
are you sure att doesnt restrict a session of ssl to level out the cpu lead on there network, when they hand off the load.
if you can nail to ofc and home then bang.
if you can nail down your alt location to home and get 20MB you know its the home connection.
try a unrestricted packet from ofc to home, see what the speed is. also try from alt location to your home over the ssl packet.
are you sure att doesnt restrict a session of ssl to level out the cpu lead on there network, when they hand off the load.
if you can nail to ofc and home then bang.
if you can nail down your alt location to home and get 20MB you know its the home connection.
O.K, first can we all use the same speed specifications? Little 'b' is bits and big "B" is bytes. Some of you are using big B and some are using little 'b'. Example: 20MB is 20 million bytes per second, which is about what you would get on a 200 Mbps link.
Your home connection is 25mbps/3mbps and you stated the best you can get is 3mbps. I am assuming that is uploads as your upstream speed is limited to 3 Mbps.
If you ping a host on the other end of the VPN tunnel, what is the rtt latency?
Do you know what the MTU is on the VPN tunnel?
Your home connection is 25mbps/3mbps and you stated the best you can get is 3mbps. I am assuming that is uploads as your upstream speed is limited to 3 Mbps.
If you ping a host on the other end of the VPN tunnel, what is the rtt latency?
Do you know what the MTU is on the VPN tunnel?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No need to apologize. However what OS are you running? The newer Windows OS should be configured to use sliding TCP window sizes and not fixed at 65K, which improves through-put on high latency high speed link.s
ASKER
on office side I am running windows 8 pro and on home side I am running windows 7sp1. if it is sliding, how do you find out what size of packet you are transmitting?
First packet size and window size are two different things.
For packet size typically the default is 1500 bytes. To verify this you can issue the command:
ping -f -l 1472 x.x.x.x
where the x.x.x.x is the remote host's IP address. If you get a message about df bit being set and packet must be fragmented, or you get nothing back, then lower the 1472 by 2 until you get a successful ping.
For Window size that gets a bit more complex because it is a sliding window size.
You can look at:
http://technet.microsoft.com/en-us/library/cc938219.aspx
The information there should be the same for the two versions of Windows you are running.
The only issue is that your VPN client/server could be altering the TCP Window size, so you need to check both your real Interface and the VPN tunnel interface.
For packet size typically the default is 1500 bytes. To verify this you can issue the command:
ping -f -l 1472 x.x.x.x
where the x.x.x.x is the remote host's IP address. If you get a message about df bit being set and packet must be fragmented, or you get nothing back, then lower the 1472 by 2 until you get a successful ping.
For Window size that gets a bit more complex because it is a sliding window size.
You can look at:
http://technet.microsoft.com/en-us/library/cc938219.aspx
The information there should be the same for the two versions of Windows you are running.
The only issue is that your VPN client/server could be altering the TCP Window size, so you need to check both your real Interface and the VPN tunnel interface.
ASKER
the math confirms the bandwidth of 6mbps with latency of 75ms.
would a SFTP be better?
what is the data that is transferred? Sensitive?
Going over UNKNOWN space is a challenge and is tricky with variable of the "internet",