Solved

small tcp session packet on phone line

Posted on 2014-03-13
12
335 Views
Last Modified: 2014-03-22
we have a 200mb connection to our office from XO communications and my home office has a 25/3mb connection from AT&T. when I connect to office using VPN I only get 1 - 3 mb connection. using iperf and working with the phone company we found that the bandwidth to each end is what it is suppose to be but the tcp session from XO comm. main office to my home office is only about 3mb at max and have to create 7  sessions to fill the bandwidth. of course VPN only uses 1 session so I only get 3mb at the most. can any one tell me what would cause the tcp session to max out at such a low rate?
0
Comment
Question by:advancedmd
  • 6
  • 3
  • 3
12 Comments
 
LVL 3

Expert Comment

by:Mutogi
Comment Utility
what are the VPN devices? how many connections are running thru the office to a faster downlink? your residential service is NOT sla guarantee and shared with the neighborhood, that's a variable. I use Comcast Biz class, with 100/25, i only get from the office that is SLA fiber of 100/100 and a cisco 5505a. the VPN thruput is about 7-10MB full, which is most i get. you may only get 2-3MB max on a good day. also the encrpyt the data over the VPN is a mild hit too.

would a SFTP be better?

what is the data that is transferred? Sensitive?


Going over UNKNOWN space is a challenge and is tricky with variable of the "internet",
0
 

Author Comment

by:advancedmd
Comment Utility
we are using a sslvpn and the data is sensitive so it must be encrypted.
as for the bandwidth, we were able to prove we were getting at least 20mb by running 7 sessions simultaneously so it is not a bandwidth issue. the problem is I need a single tcp session that will not be so small.
0
 

Author Comment

by:advancedmd
Comment Utility
more info: we did some tests from a home office only 3 hops on phone line from office and he was able to get 90mb tcp session (of course he has a 100/100mb). But others we tested seem to have the same problem I did of getting anything from 1 - 3mb tcp session (more than 3 hops) . is it possible that a NNI (network to network connection) could cause this? and if so, is there any way to track it?
0
 
LVL 3

Expert Comment

by:Mutogi
Comment Utility
what kind of hardware is at each site?
0
 

Author Comment

by:advancedmd
Comment Utility
at the main office we have 2 sslvpn websites. one is using a juniper sa2500 and for the other we are using a Juniper mag410. at my home office I am just connecting to the internet using a AT&T uverse 2wire modem. the sslvpn sends some software to the pc and then they connect on the vpn.  but laying all that aside, the test I was doing with the XO phone company, we just used the software iperf from the phone company main office to my house and that is where we saw the problem.
0
 
LVL 3

Expert Comment

by:Mutogi
Comment Utility
hmmm,

try a unrestricted packet from ofc to home, see what the speed is. also try from alt location to your home over the ssl packet.

are you sure att doesnt restrict a session of ssl to level out the cpu lead on there network, when they hand off the load.

if you can nail to ofc and home then bang.

if you can nail down your alt location to home and get 20MB you know its the home connection.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 57

Expert Comment

by:giltjr
Comment Utility
O.K, first can we all use the same speed specifications?  Little 'b' is bits and big "B" is bytes.  Some of you are using big B and some are using little 'b'.  Example: 20MB is 20 million bytes per second, which is about what you would get on a 200 Mbps link.

Your home connection is 25mbps/3mbps and you stated the best you can get is 3mbps.  I am assuming that is uploads as your upstream speed is limited to 3 Mbps.

If you ping a host on the other end of the VPN tunnel, what is the rtt latency?
Do you know what the MTU is on the VPN tunnel?
0
 

Accepted Solution

by:
advancedmd earned 0 total points
Comment Utility
first I want to apologize, I am getting 6mbps instead of 3mbps. second when I connect to the vpn locally I can get up to 100mbps. as for the upload or down load, I am testing on the download side where I can get up to 25mbps. But I think I found the answer about low rate on the session. I found an article on low bandwidth per thread. it show if you do the math, you will see that if you have latency of 75ms and you are transmitting window size of 64,512 bytes, you will only get approximately 6mbps on a single thread.  http://www.networkworld.com/community/node/35620#disqus_thread
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
No need to apologize.  However what OS are you running?  The newer Windows OS should be configured to use sliding TCP window sizes and not fixed at 65K, which improves through-put on high latency high speed link.s
0
 

Author Comment

by:advancedmd
Comment Utility
on office side I am running windows 8 pro and on home side I am running windows 7sp1. if it is sliding, how do you find out what size of packet you are transmitting?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
First  packet size and window size are two different things.  

For packet size typically the default is 1500 bytes.  To verify this you can issue the command:

     ping -f -l 1472 x.x.x.x

where the x.x.x.x is the remote host's IP address.  If you get a message about df bit being set and packet must be fragmented, or you get nothing back, then lower the 1472 by 2 until you get a successful ping.

For Window size that gets a bit more complex because it is a sliding window size.

You can look at:

http://technet.microsoft.com/en-us/library/cc938219.aspx

The information there should be the same for the two versions of Windows you are running.  

The only issue is that your VPN client/server could be altering the TCP Window size, so you need to check both your real Interface and the VPN tunnel interface.
0
 

Author Closing Comment

by:advancedmd
Comment Utility
the math confirms the bandwidth of 6mbps with latency of 75ms.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Connecting Networks with Routers 16 56
failover for second line 6 88
What is UDP port 389 used for? 5 61
Setup ADSL modem with Router 7 41
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now