VPN speeds

paddya · 22 Jun 2007 at 08:21

Sorry, not sure if anyone can help me. I'm getting users complaining of slow speeds in my office. I have a Head office in Exeter, remote office in Yeovil and Plymouth. Both remote offices run software off one of our Exeter ones via TS. I ran an Iperf test yesterday with Yeovil as the iperf server and my laptop here in Exeter as the client and got 360 transferred at 289 bandwidth. Reversed I got 216 and 155.

The broadband connection in Yeovil is running between 3-4mb and 3mb in Exeter. Online status's from the router page are 832000 Up and 2432000 Down in Exeter and 448000 Up and 4544000 Down in Yeovil.

Problem is that extra users have been added, which I'm assuming therefore has diminished the connection and I'm about to add a 3rd site into the equation.

We've had various people in with the options of Citrix, and bonding extra lines together in our Exeter office through a Wan box before going into our ISA box. and staying with TS. At the moment the VPN is going straight into our switch. Again I'm assuming that the issue is on our Exeter upload speed due to volume of people connecting in?

On a side not, something which I think has nothing to do with those speeds, our web link in Exeter slows down considerably over the course of the day. I can get download speeds of 300k in the morning, but 30k in the afternoon. Web browsing should be down to a minimum courtesy of the ISA box, but then someone must be doing something.

Sorry for the long post, just really hope you guys can help, constantly got the manager in Yeovil shouting because of the bad connection, but no-one can seem to pinpoint the problem and come up with a sensible solution.

Thanks

Ole Ftang · 22 Jun 2007 at 12:30

You have to isolate the cause of the issue to either internal or external first.

Is the TS server or any of the apps being accessed over TS being maxed out. I'd get Perfmon running on the TS server to monitor your memory, disk and processor activity. It could be something as simple as the disks running at max and the queues building up or not enough RAM for the TS sessions causing excess pageing and stressing the disks further.

If everything is ok on the inside then you can start to look at WAN links. The most likely cause is the upload speed from the site which houses the TS servers. The only way to fix that is to get more bandwidth by either SDSL or bonded lines. Citrix can compress the traffic slightly more effectively than TS but that is not enough of a reason to justify the extra expense if you already have a viable TS solution running. You would need the extra features which Citrix offers to make it worth the money. I have setup bonded ADSL solutions (4 x Nildram ADSL lines into a Cisco 2800 router) and it does work well for a fraction of the cost of SDSL and gave me a 4 fold increase in upload bandwidth in this case.

Your ISP may be able to provide you with figures for your bandwidth usage which would also be a great help.

Basically, you have to monitor everything to find the full picture.

paddya · 22 Jun 2007 at 13:01

Right well our ISP have admitted issues with regards our ADSL links so hopefully most of the problem is there. There isn't many people in our Yeovil office today and iperf jsut returned a bandwidth of 66kbits/sec......excellent, not.

I think we will go down the route of bonded lines as well, and split them off for different options with some form of WAN box. At the moment our VPN is coming right into our switch, configured before my time and I'm told incorrect. We have our web line coming into an ISA and told that ideally the VPN and Web should all come into a WAN box then the ISA.

Not sure on this though

Ole Ftang · 22 Jun 2007 at 14:01

Something worth keeping in mind is that with a bonded line solution it doesn't act like a single link at 32Mbps (if you had 4 x 8Mbps ADSL). What we found was that it works more like load balancing with the first connection using one line, the next connection on the second line, etc. Each user never gets more bandwidth than a single line can offer as their session is restricted to that single line and each line also ends up being used by more than one session.

You do get more bandwidth but it is actually 4 lines with a single internal gateway shared among the users.

Don't know what you mean by a WAN box so can't comment on that.

brocksta · 22 Jun 2007 at 14:15

Surely its a big security risk having the vpn going straight into the switch and not the ISA?

paddya · 22 Jun 2007 at 14:20

Yep.

Well the ISA was only recently installed by our IT support guys. The server only has 2 inputs, one of which is coming in from our web line and the other going out to our switch. Therefore, think we need something in between to accept more inputs