ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    VPN File Transfer Problems

    Scheduled Pinned Locked Moved Solved IT Discussion
    34 Posts 9 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • notverypunnyN
      notverypunny
      last edited by

      Appreciate the insights and advice, but just to be clear, my main point of concern is that I can get up to 10x the speed traversing the same VPN / ISP and network infrastructure when the server is on a 1G copper link in the data center as opposed to when the server is on a 10G fiber link in the data center. I'm fine with disparity from site to site and it's of course to be expected given different ISPs, network conditions and workloads at the different locations.

      I've done some iperf based testing on the issue already and have shown that raw wan speeds are acceptable and that I can get substantially more speed on iperf than with file transfer. I've also have seen that iperf on windows is garbage, the speeds are nowhere near what I'm getting on as close as I can get to a like for like comparison with linux.

      1 Reply Last reply Reply Quote 0
      • notverypunnyN
        notverypunny @1337
        last edited by

        @Pete-S said in VPN File Transfer Problems:

        Just as an example I had a problem with one VPN link that turned out to be a LACP problem on the switch.

        Do you recall what the LACP issue was? It's in-play in a couple of points along the path in the data-center.

        1 1 Reply Last reply Reply Quote 0
        • dafyreD
          dafyre
          last edited by

          If your servers have Intel or Broadcomm nicks in them, you may want to test disabling VMQ.

          DashrenderD 1 Reply Last reply Reply Quote 1
          • 1
            1337 @notverypunny
            last edited by 1337

            @notverypunny It was some kind of configuration error on the switch. I think the server tried to negotiate LACP while the switch didn't reply as it should and thought it was some kind of loop going on. Traffic would pass but intermittently. From the outside it looked like it worked but slower. Looking closer at packet captures there was a lot of unusual packets which is the reason we started to look at the switches. After reconfiguring the port from scratch everything worked, so I don't know exactly what it was.

            1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @dafyre
              last edited by

              @dafyre said in VPN File Transfer Problems:

              If your servers have Intel or Broadcomm nicks in them, you may want to test disabling VMQ.

              I thought that issue was fixed a while ago?

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @Dashrender
                last edited by

                @Dashrender said in VPN File Transfer Problems:

                @dafyre said in VPN File Transfer Problems:

                If your servers have Intel or Broadcomm nicks in them, you may want to test disabling VMQ.

                I thought that issue was fixed a while ago?

                In theory.

                1 Reply Last reply Reply Quote 0
                • dafyreD
                  dafyre
                  last edited by dafyre

                  The newest piece of gear I have is a Dell R730xd (purchased last year) and we had to disable it on that one. Server 2012 R2 as the host OS. I can't remember which NIC it has off the top of my head, but we did disable VMQ on all the network adapters in that system.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @dafyre
                    last edited by

                    @dafyre said in VPN File Transfer Problems:

                    Server 2012 R2 as the host OS.

                    That might be your issue right there. That's OLD.

                    dafyreD JaredBuschJ 2 Replies Last reply Reply Quote 0
                    • dafyreD
                      dafyre @scottalanmiller
                      last edited by

                      @scottalanmiller said in VPN File Transfer Problems:

                      @dafyre said in VPN File Transfer Problems:

                      Server 2012 R2 as the host OS.

                      That might be your issue right there. That's OLD.

                      mutters something about dumb vendors

                      1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @scottalanmiller
                        last edited by

                        @scottalanmiller said in VPN File Transfer Problems:

                        @dafyre said in VPN File Transfer Problems:

                        Server 2012 R2 as the host OS.

                        That might be your issue right there. That's OLD.

                        I believe it was supposedly fixed in Hyper-V 2016. Possibly in a patch for Hyper-V 2012 R2, but I still disable it out of habit.

                        It doesn't matter unless you have 10gigabit links I believe.

                        1 1 Reply Last reply Reply Quote 1
                        • 1
                          1337 @JaredBusch
                          last edited by 1337

                          @JaredBusch said in VPN File Transfer Problems:

                          @scottalanmiller said in VPN File Transfer Problems:

                          @dafyre said in VPN File Transfer Problems:

                          Server 2012 R2 as the host OS.

                          That might be your issue right there. That's OLD.

                          I believe it was supposedly fixed in Hyper-V 2016. Possibly in a patch for Hyper-V 2012 R2, but I still disable it out of habit.

                          It doesn't matter unless you have 10gigabit links I believe.

                          It was a driver problem, not an OS problem. Primarily Broadcom NICs which Dell often uses (because they cost less).
                          https://support.microsoft.com/en-us/help/2902166/poor-network-performance-on-virtual-machines-on-a-windows-server-2012

                          Anyway, it doesn't make much sense to use it anyway. Should use SR-IOV instead so the VM can talk directly to the hardware without the overhead of the hypervisor. For 10G and faster NICs.

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender
                            last edited by

                            That's right, this was a Hyper-V issue. Though the OP hasn't said what VM platform he's using.

                            I assumed Windows Server 2012 R2 was just a VM.

                            1 Reply Last reply Reply Quote 0
                            • ObsolesceO
                              Obsolesce
                              last edited by

                              I just need to comment because every time I start seeing the title of this topic, it looks like "Vile Transfer Problems" until I look directly at the title.

                              1 Reply Last reply Reply Quote 0
                              • notverypunnyN
                                notverypunny
                                last edited by

                                UPDATE:

                                Had a call with Fortigate support this AM and I'll be trying the following either later tonight or first thing tomorrow AM before anything important is happening on the network:

                                host-shortcut-mode {bi-directional | host-shortcut}
                                Due to NP6 internal packet buffer limitations, some offloaded packets received at a 10Gbps interface and destined for a 1Gbps interface can be dropped, reducing performance for TCP and IP tunnel traffic. If you experience this performance reduction, you can use the following command to disable offloading sessions passing from 10Gbps interfaces to 1Gbps interfaces:
                                
                                config system npu
                                
                                set host-shortcut-mode host-shortcut
                                
                                end
                                
                                Select host-shortcut to stop offloading TCP and IP tunnel packets passing from 10Gbps interfaces to 1Gbps interfaces. TCP and IP tunnel packets passing from 1Gbps interfaces to 10Gbps interfaces are still offloaded as normal.
                                
                                If host-shortcut is set to the default bi-directional setting, packets in both directions are offloaded.
                                
                                This option is only available if your FortiGate has 10G and 1G interfaces accelerated by NP6 processors.
                                
                                1 Reply Last reply Reply Quote 0
                                • notverypunnyN
                                  notverypunny
                                  last edited by

                                  WOOT WOOT!! this seems to have fixed things.

                                  Now if I could just get a decent ISP connection in Knoxville...

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @notverypunny
                                    last edited by

                                    @notverypunny said in VPN File Transfer Problems:

                                    WOOT WOOT!! this seems to have fixed things.

                                    Now if I could just get a decent ISP connection in Knoxville...

                                    Talk to @Phil-CommQuotes

                                    Phil-CommQuotesP 1 Reply Last reply Reply Quote 2
                                    • Phil-CommQuotesP
                                      Phil-CommQuotes @JaredBusch
                                      last edited by

                                      @JaredBusch @notverypunny

                                      I agree, talk to Phil! :upside-down_face:

                                      Thanks the shout out Jared.

                                      NVP, Message me the address and what you need and I'll work my magic.

                                      notverypunnyN 1 Reply Last reply Reply Quote 0
                                      • notverypunnyN
                                        notverypunny @Phil-CommQuotes
                                        last edited by

                                        @Phil-CommQuotes

                                        Hey Phil, I'll keep you in mind when we're shopping / renegotiating next time around. I don't think we can do anything in the short-term because if memory serves we're under contract for that site. Right now my issue isn't the cost but the line quality, and from what we've learned, regardless of who's billing, it's all the same infrastructure for the optical service so jitter and latency is likely to be the same regardless of what we do.

                                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                                        • Phil-CommQuotesP
                                          Phil-CommQuotes
                                          last edited by

                                          Sounds good to me, just keep in mind that there are always things we can do to solve quality issues and other problems my friend. Replacing an ISP may not be possible due to contracts but we can always supplement with low cost secondary / broadband services. Even LTE/LOS SAT has been able to bring substantial performance and stability enhancements when we leverage SD-WAN (type) devices to aggregate multiple connections to provide best path routing for critical traffic . Certainly changing or adding services in a contractual renewal phase is ideal but just don't think you are stuck if you truly need the help. If things are workable for now, waiting probably makes sense but if needs are urgent always a way to help (almost always I should say).

                                          And Knoxville has many enterprise ISP options so while it is highly possible it's all AT&T or whoever you are using now, there may be others. Happy to just poke around and show you some fiber maps if you want to get some inside scoops. I know we have used AT&T, Zayo, Centurylink, Hudson Fiber, WOW! and others there, but of course all depends on exactly where you are and what service level/budget you have (coax vx. fiber for ex).

                                          I'll be here if/when you need help 🙂

                                          1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @notverypunny
                                            last edited by

                                            @notverypunny said in VPN File Transfer Problems:

                                            @Phil-CommQuotes

                                            Hey Phil, I'll keep you in mind when we're shopping / renegotiating next time around. I don't think we can do anything in the short-term because if memory serves we're under contract for that site. Right now my issue isn't the cost but the line quality, and from what we've learned, regardless of who's billing, it's all the same infrastructure for the optical service so jitter and latency is likely to be the same regardless of what we do.

                                            This is a bad response.

                                            Contracts don't mean shit. You can always cancel. So what if you have to pay out some portion of the remaining contract (even 100%).

                                            Get real information and then do math. (FFS @scottalanmiller how many times did I say to math last week?)

                                            The RoI of a new solution may well be acceptable. Improved services lead to improved employee productivity. These are real numbers to management.

                                            Do not work in the bubble of IT.. IT is part of the business. All IT decisions have to be made in the context of the business as a whole. Not just current service costs X and new service costs Y.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 3
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post