Why is my VPN so slow?
May 14, 2010 10:09 AM Subscribe
Comcast and L2TP VPN tunnels: One location works great, the other not so much. Where am I going wrong?
One of the companies I work for has a semi-complicated networking setup that involves several Mikrotik routers connected via L2TP tunnels. The tunnels are used to propagate BGP information and for locations to access our co-located servers.
Locations are all using different internet connections. Here in PDX, we're using Stephouse wireless downtown and Comcast Business for the other three locations. Two of the Comcast-connected locations are working great. They have decent transfer speeds to the colo through the tunnel(5-8Mb/sec). The remaining location is only getting about .5-1.5Mb/sec.
The configuration is identical on all of the routers. MTU/MRU on the L2TP connections are all set to default and I'm seeing few transmit errors. I tried replacing the router as well, but nothing changed. The original equipment was put back in place.
I'm not quite at my wits end yet, but I am starting to wonder where I'm going wrong on this whole thing. We've tweaked the MRRU to specify a maximum packet size, but that only helped things marginally. Any ideas would be greatly appreciated.
Here are some technical details:
Colo router, Mikrotik RB450G w/ 2MB commit
Satellite routers are a mix of RB450G's and RB750's on business-class connections.
Let me know if any other details are needed.
One of the companies I work for has a semi-complicated networking setup that involves several Mikrotik routers connected via L2TP tunnels. The tunnels are used to propagate BGP information and for locations to access our co-located servers.
Locations are all using different internet connections. Here in PDX, we're using Stephouse wireless downtown and Comcast Business for the other three locations. Two of the Comcast-connected locations are working great. They have decent transfer speeds to the colo through the tunnel(5-8Mb/sec). The remaining location is only getting about .5-1.5Mb/sec.
The configuration is identical on all of the routers. MTU/MRU on the L2TP connections are all set to default and I'm seeing few transmit errors. I tried replacing the router as well, but nothing changed. The original equipment was put back in place.
I'm not quite at my wits end yet, but I am starting to wonder where I'm going wrong on this whole thing. We've tweaked the MRRU to specify a maximum packet size, but that only helped things marginally. Any ideas would be greatly appreciated.
Here are some technical details:
Colo router, Mikrotik RB450G w/ 2MB commit
Satellite routers are a mix of RB450G's and RB750's on business-class connections.
Let me know if any other details are needed.
Response by poster: I should have elaborated that the internet connection at that location is working fine. Downloads and speedtests are showing the connection running normally.
posted by tmt at 1:18 PM on May 14, 2010
posted by tmt at 1:18 PM on May 14, 2010
No direct solution but I would...
* sniff GRE packets at both ends and compare them
* make sure compression is happening with the slower link
* make sure the processor thats encrypting isn't being maxed out
* investigate those errors
I've only used l2tp for "roadwarrior" type vpns. I tend to prefer ipsec for always on/office to office stuff.
Good luck.
posted by rickim at 2:53 PM on May 14, 2010
* sniff GRE packets at both ends and compare them
* make sure compression is happening with the slower link
* make sure the processor thats encrypting isn't being maxed out
* investigate those errors
I've only used l2tp for "roadwarrior" type vpns. I tend to prefer ipsec for always on/office to office stuff.
Good luck.
posted by rickim at 2:53 PM on May 14, 2010
Response by poster: Rickim;
That's an interesting point. I'm not sure why L2TP was chosen for this specific example.
posted by tmt at 5:25 PM on May 14, 2010
That's an interesting point. I'm not sure why L2TP was chosen for this specific example.
posted by tmt at 5:25 PM on May 14, 2010
Response by poster: Problem was resolved by lowering the MRU by 40 bytes to 1420. MTU was left at 1460.
posted by tmt at 7:47 PM on May 14, 2010
posted by tmt at 7:47 PM on May 14, 2010
« Older What to do with all these almonds? | A ghost terrorizing my children is one thing; ..... Newer »
This thread is closed to new comments.
posted by anti social order at 11:04 AM on May 14, 2010