Why is my VPN so slow?
May 14, 2010 10:09 AM   Subscribe

Comcast and L2TP VPN tunnels: One location works great, the other not so much. Where am I going wrong?

One of the companies I work for has a semi-complicated networking setup that involves several Mikrotik routers connected via L2TP tunnels. The tunnels are used to propagate BGP information and for locations to access our co-located servers.

Locations are all using different internet connections. Here in PDX, we're using Stephouse wireless downtown and Comcast Business for the other three locations. Two of the Comcast-connected locations are working great. They have decent transfer speeds to the colo through the tunnel(5-8Mb/sec). The remaining location is only getting about .5-1.5Mb/sec.
The configuration is identical on all of the routers. MTU/MRU on the L2TP connections are all set to default and I'm seeing few transmit errors. I tried replacing the router as well, but nothing changed. The original equipment was put back in place.
I'm not quite at my wits end yet, but I am starting to wonder where I'm going wrong on this whole thing. We've tweaked the MRRU to specify a maximum packet size, but that only helped things marginally. Any ideas would be greatly appreciated.

Here are some technical details:
Colo router, Mikrotik RB450G w/ 2MB commit
Satellite routers are a mix of RB450G's and RB750's on business-class connections.
Let me know if any other details are needed.
posted by tmt to Technology (5 answers total) 1 user marked this as a favorite
 
If you swapped the hardware at your end and the problem was the same, I'd start with the upstream provider. Do they have you throttled or on the wrong data plan? Is that segment congested?
posted by anti social order at 11:04 AM on May 14, 2010


I should have elaborated that the internet connection at that location is working fine. Downloads and speedtests are showing the connection running normally.
posted by tmt at 1:18 PM on May 14, 2010


No direct solution but I would...
* sniff GRE packets at both ends and compare them
* make sure compression is happening with the slower link
* make sure the processor thats encrypting isn't being maxed out
* investigate those errors

I've only used l2tp for "roadwarrior" type vpns. I tend to prefer ipsec for always on/office to office stuff.

Good luck.
posted by rickim at 2:53 PM on May 14, 2010


Rickim;
That's an interesting point. I'm not sure why L2TP was chosen for this specific example.
posted by tmt at 5:25 PM on May 14, 2010


Problem was resolved by lowering the MRU by 40 bytes to 1420. MTU was left at 1460.
posted by tmt at 7:47 PM on May 14, 2010


« Older What to do with all these almonds?   |   A ghost terrorizing my children is one thing; ..... Newer »
This thread is closed to new comments.