Troubleshooting transmission slowness and packet retransmits could be a puzzling task, especially when it's over an IPsec tunnel.
Last week I had the opportunity to troubleshoot a problem with slow website loading times on a webserver across the link. It was difficult to troubleshoot as the site would appear intermittently and was slow to load. A ping or a telnet to the server on the side returned packets swiftly without any issues. I verified that the tunnel was up and was transmitting without any problems. Where could the problem be?
With a simple wireshark capture I found out that retransmissions were occuring very frequently. This was when I found out the packets were fragmented quite a bit and realized that the VPN concentrator had been set with a very small MTU. This was nasty, as it had almost been intentionally tampered with to create an effect of slowness. Such transmission slowness is extremely difficult to troubleshoot as there was no issue with the connectivity itself.
Here's a link with a detailed explanation on how MTU affects performance.
Friday, November 6, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment