We recently purchased a new software R&D system to allow our offices in New Jersey and Canada to link up. In order...
to secure the data we setup VPN's for every computer connecting to the server at the main office. Everyone who connects using a VPN is complaining that the connection is very sluggish even though they all use DSL or a cable modem. Can you please give me some insight into how I can help these users connect faster? You don't say what type of VPN or VPN products you are using, and that can have A LOT to do with performance. Some possibilities that might or might not pertain to you include:
- Fragmentation - VPNs add headers onto existing packets. If the Maximum Transmission Unit (MTU) size is not adjusted, large packets that once just fit your MTU must be broken in two (fragmented), resulting in twice as many packets. In most cases, MTU path discovery automatically adjusts MTU size, but if fragmentation is your problem, decreasing MTU on your hosts can help.
- Lifetimes - When VPN tunnel lifetimes are very short, the overhead associated with establishing the tunnel can...
become noticeable to end users. If your users are sending very little traffic per tunnel, inactivity timeouts can also come into play. Keep alives and increased lifetimes can help if this is your problem.
- Encryption - Many VPN gateways can encrypt at link speed, particularly if using hardware encryption. However, low-end VPN gateways that perform encryption in software can become a bottleneck, particularly during heavy usage periods. If this looks like your problem, you might be able to use another cipher or shorter key and still meet your security needs. Alternatively, look at expanding your VPN gateway's capacity through hardware acceleration or load sharing.
To start diagnosing the problem, you really need to get a handle on what's going on. Record and compare interface statistics available at various points along the VPN path to spot bottlenecks, places where fragmentation may be occurring, or excessive error rates. Although VPN traffic is encrypted, packet analyzers can still be helpful to get "the big picture" on flow rates -- for example, comparing information captured on two sides of an intervening device that might be a bottleneck. If you can isolate where VPN traffic gets bogged down, you'll have a target for making improvements.
Dig Deeper on Network Access Control
Related Q&A from Lisa Phifer
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device ...continue reading
Whether you need a basic open source mobile device management tool for your company's Apple or Android devices, or something more customized, you ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.