Connections at 9600 bps (fwd)

Eric Henriksen eric_h at Earthlink.Net
Thu Oct 7 11:19:48 EDT 1999


Basha,
Please define 'line speed'.  I'm certain you don't mean that the bit rate of
the modem line kicks down when the VPN is up.  I assume you mean the the
effective throughput is significantly lower.  Please correct me if this is a
bad assumption.

This being the case, there are a number of factors contributing to lower
overall throughput in a VPN, versus clear channel data path:
The first is the packet overhead, as ESP adds both an ESP header as well as
a new IP header.
The second is the fragmentation typically associated with this
encapsulation.  Over dial lines, especially, you should make certain that
your MTU+ESP Header+IP Header is below that which the service provider will
frag your packets.  Run a ping to you VPN peer forcing the DF bit at varying
packet lengths and you'll see at what lengths they are requiring
fragmentation.  Make sure the total packet size, including IPSec overhead,
is less.
Third would be the processing of the 3DES or HMAC or AH algorithms on your
client plaftform.
Fourth is the throughput of the VPN server.  If it's software based with a
number of other VPNs connecting in, you should consider an embedded system
(hardware) solution.
Fifth, you may have a routing issue that is causing ICMP redirects to find
the path back to the other end of the VPN, as bounced off a default gateway.
I won't go into the details here, but make certain your routes behind the
VPNs forward the remote VPN IP packets to the local i/f of the VPN gateway.

Good luck,
Eric

----- Original Message -----
From: Tina Bird <tbird at listserv.secnetgroup.com>
To: <vpn at listserv.secnetgroup.com>
Sent: Thursday, October 07, 1999 3:33 AM
Subject: Connections at 9600 bps (fwd)


>
>
> ---------- Forwarded message ----------
> Date: Thu, 7 Oct 1999 10:21:32 +0530
> From: Basha <m_basha at againtech.com>
> To: 'VPN' <owner-vpn at listserv.secnetgroup.com>
> Subject: Connections at 9600 bps
>
> Hi everybody
> I have ordinary dialup connection thru which I have setup a VPN Server in
> Windows NT.
> The line speed is 56kbps.
> But when VPN client is connected to VPN Server the line speed of VPN
client
> is 9600bps.
> Can anyone help me how to increase the VPN client speed so that my client
> can access the server at faster rate.
>
> Mohamed Mohaideen Basha
> Again Technologies India Pvt Ltd
> Chennai
> India
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
owner-vpn at listserv.secnetgroup.com
>
> ****************************************************************
>

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************




More information about the VPN mailing list