Solved VPN File Transfer Problems
-
If your servers have Intel or Broadcomm nicks in them, you may want to test disabling VMQ.
-
@notverypunny It was some kind of configuration error on the switch. I think the server tried to negotiate LACP while the switch didn't reply as it should and thought it was some kind of loop going on. Traffic would pass but intermittently. From the outside it looked like it worked but slower. Looking closer at packet captures there was a lot of unusual packets which is the reason we started to look at the switches. After reconfiguring the port from scratch everything worked, so I don't know exactly what it was.
-
@dafyre said in VPN File Transfer Problems:
If your servers have Intel or Broadcomm nicks in them, you may want to test disabling VMQ.
I thought that issue was fixed a while ago?
-
@Dashrender said in VPN File Transfer Problems:
@dafyre said in VPN File Transfer Problems:
If your servers have Intel or Broadcomm nicks in them, you may want to test disabling VMQ.
I thought that issue was fixed a while ago?
In theory.
-
The newest piece of gear I have is a Dell R730xd (purchased last year) and we had to disable it on that one. Server 2012 R2 as the host OS. I can't remember which NIC it has off the top of my head, but we did disable VMQ on all the network adapters in that system.
-
@dafyre said in VPN File Transfer Problems:
Server 2012 R2 as the host OS.
That might be your issue right there. That's OLD.
-
@scottalanmiller said in VPN File Transfer Problems:
@dafyre said in VPN File Transfer Problems:
Server 2012 R2 as the host OS.
That might be your issue right there. That's OLD.
mutters something about dumb vendors
-
@scottalanmiller said in VPN File Transfer Problems:
@dafyre said in VPN File Transfer Problems:
Server 2012 R2 as the host OS.
That might be your issue right there. That's OLD.
I believe it was supposedly fixed in Hyper-V 2016. Possibly in a patch for Hyper-V 2012 R2, but I still disable it out of habit.
It doesn't matter unless you have 10gigabit links I believe.
-
@JaredBusch said in VPN File Transfer Problems:
@scottalanmiller said in VPN File Transfer Problems:
@dafyre said in VPN File Transfer Problems:
Server 2012 R2 as the host OS.
That might be your issue right there. That's OLD.
I believe it was supposedly fixed in Hyper-V 2016. Possibly in a patch for Hyper-V 2012 R2, but I still disable it out of habit.
It doesn't matter unless you have 10gigabit links I believe.
It was a driver problem, not an OS problem. Primarily Broadcom NICs which Dell often uses (because they cost less).
https://support.microsoft.com/en-us/help/2902166/poor-network-performance-on-virtual-machines-on-a-windows-server-2012Anyway, it doesn't make much sense to use it anyway. Should use SR-IOV instead so the VM can talk directly to the hardware without the overhead of the hypervisor. For 10G and faster NICs.
-
That's right, this was a Hyper-V issue. Though the OP hasn't said what VM platform he's using.
I assumed Windows Server 2012 R2 was just a VM.
-
I just need to comment because every time I start seeing the title of this topic, it looks like "Vile Transfer Problems" until I look directly at the title.
-
UPDATE:
Had a call with Fortigate support this AM and I'll be trying the following either later tonight or first thing tomorrow AM before anything important is happening on the network:
host-shortcut-mode {bi-directional | host-shortcut} Due to NP6 internal packet buffer limitations, some offloaded packets received at a 10Gbps interface and destined for a 1Gbps interface can be dropped, reducing performance for TCP and IP tunnel traffic. If you experience this performance reduction, you can use the following command to disable offloading sessions passing from 10Gbps interfaces to 1Gbps interfaces: config system npu set host-shortcut-mode host-shortcut end Select host-shortcut to stop offloading TCP and IP tunnel packets passing from 10Gbps interfaces to 1Gbps interfaces. TCP and IP tunnel packets passing from 1Gbps interfaces to 10Gbps interfaces are still offloaded as normal. If host-shortcut is set to the default bi-directional setting, packets in both directions are offloaded. This option is only available if your FortiGate has 10G and 1G interfaces accelerated by NP6 processors. -
WOOT WOOT!! this seems to have fixed things.
Now if I could just get a decent ISP connection in Knoxville...
-
@notverypunny said in VPN File Transfer Problems:
WOOT WOOT!! this seems to have fixed things.
Now if I could just get a decent ISP connection in Knoxville...
Talk to @Phil-CommQuotes
-
I agree, talk to Phil! :upside-down_face:
Thanks the shout out Jared.
NVP, Message me the address and what you need and I'll work my magic.
-
Hey Phil, I'll keep you in mind when we're shopping / renegotiating next time around. I don't think we can do anything in the short-term because if memory serves we're under contract for that site. Right now my issue isn't the cost but the line quality, and from what we've learned, regardless of who's billing, it's all the same infrastructure for the optical service so jitter and latency is likely to be the same regardless of what we do.
-
Sounds good to me, just keep in mind that there are always things we can do to solve quality issues and other problems my friend. Replacing an ISP may not be possible due to contracts but we can always supplement with low cost secondary / broadband services. Even LTE/LOS SAT has been able to bring substantial performance and stability enhancements when we leverage SD-WAN (type) devices to aggregate multiple connections to provide best path routing for critical traffic . Certainly changing or adding services in a contractual renewal phase is ideal but just don't think you are stuck if you truly need the help. If things are workable for now, waiting probably makes sense but if needs are urgent always a way to help (almost always I should say).
And Knoxville has many enterprise ISP options so while it is highly possible it's all AT&T or whoever you are using now, there may be others. Happy to just poke around and show you some fiber maps if you want to get some inside scoops. I know we have used AT&T, Zayo, Centurylink, Hudson Fiber, WOW! and others there, but of course all depends on exactly where you are and what service level/budget you have (coax vx. fiber for ex).
I'll be here if/when you need help
-
@notverypunny said in VPN File Transfer Problems:
Hey Phil, I'll keep you in mind when we're shopping / renegotiating next time around. I don't think we can do anything in the short-term because if memory serves we're under contract for that site. Right now my issue isn't the cost but the line quality, and from what we've learned, regardless of who's billing, it's all the same infrastructure for the optical service so jitter and latency is likely to be the same regardless of what we do.
This is a bad response.
Contracts don't mean shit. You can always cancel. So what if you have to pay out some portion of the remaining contract (even 100%).
Get real information and then do math. (FFS @scottalanmiller how many times did I say to math last week?)
The RoI of a new solution may well be acceptable. Improved services lead to improved employee productivity. These are real numbers to management.
Do not work in the bubble of IT.. IT is part of the business. All IT decisions have to be made in the context of the business as a whole. Not just current service costs X and new service costs Y.
-
@JaredBusch said in VPN File Transfer Problems:
Contracts don't mean shit. You can always cancel. So what if you have to pay out some portion of the remaining contract (even 100%).
This is a specific case of the general case "sunk cost fallacy". What Jared is pointing out is that we tend to see a cost already spent (or already committed to) as being a lock in for that vendor or service. But even when that still exists, it's all still just math and in the long run, we often miss financial opportunity because we assume that money already spent is better than money saved in the future.
-
@scottalanmiller said in VPN File Transfer Problems:
@JaredBusch said in VPN File Transfer Problems:
Contracts don't mean shit. You can always cancel. So what if you have to pay out some portion of the remaining contract (even 100%).
This is a specific case of the general case "sunk cost fallacy". What Jared is pointing out is that we tend to see a cost already spent (or already committed to) as being a lock in for that vendor or service. But even when that still exists, it's all still just math and in the long run, we often miss financial opportunity because we assume that money already spent is better than money saved in the future.
I've cancelled a $13k T1 service less than a week after it was turned up because coax became available. FYI, Charter can KMA for not telling me they were building out when I asked. Because they certainly had to know it.
But still, client didn't care. they cancelled it. Sucked to eat the cancellation fees. But 1.5/1.5 versus 80/10? When this was a remote branch office that needed to use everything via RDP and shares across the VPN? Yup cancelled.
Edit:
This also enabled the ability to add them to the hosted PBX system, so their other telecom costs dropped by losing POTS lines, and also interoffice calling went to free.See how nothing works in a bubble?
Edit 2: This was before I met @Phil-CommQuotes.. So much better now that I don't have to deal with this.
