Subject: Re: Slow transfer over cipe-tunnel
From: Peter van den Heuvel <peter,AT,bank-connect,DOT,com>
Date: Thu, 4 Jul 2002 10:46:35 +0200
In-reply-to: <PGECKJPBLAJIOKNLOFAIAECJECAA.davegb@pobox.com>

> XP - FW   --   Internet   --   FW - XP
>         1 Mbit         256 Kbit
>   Athlon 1Ghz             Intel Celeeron 500
You could run from a 486 FW. The 256 of course is the effective speed.

> I think that the speed of the FW:s and the link is enough. I've tested
> to minimise the services on the FW:s and made sure that there where no
> extra traffic over the FW:s. Bur the transfer is still slow?
Just verify that with vmstat or sar.

> Shouldn't I get almost the same transfer rate of a FTP-transfer inside
> the VPN as one FTP outside the VPN?
Close but slightly less of course. The TCP packets are UDP wrapped,
adding extra header info, increasing the amount of data somewhat.

> How could I check the UDP reply timeouts? Is there enything else I
> could check? Some configuration options for Cipe?
At least make sure ICMP is not blocked on any firewall. Various types
are realy required.

Also test every component in the chain (specially NIC's, links, routes).
Get some data on TCP and UDP throughput, reliability and latencies.
Packet loss will slow you down. But specially look at ICMP working.


