【 Weak current College 】 VPN connection speed drop, trouble up port mode

VPN network connection channel, is located on the Internet anywhere users can easily access to the unit's privacy information in the local area network; compared with traditional network access, VPN network connection network costs more economical, network security, and is very suitable for users of mobile office needs. However, the VPN network connection process, we may experience a wide range of new problems, faced with this problem we need to transform the ideas, the remedy in order to quickly solve these types of symptoms; it's not, I would have ever encountered a strange VPN connection speed drop down, now this article to remove the cause of the failure process of contribution out of tracking, hope that we can get some inspiration!

VPN connection slow

Recently, the Province Center new on a technology plan online reporting system, the system works in VPN network environment, the database is located in the Centre of a local area network file server, the municipal-level client users can connect through VPN network access through Web, declared. At run time, the authors found that access to the online reporting system is very slow, sometimes even on a simple system logon page to take a long time; I estimate that this will certainly have a place in the middle of the problem, then call center agents in, ask about their technology plans online declaration system software development in the presence of any restrictions, other engineers after some careful check test, replied that the system in the software settings, there are no restrictions, and other city of users can access this system. Since this system does not have a problem, it is my organization's local area network to provincial center between the time the network problem?

Author units of local area network is a simple two-tier structure, each of the offices of computer via 100M twisted pair connected to the LAN of the second layer switches, ordinary Layer II switch connect directly with the hardware firewall and the firewall comes with routing features for shared Internet access, hardware firewall connection is broadband access device, the device through 2M fiber-optic lines and Internet network connection and local area network in which all computers are using a static IP address on the Internet. Province Center network structure base and author units in the same LAN network structure, both the LAN through the respective hardware firewall to create the VPN network channels, and various municipal users need access to the technology plan online reporting system, the deployment is installed in a provincial Center LAN filer.

Tracking down the cause of the failure

Because the author units LAN and provincial centre a VPN connection between a local area network channel is created by a hardware firewall, reasonably, it network transmission speed is faster than a software firewall, VPN network connection that corresponds to the speed should be soon. To this end, I intend to start from the local area network; I find on your own computer, click the "start"/"run" command in the pop-up system run dialog box, enter the string command "ping10.172.168.1" (which is the local LAN 10.172.168.1 gateway address), click the Enter key, the author from subsequently returned results information, find ping value is 1ms, this indicates the local LAN Gateway can be a normal visit. Then use the ping command to test the local ISP units assigned to the author's wide area network port address, test results indicate that everything is normal, but half-way nor stealthily substituting, breaks in the local area network to a local ISP between the time line is normal, it also means that a local area network without any problems.

Next, I started to use the ping command to test center connection in the network corresponds to the WAN port address, from the results returned to the ping value reached 20ms, however this period no packet loss, off line of the phenomenon, the description from the author of LAN to the provincial center of WAN connection is not present any problems; to continue to use the ping command to test the Province Center LAN gateway address, the author found that the test results to 50ms, while in the test procedure in the data packet, off line, it seems that provincial centres of the WAN port address to the gateway address problems between; but this section of the network channel contains the transmission medium mainly hardware firewall devices, broadband access equipment and network twisted pair, is one of the problems?

Think of this, I immediately contacted provincial Center technical staff, urge them to connect broadband access equipment and hardware firewall device between the network and twisted-pair replaced in a network cable, I continue to use the ping command to test the Province Center gateway address to find the return result still and last, this shows that there is no network twisted pair, and that now the problem is nothing more than a hardware firewall devices, broadband access equipment.

Due to provincial centers and various municipal units are connected to the network, use of equipment almost always the same model of the device, and they are one-time purchase back, reasonably, their work performance or almost, as this author request Province Center technical staff for help with other city of equipment replacement about possible problems of broadband access devices, in the alternative if the function succeeds, I once again had a ping test, to observe the Province Center LAN gateway address is normal ping Tung, found or not, this indicates the problem is not caused by broadband access equipment. This can be funny, should problems arise in hardware firewall devices?

Consider a hardware firewall device just bought there is not a long time, I estimate the quality of the hardware device is not present any problems, questions will not appear in the parameters settings?, I had to make a last resort Province Center staff log in to the hardware firewall device in admin interface, which recorded a number of important parameters, then the author then and he controlled the local LANNetwork firewall related parameters, see parameters settings if you have a problem. Sure enough, the efforts were not in vain, in view of the hardware firewall device port parameter, the Province Center staff found hardware firewall device and the second layer switch between port mode is set to 100 m, full-duplex mode, and hardware firewall devices and broadband access devices to connect port mode is set to Adaptive mode; however, the authors found that a local area network using hardware firewall device, the local area connection port and WAN connections port mode is set to 100 m, full-duplex mode, it is this different, resulting in a decline in VPN connection speed?

Resolve symptom

The author has access to this hardware firewall parameters statement found in the default state of the firewall's LAN connection port and WAN connections port work modes in Adaptive State, but in the actual network, I clearly remember these ports should all be set to 100 m, full-duplex mode status, then why the provincial center of a port of a hardware firewall is 100 m, full-duplex mode status, another port is in Adaptive mode status?, is probably the work of staff in the forgotten in the parameters to modify settings; therefore, the author requests, Centre staff, the corresponding hardware firewall WAN connections to port work mode from Adaptive state changes into 100 m, full-duplex mode, when you modify operation is finished, I continue to use the ping command to test the Province Center gateway address, and this time I saw clearly not the same as the test results: ping test values from previous 50ms turned to 30ms, but during testing and no data loss, off line.

At this point, free from the local LAN in a single computer, visit the provincial center of online reporting system, the results open in speed. At this point, the VPN connection speed decrease symptoms were successfully resolved.

Final summary

Carefully review the troubleshooting process, the author believes that the resolution of network failure away some detours, mainly I simply think that provincial centres and local area network using network structure almost all the same, and the major network equipment are centralized purchasing, and after the consolidated configuration, so there is no doubt that the differences between them. In fact, due to the negligence of the staff, resulting in a provincial center hardware firewall wide area network connection speed and LAN connection speed does not match; we all know, when the connection port and works in 100 m, full-duplex mode, hardware firewall at the same time data receive operation and send operations, and when the connection port and works in Adaptive mode, the hardware firewall is often not conducted data receive operation and the send operation, so that the VPN connection speed will decrease.