Optimize TCP for vpn connection

[besmart]

i created vpn between two machines:
-server windows 2000 connected to adsl router with speed 1 mbps. (running oracle database)
-and remote client windows xp sp2 connected to usb wireless adsl connection (about 1 mbps)


here is an initial test for server windows 2000
« SpeedGuide.net TCP Analyzer Results »

IP address: xx.xx.xxx.xxx
Client OS: Windows 2000

TCP options string: 020405ac01010402
MSS: 1452
MTU: 1492
TCP Window: 64240 (NOT multiple of MSS)
RWIN Scaling: 0 bits
Unscaled RWIN : 64240
Recommended RWINs: 63888, 127776, 255552, 511104, 1022208
BDP limit (200ms): 2570kbps (321KBytes/s)
BDP limit (500ms): 1028kbps (128KBytes/s)
MTU Discovery: ON
TTL: 112
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)

can you assist me in optimizing TCP parameters on both machines to get the best performance using tcp optimizer.
thanks

[Philip]

I'd use one of the recommended RWIN values, possibly 63888 with only 1Mbps of bandwidth. Seems you've already tweaked it somewhat, as your current RWIN is not the Windows default.

Other than that, just apply the "optimal" Optimizer settings and see how it performs.

[besmart]

thanks for reply,
i will try optimal and feedback results.
Should i upgrade windows 2000 to windows 2003 to get benefit from enhancement of TCP, or i can continue running with windows 2000.

[YeOldeStonecat]

Make sure you make backups of the registry before each change. Once you start playing with "Server" operating systems, and programs designed to run across a LAN, and VPNs...you'll find as you try to "tweak"....some things may break on you. IMO Servers, when used in production, should be left alone, just follow best practices.

With VPNs.."a chain is only as strong as its weakest link". With broadband, it's usually asymmetrical...meaning download is must higher than your upload. Example...a 1,500/256 connection. Say you have a VPN tunnel in between two locations each with a 1,500/256 connection...the VPN tunnel will be, at the most, 256. Actually quite a bit less factoring in overhead.

Hardware VPN tunnels perform better than software VPN tunnels....and different quality/brands of hardware perform better than others.

[besmart]

@Philip
Result Feedback

before applying optimum setting , the speed test is:
« SpeedGuide.net Speed Test Results »
123 kbps down (~0.12 Mbps, 15 KB/s)?
176 kbps up (~0.18 Mbps, 21 KB/s)?
500 KB downloaded in 33.337 seconds
100 KB uploaded in 4.661 seconds
Tested on: 2011.09.26 14:37 EDT
Tested from: speedguide.net

--------------
After applying Optimum setting, rebooting

« SpeedGuide.net Speed Test Results »
268 kbps down (~0.27 Mbps, 33 KB/s)?
180 kbps up (~0.18 Mbps, 22 KB/s)?
1024 KB downloaded in 31.257 seconds
100 KB uploaded in 4.56 seconds
Tested on: 2011.09.26 14:45 EDT
Tested from: speedguide.net


The performance was doubled as a magic
thanks for help and support

@YeOldeStonecat
Thanks for your advice and i will take into account

[besmart]

More Questions
q1-When i optimize TCP , is it valid for LAN / Internet Connection, or i should apply custome setting for each?
q2- Is TCP setting is applied for all NICs on the machine?
q3-I can not run mtu/lattency test from within tcp optimizer for a machine connected to ISA 2006 , what can i do?

[RaisinCain]

i created vpn between two machines:
-server windows 2000 connected to adsl router with speed 1 mbps. (running oracle database)
-and remote client windows xp sp2 connected to usb wireless adsl connection (about 1 mbps)


here is an initial test for server windows 2000
« SpeedGuide.net TCP Analyzer Results »

IP address: xx.xx.xxx.xxx
Client OS: Windows 2000

TCP options string: 020405ac01010402
MSS: 1452
MTU: 1492
TCP Window: 64240 (NOT multiple of MSS)
RWIN Scaling: 0 bits
Unscaled RWIN : 64240
Recommended RWINs: 63888, 127776, 255552, 511104, 1022208
BDP limit (200ms): 2570kbps (321KBytes/s)
BDP limit (500ms): 1028kbps (128KBytes/s)
MTU Discovery: ON
TTL: 112
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)

can you assist me in optimizing TCP parameters on both machines to get the best performance using tcp optimizer.
thanks

First thing to do is update the XP SP2 machine to SP3 and run Windows Update.

[YeOldeStonecat]

More Questions
q1-When i optimize TCP , is it valid for LAN / Internet Connection, or i should apply custome setting for each?
q2- Is TCP setting is applied for all NICs on the machine?
q3-I can not run mtu/lattency test from within tcp optimizer for a machine connected to ISA 2006 , what can i do?

You could select just one adapter, or you could select all the ones installed on your computer.
ISA wasn't processor and RAM, again..I would make a backup before trying to change things, because the ISA proxy client (that runs in your systray) may have issues.

[besmart]

... because the ISA proxy client (that runs in your systray) may have issues.

I installed ISA client , and every thing is good

[YeOldeStonecat]

Upgradation of windows as such is not required for the enhancement of TCP as its function is not correlated to the version.

TCP did change across different versions of Windows. The stack in Windows 7 is quite different from that in XP which is quite different from that in 9X.

[besmart]

So, I should upgrade server windows 2000 to windows 2003 (windows 2008 not compatible with current applications) to get benefit of TCP enhancement

[YeOldeStonecat]

I'd upgrade out of 2000 because 2000 has been dropped for support, and 2003 adds more features and security. Performance differences aren't big enough to spend time on..if at all. Weren't you going to terminal server for a solution though?

[besmart]

The Objective is minimizing cost of communication lines per year and get high performance

I will go to terminal service , still under study:
- which: Windows TS ,citrix or other.
- I think that i need also vpn , so i study AscenLink appliance that play two roles: load balancer for two ADSL lines and VPN (http://www.xtera.com/content/products/w ... /ascenlink)
- The suitable speed for ADSL lines: is 2 lines * 2mbps in main office , and 1mbs for branches are suitable
Can i get numbers?

updating windows 2000 sure as you suggest.
Current number of users are 5

I need your suggestion to that solution or best Environment for implementation of terminal service

[YeOldeStonecat]

My approach would be using Server 2008 Published Applications....through a VPN tunnel. Since 2008 isn't supported by this software (I'm shocked...any software company that has a product out now that won't support Server 2008 environment...WOW...time to catch up with the times). So drop down to Server 2003 Terminal Server.

As for how much horsepower to run the terminal server on...how many users at all the satellites combined....will be using it at the same time? Use this number and refer to documentation for this application....they usually have guidelines.

Could even use the same new server hardware...install VMWare on it, install the terminal server as one guest, and to a P to V with the 2000 server to run it as the second guest. So one physical server running both of those guests. Retire the old server hardware.
To keep costs down...plenty of good open sourced apps out there, PFSense, Untangle....do run rock solid and fast VPN tunnels with.

[besmart]

Thanks YeOldeStonecat , you are very helper and do the best.

Using terminal service 2003 may be the choice due to compatability issues of software.
OpenVpn is my favorite choice.
I created lab test using vmware and make POC for the solution.