Documentation Downloads Knowledge How-To Hub Forums Cases Assets Warranty
Skip to main content
anthony_rielly

32 Messages

 • 

694 Points

Fri, Nov 13, 2020 3:53 AM

Slow AP<=>ZD tunnel WAN performance.

I have a couple of cross-town WAN links which currently use an OpenVPN tunnel.

LAN <=> OpenVPN <==== 35ms ====> OpenVPN <=> R600

I get basically full wire speed from this setup (>200Mbps).

I'd like to replace the OpenVPN boxes with an LWAPP tunnel from the R600 to my ZD1100.

I did some testing locally...

LAN <=> ZD1100 <=> R600(Tunnel)

...and I get 39 Mbps. This is fine. I only need maybe 16Mbps.

But when I put the R600 at the remote sites...

LAN <=> ZD1100 <=> NAT <==== 35ms ====> NAT <=> R600(Tunnel)

...I get 7.5 Mbps. 

Is there any setting I can tweak to improve throughput? I have ZD1200s and R610s I can swap in if that would help, but obviously don't want to go through the upgrade pain if the root cause is that LWAPP just doesn't like any latency. I don't want to subscribe to SmartZone - I'd rather just keep the OpenVPN boxes.

Question

 • 

Updated 

2 months ago

34

3

0

Responses

eizens_putnins

202 Messages

 • 

3.1K Points

2 months ago

I believe the only thing you can tweek is MTU size (which may be or not be an issue), as lower bandwidth on WAN  may be result of packet fragmentation if route MTU is low. If you use mobile connection, MTU is often an issue, if it is fixed connection - usually not. Otherwise you have to remember that ZD1100 is very old device with low CPU power, so it has not much resources for VPN encryption/decryption, so dedicated OpenVPN boxes will be always faster.

2

0

anthony_rielly

32 Messages

 • 

694 Points

Thanks. I've reduced the MTU, and I'll check the impact tomorrow. Hopefully that's the fix.

I do know the ZD1100 is an old device, and I would've upgraded right away if I thought it would help...

...but my tunnel is unencrypted, and I remember reading a Ruckus document which said a ZD1100 should be able to handle ~300 Mbps of unencrypted tunnel traffic. And like I said, when testing locally I get nearly 40 Mbps down the tunnel between an R600 and ZD1100.

Like

2 months ago

0

syamantak_omer

Official Rep

 • 

722 Messages

 • 

11.3K Points

Hi Anthony,

I think this is the article you are referring to.

https://support.ruckuswireless.com/articles/000003269

Upgrading to ZD1200 will improve things for sure, but it is worth troubleshooting the current setup, before you decide to upgrade the hardware.

Regards,

Syamantak Omer

Like

2 months ago

0

syamantak_omer

Official Rep

 • 

722 Messages

 • 

11.3K Points

2 months ago

Hi Anthony,

What Eizens suggested is right. However, I suggest testing the tunnel MTU capacity by connecting a wired client on one of the remote R600 APs and from that client, try to ping the controller's IP address with different loads. Start with 1500 and reduce the size by 20 or 30. Once you get he stable ping with optimum latency, minus it by 10 or 20 and set the MTU on ZD side accordingly.

Regards,

Syamantak Omer

1

eizens_putnins

202 Messages

 • 

3.1K Points

Hi,

Also it is  a question what kind of traffic you have -- stated number of 300 Mbps is probably the absolute max, which can be achieved in ideal conditions with optimal (max) packet size. By the way are you sure you use unencrypted tunnel?If you actually use encrypted tunnel, getting 30% of max stated performance is quit normal.

  If you have traffic with short packets, you have a lot of overheads and may be much lower number than with long packets, and efficiency drops again for the same reason, when packets are fragmented. Also -- as much as I understand, you currently have OpenVPN boxes, running encrypted tunnel. This tunnel probably uses different ports -- so make sense to check if there is some firewall or router in between, which  have some rules limiting LWAPP tunnel, but not OpenVPN, or even using different route?

Like

2 months ago

0

anthony_rielly

32 Messages

 • 

694 Points

2 months ago

Thanks for you helpful comments everyone!

Over the weekend, I did a sweep of MTUs from 1500 to 900, testing local performance through the tunnel. Performance increased from ~40 Mpbs at 1500 MTU to ~210 Mbps at 1050 MTU, then started decreasing again.

So I left tunnel MTU at 1050, and went back to the remote site today. Without any further tweaking, I'm now getting 80 Mbps up and down the tunnel.

This is far in excess of what I was expecting/needing, so I'm happy to call it a day.

2

eizens_putnins

202 Messages

 • 

3.1K Points

Good. So it was mtu, as it often is... Enjoy!

Like

2 months ago

0

syamantak_omer

Official Rep

 • 

722 Messages

 • 

11.3K Points

@anthony_rielly glad to hear that performance improved after setting the correct MTU value.

Regards,

Syamantak Omer

Like

2 months ago

Was this helpful?