Meraki

Community

Odd and annoying file transfer issue

JoshPGC
Just browsing
‎Sep 22 2017 7:02 AM
‎Sep 22 2017 7:02 AM

Odd and annoying file transfer issue

We recently went to a full Meraki setup (at my insistence) here at my current employer. Four offices across the state of Florida. Two larger offices and two smaller. The two larger offices use MX84 firewalls, and the two smaller have MX64's.

 

Main office: MX84 Firewall, two WAN links. Link 1 is a 50/50 fiber, Link 2 is a 30/10 Cable Modem. Firewall is set for fail over, not load balancing, though internet/web traffic is set to use Link 2.

 

Other large office: MX84 firewall, two WAN links. Link 2 is a 30/30 fiber, Link 2 is a 20/5 cable modem. Firewall is set for fail over, not load balancing.

 

First smaller office: MX64 firewall, One Wan link, 40/40 fiber, super cheap because of location.

 

Second smaller office: MX64, One Wan link, 25/25 fiber.

 

There's a fair amount of file transfers between the offices daily, we are a financial services/bookkeeping/tax/audit firm. Ever since we put all this in place, we've had a very strange problem.

 

File transfers between the main office and the two smaller offices, as in standard Windows file transfers, are running around 5-6 MB/sec. However, file transfers between the main office and the other large office, the one that is also running a MX84 are capping out at 2 MB/sec. It's like a flat line if you graph it. It hits that limit and stays there.

 

File transfers between the second larger office and the two smaller offices are all over the place.. upwards to 4, then fall flat to 300k, then back up.. etc.

 

Iperf testing between the main office and the other office running the MX84 give me 17/18 MB/sec transfers. But any Windows file transfers are dog slow in comparison. 

This behavior happens regardless of the windows machines.. client to client, client to server, server to server, physical machine to virtual, virtual to virtual, doesn't matter. Any and all smb/cifs file transfers are somehow, somewhere being capped out at 2 MB/sec.

 

This did NOT happen with the old firebox firewalls we had in place before...Any help? Going crazy trying to figure this out, and catching a fair amount of flak over it.

0 Kudos
24 Replies 24
Jack
Getting noticed
‎Sep 22 2017 10:35 AM
‎Sep 22 2017 10:35 AM

It sounds like you have a site to site Traffic shaping rules in place. If not I would just try to disable Advanced Malware Protection (AMP) & Intrusion detection and prevention for both sites ( not recommended since you guys are handling financial services/bookkeeping/tax/audit) But worth a try maybe after hours etc. if Meraki support has no better idea. 

 

0 Kudos
In response to Jack
JoshPGC
Just browsing
‎Sep 22 2017 11:08 AM
‎Sep 22 2017 11:08 AM

Forgot to mention that we have tried traffic shaping rules.. and turned them off. I believe we tried turning off those rules, but I find it odd that they are on for all four locations but this issue only raises in that one office, just my luck it has to be the two offices that have the most file traffic between them.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 22 2017 12:16 PM
‎Sep 22 2017 12:16 PM

I have seen issues like this before (not just with Meraki). If iPerf is getting 17/18 MB/sec and windows file transfers are dead slow it is almost certainly a windows TCP stack setting that needs changing.

If you tell me what Windows OS you are using for the two boxes you are copying the file between I'll recommend some settings for you to try changing. I bet we can get this going considerably faster,
0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 22 2017 1:08 PM
‎Sep 22 2017 1:08 PM

The two boxes we get the most complaints about are a pair of server 2012 r2 file servers. 

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 1:11 PM
‎Sep 23 2017 1:11 PM

Please try this command on the server (and ideally) on the workstation involved.  It doesn't need a reboot.  It affects all new TCP connections (but not those already negoiated):

netsh int tcp set global timestamps=enabled

 

You can undo the setting by setting it back to disabled.

 

By default windows bases its round trip time on the average of the send and receive time.  This works ok if the send time is the same as the receive time for a packet.  It does not work very well on asymmetrical circuits.  If you look in Wireshark you'll see a lot of duplicate packets and retransmits (if you are affected by the issue).

 

Enabling timestamps causes Windows to calculate the sending and receiving time separately, rather than just averaging them.  This stops the retransmission issue.

0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 2:20 PM
‎Sep 23 2017 2:20 PM

Tried it, didn't help sadly. I should mention that the server in question is a Hyper V virtual Machine, running on a Server 2012 R2 host.

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 3:56 PM
‎Sep 23 2017 3:56 PM

Buggar, Ok. I have seen a lot of issues with Hyper-V and NIC drivers. Can you confirm that the issue does not happen on the local LAN - that you can copy a file over the local LAN and get near 100 MB/s (that is Megabytes/second - assuming everything is Gigabit connected)?
0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 3:57 PM
‎Sep 23 2017 3:57 PM

When you ping over the VPN to the server what is the typical round trip time?
0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 4:12 PM
‎Sep 23 2017 4:12 PM

Does by chance your server have Broadcom NICs in it?
0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 6:29 PM
‎Sep 23 2017 6:29 PM

ok.. 

 

1) Yes, well above it. Everything is Gigabit, getting 210 MB/sec when transferring a large file locally.

2) across the vpn average is 27ms

3) And yes, running the latest firmware and drivers, and verified the VMM queues are off

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 6:36 PM
‎Sep 23 2017 6:36 PM

It is not possible to get 210 MB/s on Gigabit Ethernet.  The maximum you can get is around 100MB/s.  Perhaps you meant 210 Mb/s - but that would not be a great result.

 

Lets test the MTU theory.  Using PPPoE often causes an MTU squeeze.  You can do this on either the server or a workstation to test.  If it  solves the performance issue on a workstation then you'll need to repeat it on a server so everyone benefits.

 

Use this command to display all your interfaces:

netsh interface ipv4 show interfaces

Note the interface number that is configured with the IP address used for communication.  Lets pretend it is interface 10.

 

Then issue this command:

netsh interface ipv4 set subinterface "10" mtu=1400 store=persistent

 

 

To undo this repeat the command with an MTU of 1500.  This change will affect all new TCP connections.

0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 6:48 PM
‎Sep 23 2017 6:48 PM

No change.. still hitting that 2 MB/sec and staying there. Well it did go to 2.23 MB/sec for a few seconds.. but dropped right back down.

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 6:53 PM
‎Sep 23 2017 6:53 PM

The "other" large office has a 30/30 circuit and a 20/5 circuit.

The 30 Mb/s circuit should give you around 3MB/s and the 20Mb/s circuit should give you around 2MB/s - if they have all of the bandwidth available.

This smells like it is using your 20Mb/s circuit.
0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 6:56 PM
‎Sep 23 2017 6:56 PM

Checked that, even had a guy unplug that Cable modem in Wan 2, same behavior.

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 6:58 PM
‎Sep 23 2017 6:58 PM

Ok, that is a tough one then. You are basically getting 2/3 of the bandwidth you should be (assuming nothing else is using the bandwidth).
0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 6:59 PM
‎Sep 23 2017 6:59 PM

Yeah.. I've been beating my head against this for a few weeks now. 

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 7:01 PM
‎Sep 23 2017 7:01 PM

So iPerf was reporting 17 Mb/s - a similar result.

 

Have you done a speed test to make sure your Internet circuit is the speed it is meant to be?

0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 7:06 PM
‎Sep 23 2017 7:06 PM

Yep. Multiple times. 

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 7:11 PM
‎Sep 23 2017 7:11 PM

The only other thing I can think to try is to grab a WireShark of a file transfer session and see if it brings up anything interesting.
0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 7:13 PM
‎Sep 23 2017 7:13 PM

Yeah will probably try that Monday. We are also going to call the ISP.. not that I think there is anything on their end, but just worth checking. 

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 6:56 PM
‎Sep 23 2017 6:56 PM

Perhaps you should go to Appliance Status/Uplink, and confirm the traffic is going out the uplink that you are expecting.

0 Kudos
In response to JoshPGC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2017 6:57 PM
‎Sep 23 2017 6:57 PM

Another option would be to force the VPN out the other uplink at the other large site and confirm that the speed goes down. Perhaps the uplinks are transposed to how you think they are.
0 Kudos
In response to PhilipDAth
JoshPGC
Just browsing
‎Sep 23 2017 6:58 PM
‎Sep 23 2017 6:58 PM

It does go down. By a lot.

0 Kudos
BHC_RESORTS
Head in the Cloud
‎Sep 22 2017 2:36 PM
‎Sep 22 2017 2:36 PM

@JoshPGC wrote:

 

 

Iperf testing between the main office and the other office running the MX84 give me 17/18 MB/sec transfers. But any Windows file transfers are dog slow in comparison. 

 

Site to site VPN, correct? Windows file sharing over VPN throughput is AWFUL. I have 150mbps fiber and I can pull a speedtest at full speed, both directions, using a VPN connection. But transferring a file through Windows explorer...garbage throughput. In a nutshell, the problem is the MTU. SMB is designed for LAN links, not WAN links - their MTUs are set wildly different. Do some googling on SMB over VPN and you'll find a lot of information on it. That's where I would start, with the MTU.

BHC Resorts IT Department
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.