Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sniffer Capture - CITRIX and VPN

Status
Not open for further replies.
chewgum

chewgum

IS-IT--Management
Mar 19, 2004
2
US
All -

I have a strange application performance issue that I have been trying to resolve for several weeks. I recently migrated an office from an 128k ISDN dial connection to a higher bandwidth Internet VPN solution. It is a site-to-site VPN with GRE tunnels using Cisco routers. The end users at this location are very happy with the performance of all of their application on this new link with the exception of one Citrix based solution. The Citrix application worked much faster over the slower ISDN connection.

I did a sniffer capture and found out that during a single user session, (803) TCP ACK TOO LONGS were generated, and response time shot through the roof when using this application. I noticed that the packets generated were extremely small, somewhere along the lines of 50 bytes.

I already adjusted the MTU down from the default to 1300 and this did not help.

I did not see any packet fragmentation errors or retransmission, but I am trying to figure out why the packets are so small. This problem is specific to VPN and the end user and NOT the application because it works fine for everyone else not using site-to-site VPN.

Any thoughts ?
 
Sort by date Sort by votes
Citrix is like that. Any minute movement of the mouse across the screen generates a ka-zillion 50 byte packets. VERY inefficient! Adjusting the MTU will not effect the behavoir of the Citrix client.

ISDN might have been less bandwidth, but the transit time could have been quicker. The latency of ISDN is probably less than now with all the router hops it has to traverse across the VPN.

Make sense?

Patrick

Patrick Bartkus, CCNP, CNX, SCM Sr. Network Engineer
GA Dept of Labor IT Network Services
If truth were not absolute, how could there be justice?
 
Upvote 0 Downvote
Yes, it does, but the RTT isn't much different than what ISDN was giving me. I run an extended ping and respone time is fine, but when the users kicks in the Citrix application response goes through the roof.
 
Upvote 0 Downvote
First... I have not seen a Cisco router that does not need the small buffers readjusted for using Citrix. This will be seen by a high buffer discard or misses on the ethernet interface. In order to reset the buffer, Cisco strongly suggests that you work with TAC to get the right numbers.

The other interesting point to remember is that with other applications, you are encypting a few packets. With Citrix you are encypting/decrypting a HUGE number of packets in a short amount of time. This can really poound a router unless it has the VPN card like the 1711 or others of this type.

MikeS


Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shedlord2
  • Locked
  • Question
Best (simple) sniffer to use for detecting illegal filesharing on a network?
Replies
1
Views
158
fortunat
fortunat
LostboyTNT
  • Locked
  • Question
sniffer S4000 eg2s restore media?
Replies
1
Views
122
OssGuy
OssGuy
edwintek
  • Locked
  • Question
How to stop Sniffer Pro capture on packet count?
Replies
0
Views
70
edwintek
edwintek
TTops
  • Locked
  • Question
SQL and Exchange on
Replies
1
Views
128
TTops
TTops
pussmunky
  • Locked
  • Question
IV Sniffer
Replies
1
Views
84
AZeemeri
AZeemeri

Part and Inventory Search

Sponsor

Back
Top