locked
UAG2010 direct access throughput troubleshooting RRS feed

  • Question

  • So I thought I'd try to measure the throughput on our connection by copying files and I max out at about 1,2 MB/s (ie ~10 Mbit/s).

    Facts:

    Virtualized UAG-server
    Server is connected to a 100 Mbit connection on external interface
    Client connected to a 30 MBit connection using ip-https
    The server has about 10 active users and never max out memory or cpu, but goes to about 30% cpu when I copy a large file
    The external nic on the server shows ~1,3% usage on a 1GBit conection

    Based on the above it looks to work just fine, slight overhead from iphttps.

    How do I find out what is throttling the speed? Seems to be something on the server side? I have tried connecting over two different connections, same end result in download speed. It's not the backend fileserver, internally we get GB-speed copying the same file to the same client computer over the LAN.

    Friday, November 23, 2012 8:08 AM

All replies

  • Couple of questions:

    What results do you get with a Teredo client connection?

    Is the file server running IPv4 and you are using NAT64/DNS64?


    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk



    Friday, November 23, 2012 9:27 AM
  • We have disabled Teredo through GPO. Activating the adapter through netsh doesn't seem to override the GPO settings, the state is still disabled (tried setting both default and enterpriseclient). Is there another way to activate it or do I have to enable it through an overriding GPO on the test client?

    We have activated ISATAP on the server network so the file server is configured with an ISATAP adapter and 6to4 address. I reckon that means no NAT64/DNS64, not sure how to verify though.

    Friday, November 23, 2012 10:24 AM
  • We have disabled Teredo through GPO. Activating the adapter through netsh doesn't seem to override the GPO settings, the state is still disabled (tried setting both default and enterpriseclient). Is there another way to activate it or do I have to enable it through an overriding GPO on the test client?

    We have activated ISATAP on the server network so the file server is configured with an ISATAP adapter and 6to4 address. I reckon that means no NAT64/DNS64, not sure how to verify though.

    I think GPO settings take precedence, so you will need an overriding GPO. Out of curiosity, why are you disabling Teredo as this is a slightly unusual approach...

    When you resolve the name of the server from a DA client, do you get an IPv6 which containts '5efe:[IPv4 Address]'?  


    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Friday, November 23, 2012 10:41 AM
  • It was a consultant who set it up so I'm not quite sure why they disabled Teredo.

    Yeah, the file server resolves to an ISATAP-address 5efe:[IPv4 address].

    Is there generally a performance difference between using ISATAP, native IPv6 or NAT64/DNS64 addressing on the intranet? I mean noticable difference unless you have a lot of users and traffic.

    Edit:

    I tried the client over a 100 MBit connection getting ~4 MB in download speed. If I connect by wifi to the same router (~35 Mbit) I get ~1,8 MB download speed. Over 4G ~25-30 MBit I get 1,3 MB. Unscientifically it looks as if the throughput speed scales linearily by my clients connection speed. Just that there seems to be an incredibly high overhead, about 1 to 3, for every 3 Mbit in connection speed you get 1 Mbit throughtput.

    • Edited by Molotch Friday, November 23, 2012 2:52 PM
    Friday, November 23, 2012 2:40 PM
  • It was a consultant who set it up so I'm not quite sure why they disabled Teredo.

    Yeah, the file server resolves to an ISATAP-address 5efe:[IPv4 address].

    Is there generally a performance difference between using ISATAP, native IPv6 or NAT64/DNS64 addressing on the intranet? I mean noticable difference unless you have a lot of users and traffic.

    Edit:

    I tried the client over a 100 MBit connection getting ~4 MB in download speed. If I connect by wifi to the same router (~35 Mbit) I get ~1,8 MB download speed. Over 4G ~25-30 MBit I get 1,3 MB. Unscientifically it looks as if the throughput speed scales linearily by my clients connection speed. Just that there seems to be an incredibly high overhead, about 1 to 3, for every 3 Mbit in connection speed you get 1 Mbit throughtput.

    Disabling Teredo is a bit odd and not something I would recommend (in a UAG DA deployment) as this is generally much better performing than IP-HTTPS.

    My other questions were just trying to build up a picture of your setup...


    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Friday, November 23, 2012 3:12 PM
  • I enabled Teredo which worked fine. No speed difference though. Getting somwhere about 1/3 to 1/2 of the clients connection speed in throughput.

    Saturday, November 24, 2012 2:08 PM
  • Is there any way to increase the Direct Access actual speed?

    We have a 6Mb connection, confirming real speeds of 2-3MB via direct access 

    Thanks,

    Tuesday, November 19, 2013 5:03 PM
  • The only way to increase acutal speed as far as I know is to upgrade to Server 2012 and Windows 8.

    I'm running a test lab at home with Server 2012 R2 and Windows 8.1 clients. It's much faster, no noticeable overhead over iphttps (guess Windows 7 clients still suffer from double encryption though, haven't tried yet).

    So now you're in a conundrum. To gain the benefit of Server 2102 R2 you have to move over to Windows 8.

    Tuesday, November 26, 2013 1:03 PM
  • I see the same cap on all our client connections.

    We are using Server 2012R2 and Windows 8.1 clients. IP-HTTPS due to limitations in the infrastructure preventing Teredo

    I test by doing a 100 MByte file (Robo)copy from an internal (IPV4 addressable) NAS filer to the Windows 8.1 box.

    If I do the exact same from a Windows 7 box connected over VPN (Juniper) I reach significant higher speeds. Also, I see the VPN connection speeds vary, (from high to higher compared to DA), whereas de DA connection stays around 1,2 MB/s.

    We don't know where to look for a potential throttling component, so any pointers appreciated.

    Sunday, November 9, 2014 10:11 AM