Longtime lurker, had a sleepless night where I decided to test optimizations for our RRAS VPN and wanted to share optimizations that have added up and made a difference. Some of this is probably known to some, but most of these optimizations were scattered and I thought it would be good to get them all down in one spot. Hope this is helpful.
We use RRAS on Windows Server for an SSTP VPN, and this works decent enough, but I have always been on the lookout for optimizations to reduce latency and keep the chatty SMB protocol flowing with fewest retransmits and trying to prevent packet fragmenting.
I tested copying a 68MB .exe file from a server to my PC over the VPN, I also tested opening documents that represent average sized/complexity.
Depending on the speed of your internet connection, some of these settings may not work well
DO NOT APPLY THESE SETTINGS WITHOUT TESTING FIRST AND DOCUMENTING YOUR CHANGES SO YOU CAN ROLL BACK IF NECESSARY
Adjust Windows SMB protocol parameters via PowerShell (requires Admin privileges)
Set-SmbClientConfiguration -EnableBandwidthThrottling 0 -EnableLargeMtu 1
Slow SMB files transfer speed | Microsoft Docs
Adjust Windows UDP packet size
HKLM\System\CurrentControlSet\Services\Afd\Parameters
Add the value FastSendDatagramThreshold of type DWORD equal to desired packet size (1500) for example).
I set server side to 1500, and client side I setup Group Policy to set this to 1468 to match VPN MTU
https://kb.vmware.com/s/article/2040065
\The actual MTU setting you should use depends on your internet connection and you should test to find the highest value for client that works consistently without lots of ups and downs in download speed.*
Adjust Windows RRAS/VPN MTU
I was having an issue with file copy performance over the VPN where it would have lots of peaks and valleys in terms of max and min speeds, and I eventually stumbled on this and tested multiple settings and found what worked best for us and allowed consistent fast speed.
I will provide my settings as an example, but keep in mind that every network is unique and you should test multiple settings to find what works best for your network.
I ended up setting the MTU setting on our RRAS server to 1500, and then created a Group Policy for client PC's to set MTU at 1468. Initially set MTU at 1500 for cable internet users and 1492 for DSL users, but found that I still was having file copy slow downs where it would go up and down. After setting to server 1500 and client 1468 I got consistently high throughput. I also tried matching the MTU on the server and setting to 1468, but this reduced performance.
I only mentioned the MTU setting because that is variable, this depends on a couple other registry entries to specify the PPP protocol, make sure you read the instructions closely.
\The actual MTU setting you should use depends on your internet connection and you should test to find the highest value for client that works consistently without lots of ups and downs in download speed.*
\These MTU settings require a reboot on each device whenever a change is made.*
No comments:
Post a Comment