Wan: servers are eating up bandwidth

[David Bock]

Hi, I have a star topology 4 segment WAN. I have 3 servers in the central
hub (A), and a DSL VPNs going from (A) to (B),(C), and (D). I have an SQL
server, DC, and Exchange server at (A).
(B) and (C) have trusted domains,
(D) is a member server

a week ago we switched over from ISDNs at (C) and (D),
(B) was a DSL link

I had a problem in the past where the communication between the servers was
taking up all of the available bandwidth on some of the ISDN lines.
The work around was to make the tunnel smaller. It worked, not sure why. I
called my "VPN Expert to try this with the new tunnels, but he is out of
town until Monday, and the romote locations are bidding for the rights to
choose what part of my anatomy that they get to keep.

SQL queries are timing out, and the tunnel is open but appearing closed. I
am thinking that this is the same problem from a while back, is there a way
to limit the amount of traffic that the servers use between themselves?????

Thanks in advance for your help.

 

[Phillip Windell]

taking up all of the available bandwidth on some of the ISDN lines.
The work around was to make the tunnel smaller. It worked, not sure why. I

Don't know how you make a tunnel "smaller". Unless your VPN Device has
bandwidth limiting capability.

SQL queries are timing out,

Always or sporatic?

and the tunnel is open but appearing closed.

Always or sporatic?

am thinking that this is the same problem from a while back, is there a way
to limit the amount of traffic that the servers use between

themselves?????

There isn't enough here to even determine that it is a bandwidth issue at
all. It may be a routing issue intead, or a name resolution issue, and bad
cable issue, or "who knows what".

DSL is always a "low performer" anyway. DSL often uses two speeds where the
upload speed is 1/4 to 1/2 the speed of the download speed. VPN will always
use the slower "upload speed" in both directions.

 

[David Bock]

Thanks for your help....

-> I can limit the bandwidth through the tunnels which is what we did a
couple of years ago. I would rather let my "Firewall expert" do that; I
would hate to collapse the VPN Tunnels.

-> we have the SQL set not to time out at all, and it is still dropping the
connections. I think (but not verified) that the Win2000 machines are
working fine (but slow) set this way, but the win9X machines are dropping
the connections after 5 minutes or so. Some machines are working fine and
others aren't.

-> The tunnels are open (according to the monitor, but there doesn't seem to
be any available bandwidth MOST OF THE TIME.

-> I have double checked all of the routing tables, the firewall is the
default gateway and is sending the apropriate packets to the correct tunnels
-> Name resolution might be an issue, I am running WINS. My server at (A)
has no problem seeing/replicating with the (B),(C),(D) nodes. They, however
can't see back to replicate.
-> I have the DNS set correctly (as best I can determine) with forward and
backward lookup.
-> cables all seem good, the machines talk fine to one another, and can see
the other networks, just slow response time
(this is why I think that it might be a full tunnel issue)
-> It sounds to me like a "Who Knows What" issue where everyone is blaming
someone else.

-> I would hate to get another outside vendor involved, do you think that
this problem is worthy of an incident? I don't mind paying, but I am not
sure if they can help me or what department to ask for....I feel like I am
WAN IMPAIRED!!!!!

Thanks again for your help.....
David Bock

 

[Phillip Windell]

-> It sounds to me like a "Who Knows What" issue where everyone is blaming
someone else.

Could be...

-> I would hate to get another outside vendor involved, do you think that
this problem is worthy of an incident? I don't mind paying, but I am not
sure if they can help me or what department to ask for....I feel like I am
WAN IMPAIRED!!!!!

Well if it was me, I would never hesitate to call the Vendor/Manufacturers
of the Device(s) you are using for this VPN. I don't mean some consultant,
....I mean the people that produced the VPN Devices. Chances are they deal
with the same issue you have about 2 or 3 times a week. The goal is to get
it working no matter who's "brain" it comes from. The fact that your "VPN
Expert" isn't available is enough of a valid reason.

A good portion of an Administrator's job is to know the right people to
contact to get a problem solved. There is no way any Admin can know how to
personally solve every possible issue from every possible product from every
company that might be used in their system. That's why on the eighth day
God invented Tech Support phone numbers.

 

[David Bock]

Thanks again Phillip.

Before I typed my question I was called by all three remote stores and told
that the problem was still here. I have spent most of the afternoon doing
system diagnostics, and am fairly sure that my original problem thought is
off. The tunnels are up with plenty of Bandwidth. my Wins Problem went away,
and all of the nodes can see and talk to each other. File transfers work
well. The tunnels are up and not collapsing. That being said My SQL queries
are "Getting Lost" and there seems to be no rhyme or reason behind it.
Database person keeps telling me it is a VPN issue, but I am not convinced.
Actually, I did try calling the mfg of the firewall tech support and got an
issue solved with the box configuration. I called back to talk to them and
check the tunnels; the person I got this time started with me asking me
details of how the tunnels were set up. Rather than take the approach of the
first tech I talked to (logging into the firewall and helping me find the
problem) he chose to explain to me that I knew not what I was talking about
and that he needed to speak with the person who set up the tunnels
originally to get any further. He gave me a couple of things to try, I
called my guy and he did them. This was a week ago. The person who is my
"Expert" doesn't take much time off, and I have confidence that he set up
the tunnels (mostly) correctly. He worked with the mfg to set them up, and
as far as the general connectivity they are working better than the ISDN
lines.

I am sorry to have troubled you, but I think the issue is with SQL
connectivity, and I did get the network problem fixed with my fixes from the
phone calls from 2 weeks ago to the firewall mfg. It is frustrating when
users tell you that there is a problem that is different from what testing
shows. I have one manager (who screams the loudest) that only knows "there
is a problem" and "it's still broken".

Thank you again for your help... I will try on the SQL board;
David Bock