How do I troubleshoot low bandwidth issues on my VPN connection?

4 minute read
0

I'm experiencing low bandwidth on my VPN connection. What tests can I run to verify that the issue is not occurring inside my Amazon Virtual Private Cloud (Amazon VPC)?

Resolution

Launch two EC2 instances running Linux for testing

Before beginning performance tests, launch Amazon Elastic Compute Cloud (Amazon EC2) Linux instances in at least two different Availability Zones in the same VPC. You'll use these instances for network performance testing. Verify that the instances support enhanced networking on Linux.

Note: When performing network testing between instances that aren't co-located in the same placement group or that don't support jumbo frames, check and set the MTU on your Linux instance.

Then, make sure that you can connect to the instances through SSH. Finally, configure the security groups used by your instances to allow communication over the port used by iperf3. The default port for testing TCP performance is 5201.

Note: You can use -p to configure iperf3 to use your desired port.

Install the iperf3 network benchmark tool on both instances

Connect to your Linux instances using a terminal session, and then install iperf3:

To install iperf3 on RHEL-based Linux hosts:

$ sudo yum install iperf3

To install iperf3 on Debian/Ubuntu hosts:

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install git gcc make
$ git clone https://github.com/esnet/iperf3
$ cd iperf3
$ ./configure
$ sudo make
$ sudo make install
# optionally run "make clean" to free up disk space
# by removing artifacts in the build tree.
$ sudo make clean
$ sudo ldconfig

Next, run the following command to configure one instance as a server to listen on the default port:

$ sudo iperf3 -s -V

Run network tests using iperf3

Configure your on-premises host as a client, and then run one or more of the following tests against your instance:

The output of the following commands displays the results of 20 parallel streams with increasing window size per TCP connection:

sudo iperf3 -c <Private/public IP of instance> -P 20 -w 128K -V
sudo iperf3 -c <Private/public IP of instance> -P 20 -w 512K -V
sudo iperf3 -c <Private/public IP of instance> -P 20 -w 1024K -V

The output of the following commands displays the results of increasing bandwidth capacity and a time frame of 30 seconds per UDP connection:

iperf3 -c <Private/public IP of EC2 instance> -u -b 200M -t 30
iperf3 -c <Private/public IP of EC2 instance> -u -b 500M -t 30
iperf3 -c <Private/public IP of EC2 instance> -u -b 1G -t 30

Run the iperf3 tests between the private IP addresses of your EC2 instances and on-premises hosts bi-directionally to benchmark the network throughput on your VPN connection. Then, run these tests between the two public IP addresses of your instances to benchmark throughput over the internet.

**Note:**The -w option denotes the window size.
This size must be lower than kernel parameter net.core.rmem_max and net.core.wmem_max on both sides.
Depending on the system build, rmem_max or wmem_max may be lower than 512KB by default.
If lower than 512KB by default, increase rmem_max and wmem_max on both sides before iperf test.

Example:
Verify current rmrm_max and wmem_max value:

$ sudo sysctl net.core.rmem_max 
net.core.rmem_max = 212992
$ sudo sysctl net.core.wmem_max 
net.core.wmem_max = 212992

Increase window size to 2048KB:

$ sudo sysctl -w net.core.rmem_max=2097152
$ sudo sysctl -w net.core.wmem_max=2097152

Related information

How do I benchmark network throughput between Amazon EC2 Linux instances in the same VPC?

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago