Novell is now a part of Micro Focus

Sizing the Server for BorderManager VPN

Novell Cool Solutions: Feature
By Umasankar Mukkara

Digg This - Slashdot This

Posted: 6 Jan 2003

We got an interesting server sizing question from Andreas in Germany, and thought you'd like to see the expert answers as provided by developer Umasankar Mukkara. If you have additional thoughts and advice on this problem, please let us know.

Andreas: We have a BM 3.7 site-to-site VPN with mesh topology and 18 locations to a single bm-master. Our Network is NW51 with sp5. We use T-DSL 1.5Gb downstream and 168Mb upstream with fixed IPs and a Cisco router. The BM-master is an HP e800 with 900MHz and 768Mb RAM.

Everything works fine, but the performance is too slow. We have no dropped packets and an average ping performance of 160ms.

Here our questions:

1. Is the server too small?

UMA: Possibly. With 18 slaves connected to Master, a faster machine with more memory should benefit your performance.

2. We use UNIX over VPN with mtu=1500 Is that a problem?

UMA: MTU is not a problem because, after successful VPN connection, IP MTU is reduced to 1400 inside the TCP/IP stack of NetWare.

3. If we have a smaller mtu size the terminal emu won`t work. Any suggestions? Should we change to star topology to improve the performance?

UMA: The keep-alive packet traffic may not be too much between the servers in this case. Hence changing to Star Topology may not add big benefits in performance. Also, changing to a RING topology may require additional work (including some manual intervention).

4. Any other suggestions?

UMA: Here are a couple of thoughts.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates