Community discussions

 
odge
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Mon Nov 29, 2010 2:53 pm

pptp ccr, packet loss?

Thu May 05, 2016 3:50 pm

Hi

I've had a PPTP VPN running between two datacenters for a long ruime using RB1100AHx2 (Last version to run was 6.22)

We recently upgraded one site to CCR1009 running 6.35.1

Its a identical setup of bridges, pptp's etc. But we are seeing problems with file copies that dont work and SQL replication that doesn't work. If I swap over to its backup router (another RB1100AHx2), everythign goes back to normal.

If I inspect the traffic of a pcap, it looks like a mess compared to the RB1100.
1MByte packet capture while running on the CCR has 20x TCP RSTs, 55 ooo segments, 400 duplicate ACKs
running via RB1100AHx2 I get no RST, no ooo segments, and 12 duplicate ACKs. Its like night and day.

If I change the pptp to an SSTP, everything works, but with a lot more CPU overhead and increased latency, but the applications actually work.

I then upgraded the backup RB1100AHx2 from 6.22 to 6.35.1.

When it uses PPTP, then no problems, but CCR = bad packet loss issue.

I'm also logging a support request, but thought other may have input.
Last edited by odge on Thu May 05, 2016 5:16 pm, edited 1 time in total.
 
odge
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Mon Nov 29, 2010 2:53 pm

Re: pptp ccr, packet loss?

Thu May 05, 2016 4:00 pm

Support ticket #2016050566000829
 
pe1chl
Forum Guru
Forum Guru
Posts: 5928
Joined: Mon Jun 08, 2015 12:09 pm

Re: pptp ccr, packet loss?

Fri May 06, 2016 11:37 am

Probably the packets are delivered out of sequence.
When this causes problems at your endpoints, in fact you should file a support request at the makers of
those endpoints, because an IP network does not guarantee delivery of packets in sequence and any
handling of that is supposed to be the task of the endpoints.
 
odge
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Mon Nov 29, 2010 2:53 pm

Re: pptp ccr, packet loss?

Fri May 06, 2016 3:04 pm

Probably the packets are delivered out of sequence.
When this causes problems at your endpoints, in fact you should file a support request at the makers of
those endpoints, because an IP network does not guarantee delivery of packets in sequence and any
handling of that is supposed to be the task of the endpoints.
Hi

Thanks for the suggestion, however, if you check my post again, you'll see that packet loss has nothing to do with it or OOO packets, a different device with the same settings does not exhibit the issue: An RB1100AHx2 (6.22 and 6.35.1) does the job just fine with PPTP, and the CCR does the job fine as long as it doesn't use PPTP (SSTP and L2TP etc work perfectly).
 
pe1chl
Forum Guru
Forum Guru
Posts: 5928
Joined: Mon Jun 08, 2015 12:09 pm

Re: pptp ccr, packet loss?

Fri May 06, 2016 4:00 pm

I think the CCR as a multicore device could deliver packets out of sequence and this could cause issues
with bad code in endpoints.
I have not mentioned packet loss and I see no figures or analysed of packet loss in your post, only
"CCR = bad packet loss issue" for which I see no proof.
When using a "VPN over TCP technology" (bad!) of course there is no issue.
Why PPTP and L2TP would behave differently is not clear to me.
 
odge
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Mon Nov 29, 2010 2:53 pm

Re: pptp ccr, packet loss?

Fri May 06, 2016 5:17 pm

I think the CCR as a multicore device could deliver packets out of sequence and this could cause issues
with bad code in endpoints.
I have not mentioned packet loss and I see no figures or analysed of packet loss in your post, only
"CCR = bad packet loss issue" for which I see no proof.
When using a "VPN over TCP technology" (bad!) of course there is no issue.
Why PPTP and L2TP would behave differently is not clear to me.

Worth mentioning. Both a RB1100AHx2 and CCR are multicore.

I have also supplied the statistics TCP/SYN statistics of INSIDE the pptp tunnel of a 1Mbyte block of the RB1100AHx2 vs the CCR for the same application, and for different tunnel types plus for same tunnel types and different devices. The only tunnel that experiences the issue is PPTP on CCR. LT2P/SSTP on CCR = fine. PPTP/L2TP/SSTP on RB1100AHx2 = fine

Its definitely related to the CCR PPTP tunnel, and nothing else, Mikrotik support suggested trying 6.35rc, but the RC's are worth more trouble than value in my experience. Nonetheless, I'll give that a go for testing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5928
Joined: Mon Jun 08, 2015 12:09 pm

Re: pptp ccr, packet loss?

Sat May 07, 2016 10:32 am

Ok... thus it seems that a L2TP tunnel (which is PPP over UDP) is sequenced somewhere, maybe in the PPP driver,
but a PPTP tunnel (which is plain GRE plus a PPP over TCP link only used for authentication and parameter exchange)
just sends the packets at whatever CPU that is available, and may emit them in different sequence.

It could be that you can influence this behaviour by using traffic shaping (queues) or even by turning off fast path.

But the fact remains that when packet reordering is the only thing that the router does, and the result is that the endpoints
are resetting connections and doing lots of retransmissions, the real defect is in the endpoints.
Packet reordering may limit TCP throughput, but in a well-designed TCP it will not make it break apart.

Who is online

Users browsing this forum: Google [Bot], Majestic-12 [Bot] and 32 guests