Packet loss over L2TP IPSec VPN tunnel

dbames · ‎01-08-2007

Basic internet service seems fine over the adsl line (3744 kbps / 640 kbps sync reported by router), via pcl-ag04.
Example internet pathping:

Tracing route to newswww.bbc.net.uk [212.58.226.138]
over a maximum of 30 hops:
  0  UK005409.uk.my.company.com [192.168.1.34]
  1  192.168.1.1
  2  lo0-btebb.pcl-ag04.plus.net [195.166.128.136]
  3  gi1-7-607.pcl-gw01.plus.net [84.92.0.241]
  4  te2-1.pcl-gw02.plus.net [212.159.1.114]
  5  te2-2.thn-gw2.plus.net [212.159.0.190]
  6  rt0.thdo.bbc.co.uk [212.58.239.25]
  7  212.58.238.149
  8  te12-1.hsw1.cwwtf.bbc.co.uk [212.58.239.234]
  9  nol-vip01.cwwtf.bbc.co.uk [212.58.226.138]
Computing statistics for 225 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           UK005409.uk.my.company.com [192.168.1.34]
                                0/ 100 =  0%   |
  1    0ms     0/ 100 =  0%     0/ 100 =  0%  192.168.1.1
                                0/ 100 =  0%   |
  2   41ms     0/ 100 =  0%     0/ 100 =  0%  lo0-btebb.pcl-ag04.plus.net [195.166.128.136]
                                0/ 100 =  0%   |
  3   52ms     0/ 100 =  0%     0/ 100 =  0%  gi1-7-607.pcl-gw01.plus.net [84.92.0.241]
                                0/ 100 =  0%   |
  4   49ms     0/ 100 =  0%     0/ 100 =  0%  te2-1.pcl-gw02.plus.net [212.159.1.114]
                                0/ 100 =  0%   |
  5   48ms     0/ 100 =  0%     0/ 100 =  0%  te2-2.thn-gw2.plus.net [212.159.0.190]
                                0/ 100 =  0%   |
  6   48ms     0/ 100 =  0%     0/ 100 =  0%  rt0.thdo.bbc.co.uk [212.58.239.25]
                                0/ 100 =  0%   |
  7   44ms     0/ 100 =  0%     0/ 100 =  0%  212.58.238.149
                                0/ 100 =  0%   |
  8   45ms     0/ 100 =  0%     0/ 100 =  0%  te12-1.hsw1.cwwtf.bbc.co.uk [212.58.239.234]
                                0/ 100 =  0%   |
  9   42ms     0/ 100 =  0%     0/ 100 =  0%  nol-vip01.cwwtf.bbc.co.uk [212.58.226.138]
Trace complete.

So no problems there.
But over an L2TP vpn tunnel, it's a different story:

Tracing route to ukcwrm002.uk.my.company.com [X.Y.150.92]
over a maximum of 30 hops:
  0  UK005409.uk.my.company.com [X.Y.158.71]
  1  X.Y.158.1
  2  X.Y.212.5
  3     *     X.Y.152.1
  4  X.Y.208.1
  5  X.Y.2.254
  6  X.Y.2.253
  7  X.Y.152.21
  8  ukcwrm002.uk.my.company.com [X.Y.150.92]
Computing statistics for 200 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           UK005409.uk.my.company.com [X.Y.158.71]
                                5/ 100 =  5%   |
  1   43ms     7/ 100 =  7%     2/ 100 =  2%  X.Y.158.1
                                0/ 100 =  0%   |
  2   45ms     8/ 100 =  8%     3/ 100 =  3%  X.Y.212.5
                                0/ 100 =  0%   |
  3   43ms     5/ 100 =  5%     0/ 100 =  0%  X.Y.152.1
                                0/ 100 =  0%   |
  4   47ms     8/ 100 =  8%     3/ 100 =  3%  X.Y.208.1
                                0/ 100 =  0%   |
  5   51ms     5/ 100 =  5%     0/ 100 =  0%  X.Y.2.254
                                1/ 100 =  1%   |
  6   52ms     6/ 100 =  6%     0/ 100 =  0%  X.Y.2.253
                                0/ 100 =  0%   |
  7   53ms     7/ 100 =  7%     1/ 100 =  1%  X.Y.152.21
                                0/ 100 =  0%   |
  8   52ms     6/ 100 =  6%     0/ 100 =  0%  ukcwrm002.uk.my.company.com [X.Y.150.92]
Trace complete.

This is a corporate VPN service which I use daily and supports several thousand users. I have checked with colleagues using non-plusnet dsl lines and they're not seeing any packet loss.
I witnessed something similar a few weeks ago, where VPN packet loss was ~38%, yet only three plusnet dsl lines (all terminating in the same building) had a problem.
I don't see how it can be exchange issue as non-vpn traffic is okay. It's almost as if the Traffic Management system inside the Plusnet core network doing something strange.
Any ideas?
Thanks,
Darran

dbames · ‎01-08-2007

Then today, everything is fine again...

Tracing route to ukcwrm002.uk.my.company.com [X.Y.150.92]
over a maximum of 30 hops:
  0  UK005409.uk.my.company.com [X.Y.159.47]
  1  X.Y.158.1
  2  X.Y.212.5
  3  X.Y.152.1
  4  X.Y.208.1
  5  X.Y.2.254
  6  X.Y.2.253
  7  X.Y.152.22
  8  ukcwrm002.uk.my.company.com [X.Y.150.92]
Computing statistics for 200 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           UK005409.uk.my.company.com [X.Y.159.47]
                                0/ 100 =  0%   |
  1   48ms     0/ 100 =  0%     0/ 100 =  0%  X.Y.158.1
                                0/ 100 =  0%   |
  2   51ms     0/ 100 =  0%     0/ 100 =  0%  X.Y.212.5
                                0/ 100 =  0%   |
  3   47ms     0/ 100 =  0%     0/ 100 =  0%  X.Y.152.1
                                0/ 100 =  0%   |
  4   52ms     0/ 100 =  0%     0/ 100 =  0%  X.Y.208.1
                                0/ 100 =  0%   |
  5   59ms     0/ 100 =  0%     0/ 100 =  0%  X.Y.2.254
                                0/ 100 =  0%   |
  6   59ms     0/ 100 =  0%     0/ 100 =  0%  X.Y.2.253
                                0/ 100 =  0%   |
  7   56ms     0/ 100 =  0%     0/ 100 =  0%  X.Y.152.22
                                0/ 100 =  0%   |
  8   56ms     0/ 100 =  0%     0/ 100 =  0%  ukcwrm002.uk.my.company.com [X.Y.150.92]
Trace complete.

Packet loss over L2TP IPSec VPN tunnel

Packet loss over L2TP IPSec VPN tunnel

Re: Packet loss over L2TP IPSec VPN tunnel