Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,389 questions
Slow transfer speed over vpn
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 75%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MLW104
1
Reputation point
I have the current VPN setup.
Azure west-us2/on-prem
Azure east-us/on-prem
Azure east-asia/on-prem
Azure west-us2/east-us2
I have a problem copying data over the above vpns (except East-Asia/On-Prem and west-us2/east-us2) when copying from Azure to on-prem, copying from on-prem to azure is not affected.
In both west-us2 and east-us I have a linux vm and a windows vm, linux is debian 10 and windows is server 2019. On-Prem I've various vms and laptops, the device/vm being used makes no difference.
Things I've tried
RDP to Azure VM, open share on on-prem device. Copy data from Azure-vm to on-prem - Result slow
Open Azure-vm share from on-prem device, copy data from Azure-vm to on-prem - Result slow
Winscp from on-prem device to Azure linux VM, copy file from Azure vm to on-prem - Result slow
Winscp from on-prem device to Azure linux VM (Public IP, so not over vpn) copy from Azure vm to on-prem - Result fast <---- This is the test that convinced me it is a VPN issue, not a distance to device issue.
All the vpns are the same SKU, the on-site device config is the same except for IP & Secrets unique to the vpn, looking at the json-view of each of the azure resources there is no differences either again other than the unique issues
Uisng wireshark when testing I get lots of "tcp dup ack" & "tcp previous segment not captured" errors which as I understand it means, there are packets being lost & resent(?)
I realise I've used slow, which doesn't really mean anything but as a comparison. Copying a 4mb file to the Azure vms, takes a couple of seconds, copying a 4mb file from the Azure vm over the public ip, takes a couple of seconds. Copying the same file over the vpn can take 40-50 seconds.
I've also ran the iperf test and the results to and from the vms are the same so not a bandwidth issue.
I've updated the on-prem device to the latest firmware, I've rest the vpn connection and the gateway.
I've compared the configuration to that of the downloadable configuration for my on-prem device (Juniper srx345) that is available in the azure portal. There was one difference which I corrected and then reset all the connections, made no difference.
This has been working for 18 months before and there were no changes in Azure prior to this stopping working correctly.
I'm at a loss and not sure what else I can test.
{count} votes
-
KapilAnanth-MSFT 35,501 Reputation points Microsoft Employee2022-09-26T16:28:21.013+00:00 Hi @MLW104 ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are experiencing low bandwidth across VPN Site-to-Site Tunnel.We cannot determine the Bandwidth or latency across a VPN connection as the Tunnel is built over Internet.
There is a variety of factors that could contribute to the throughput.iPerf results are multi-threaded hence we can see the tests utilizing the maximum available bandwidth.
Directly connecting via a Public IP to a VM and connecting via VPN are two different cases.
I see you have mentioned this used to work before.
It is also quite possible that there is a configurational change at your ISP level? That could have impacted the routing path or how VPN packets are handledAs next steps,
- You can try the test from a different VM in the VPN gateway Vnet
- And also from a different OnPrem device
- Run a tracert and see which hop caused the maximum latency
Kindly let us know if you have any questions on this.
Thanks,
Kapil -
MLW104 1 Reputation point
2022-09-27T14:15:05.15+00:00 Thank you for the reply.
I've tried different on-prem devices to different azure vms, both windows and linux vms in 2 different regions. I have the same issueI'm aware the public ip connection is a different case, but the point of that test was to compare latency. If the public IP test gave a latency of X then that would be a base line for expectation. I certainly wouldn't expect a vpn connection to the same place to be 5 times slower
In response to your tracert request
Tracing route to 10.XXX.XXX.4 over a maximum of 30 hops
1 <1 ms <1 ms 1 ms 192.168.XXX.7
2 <1 ms <1 ms <1 ms 172.16.XXX.1
3 145 ms 145 ms 144 ms 10.XXX.XXX.4I'm only experiencing this issue when data is being "moved" from Azure to On-prem, regardless of which device Azure or On-prem starts that process.
-
KapilAnanth-MSFT 35,501 Reputation points Microsoft Employee
2022-09-27T17:49:04.413+00:00 Hi @MLW104 ,
Thanks for the update.
Latency & Bandwidth issues would require a deeper investigation, so if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.
Cheers,
Kapil -
Joe Carlyle 661 Reputation points MVP2022-09-28T07:29:50.383+00:00 Have you checked your MTU settings for the tunnels to ensure they are in line with Azure requirements? I have seen this cause slowness issues in the past.
Sign in to comment