Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
JesseStillwell

To MLPS or not? Office connection across seas.

Recommended Posts

Posted · Original PosterOP

Hello everyone,

 

Firstly I'd like to thank you for reading and providing any advice on this topic.

 

I have an office in Chiang Mai, Thailand and our main HQ is in Sydney, Australia. We occasionally need to RDP into the server in Sydney and sometimes even transfer files across. Currently we are using Cisco Easyconnect VPN and windows RDP, and it works okay for remotely controlling the server. However, if we transfer files across this it's painfully slow. We also need to work on a very simple estimating software through this connection in order to keep all the estimates transparent throughout our offices. This is also painfully slow to work in.

 

We are currently running a 200mbps down and 100mbps up through our ISP here in Chiang Mai, Thailand. I could upgrade to a 1000Mbps/500Mbps line, but I doubt it will do much for the remote connection speeds through the Easyconnect platform.

 

One of the IT guys in Sydney recommended we get a MLPS service going to fix these issues. I am curious to how well this will actually work speed wise to connect with the server in Sydney and also set up a DFS system for our local server to mirror some of the directories on their server?

 

The main issue is the cost. I have been quoted 100Mbps domestic and 50Mbps international at around 2,500.00 USD per month through one ISP and a 50Mbps domestic 50Mbps international MLPS service at 1,250.00 USD per month through another ISP. This seems outrageously expensive.

 

I was wondering if you guys had any other ideas that I could utilize? I'm not looking for crazy speeds but 20Mbps or so speeds to our Sydney connection would be a good starting point.

 

If I left anything out that is important, please let me know and I will provide any info necessary.

 

Thank you guys very much for taking the time.

Link to post
Share on other sites

MPLS won't help. With MPLS, you will get the same bandwitdth, just remove the VPN part (network will be routed directly on L2 between sites).

 

What you could do is using SD-WAN Accelerator. Those will compress data end to end and help with bandwidth.

 

Another thing to look, is the CPU of the Firewall giving the VPN. Is he able to provide 100% of the bandwith trought the VPN pipe ? Maybe he's lagging around.

Link to post
Share on other sites

MPLS is expensive as hell. I don't know how much bandwidth you are losing through IPSEC but I doubt it will justify the cost for MPLS. Keep in mind that it is recommended to use IPSEC other MPLS aswell to minimize it's attack vector.

It's great to increase the delay for RDP though.

Check if the equipment you are using if it's rated for the bandwidth you are having. Check the IPSEC performance.

 

A DFS-R share on the other hand is a great idea, it will create an offsite replica, enabling the remote office to work on that, and replicate the changes blockwise to the main location.

The other feature that you might look into is BranchCache, though I still don't have any experience with it.

Link to post
Share on other sites

Do you have access to more than 1 in Thailand?  Perhaps if you obtain 2 independent ISP connections, you could build a load balancing tunnel between the Thailand and the Australian office that would give you higher effective bandwidth.  That is, assuming that your two (Thailand) ISPs use independent paths.

 

Doing multiple load balancing tunnels may be a good idea anyways to increase the number of packets that are contending for the same overseas connections.

 

MPLS is most likely overkill.  But I think you'd be better off, if you can, ditching that Cisco stuff and going with pfsense  / OpenVPN for your VPN needs.  

Link to post
Share on other sites

people generally dont seem to realise how much CPU horsepower it takes to do a VPN over a multi hundred megabit connection especially on older hardware that didnt have dedicated encryption offload.

 

try reducing your encryption level to, well... none... and do a quick test and then you'll be able to see if this is an issue or not.

 

your best bet to learn more about different technologies on offer is to contact a vendor that provides these solutions (ie a big ISP) and get them to come in and try and sell you things., they can give you the Pros and Cons of different solutions, prices etc. then you get a nice bit of free training. you dont need to buy anything off them :)

Link to post
Share on other sites

Your issue is Australia, their internet sucks donkey nuts. (Seriously) I would look at moving your servers to a datacenter in Syndney in hopes to get better speeds. Actually you may be better off creating a VDI or RDS setup in Thailand for the users in Sydney to work off of. That way the data stays in Thailand and less to transfer over the wire.

 

You're also limited physically, there's no direct deep sea fiber from SE Asia to Sydney, so you have a couple hops to get there. I know from the east coast US to Brisbaine I average 250ms.

 

Link to post
Share on other sites

On a note about MPLS - it only works within your ISP's control, so once the connection leaves their IP space it is the wild wild west. They may have agreements however with other ISPs, but honestly Thailand / Vietnam are the only countries I imagine this having any effect on.

Link to post
Share on other sites
Posted · Original PosterOP
12 minutes ago, Mikensan said:

Your issue is Australia, their internet sucks donkey nuts. (Seriously) I would look at moving your servers to a datacenter in Syndney in hopes to get better speeds. Actually you may be better off creating a VDI or RDS setup in Thailand for the users in Sydney to work off of. That way the data stays in Thailand and less to transfer over the wire.

 

You're also limited physically, there's no direct deep sea fiber from SE Asia to Sydney, so you have a couple hops to get there. I know from the east coast US to Brisbaine I average 250ms.

Lol this made me laugh.
 
Our server in Sydney hosted in a datacenter, or so I am told
 
Also the internet that they have is 1000mbps up and down. It seems quite good, but when I speedtest the internet in Sydney pinging the Chiang Mai ISP server the results are piss poor. We get 200ms of ping 180Mbps down and 3.5Mbps up.
 
I think the biggest bottleneck is the Easyconnect VPN. Our streams aren't extremely data sensitive and security is probably killing the speed.
 
Our IT company in Sydney suggested using Identical routers and setting up the IP addresses and subnets to create our own VPN without the software interface? Not sure if that's correct, but that's how it was explained to me.
 
I will do a bit of research on VDI as I am not sure what this is.
 
Thanks for your reply.

 

 

Link to post
Share on other sites
Posted · Original PosterOP
17 minutes ago, Mikensan said:

On a note about MPLS - it only works within your ISP's control, so once the connection leaves their IP space it is the wild wild west. They may have agreements however with other ISPs, but honestly Thailand / Vietnam are the only countries I imagine this having any effect on.

Noted. I had another ISP come in today and they quoted me just over 3000$ a month for their MPLS service. They were offering some other solutions and were talking about using multiple ISPs if we wanted to or a Private line with up to 16 IP addresses. The whole conversation was in Thai, so I had difficulty working out the minor details of what they were getting at.

 

I will post up their quote when I receive it and what they are actually trying to offer.

 

Thanks for your replies.

Link to post
Share on other sites

It might be worth it to verify the datacenter in Syndey, the VPN isn't going to choke your upload that badly when the downloads are hitting 180. Given they are supposedly 1/1GB/s and you're already 200/100 with tested speeds of 180/3 - you should at least hit 50/50. If you can RDP to the server in Sydney, do some speed tests.

 

It is true that VPNs put a strain but unless it's 10 years old you should be getting better.

 

Instead of a VPN an alternative is making your services available over HTTPS or through RemoteApp (Microsoft Windows RDS). Horizon is quit expensive (VDI) but if you have the need, it is an available solution. A cheap workaround for a smaller company would be setting up virtual desktops and using something like Apache Guacamole to give access to the desktops.

 

 

Now all of that said, your connection may only be 200/100 to local resources (Datacenters located in Thailand / Vietnam) - have you done a speed test to either India / UK / US?

Link to post
Share on other sites
Posted · Original PosterOP
4 minutes ago, Mikensan said:

It might be worth it to verify the datacenter in Syndey, the VPN isn't going to choke your upload that badly when the downloads are hitting 180. Given they are supposedly 1/1GB/s and you're already 200/100 with tested speeds of 180/3 - you should at least hit 50/50. If you can RDP to the server in Sydney, do some speed tests.

 

It is true that VPNs put a strain but unless it's 10 years old you should be getting better.

 

Instead of a VPN an alternative is making your services available over HTTPS or through RemoteApp (Microsoft Windows RDS). Horizon is quit expensive (VDI) but if you have the need, it is an available solution. A cheap workaround for a smaller company would be setting up virtual desktops and using something like Apache Guacamole to give access to the desktops.

 

 

Now all of that said, your connection may only be 200/100 to local resources (Datacenters located in Thailand / Vietnam) - have you done a speed test to either India / UK / US?

I have tested the speeds via the RPD connection and I got 831Mbps Down and 805Mbps up pinging the optimal server Sydney to Sydney.

 

I am not in my office, but just checked my house connection to multiple points in the USA and AUS. My home connection is a different ISP and the speed is 100/30. I get 200-250ms of ping and around 110Mbps to 130Mbps and around 6-8Mbps upload when testing USA and Aus servers.

 

I will check the connection in the office and possibly upload a video or some photos to give you a better representation of how things look and work from my end.

Link to post
Share on other sites
3 minutes ago, JesseStillwell said:

I have tested the speeds via the RPD connection and I got 831Mbps Down and 805Mbps up pinging the optimal server Sydney to Sydney.

 

I am not in my office, but just checked my house connection to multiple points in the USA and AUS. My home connection is a different ISP and the speed is 100/30. I get 200-250ms of ping and around 110Mbps to 130Mbps and around 6-8Mbps upload when testing USA and Aus servers.

 

I will check the connection in the office and possibly upload a video or some photos to give you a better representation of how things look and work from my end.

 

So it sounds like your ISP is choking your upload if your upload is that low. The ping response time isn't too surprising, there's not much you can do about that. I do not think your VPN equipment is at fault.

Link to post
Share on other sites
Posted · Original PosterOP
9 hours ago, Mikensan said:

 

So it sounds like your ISP is choking your upload if your upload is that low. The ping response time isn't too surprising, there's not much you can do about that. I do not think your VPN equipment is at fault.

That's entirely possible, but I believe the upload speed suffer over those distances.

 

What speed of internet do you have? Could you try doing a speed test and changing the server to one in Chiang Mai, Thailand and see if it affects your upload badly?

 

Thanks in advance.

Link to post
Share on other sites
11 hours ago, JesseStillwell said:

That's entirely possible, but I believe the upload speed suffer over those distances.

 

What speed of internet do you have? Could you try doing a speed test and changing the server to one in Chiang Mai, Thailand and see if it affects your upload badly?

 

Thanks in advance.

NZ to Chiang Mai, 100/100 Business connection (basic plan not a higher end dedicated plan).

8094359174.png

 

Upload speed is crap.

 

NZ to Chiang Mai, 10G/10G with 1G international (non-research destination) dedicated research network (REANNZ). AS and IP space is ours, looking at the ping compared to my home connection there's definitely a much worse route being used, which should be fixable.

8094366352.png

 

Upload speed is still crap.

 

Gut feeling is that the connection between AUS/NZ and Thailand is just bad.

 

NZ to Seattle, the 10G work connection

8094378744.png

 

NZ to LA, 10G

8094383125.png

 

As @Mikensan mentioned I'd look in to VDI/Remote Desktops or Remote Published Applications. For any file transfers it's probably faster to upload them to a cloud service like OneDrive, Google Drive, Dropbox etc and then download, it's multi step but these providers (particularly Microsoft, Google and AWS) operate their own world wide fibre and transits and have way better connections. The way Microsoft does it is you connect to the closest local entry point in to the Microsoft network from the public internet then you drop in to theirs from that point on.

Link to post
Share on other sites
Posted · Original PosterOP
3 hours ago, leadeater said:

NZ to Chiang Mai, 100/100 Business connection (basic plan not a higher end dedicated plan).

8094359174.png

 

Upload speed is crap.

 

NZ to Chiang Mai, 10G/10G with 1G international (non-research destination) dedicated research network (REANNZ). AS and IP space is ours, looking at the ping compared to my home connection there's definitely a much worse route being used, which should be fixable.

8094366352.png

 

Upload speed is still crap.

 

Gut feeling is that the connection between AUS/NZ and Thailand is just bad.

 

NZ to Seattle, the 10G work connection

8094378744.png

 

NZ to LA, 10G

8094383125.png

 

As @Mikensan mentioned I'd look in to VDI/Remote Desktops or Remote Published Applications. For any file transfers it's probably faster to upload them to a cloud service like OneDrive, Google Drive, Dropbox etc and then download, it's multi step but these providers (particularly Microsoft, Google and AWS) operate their own world wide fibre and transits and have way better connections. The way Microsoft does it is you connect to the closest local entry point in to the Microsoft network from the public internet then you drop in to theirs from that point on.

Thanks for sharing this. It's very eye opening. It appears that the connection from Thailand to Aus or NZ is just not up to speed.

 

Our company does use OneDrive quite a bit, and that seems to help, but there are old timers in the office that, well lets just say don't embrace changes. Often times I have to RDP to their server and open a browser and upload files to the OneDrive so that I can download them from my end after they are uploaded from their end. Needless to say this isn't easy, especially because it won't let me drag in folders to the OneDrive upload interface whilst I'm using RDP.

 

We don't really use the connection to transfer files, so I don't need tons of speed. Just enough so the RDP connections can work in the environment without lag. I will also hope to do a DFS-R for our servers, but we'll see how that goes. I have a feeling we will never get enough speed to keep up.

 

Again, thanks for your replies. This is very helpful and I will update this with more info when I get this sorted out.

Link to post
Share on other sites

 

1 hour ago, JesseStillwell said:

Thanks for sharing this. It's very eye opening. It appears that the connection from Thailand to Aus or NZ is just not up to speed.

 

Our company does use OneDrive quite a bit, and that seems to help, but there are old timers in the office that, well lets just say don't embrace changes. Often times I have to RDP to their server and open a browser and upload files to the OneDrive so that I can download them from my end after they are uploaded from their end. Needless to say this isn't easy, especially because it won't let me drag in folders to the OneDrive upload interface whilst I'm using RDP.

 

We don't really use the connection to transfer files, so I don't need tons of speed. Just enough so the RDP connections can work in the environment without lag. I will also hope to do a DFS-R for our servers, but we'll see how that goes. I have a feeling we will never get enough speed to keep up.

 

Again, thanks for your replies. This is very helpful and I will update this with more info when I get this sorted out.

Have you tried google chrome remote desktop?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×