dropping UDP packets in openconnect VPN

Steven Hirsch snhirsch at gmail.com
Fri Aug 19 07:55:32 EDT 2011 

On Fri, 19 Aug 2011, Dale Pontius wrote:

> First I ran a simple "ls" against my home directory, giving the full path 
> instead of any of the symlink shortcuts.  That took 47 seconds to return the 
> listing.  (Ick!)  Next I ran a simple "ls" against the top-level of our 
> department shared space, again giving the full path.  This time it took 18 
> seconds to return the listing.  Then I listed another shared space, and it 
> took just under 10 seconds.  Every listing after that took under 5 seconds, 
> typically 3 or 4 seconds.  I'm not sure what was getting "primed" there, 
> perhaps much of it was simply getting from the top of the company tree to my 
> home cell.  Since this system hadn't been used to connect to work in some 
> time, I considered the afs cache to be empty.  (Maybe I should have done that 
> explicitly, I guess.)

It would not have been empty unless you cleared it explicitly.  The 
initial delays were likely caused by the cache manager trying to get 
current with the server.  I've seen this exact problem here.

If you want a fair test, knock down the AFS client, delete everything 
under the cache directory and restart.

> Anyway, after getting rolling, I would not be dissatisfied with 3 or 4 
> seconds for first touch, from home.  I guess I should verify also that second 
> touch is much faster, and that cache interrogation traffic isn't as slow as 
> that 3 or 4 seconds.

Disclaimer, Dale and I are coworkers and are targeting the same corporate 
AFS cell.  My problems are a bit different.  After a long period of 
peaceful remote AFS access, I'm plagued with:

- Files copied to remote server truncated (no error message)

- Cache coherence problems: Erase a file on the server end.  Try to copy a 
file of the same name from local disk ---> Claims file still exists.

The former has been a persistent issue for many remote users over the 
years and I don't think it's specific to openconnect.  The second I've 
been attributing to dropped cache-management packets coming back from the 
server.

My MTU defaults to 1402, FWIW.  I tried lower settings, but it was 
disastrous for other applications and didn't help AFS at all.

Steve


--

More information about the openconnect-devel mailing list