Wireless Access

Reply
Highlighted
Occasional Contributor II

RAP - Home worker latency Issue.

Hello All.  I hope someone can Help, Aruba TAC don't seem to be able to.

We have 50 RAP users working from home, they are all suffering from packet loss and latency when using the RAP which is causing RDS and certain APPs i.e. SAP to drop sesiions and cause the user many problems with having to reestablish connectivity to the session.

 

I brought a RAP home to test this myself and I can see there is an issue.

 

When using my own broadband wireless with Pulse secure VPN, there is NO problem at all, If I connect a Fortinet VPN to thhe wired port of my home router there is NO problem.  However, when I plug in a RAP (3wn) I see issues with latency and drops regardless of whether I'm wired or wireless.  To me, it's more about an issue with the IPSEC tunnel because it doesn't matter if I'm on wireless or wired on E1..  But all aruba did was look at the Wireless interference...!  !now-rap.jpg shows the issue over a 10 minute period connected Wirelessly.  !now-rap2.jpg is when I'm on the wired port again over the same time period.  Now compare them to !now-Pules.jpg**  which is the same client, same environment, same time period, only this time not using the Aruba RAP.     The differences are huge.  Has anyone seen this behaviour before?  

 **I cannot show the Pulse log because we have reached our licence limit due to lock down which is why we really need RAPs working.   I will try and add the Pulse trace later.

tweet @wjhphoto
Highlighted
MVP Guru

Re: RAP - Home worker latency Issue.

What is the current configuration of your RAP? Are you tunnelling all traffic back to the controller or split tunnelling?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor II

Re: RAP - Home worker latency Issue.

^^

tweet @wjhphoto
Highlighted
Occasional Contributor II

Re: RAP - Home worker latency Issue.

Hello Craig,  thanks for taking the time to look at this.  We are Tunnelling all traffic.

 

Jon

tweet @wjhphoto
Highlighted
MVP Guru

Re: RAP - Home worker latency Issue.

I seen this is the case when all data is being tunnel back to the controller. The IPSEC overhead and limited home worker internet connections can have an affect. Can you adjust the ACL applied to the user to allow for split tunnelling? This will ensure that only traffic needed to be routed back to the controller is sent down the tunnel the remaining traffic would be routed locally via the Home Works ISP.

 

https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/arubaos-solutions/rap/unde-spli-tunn.htm?Highlight=split%20tunnel

 

 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Guru Elite

Re: RAP - Home worker latency Issue.

AC-Jon,

 

If you are supplying wireless on the RAP, you should have "Drop Broadcast and Unknown Multicast" enabled on that Virtual AP (broadcast filter all on the commandline).  If you are also supplying wired, you want to enable "Broadcast Multicast Optimization" on the wired VLAN on the controller to prevent broadcast traffic on the wired VLAN from being re-broadcast to all other Remote APS.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: RAP - Home worker latency Issue.

Cheers Craig... I'll take a look at the settings and get back to you.

tweet @wjhphoto
Highlighted
Occasional Contributor II

Re: RAP - Home worker latency Issue.

Cheers Cjoseph.  I'll take a look and get back to you.   Out of curiosity do you both agree with one another on the offered solutions? 

 

@Craig & @cjoseph

tweet @wjhphoto
Highlighted
MVP Guru

Re: RAP - Home worker latency Issue.

I'll always agree with @cjoseph his knowledge is unmatched haha! 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
All-Decade MVP 2020

Re: RAP - Home worker latency Issue.

While I am not the pro that these two guys are, I do use quite a few RAPs as well (mix of 109's, 155's and a few others) in support of our remote offices. What both Craig and CJ talk about were my first thoughts too. Split-tunneling DEFINITELY keeps internet speeds up and latency down when dealing with home users and questionable Internet connections. Broadcast optimization with the methods CJ talked about are a must in any RAP configuration from the beginning.

 

So while not adding anything new to the conversation, I am just granting an additional confirmation that checking these issues first is putting you on the right track.

 

.

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWDP | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
https://industrialwifishop.wordpress.com/
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: