Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
5
Replies

Citrix over GRE VPN

mistryj
Level 1
Level 1

‎08-14-2013 01:05 PM - edited ‎03-04-2019 08:45 PM

Hello,

I need some guidelines on how I can improve performance for our XenDesktop users in Singapore complaining about slowness with email and worksite document management system now centralised in London.

Currently we have Implemented Cisco 3925 routers with GRE VPN over IPSEC using EIGRP protocol between remote office and London. Also running latest riverbed a which provided citrix ica optimisation. Singapore have a local 10mb internet connection and London 80mb.

I understand that the encryption and decryption of packets adds additional latency as opposed to using Citrix over normal Internet connection.

Is there anything I need to do on the Cisco 3925 that will help increase performance ?

Any advice and guidelines would be welcome.





Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
5 Replies 5

paolo bevilacqua
Hall of Fame
Hall of Fame

‎08-14-2013 01:34 PM

You can do GRE without encryption. That will decrease latency, increase MTU, and be beneficial.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-14-2013 01:35 PM

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Some things to insure, if you're not doing already.

Insure your VPN routers have very little need to fragment packets.

Don't share your Internet VPN links with non-VPN traffic.

Use shapers to insure any congestion can be managed by you.

Prioritize Citrix traffic over other traffic, except perhaps for real-time traffic (e.g. VoIP).

Insure your average Citrix doesn't exceed 50% of bandwidth, better would be not to exceed 1/3.

If your Citrix allows for disk-to-disk and/or printing, use NBAR to prioritize that traffic lower than Citrix screen scraping traffic.

PS:

If your applications have moved from LAN to WAN, especially on the other side of the world, realize even at very best, no WAN can perform as well as the LAN due to distance based latency.

0 Helpful

mistryj
Level 1
Level 1

‎08-14-2013 02:20 PM

GRE without encryption , can this be removed between specific sites or does this have to be done for all sites ? If how do I configure ?

MTU between tunnels is set to 1400 due to GRE packet header overhead.

Is there any configuration examples for prioritising Citrix traffic on Cisco 3925 ?
I guess it would make sense since we share VPN traffic with Internet wireless traffic.





Sent from Cisco Technical Support iPhone App

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to mistryj

‎08-14-2013 02:46 PM

Just configure gre/multipoint DMVPN.

0 Helpful

mistryj
Level 1
Level 1

‎08-14-2013 03:03 PM

No sorry that is alot of disruption and down time.



Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card