How to use SMB Multichannel over VPN?

vpn performance-tuning server-message-block cisco-vpn

According to this article SMB Multichannel can provide the following capability:

  • Increased Throughput - The file server can simultaneously transmit additional data by using multiple connections for high-speed network adapters or multiple network adapters.

A key requirement is:

  • One or more network adapters that support Receive Side Scaling (RSS)

This differentiates between multiple network adapters, and multiple connections over a single network adapter, from my interpretation. This makes sense because most clients will NOT have multiple network adapters..

This seems to indicate that SMB Multichannel WILL create multiple connections over a single network adapter to improve throughput. With so many people working remotely, and with SMB performing so poorly over VPN, how do I make SMB use multiple channels over VPN? If I can't, why not?

I researched this months ago, and came to the conclusion that it was either not possible, or would have no benefit. But, the topic has come up again today, and I realize just how little information there is about this apparent performance solution over VPN and how conflicting a lot of the information is.

If I run get-netadapter I see the Cisco AnyConnect:

Name                      InterfaceDescription                    ifIndex Status       MacAddress             LinkSpeed
----                      --------------------                    ------- ------       ----------             ---------
Ethernet 2                Cisco AnyConnect Secure Mobility Cli...      22 Up           00-05-9A-3C-7A-00       995 Mbps
Bluetooth Network Con...2 Bluetooth Device (Personal Area Ne...#2      18 Disconnected 48-F1-7F-B8-15-4A         3 Mbps
Ethernet                  Realtek USB GbE Family Controller            17 Up           C8-F7-50-BD-BE-B2         1 Gbps
Ethernet 3                Intel(R) Ethernet Connection (7) I21...      16 Disconnected C8-F7-50-40-7F-AF          0 bps
Wi-Fi 2                   Intel(R) Wireless-AC 9560 160MHz             13 Disconnected 48-F1-7F-B8-15-46       702 Mbps

If I run get-smbclientnetworkinterface I see RSS Capable is False:

Interface Index RSS Capable RDMA Capable Speed    IpAddresses
--------------- ----------- ------------ -----    -----------
22              False       False        995 Mbps {fe80::7462:e71e:9881:4acd, fe80::b2f5:b0a1:835c:2c59, 10.100.20.141}
16              False       False        0  bps   {fe80::8464:d8a6:5624:de65}
17              False       False        1 Gbps   {fe80::e4ad:bb1b:5cdc:7dd7, 192.168.1.103}
13              False       False        702 Mbps {fe80::a9ce:6710:5904:a673, 192.168.1.195}
9               False       False        0  bps   {fe80::bc98:252c:7c3f:acec}
11              False       False        0  bps   {fe80::b035:347f:91cb:d7f}
18              False       False        3 Mbps   {fe80::490b:e922:3662:a942}

On the server side, the network adapter is RSS capable, and SMB Multichannel is enabled.

In previous network diagnostics I was able to determine SMB v3.1.1 is in use and SMB multichannel was not in use.

If it means anything, we use Cisco AnyConnect connecting to Cisco ASAs.


Solution 1:

From the article, it seems like you would need a VPN adapter (which remember, looks like a NIC but is software) that implements RSS or RDMA*. From the output you show, the AnyConnect virtual NIC can't do RSS, so you can't use it for multichannel, thus answering your question If I can't, why not?. I don't know why Cisco didn't implement RSS in the AnyConnect virtual NIC - maybe there's not enough demand for it, maybe it's not efficient to do it in software, maybe it's too difficult to do it reliably (again, vs demand for the feature.)

* - further down in the article you linked, there's a good table showing the different single-vs-multi scenarios, and a feature comparison for teaming, RSS, and RDMA enabled NICs.

/edit - it's possible that RSS is a configurable setting on the AnyConnect adapter properties, on the Advanced tab. Have you checked there? I don't have AnyConnect, to see this myself.

/further edit - you should open a TAC case for this. They're generally really good to work with and might be able to help you address the base problem, which is poor SMB performance over VPN. You're looking at SMB Multichannel, but that's not a "bad performance fix", that's a "use-all-the-hardware-to-remove-bottlenecks performance booster with today's LAN hardware" and might not help you.

/last edit - yeah, seeing your previous post, you should open a TAC case. Even if you are able to get SMB multichannel working, I don't think it would fix the problem you're describing there.

Related

Very slow SMB speeds on macOS
custom dnsmasq (or custom options) with libvrt?
OpenLDAP client inside a docker container
How to create hyperlink to call phone number on mobile devices?
What is the Difference Between read() and recv() , and Between send() and write()?
Best way to run scheduled tasks [closed]
What actually causes a Stack Overflow error? [duplicate]
CSS hexadecimal RGBA?
Can you "compile" PHP code and upload a binary-ish file, which will just be run by the byte code interpreter?
Unable to create Android Virtual Device
What is "android.R.layout.simple_list_item_1"?
Difference between res.send and res.json in Express.js