Wednesday, January 12, 2011

Mac OS X machines - VERY slow access to Windows shares

I have a handful of mac boxes accessing a share from a remote Windows Server 2003 box over a site-to-site VPN. They are connecting to the share using cifs, authenticating with AD credentials, and performance is absolutely pathetic - think waiting 5+ minutes to open/copy/move shared docs, even small ones <100Kb.

I am relatively new to this situation but it has been ongoing for quite some time before I took over. For some further background, I can access the same files from Windows machines on the same LAN as the Macs as fast as one would expect for the situation. All of these machines are on a Cisco Catalyst switch behind a Cisco PIX firewall (which provides the site-to-site VPN access). Ping responses from Mac boxes and windows boxes to file server are about the same: 6-7ms.

Has anyone experienced problems like this accessing windows shares from Macs? Is this a protocol issue? Thanks for any input.

  • My gut says you might be having an MTU issue on your VPN. Path MTU discovery is supposed to work around this, but there can be misconfigurations of networking gear that make it not work right.

    I don't know what the specific PING syntax is on OS/X, but on Windows you can send a PING from the server to one of the clients with the syntax:

    PING <destination> -l <length> -f
    

    This sends a PING packet with the specified length to the destination with the "do not fragment" bit set. You should be able to move packets with a length of 1472 between the client and the server, unless there's a connection between you with a smaller MTU.

    Have a look at this article from Microsoft for some background: http://support.microsoft.com/kb/314825

    Do you see any issues with other protocols running over the VPN, like HTTP or FTP? CIFS isn't the best performer over highly-latent links, but the times you're talking about are outside the ballpark of "normal" CIFS suckage.

    Froosh : +1 Just recently had similar issues with an MTU blackhole that did not sent ICMP Frag Required messages for oversized packets.
  • To diagnose a possible MTU issue the ping syntax in OS X would be

    ping -D -s packetsize destination
    

    Where packetsize is the number of data bytes to send MINUS the 8 bytes for the ICMP header (ie: the default packetsize is 56 which is 56+8=64 byte packets sent).

    From Brad

0 comments:

Post a Comment