Since a few weeks, I was experiencing sluggish performance while connecting to some SSH servers. The problem happened when using SSH through the VPN of the company I am working for. This resulted in lags when typing commands on the SSH terminal, which was more and more problematic because of more and more command-line arguments I had to pass and longer and longer file paths.
Too many layers = too many problems
My current working setup is far from simple, because I need to work on a remote virtual machine to have access to some data and run some processing on it. The official connection method using NX doesn’t work well for me, because NX suffers from intermittent keyboard issues, e.g., right alt stopping to work, server acting as if Shift was pressed while it is not, etc. This works correctly for somebody using the mouse rather than the keyboard or able, without significant loss of efficiency, to check every typed character for an eventual error. This is not my case.
I ended up building myself a multi-layer setup as follows:
- I am not hooked directly to the cable modem from Videotron. I am rather using a Linksys WRT310N router, and to make things more interesting, I am running DD-WRT, not the official router’s firmware. This rarely caused any issue, though.
- Windows running on a computer provided by the company. I am currently working from home using an ultrabook they provided me, with Windows 8.1 on it.
- The ultrabook having no Ethernet connectivity, I was using a USB to 100Mbps Ethernet adapter to get a faster and more stable connection than wi-fi.
- A Cisco VPN client is needed to access internal resources of the company.
- The machine runs Ubuntu 14.10 in a virtual machine hosted by VirtualBox.
- Inside the guest Ubuntu, SSHFS is configured to access my workspace on the virtual machine, so I can use local editors like Emacs.
- Inside the guest Ubuntu, I open a terminal and SSH to the virtual machine to run commands there.
Phew! What a list of layers!
Different networking methods
VirtualBox offers several ways to manage networking. I am currently using the first of the three I know about. Here they are.
- Bridged. VirtualBox uses a trick I don’t know too much about to clone the host’s network interface and act as if there was a second interface. The guest OS receives its own IP address from my router and thus acts pretty much like an independent machine on the network. This implies that Ubuntu has to establish the VPN connection, but fortunately, there is a Cisco client available. However, when using that method, the Windows host doesn’t have access to internal resources, unless I establish a second VPN connection, on the host side. I am something tempted by the idea of having the router establish the VPN connection. This might be possible with DD-WRT, but this will introduce a security risk: what if I leave the VPN open after my working day or somebody hacks my network?
- NAT. VirtualBox acts a bit like an internal router, allocating a private IP to the guest. Requests are translated by VirtualBox to look like if they came from the host. This works correctly and allows the VPN connection to be established by Windows-based official Cisco client, but on the other hand, this introduces a level of indirection: the NAT applied by VirtualBox. Any indirection is subject to hinder performance.
- USB. VirtualBox has support for exposing USB devices to guests, so I could, at least in theory, expose my USB to Ethernet interface to Ubuntu. However, without Oracle closed-sourced extensions, I would get only USB1.1 support, which would result in slow or non-functional networking. The extensions are available only for personal or evaluation use, so I cannot use this at work. Even if I solve the licensing issue and get the extensions, with the USB solution, the Windows side would be unable to access networking, so I would loose access to Lync and Outlook. I could work around by turning wi-fi back on, but that starts to be clunky. If I have to go this way, I would be better off using my personal Ubuntu PC rather than a virtual machine.
It seems that 1 is a bit faster than 2, but I am not totally sure, no way to measure scientifically. Even with 1, I was still experiencing sluggish SSH. After switching from 2 to 1, this seemed a bit better, but performance degraded after a few minutes.
Could a better network interface help?
This morning, I tried with a TruLink USB to Gigabit Ethernet interface rather than the 100Mbps one. However, this didn’t go well at all. I got the following issues, all after the other.
- VirtualBox partially blocking network. At first, everything seemed to work well. I was able to browse the web and Outlook was working fine. But I soon discovered that Lync wasn’t connecting at all and although Cisco VPN was starting (from Windows, no virtual machine yet), it couldn’t access any internal resource. Trying Windows network diagnostic reported a potential driver issue. I tried to install the driver I found for this adapter, but it just failed; Windows already had the most recent driver built in or installed by IT. I then found out that Windows was connecting to an unknown network using the VirtualBox host-only adapter. So VirtualBox was in the way, partially blocking networking. I had to remove VirtualBox and reinstall it to fix this.
- Cisco VPN not working. After reinstalling VirtualBox, I was able to connect to Lync, but VPN was still non-working. It was connecting without issues, but it would allow access to absolutely no local resource. I tried to remove VirtualBox once again, to no avail. I had to remove Cisco VPN client, reboot to be sure everything was clean, reinstall client, test to see if things were back to normal (they were!), reboot once more to be sure, reinstall VirtualBox and test again! Why reboot? Well, if VirtualBox is installed while Cisco VPN is running, network connectivity stops working completely until VirtualBox is removed.
- Distracting side issues. During this frustrating troubleshooting, I got several other issues. Firefox took several seconds to start, once again, because I would ideally have to switch to Chrome, transfer my bookmarks from Firefox to Chrome once again, and live with a browser having very weak support for touch screen, at least at the time I am writing. Emacs, which I tried to open and use as a buffer because I wanted to try Ping commands and was always making typos, took at least one minute to launch, and started multiple instances when it finally unstuck. Then the main window of the Cisco VPN client remained open after connection and couldn’t be closed by the X button, Alt-F4 or any other normal way; I would have to live with it on an unused Virtuawin desktop or restart the client. I ended up shutting everything down and rebooting once again.
At least, after all these efforts, I got functional networking and experienced a lot less lags than during the last 2-3 weeks while working from home!
If problems come back, I will probably give up on using this ultrabook and revert to the official laptop provided by the company. The machine is heavier, doesn’t have any reasonable way to output to digital displays (I would either need to purchase a docking station specific to that machine, or try my luck with the mini HDMI port which sometimes works, sometimes not), but it has VGA output, it has Gigabit Ethernet and runs the good old Windows 7 which definitely seems to play nicer with the software tools of my company.