What causes duplicate acks ? [and how to prevent them ]
J.Smith
At our site we currently have the following situation. We just installed a
new networked Unix (AIX) system, and initially everything seemed to work
fine. But after a while, end users started to perceive the service as being
'slow'. After looking at all the usual suspects (cpu, memory, disk) we
concluded that the system was only mildly loaded, so it seemed that the
system itself was not the cause here.
Eventually we started to look at the network. When we issue the 'netstat -s'
command to look at the network TCP/IP statistics, the thing that really
stood out in the output was the fact that the percentage of 'duplicate acks'
was really high. Could this be the cause of our 'slow' system ?
Now if I recall my TCP/IP networking classes correctly, duplicate acks
happen *only* when packets get dropped on the network (a result of either
congestion or unreliable links), forcing the receiving side to
re-ack-knowledge the last correctly received packet, resulting in a
'duplicate ack'. Right ? ( Or are the other things that could cause
'duplicate acks' ? )
The next question of course is, how do we solve this issue. If packets
really are getting dropped, how do we find out were the packets get dropped
? Are there any good tools for problems like this, apart from good old
network sniffers like tcpdump and such ? Or are there any networking options
in particular that we could tweak to influence the results, like rto, window
sizes, or buffer sizes ?
Anyway, any and all comments, insights, pointers to web-pages etc. are more
than welcome here.
Sincerely,
J.Smith
William Peckham
representative. When I saw these symptoms, there were two routers on the
same segment, set to back each other up. This resulted in two valid and
active network paths between segments, and packet duplication one way. Both
a new firmware image from CISCO and a reconfiguration of both routers was
required to solve the issue.
How is your network configured? Is this machine multihomed?
"J.Smith" <a...@a.com> wrote in message
news:Lnpc9.69245$7v.94...@amsnews03.chello.com...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.384 / Virus Database: 216 - Release Date: 2002-08-21
Douglas R. Probst
acks but it sounds like you may be new to AIX. One thing that gets
overlooked during an install buy quite a few AIX admins, is the device
settings for the network card. If you are using a 10/100 Ethernet card make
sure your device is locked down at the same speed as your network. DO NOT
use Auto Negotiate.
To check your current settings run the following.
for i in `lsparent -C -k ent| awk '{print $1}'`
do
lsattr -El $i | grep speed
done
To change this attribute you will need to take the interface offline and
use either smit devices,comunication,ethernet,adapter (i think that is the
menu path)
or
chdev -l ent# -a media_speed=100_Full_Duplex (or whatever you are running)
Hope this helps
Doug
"J.Smith" <a...@a.com> wrote in message
news:Lnpc9.69245$7v.94...@amsnews03.chello.com...
Chuck Sterling
> I have no idea if what I am going to suggest is the cause of you duplicate
> acks but it sounds like you may be new to AIX. One thing that gets
> overlooked during an install buy quite a few AIX admins, is the device
> settings for the network card. If you are using a 10/100 Ethernet card make
> sure your device is locked down at the same speed as your network. DO NOT
> use Auto Negotiate.
<snip>
I've found this also to be true for Solaris, at least 2.6, however the commands
to lock it down are different. No idea whether this would affect the duplicate
ACK problem, though.
Chuck Sterling
J.Smith
> I have seen this only once, and my experience is probably not
> representative. When I saw these symptoms, there were two routers on the
> same segment, set to back each other up. This resulted in two valid and
> active network paths between segments, and packet duplication one way. Both
> a new firmware image from CISCO and a reconfiguration of both routers was
> required to solve the issue.
>
> How is your network configured? Is this machine multihomed?
>
Our network is configured like this:
We have a 'three-armed' multihomed firewall, whose interfaces are
connected to:
1.) a DMZ
2.) the Internet via a (cisco?) router provided by our ISP
3.) our LAN
All three are seperate subnets/networks, and each firewall-interface
has only one IP-adres configured. Routing between these takes place
using static routes that are configured on the firewall. I believe the
firewall is a FreeBSD system, running FireWall-One.
The (browser) clients are located in the LAN, and connect to the
Internet in the following manner:
1.) Clients connect to a http-proxy in the DMZ, passing the Firewall
(NIC-1).
2.) The http-proxy then connects to the Internet, passing the Firewall
again (NIC-2), which then get send to the ISP router on to the
Internet.
So the clients-traffic passes the firewall (rulesets) twice.
The 'problem host' is the http-proxy (running aix 4.3.3), which is
located in our DMZ. This system has only one NIC (fddi) configured,
and has only one IP-adres. No NAT takes place, the http-proxy has a
'real' Internet IP-adress.
Sounds like a perfectly fine setup to me, but then again Im just a
humble system-admin, and not a network guru ;)
Anything in here that could be the cause of our problems ?
J.Smith
> ... settings for the network card. If you are using a 10/100
> speed as your network. DO NOT use Auto Negotiate.
>
Thanks for the tip, but I am aware of this issue. Guess Im not as new
to AIX as I sound ;)
Actually, the 'problem host' doesn't have an ethernet interface, but a
100MB FDDI interface. The MTU on this host and interface was set back
from the FDDI default mtu (4xxx-something) to 1500 (something we do on
all our FDDI hosts). We do this explicitly is to prevent fragmentation
of traffic passing between FDDI and ethernet systems (1500 is the
maximum frame size that can get transfered on an ethernet).
>
> Hope this helps
> Doug
>
Thanks for the effort.
Sincerely,
J.Smith