SCP and network issue for big files


I'm running linux box and I can transmit file from server A to  B without any prolbem, but if I want to send big file from B to A I need to disable TCP_SACK in A otherwise it goes to stalled mode. I don't want to disablel TCP_SACK. What may be the problem?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Artysystem administratorCommented:
> I don't want to disablel TCP_SACK.

Why not? TCP_SACK have as advantages as drawbacks...

> What may be the problem?

Probably you have asymmetric link speeds from A to B and from B to A.

SACK is designed for 'high bandwidth, lossy (or high delay) link', probably your back link speed (From B to A) is not 'high bandwidth'.

"If you're on a low-bandwidth link (say 1Mbps or less as a completely arbitrary rule of thumb), SACK can cause problems in normal operations by saturating your connection and should be turned off."


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mokkanAuthor Commented:
Thanks a lot for your input. I'm almost getting there.  As far as I understand, routers or network devices can alter a packet's sequence number but are are not able to adjust the TCP SACK information present in the packet. They send the packet to the server without altering the TCP SACK information. The firewall on the server drops the packet as it is unable to relate this packet to the existing connection.

It is correct. My question is that how can I confirm that  it is not adjusting the TCP SACK information. In the packet how do I identify SACK information? Thanks in advance.
Artysystem administratorCommented:
> In the packet how do I identify SACK information?

There is no way to detect SACK in TCP header once the connection is already established. SACK is sent only once in only one (initial) packet with SYN flag set:

"The 2-byte TCP Sack-Permitted option may be sent in a SYN by a TCP that has been extended to receive (and presumably process) the  SACK option once the connection has opened. It MUST NOT be sent on non-SYN segments. The SACK option is to be used to convey extended acknowledgment information from the receiver to the sender over an established TCP connection."

So you will never find SACK option in any further packet after the connection has been initiated.
If you have a statefull firewall, that doesn't understand SACK, you loose (because it passess initial negotiation as is, so it looks like SACK is negotiated, but drops further out-of-order packets without acknowledging sending peer).

The same can do a router, if it keeps track of the 'TCP session'.


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.