Solved

TCP duplcate ACK behaviour

Posted on 2011-02-21
2
1,582 Views
Last Modified: 2012-08-14
I have narrowed down a performance issue but am trying to understand the TCP behaviour that I am seeing:
 ( I have changed the IPS)


So I see the receiver respond with an ACK 35515097 which is as expected. However directly after a window update the receiver starts to send duplicate ACKS for the same segment that it acknowledged in the first packet.

Why would it send a duplicate ACK if it already sent an TCP prior saying it received that segment?  There were many Out of order packets, so my first thought was that due to the TCP behavior of sending these packets to the buffer with a gap, eventually after receiving so many it would have to drop some and could cause this. TCP will not deliver OUT OF ORDER packets to the process/application (FTP here)  so if it received to many packets it would not be able to buffer all of this without some discard. The only issue with this theory is I would expect to see zero windows coming from the receiver if that was the case, which I do not.

I can see there is latency across the link between these 2 hosts as a fast transmit that is sent from sender does not get to receiver for 4 secs at times. I am just trying to understand 2 things:
Why the duplicate ACKS after the receiver says it received that segment

Why at times I will see a Fast Retransmit after 4-7 duplicate ACKS when it should be after 3?





No.     Time        Source                Destination           Protocol Info
  38130 180.317208  1.1.1.1         2.2.2.2         TCP      65519 > 42397 [ACK] Seq=1 Ack=35515097 Win=65160 Len=0 TSV=3909745777 TSER=3175776381

No.     Time        Source                Destination           Protocol Info
  38131 180.317308  1.1.1.1         2.2.2.2        TCP      [TCP Window Update] 65519 > 42397 [ACK] Seq=1 Ack=35515097 Win=66608 Len=0 TSV=3909745777 TSER=3175776381 SLE=35516545 SRE=35517993


No.     Time        Source                Destination           Protocol Info
  38133 180.317329  1.1.1.1        2.2.2.2        TCP      [TCP Dup ACK 38131#1] 65519 > 42397 [ACK] Seq=1 Ack=35515097 Win=66608 Len=0 TSV=3909745777 TSER=3175776381 SLE=35516545 SRE=35517993


thanks
0
Comment
Question by:andrew_89
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 34947184
>Why at times I will see a Fast Retransmit after 4-7 duplicate ACKS when it should be after 3?

It is related all to timing, and is why the Operating System must be optimized for TCp of high latency links. The concept is that TCP will generate an immediate acknowledgment (a duplicate ACK) when a segment has been received out- of-order; with this being said, this duplicate ACK should not be delayed. For the sake of others reading this, the purpose of the duplicate ACK is to let the other end know that a segment was received out of order, what the sequence number of that segment was. Now an application is only has smart as the programmer, obvouisly with some algorthyms that enhanced the protocol, but TCP is far from a perfect protocol. What I mean by this is that TCP does not know whether a duplicate ACK is caused by either a lost segment or by the reordering of segments; TCP will wait for a small number of duplicate ACKs to be received. It is also assumed that if there is just a reordering of the segments, there will be only one or two duplicate ACKs before the reordered segment is processed, which will then generate a new ACK; however,  If three or more duplicate ACKs are received in a row, there is high probability that a segment has been lost. TCP then performs a retransmission (Without waiting for a retransmission timer to expire) of what appears to be the missing segment.

Billy
0
 
LVL 1

Author Closing Comment

by:andrew_89
ID: 35282665
sorry for delay
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question