I have multiple external clients whom communicate with a host internal to my corporation. At times the clients experience slow repsonse and the server seems to receive bursts of traffic. I have a sniffer on the clean side as well as the dirty side of the firewall. I'm noticing numerous repeat acknowledgements. My understanding of repeat ack's are somewhere in the network the order of fragmentation is being corrupted or missing fragments of a segment are being received which does not allow the reciever to reassemble the fragments? Any knowledge and advise on this??
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
TCP/IP Repeat Acknowledgments
- Thread starter mibrahim
- Start date
opediggitty
Technical User
Does your firewall fragment data by default or do you have that option enabled? If so, I would turn it off and see if that helps.
There's a "math" bug in win98se's original VTCP stack that causes multiple acks to be generated. If you have users that are still running 98se and have not installed the MS patch,,,
a possibility to consider, was the source here.
Steve
a possibility to consider, was the source here.
Steve
- Thread starter
- #4
It may not deliberately fragment data, but it could lead to that as a result of MTU settings on both your remote client and their particular internet type.
You want to ensure, if possible, that the default MTU setting on your router/firewall for outbound communications is no higher than the possible MTU possible for the client. Similarly, the client side should ensure that their MTU settings are fixed rather than using MTU discovery.
A DSL client, for example, through MTU discovery may well "see" a 1500 MTU from your router/firewall, when the link is not capable of an MTU greater than 1492 in most cases. VPN clients have similar issues, where MTU as low as 1400 is not unusual.
The packets then are fragmented, and retried. This article discusses the issue in a Linksys context, but the issue is universal:
You want to ensure, if possible, that the default MTU setting on your router/firewall for outbound communications is no higher than the possible MTU possible for the client. Similarly, the client side should ensure that their MTU settings are fixed rather than using MTU discovery.
A DSL client, for example, through MTU discovery may well "see" a 1500 MTU from your router/firewall, when the link is not capable of an MTU greater than 1492 in most cases. VPN clients have similar issues, where MTU as low as 1400 is not unusual.
The packets then are fragmented, and retried. This article discusses the issue in a Linksys context, but the issue is universal:
opediggitty
Technical User
I think that your internal host may be fragmenting data. I think this may be the case since you are seeing the fragmentation on both the dirty and clean side of the firewall. Depending on the OS there may be some settings on that host to stop fragmentation.
- Status
Similar threads
- Locked
- Question
- Locked
- Question