Mailing List Archive: TCP perfomance

TCP perfomance

kevlar.kernel at gmail

Jun 6, 2008, 9:41 AM

Post #1 of 7 (14232 views)

Yes, I also forgot that I had been subscribed to this list.
To get a topic going I was at work and I argued that we should disable
TCP timestamps. I was discussing in a meeting that this would cut back
(perhaps very slightly) on the amount of work that the system has to do
before sending a packet out. In a high traffic system (like a file
server or a mail server or in my case a Oracle Database), not having to
throw this on every packet should increase performance ever so slightly.
Disabling this would benefit security, as the attacker would not be able
to gather the up time from the targeted system.
Like I said this might be a slight increase, but its an increase
none-the-less, and when you have a DBA crying about poor network speed
or IO, or the system is too heavily loaded, then this keeps him quiet
for a few days. :)
Any thoughts???
--
gentoo-performance@lists.gentoo.org mailing list

Re: TCP perfomance [ In reply to ]

miguel.filipe at gmail

Jun 6, 2008, 10:07 AM

Post #2 of 7 (13873 views)

There is no such thing has a TCP timestamp:
http://freebie.fatpipe.org/~mjb/Drawings/TCP_Header.png

so, that doesn't make any sense...

On Fri, Jun 6, 2008 at 5:41 PM, Kevin Faulkner <kevlar.kernel@gmail.com> wrote:
> Yes, I also forgot that I had been subscribed to this list.
> To get a topic going I was at work and I argued that we should disable TCP
> timestamps. I was discussing in a meeting that this would cut back (perhaps
> very slightly) on the amount of work that the system has to do before
> sending a packet out. In a high traffic system (like a file server or a mail
> server or in my case a Oracle Database), not having to throw this on every
> packet should increase performance ever so slightly. Disabling this would
> benefit security, as the attacker would not be able to gather the up time
> from the targeted system.
> Like I said this might be a slight increase, but its an increase
> none-the-less, and when you have a DBA crying about poor network speed or
> IO, or the system is too heavily loaded, then this keeps him quiet for a few
> days. :)
> Any thoughts???
> --
> gentoo-performance@lists.gentoo.org mailing list
>
>

--
Miguel Sousa Filipe
--
gentoo-performance@lists.gentoo.org mailing list

Re: TCP perfomance [ In reply to ]

kevlar.kernel at gmail

Jun 6, 2008, 10:26 AM

Post #3 of 7 (13893 views)

Miguel Sousa Filipe wrote:
> There is no such thing has a TCP timestamp:
> http://freebie.fatpipe.org/~mjb/Drawings/TCP_Header.png
>
> so, that doesn't make any sense...
Your right and I'm wrong.
Its not in the header, its thrown on at the end....
try doing
cat /proc/sys/net/ipv4/tcp_timestamps

http://www.networksorcery.com/enp/protocol/tcp/option008.htm
http://www.securiteam.com/securitynews/5NP0C153PI.html
--
gentoo-performance@lists.gentoo.org mailing list

Re: TCP perfomance [ In reply to ]

Jun 7, 2008, 9:54 AM

Post #4 of 7 (13887 views)

There are quite a few things that make TCP performance degrade. Is there a
specific reason why you thought about TCP timestamps?
A good way to know is to launch a TCP connection and get it to a stage where
you can clearly see its performance suffer. Then first take a look at the
CPU usage... if its 100% only then you should conclude that the problem is
with the CPU usage aspect of it.
In my experience, there can be many other things that may go wrong. There
are quite a few 'TCP tuning' faqs around the Internet. You might want to go
through a few to see some commonly used solutions.

OTOH, TCP timestamps are an important part of TCP... may be not for a LAN
like system but definitely for a complicated network like the Internet,
where timestamps help TCP to easily infer round trip times with much more
precision than otherwise.

_r

On Fri, Jun 6, 2008 at 1:26 PM, Kevin Faulkner <kevlar.kernel@gmail.com>
wrote:

> Miguel Sousa Filipe wrote:
>
>> There is no such thing has a TCP timestamp:
>> http://freebie.fatpipe.org/~mjb/Drawings/TCP_Header.png<http://freebie.fatpipe.org/%7Emjb/Drawings/TCP_Header.png>
>>
>> so, that doesn't make any sense...
>>
> Your right and I'm wrong.
> Its not in the header, its thrown on at the end....
> try doing
> cat /proc/sys/net/ipv4/tcp_timestamps
>
> http://www.networksorcery.com/enp/protocol/tcp/option008.htm
> http://www.securiteam.com/securitynews/5NP0C153PI.html
> --
> gentoo-performance@lists.gentoo.org mailing list
>
>

Re: TCP perfomance [ In reply to ]

miguel.filipe at gmail

Jun 7, 2008, 3:28 PM

Post #5 of 7 (13882 views)

On Fri, Jun 6, 2008 at 6:26 PM, Kevin Faulkner <kevlar.kernel@gmail.com> wrote:
> Miguel Sousa Filipe wrote:
>>
>> There is no such thing has a TCP timestamp:
>> http://freebie.fatpipe.org/~mjb/Drawings/TCP_Header.png
>>
>> so, that doesn't make any sense...
>
> Your right and I'm wrong.
> Its not in the header, its thrown on at the end....

...at the end of the tcp header, it's a tcp option. (I didn't
understood that the first time I read this email).
It might be good to disable all tcp optional headers..
Also there might be important to look at issues such has:
- mtu size
- tcp window
- set the don't fragment flag (this can offload the routers and
optimize the mtu for the whole connection path)
- use the BIC algorithm (from what I've read, that's my default choice
nowadays... but for some specific workload there might be better
algorithms)

> try doing
> cat /proc/sys/net/ipv4/tcp_timestamps
>
> http://www.networksorcery.com/enp/protocol/tcp/option008.htm
> http://www.securiteam.com/securitynews/5NP0C153PI.html

kind regards!

--
Miguel Sousa Filipe
--
gentoo-performance@lists.gentoo.org mailing list

Re: TCP perfomance [ In reply to ]

kevlar.kernel at gmail

Jun 9, 2008, 9:34 AM

Post #6 of 7 (13876 views)

Miguel Sousa Filipe wrote:
> On Fri, Jun 6, 2008 at 6:26 PM, Kevin Faulkner <kevlar.kernel@gmail.com> wrote:
>> Miguel Sousa Filipe wrote:
>>> There is no such thing has a TCP timestamp:
>>> http://freebie.fatpipe.org/~mjb/Drawings/TCP_Header.png
>>>
>>> so, that doesn't make any sense...
>> Your right and I'm wrong.
>> Its not in the header, its thrown on at the end....
>
> ...at the end of the tcp header, it's a tcp option. (I didn't
> understood that the first time I read this email).
> It might be good to disable all tcp optional headers..
> Also there might be important to look at issues such has:
> - mtu size
> - tcp window
> - set the don't fragment flag (this can offload the routers and
> optimize the mtu for the whole connection path)
> - use the BIC algorithm (from what I've read, that's my default choice
> nowadays... but for some specific workload there might be better
> algorithms)

I haven't played around with different congestion algorithms all that
much, I generally have stuck with Westwood. MTU size... with all the
different machines we have, I prefer to stay with the default. Window
size is a good point.

>> try doing
>> cat /proc/sys/net/ipv4/tcp_timestamps
>>
>> http://www.networksorcery.com/enp/protocol/tcp/option008.htm
>> http://www.securiteam.com/securitynews/5NP0C153PI.html
>
> kind regards!
>
sorry if I seemed rude. heh, text can come across like that sometimes.
--
gentoo-performance@lists.gentoo.org mailing list

Re: TCP perfomance [ In reply to ]

ramon at vanalteren

Jun 10, 2008, 1:10 AM

Post #7 of 7 (13887 views)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kevin Faulkner wrote:
> I haven't played around with different congestion algorithms all that
> much, I generally have stuck with Westwood. MTU size... with all the
> different machines we have, I prefer to stay with the default. Window
> size is a good point.

Have a look at the linux gazette, there's a guy there that wrote a
very extensive overview on different TCP congestion algorithms.

http://linuxgazette.net/135/pfeiffer.html

Ramon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFITjcEwiVM6CtDHQ0RAhRFAJ4+8J8sUWWsH1tbUKtTV2zJeqtxqQCfbmsh
61CH7oj43zsBSceBu+ZCTo4=
=5ARe
-----END PGP SIGNATURE-----
--
gentoo-performance@lists.gentoo.org mailing list