This is the 2nd article in our series on troubleshooting network performance problems, in it we are going to look at another area which will help this function. Retransmissions and duplicate ACKs are part of TCPs functionality which helps prevent packet loss. If you have network or server performance problems then it’s likely you will see a lot of these in your network traces.
The primary way TCP tries to prevent packet loss is by using something called the sliding window mechanism which detects when packet loss occurs and then starts to make allowances. It does this by adjusting the rate of data transmission reducing the overall flow of data to ensure that none is lost. It also will modify the receiving clients ‘receive window’ to control how the data is received.
The receive window is important because this is a value which is stored in the TCP header and specifies how much data the recipient is able to store in it’s buffer, this is information is passed on to the transmitting device. The device transmitting can then only send the amount of data specified in this window size in each transmission. Before any more data is sent the transmitting device must wait until the previous packet is acknowledged.
When troubleshooting remember the TCP flow parameters are there to stop data being lost. If you see lots of these messages and the flow being constantly adjusted this is often worth investigating. You can find situations where there are transmission errors or where a device or network segment is being overloaded. I’ve seen this situation for example where a proxy server was being overloaded through accessing heavy duty websites. The situation was related to a number of individuals constantly streaming video to their clients through the proxy, they were all watching Christmas films from Netflix at work! Fortunately this is no longer an issue as Netflix have banned access from VPNs and commercial IP addresses – check this post which explains about Netflix blocking VPNs.
Just to summarize some of the issues you should look out for when searching for the source of network latency are often there in TCP flow control messages. Re-transmission packets are sent simply because the client has detected that the data being sent is not being received which obviously is a cause for concern. Duplicate ACK packets are pretty much the opposite, the server has detected that data is not being received by the client. If packets are received out of sync then duplicate ACKs will also be generated. Both these can be helpful in identifying whether the problem is related to a client or server issue (or hardware near the devices).