Thanks Mark, I guess packeteer closes window down properly, I thought Dave's reply meant that doing that was Treason.

Packeteer is almost certainly being cavalier about the way it reduces windows. It could be a serious problem, depending on the way it treats traffic on the return path. The "treason" thing is a joke. It is like a bank extending you a credit line one day, and revoking it the next.

I don't use or know of anyone who uses Packeteer - or have you tested?

I had the distinct pleasure of partly get involved with debugging network stalls related to Linux clients (2.6.x kernel) and a Packeteer.

to mean that it was illegal to close down a window at all - you cleared that up - ie it is legal if you close it by <= the amount of data that has just been acked. I assume this won't cause the Treason messaage so don't really understand why it is cavalier - or do you just mean the whole idea of window manipulation to shape may be dodgey but legal?

I thought that Packeteer was causing the error messages. If not then no problem. The "treason" messages will not occur if the window is reduced normally. The window is there for a reason - namely flow control. A zero rwnd means "I can't handle any more data right now". That is perfectly legal as long as previously granted transmit credit is not withdrawn. Generally speaking the rwnd always drops to zero when the receive buffer is full.

Regarding Packeteer traffic shaper and Linux TCP stacks:

A customer of ours has had significant problems with the packeteer traffic shaper in the past. Unfortunately my consulting contract only lasted so long as to point out the problem with the shaper in conjunction with Linux clients, thus I cannot provide you with more detailed information.

The setup at the customer side (ISP) was like follows: they had installed a squid-proxy farm for their clients and used the Packeteer to do some sort of micro-billing, shaping and general QoS. The problem of window shrinking by the shaper affecting the client's performance manifested itself most of the time when their customers were accessing a site via that proxy-farm, which delivered its site-pictures using content caching services like Akamai (a really horrible example for testing squid's patience is, among others, http://www.pro-sieben.de). This caused quite a burst of quick TCP connection setups and teardowns, eventually resulting in a complete stall for 10-15s.

Disabling the Packeteer traffic shaper completely solved this issue and customers were not experiencing any stalls anymore when surfing the net. Updating the firmware of the shaper did help somewhat, so I suspect their TCP window handling is also error-prone to some extend. So I went on and blamed the Packeteer traffic shaper device. It was not until I tested the whole setup with their pilot squid-farm based on Solaris (SunOS 2.5.1) when I had to rethink my blaming, since routing their customers over the Solaris squid proxies did not exhibit the problem when enabling the traffic shaper for the same troublesome websites. So, this again showed an indication towards an issue with Linux clients and the Packeteer traffic shaper. The squid-farm is running on a SuSE 9.3 based kernel. Due to performance constraints we had to go with the Linux solution and disable the traffic shaper.

As soon as I get some more consulting days and if the customer desires, I'll be debugging this issue in greater detail. I will send a debug report to netdev in this case. Chances are slim though, since they only have one Packeteer so far and no test network to perform test conducts, so erroneous tests would cause major downtime for a lot of this ISP's customers.

My 2 cents,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to