circuit between the two ends of the connection— the remote host and local host. The remote and local hosts are also known as “client” and “server” or “local address” and “foreign address.” When the two ends need to talk to each other using the TCP protocol, a connection is established, which lasts for a period of time bounded by the open and close. This connection is called a “virtual circuit.” All the TCP protocol functions occur in the context of this virtual circuit.
During the open sequence, TCP packets flow back and forth with various bits of the header turned on. The header is the first 20 or so bytes of the TCP packet that carry various pieces of control information. IP adds a header, too. In the open sequence, first, a TCP packet is sent from one side. Then, in response, the other side allocates buffers and other resources. This is called the SYN—SYN/ACK sequence or the TCP three-way handshake. At the end of thehandshake, if it’s properly concluded, the connection or virtual circuit is ready for data transmission. During the close sequence, several packets flow back and forth, too.
If you have many short connections, you’re adding overhead for the open and close handshakes. You can tune your TCP usage by checking the applications that have many connections from the same address pairs in a short time. Maintaining persistent connections may decrease the CPU usage and network traffic.
3. Thou shalt drop unused connections: This seems like a “no-brainer.” If you’re finished using a
TCP connection, then the application should close it! What is so hard about this? Actually, quite a bit. Often, applications are developed using code generators that “shield” the programmer from the perceived intricacies of raw sockets code. So, it can be quite difficult to tell in the program if the socket is actually being closed or not. We’ve seen applications, such as Lightweight Directory Access Protocol (LDAP) servers, run out of sockets and abend because connections weren’t closed. There may be parameters for the application to time out idle connections or to do keep-alive. The keep-alive probe will drop unused connections. Dropping unused connections and eliminating errors on the TCP network can save CPU time used by the TCP stack on the mainframe.
4. Thou shalt honor thy TCP duplicate ACKs and thy TCP retransmissions: What is a duplicate
ACK? If a packet is lost, then TCP will send the same acknowledgment again. When TCP gets three duplicate acknowledgments, it will retransmit the packet. Figure 2 shows a diagram of a packet loss scenario. Note that Segment 2 was lost, duplicate acks with the ACK number 100 were sent, and finally, Segment 2 was retransmitted.
You may find when monitoring your TCP network some counters that may be called parameters, TCP Retransmits, TCP Retransmit Timers, and TCP Duplicate Acknowledgments. These counters may appear in the output of the Netstat STATS command or you may see them while interrogating the SNMP MIB. These counters may all be related and indicate problems with network congestion. Duplicate acknowledgements indicate packets are either lost or received out of sequence. When three duplicate acks are received, the packet is retransmitted. If there are many duplicate acks, you may want to find out which addresses and subnets may be having the problems. Duplicate acks can impact network response time—called round trip time. You may want to see if either round trip time or, more likely, round trip variance, is affected by duplicate acks.
If there’s excessive round trip variance, then the user may be frustrated by erratic response time. You need to determine which remote addresses have duplicate acknowledgments. After you find which addresses are having problems, you may want to see if they have anything in common such as the same subnet, time of day, socket application, and route/set of hardware.