Reynolds, Tom wrote:[snip: moving datacenter. using ftp to test the
throughput]
To simplify testing, I have removed the VPN, and now test with FTP
servers at each location.
Downloads and uploads (from a DSL line) to Philadelphia. Everything is
great. We get a solid 3 Mb/s download and a solid 750k upload.
Downloads from Valley Forge to the DSL line are very poor, with almost
double the time to download the same 10 MB file. There are frequent
drops from the 3Mb/s range to about 500k. I have actually seen worse
than this.
After looking at the sniffer logs, here is what I see: (middle 10
packets 8950-8959, right about the time of the bandwidth drops).
Note that I am getting a ton of:
TCP Previous segment lost
TCP Dup ACK
TCP Retransmission
Are these TCP drops normal for traffic over the internet?
Depends. Don't you hate those answers? Ask your ISP what their SLA is
for packet loss etc. Assuming both ends are from the same provider,
they should be able to meet the SLA. I *believe* you can expect up to
3% packet loss if you're going over the Internet. It's been a while
since I checked the SLA from MCI/Verizon/ATT.
How many drops are acceptable?
No one can answer this. Less is better. But if your transfer time is
acceptable, then whatever packet loss you are seeing is normal. For
some, 0.03% is too much. Since you *are* seeing packet loss, it may
benefit your servers if you enable SACK (Selective ACK). It should help
you recover a bit faster. Just google for Microsoft's whitepapers on
how to enable RFC-1323 settings.
How do I find out where or why packets are dropping?
Difficult to do unless you have sniffers mid way in the cloud. If ICMP
is allowed, (you can ping end to end), you can try using "pathping" It
will help you identify where the packet loss is occuring (in transit or
at some router in the middle). Of course, if the ISP is doing control
plane protection or is throttling ICMP packets, you may get erroneous
results. Microsoft's pathping uses ICMP to 'stress' the routers and the
links.
Are there any other free tools I can use to better track my packets
through the internet?
Not really. If you own the routers at both ends, you can think about
enabling Cisco's IPSla (used to be call SAA) This assumes you have
Cisco routers. You can enable jitter, ping, and path probes to see how
volatile your links are.
good luck