60 likes | 75 Views
Learn advanced troubleshooting techniques for network performance issues using Wireshark at SHARKFEST'10. Explore common problems like slow database transfers and FTP failures with practical steps and examples.
E N D
Packet Trace Whispering June 15, 2010 Hansang Bae Senior Vice President | Citi (f.k.a. Citigroup) Email: hansang@gmail.com Please refer to the “answersheet.docx” file for additional information about this presentation. These sessions will be available on youtube: http://www.youtube.com/user/hansangb SHARKFEST‘10 Stanford University June 14-17, 2010
It’s Not the Network! Problem: Application developers escalate an issue with slow database transfer. Troubleshooting Steps: • What should you rule out immediately? • What affects throughput and why? • Once the “usual suspects” have been ruled out at Layers 2, 3, and 4, move up the stack. • Look for patterns and ask the right questions. Not everyone is fluent with TCP/IP! • Setup your Wireshark environment in a standard way. Use Configuration Manager to help you.
Don’t Jump to Conclusions! Another application development team escalates a “slowness” problem. Troubleshooting Steps: • Trust But Verify (tcp.analysis.flags) • Look for telltale signs of problems. (Blink: by Gladwell) • Who’s sending and who’s receiving? Is that important? • Apply Occam’s Razor when solving problems.
Sometimes, it really is a Zebra! FTP Transfers to customers are failing and it’s up to you to figure out what’s going on. Troubleshooting Steps: • What common FTP problems are there? (http://slacksite.com/other/ftp.html) • Rule out Firewall policies, rule out “non-intelligent” firewalls that cannot deal with embedded IP information. • If you’ve ruled out all the “possibles” …..
Odd Numbers are Evil! Software Update System is slow in delivering packages to staging servers. It impacts 300,000+ users! Troubleshooting Steps: • Usual Suspects (Duplex, Window size, Pkt loss, and LFN) • Use the information in the trace to eliminate some of the “usual suspects.” Some inefficiencies don’t come into play. • MTU problems are common, but MSS problems? • MSS is like “cache setting.” Anyone along the path can modify it!
New TCP Features to the Rescue! If you have packet loss, Selective Acknowledgement (SACK) may help to improve throughput. Main Concept: • How do you interpret the SACK field? (use real seq/ack#s) • How does SACK help vis-à-vis normal ACK? • What is Fast Retransmit and how is it different from “regular” Retransmission? • Is there a downside to using SACK?