Allegro Network Multimeter Manual

TCP module: Difference between revisions

Page Discussion

TCP module (view source)

Revision as of 14:14, 5 June 2020

526 bytes removed ,  5 June 2020
→‎TCP retransmissions
No edit summary
Line 60: Line 60:
This tab shows all IP addresses with TCP traffic and the aggregated amount of TCP payload sent and received and the amount of data that needed to be retransmitted due to packet loss.
This tab shows all IP addresses with TCP traffic and the aggregated amount of TCP payload sent and received and the amount of data that needed to be retransmitted due to packet loss.


=== Meaning of retransmission values ===
=== Missed data


To calculate retransmission values, we use the difference of the actual bytes transmitted via TCP to the bytes announced via TCP sequence numbers. This means that retransmission values and ratios can both be positive and negative:
Additionally to retransmission data there is also a graph for the number of bytes not seen by the Allegro Network Multimeter. This can happen if the mirror port is incapable of sending all packets to the device. The data was actually sent over the network but only part of it could be sent to the Allegro Network Multimeter.


{| class="wikitable"
Example:  
|-
! Meaning of positive retransmission values !! Meaning of negative retransmission values
|-
|
# more TCP payload has been transmitted than indicated by TCP sequence counters
# additional bytes are retransmission
# usually happens due to packet loss somewhere between sender and receiver
## if loss happens before the multimeter, the initial packets are of course not seen and can therefor not taken into account. However, in the reverse direction we will see the duplicate packets and will account them for retransmissions
## if loss happens after the multimeter, the retransmissions are accounted for this direction, but for the reverse direction, the initial packets will not be seen.
# Example:
## sequence counters changed by 1000 bytes
## TCP payload seen was 1500 bytes
## => 500 bytes retransmissions
||
# less TCP bytes has been seen than indicated by TCP sequence counters
# the *Allegro Network Multimeter* did not see all TCP packets
# usually happens due to measurement setup problems
## mirror port overloaded
## device overloaded
## measurement point does not see complete traffic (e.g., port aggregation used but only one port mirrored)
# Example:
## sequence counters changed by 1000 bytes
## TCP payload seen for 500 bytes
## => -500 bytes "retransmissions" or in other words unseen bytes
|}


If there is a transfer of 500 mbit/s going in the network but the mirror port only outputs 100 mbit/s, the Allegro Network Multimeter of course can only account those 100 mbit/s. But based on the TCP sequence numbers, we can estimate that the remaining 400 mbit/s has been missed. This portion is visible in the missed data graph.
Usually one can expect to see no missed data at all, especially in inline mode, but it can still happen that there is a small amount of bytes not seen due to multiple reason. One reason is corrupt data where TCP sequence numbers are wrong on purpose. There can also be situations where TCP packets are not seen but actually sent, for example, if they are dropped in some other network component.


== TCP server with invalid connections ==
== TCP server with invalid connections ==
Ralf
547

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/2867"