Why does packet loss seriously hurt application performance over the WAN? How do we address it?

January 15, 2013 by Leave a Comment

Network-Switches-234-x-575

TCP was never optimized for high-bandwidth WANs or interactive applications over the WAN. Packet loss has the greatest impact on the performance of most applications over the WAN, by design.

Why is packet loss such a killer? There are many reasons, most having to do with the nature of how TCP was designed especially how TCP does congestion control/congestion avoidance. The key issue revolves around dealing with contention for limited bandwidth.

TCP is designed to use all available bandwidth, and to use it “fairly” across flows on average. To do this, given that each end station and TCP flow doesn’t know how much bandwidth is available – neither if the single flow was the only one using bandwidth end-to-end at the moment, nor in the more typical case when given multiple flows, the amount available changes moment to moment.  So the sender of the TCP data needs a way to know when “enough is enough.” Packet loss is the basic signal of this.

TCP and routers together are designed to control data flow to prevent over-utilization of the network and the potential of congestion. The goals of TCP’s design are to minimize the amount of time that the data flow grinds to a halt (congestion avoidance), and to react appropriately to reduce traffic at those times that it does (congestion control).

TCP packets received by the receiving station are acknowledged back to the sending station. TCP is a window-based protocol, meaning that it can have a certain amount of traffic “in flight” between sending station and receiving station. It is designed to back off and substantially reduce the amount of bandwidth offered (by half) when packet loss is observed. Further, until the lost packet is received, and acknowledged by the receiver, only limited amounts of additional packets will be offered. Even for those applications that use multiple TCP flows, the similar principle applies that only so many new flows opened/packets sent until a lost packet is received at the other end and its receipt acknowledged.

Packet loss is detected in one of two ways. For a longer transfer where just a packet or two is lost, the sender notices and reacts to the loss when subsequent packets are acknowledged by the receiver, but not the missing one. Alternatively – and more typically for new or short TCP flows – packet loss is detected by the occurrence of a “timeout”: the absence of receipt of an acknowledgement of the packet. The amount of time until a “timeout” is deemed to have occurred varies typically between a couple hundred milliseconds and three seconds.

TCP is an elegant protocol designed over 40 years ago when CPU and memory was extremely expensive. This worked – and continues to work – fantastically well on high-bandwidth, low-latency LANs and on low-bandwidth, high-latency WANs. But TCP wasn’t designed to work optimally in the medium-to-high bandwidth, high-latency environment that characterizes most WAN use today. TCP also wasn’t designed optimally for running interactive applications (web browsing, remote desktop) across very long-distance WANs.

TCP particularly was designed so that each end station could make its decisions completely independently of every end station. This conservative approach contributes to network stability and minimization of congestion.

Because the amount of data offered into the network is reduced by half – and only increased slowly thereafter as packets received successfully are acknowledged – when a single packet loss is detected by the sending station, WAN packet loss can have a huge impact on large transfer performance.  This is why private networks, such as MPLS, VPLS or IEPL improve application performance so significantly: they nearly eliminate packet loss.

What else can be done about  packet loss? Well, at a standards-compliant end station, pretty much nothing. But for an intelligent device in the middle of the network, and especially one at a key WAN edge location, there are many possibilities. There are at least six different approaches to minimizing the impact of WAN packet loss on application performance:

- Drastically reduce the number of WAN packets transmitted.

- React differently to loss (if good knowledge of the network in between).

- Mitigate the effects of the loss and hide it from the end station.

- Enable the end stations to react more quickly to loss.

- Avoid much of the loss in the first place (think MPLS, VPLS, IEPL)

- Avoid the additional loss that often follows after a burst of loss.

Application layer solutions are the first, most obvious approach here.  Doing replicated file service avoids WAN packet loss in accessing files, delivering full LAN-speed performance, because all client access to the data is in fact done locally.

Similarly, “static” caching of objects via a local web (HTTP) object cache completely avoids WAN access for those objects, and thus any impact from packet loss.

Beyond these, drastically reducing the number of packets transmitted is an area where WAN Optimization offerings do a great job.  Now, since we’re talking about reducing the number of packets transmitted, you might think first of memory-based compression, which is one of the techniques almost every WAN Optimization solution offers. Memory-based compression can reduce the time it takes to do the first-time transmission of data – a factor of two for compressible data is typical – but in fact it doesn’t do proportionately better in the face of packet loss than when there is little or no loss. Reducing the amount of data sent by 50% doesn’t really help that much when it comes to packet loss and its impact on a window-based protocol like TCP. So while memory-based compression certainly doesn’t hurt here, it’s not really the answer when the problem is WAN packet loss.

There are two other technologies in most WAN Optimization products that do have a large performance impact in the face of packet loss: data deduplication, and CIFS-specific application proxy.

Data deduplication essentially does “dynamic” caching of data locally, and while this requires at least one round-trip across the WAN, it will always involve far fewer such round-trip transactions than when the data is not stored locally. Besides saving bandwidth and speeding up data transfers in the more typical case of little to no packet loss, the application speed-up is proportionately greater still in the face of any meaningful amount of packet loss. And data deduplication is usually applicable for any application, not just for file access.

For the very chatty Microsoft CIFS protocol, data deduplication is usually combined with an application-specific proxy that will reduce round-trip requests still further. By essentially doing local CIFS termination, a CIFS proxy provides much faster access to files on a remotely located file server even for the first access. The impact on application performance of the combination of data deduplication and CIFS proxy can be 10 to 40 times even when there is no packet loss; in the face of packet loss, the additional benefit can be another 2x to 10x, meaning a combined performance impact of anywhere from 20x to 400x or more. For files that have been previously accessed across the WAN, this is essentially full LAN-speed performance, versus the very slow, often unusable WAN performance under packet loss if accessing large files across a WAN completely unaided.

Andy Gottleib is a twenty-five year data networking veteran, who founded Talari Networks, a pioneer in WAN Virtualization technology, and served as its first CEO, and is now leading product management at Aryaka Networks. Andy is the author of an upcoming book on Next-generation Enterprise WANs.  His bog is located at http://www.networkworld.com/community/blog/26142

 

Filed Under: Application Acceleration, International Networks, Network FAQs Tagged With: , , , , , , , , , , ,

Can an IPSec VPN back-up my MPLS network?

March 2, 2010 by Leave a Comment

So you want to use an IPSec VPN to backup your MPLS network.  It can be done, with the right engineering.

In the simplest terms:

  • Use BGP between your network and your MPLS provider
  • Run GRE tunnels between locations over the Internet VPN, with BGP routing across the tunnels.
  • Set these tunnels to be a higher cost route.
  • Then, if you then lose connectivity between a site and the MPLS network, your router would switch over to the backup link  via IPSec/GRE

Granted, the GRE VPN performance is nothing like an MPLS network, it’s better than being down completely for a location.

If you would like assistance in configuring such a network, do not hesitate to contact MPLS-Experts.  Our engineers can assist you in implementing this sort of backup network.  Contact us the next time you need to procure a network.  Great prices and great service.

Filed Under: Application Acceleration, Network FAQs, Notes About Implementations, Quotation Thoughts

How is traffic mapped on MPLS networks to CoS??

December 14, 2009 by Leave a Comment

Network traffic is mapped to the desired Class of Service through the classification amd marking of packets. Traffic types are identified by:

  • Source and/or destination network/hosts IP Addresses
  • Source and/or destination Protocol Ports
  • Traffic with premarked IP Precedence or DSCP bits.

After the traffic is classified, the TOS byte must be marked with the appropriate DSCP or IP Precedence values.  Using these tools, you can customize your Wide Area Network to provide the best performance based on your application requirements.  When you utilized managed service from your carrier, they take care of the classification of date based on a survey that is provided to the customer.

Filed Under: Application Acceleration, Network FAQs, Routers

Policy Based Routing – MPLS and IPSec Network Optimization

November 25, 2009 by Leave a Comment

When your company needs global MPLS network access, you are often faced with the cost/benefit paradigm:  how big should each port be versus what you can afford.  There are certain applications that clearly benefit from using an MPLS network over great distances: SAP, Oracle, VoIP, Video, Citrix.  Then there are applications that really would do just fine via and IPSec VPN over the internet: email and FTP.  There are tools available to manage the routing of these applications that also combine application acceleration.

Ipanema Technologies provides an optimization and acceleration product that will combine multiple physical networks into a unified logical network.

The Ipanema System’s unique ability to guarantee application performance comes from its objective based approach to traffic management. Unlike any other solution on the market, no local device configuration is required to manage the traffic. The objectives are defined in the central management software which then communicates them to the ip-engines. The ip-engines cooperate with each other to form a fully distributed system under the control of the global objectives. In this System there is no single point of failure: if the central management server goes down the System continues to function correctly on the network. This differs from traditional approaches which try to manually configure how traffic should be managed device by device, hoping that good application performance will be the end result.

Applications are defined in the System using identification criteria from network Layer 3 to 7. For example Citrix and HTTP applications can be defined based on published application names and URLs respectively. Once defined, each application has a per-user service level set. This per user service level defines what the network should deliver in terms of network resources for each individual user of a given application. Resources are defined using network attributes such as bandwidth, delay, jitter and loss thresholds. This service level information is contained in a dictionary in the central management software and can be customized to match each enterprise’s unique application requirements.

Acceleration brings response time down, facilitating the quality of experience that users expect. A combination of redundancy elimination, TCP acceleration and application acceleration mechanisms are dynamically applied under the control of Ipanema’s sophisticated global, dynamic optimization features.

Being an Autonomic Networking System, the mechanisms are triggered dynamically depending on the nature of the applications. The system automatically adapts the application flows to emerging conditions in real-time based on a dynamic, global analysis of the traffic mix, user behavior and continuous tracking of WAN resource availability

The Ipanema System optimizes more than just bandwidth – it also manages other characteristics of network resources: delay, loss and jitter. Smart Packet Forwarding technology allows application flows to be managed differently depending on their requirements and on individual user behavior. Packets belonging to real-time flows, such as Voice over IP or video, are forwarded in a manner that prevents the injection of unwanted delay, loss or jitter.

Packets belonging to data-transfer flows, such as with FTP or Email, are forwarded so that they receive the appropriate bandwidth resources without degrading other more delay sensitive flows.  Packets belonging to interactive flows, such as with Citrix or Windows RDP, typically require the lowest transit delay. These flows are analyzed by Ipanema to detect the user behavior in real-time. This unique ability is required to deal with “hybrid” flows such those where users load or save a local file inside a Citrix session, such as document editing. Ipanema is able to prevent the data-transfer phases of the interactive flow from freezing other user’s interactive Citrix sessions.

Traffic can be routed through the MPLS network or the IPSec VPN to offer the desired performance.  The net result is easier network management combined with lower bandwidth costs.

With the cost of private networks, everyone should take a look at the varied application acceleration and bandwidth optimization tools that are available.  While many of these tools can appear expensive, when you run the numbers comparing the investment to the recurring bandwidth costs, the investment might make sense for you.  Instead of that 2Mbps MPLS port in Guangzhou, you might be fine with 512K and use IPSec for the other traffic.

Filed Under: Application Acceleration, Network FAQs, Notes About Implementations, Quotation Thoughts