neuhalfen.name

A random collection of posts

Solaris Network Trouble in Xen: Throughput Degrades to Nill: RESOLVED

Permalink

For some reason the other side of the communication did not resend the missing packet but kept on sending new packets. As Juergen suggested, disabling SACK kind-of-solved the problem. It only kind-of-solved the problem, because I still don’t know who is misbehaving: The endpoint, my firewall or my ISP. For now I have a solution that works and that is about all the time I am willing to invest before christmas.

Solution / Workaround

To disable SACKs for TCP use ndd to set the tcp_sack_permitted parameter for tcp. A value of 1 tells OpenSolaris (and Solaris) to enable SACK only for connections that have the SACK allowed flag set in their SYN-packet [2].

pfexec ndd -set /dev/tcp tcp_sack_permitted 1

The default value is 2, which actively advertises SACK in the initial SYN-packet sent out by OpenSolaris. I did not test if I should have better set tcp_sack_permitted to 0. This might be necessary, if connections initiated from the Internet advertise SACK and the same problems happen again. Currently I have not the inclination to expose my OpenSolaris box to the Internet, so I can’t test this. I’ll keep tcp_sack_permitted set to 1, so my internal connections might benefit from it.

References

Comments