Scribd
Upload
395 views11 pages

TCP Window Size Scaling

Uploaded by

Aditya Nandwani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
395 views11 pages

TCP Window Size Scaling

Uploaded by

Aditya Nandwani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Get Full Access to our 641 Cisco Lessons Now Start $1 Trial

Courses Forum Support Login Search...

You are here: Home » Cisco » CCNP ROUTE

TCP Window Size Scaling Table of Contents


CCNP ROUTE

a d k y v  Unit 1: Preparation

TCP (Transmission Control Protocol) is a connection oriented protocol which means that we keep  Unit 2: Routing Fundamentals

track of how much data has been transmitted. The sender will transmit some data and the receiver IPv4 Explained

has to acknowledge it. When we don’t receive the acknowledgment in time then the sender will re- IPv4 Header Fields

transmit the data. Introduction to ARP

DHCP Server

TCP uses “windowing” which means that a sender will send one or more data segments and the DHCP Relay

receiver will acknowledge one or all segments. When we start a TCP connection, the hosts will use a Introduction to TCP and UDP

receive bu er where we temporarily store data before the application can process it. TCP Header Fields

TCP Window Size Scaling


When the receiver sends an acknowledgment, it will tell the sender how much data it can transmit TCP Bandwidth Delay Product
before the receiver will send an acknowledgment. We call this the window size. Basically, the ICMP Explained
window size indicates the size of the receive bu er. How to con gure static route on Cisco IOS
Router

Typically the TCP connection will start with a small window size and every time when there is a Unicast Flooding due to Asymmetric Routing

successful acknowledgement, the window size will increase. Here’s an example:  Unit 3: EIGRP

 Unit 4: OSPF

 Unit 5: Redistribution

 Unit 6: Route Selection

Unit 7: BGP (Border Gateway



Protocol)

 Unit 8: IPv6

 Unit 9: Remote Site Connectivity

Unit 10: Router Security and



Management
We use cookies to give you the best personal experience on our website. By using our website, you agree to our use of cookies Read more.

PDFmyURL easily turns web pages and even entire websites into PDF!
Above we have two hosts, the host on the left side will send one segment and the host on the right
side will send an acknowledgment in return. Since the acknowledgement was successful, the
windows size will increase:

The host on the left side is now sending two segments and the host on the right side will return a
single acknowledgment. Everything is working ne so the window size will increase even further:

The host is now sending four segments and the host on the right side responds with a single
acknowledgment.

In the example above the window size keeps increasing as long as the receiver sends
acknowledgments for all our segments or when the window size hits a certain maximum limit. When
the receiver doesn’t send an acknowledgment within a certain time period (called the round-trip
time) then the window size will be reduced.

When an interface has congestion then it’s possible that TCP packets are dropped. To deal with this,
TCP has a number of algorithms that deal with congestion control. One of them is called slow start.

PDFmyURL easily turns web pages and even entire websites into PDF!
Congestion occurs when the interface has to transmit more data than it can handle. It’s
queue(s) will hit a limit and packets will be dropped.

With TCP slow start, the window size will initially grow exponentially (window size doubles) but once a
packet is dropped, the window size will be reduced to one segment. It will then grow exponentially
again until the window size is half of what it was when the congestion occurred. At that moment, the
window size will grow linearly instead of exponentially.

When an interface gets congested, it’s possible that all your TCP connections will experience TCP slow
start. Packets will be dropped and then all TCP connections will have a small window size. This is
called TCP global synchronization. Here’s what it looks like:

The orange, blue and green lines are three di erent TCP connections. These TCP connections start at
di erent times and after awhile, the interface gets congested and packets of all TCP connections are
dropped. What happens is that the window size of all these TCP connections will drop to one and
once the interface congestion is gone, all their window sizes will increase again.

The interface then gets congested again, the window size drops back to one and the story repeats
itself. The result of this is that we don’t use all the available bandwidth that our interface has to
o er. If you look at the dashed line you can see that we the average interface utilization isn’t very
high.

To prevent global synchronization we can use RED (Random Early Detection). this is a feature that
drops “random” packets from TCP ows based on the number of packets in a queue and the TOS
(Type of Service) marking of the packets. When packets are dropped before a queue is full, we can
avoid the global synchronization.

PDFmyURL easily turns web pages and even entire websites into PDF!
The end result will look similar to this:

When we use RED, our average interface utilization will improve.

Now you have an idea what the TCP window size is about, let’s take a look at a real example of how
the window size is used. We can use wireshark for this.

Wireshark Captures
To examine the TCP window size I will use two devices:

The device on the left side is a modern computer with a gigabit interface. On the right side, we have a
small raspberry pi which has a FastEthernet interface. The raspberry pi is a great little device but it’s
cpu / memory / ethernet interface are limited. To get an interesting output, I will copy a large le
through SSH from my computer to the raspberry pi which will be easily overburdened.

Here’s what happened, take a look at this picture:

PDFmyURL easily turns web pages and even entire websites into PDF!
In the graph above you can see the window size that was used during this connection. The le
transfer started after about 6 seconds and you can see that the window size increased fast. It went
up and down a bit but at around 30 seconds, it totally collapsed. After a few seconds it increased
again and I was able to complete the le transfer. Let’s take a closer look at this le transfer, which
starts with the three way handshake:

My fast computer uses 10.56.100.1 and the raspberry pi uses 10.56.100.164. Above you can see that
in the SYN,ACK message that the raspberry pi wants to use a window size of 29200. My computer
wants to use a window size of 8388480 (win=65535 * ws=128) which is irrelevant now since we are
sending data to the raspberry pi.

After a few packets, the window size of the raspberry pi looks like this:

PDFmyURL easily turns web pages and even entire websites into PDF!
Above you can see that the window size has increased to 132480. Originally the window size is a 16
bit value so the largest window size would be 65535. Nowadays we use a scaling factor so that we
can use larger window sizes.

At around the 10 second mark the window size decreased. Here’s what happened:

The raspberry pi seems to have trouble keeping up and its receive bu er is probably full. It tells the
computer to use a window size of 26752 from now on. The computer sends 18 segments with 1460
bytes and one segment of 472 bytes (26752 bytes in total). The last packet shows us “TCP Window
Full” message. This is something that wireshark reports to us, our computer has completely lled the
receive bu er of the raspberry pi.

PDFmyURL easily turns web pages and even entire websites into PDF!
Once the raspberry pi has caught up a bit and around the 30 second mark, something bad happens.
Take a look at the wireshark capture below:

Above you can see that the raspberry pi sends an ACK to the computer with a window size of 0. This
means that the window size will remain at 0 for a speci ed amount of time, the raspberry pi is unable
to receive any more data at this moment and the TCP transmission will be paused for awhile while
the receive bu er is processed.

Here’s the actual packet:

Above you can see that the window size is now 0. Once the receive bu er has been processed, the
raspberry pi will send an ACK with a new window size:

PDFmyURL easily turns web pages and even entire websites into PDF!
The window size is now only 25600 bytes but will grow again. The rest of the transmission went
without any hiccups and the le transfer completed.

Conclusion
You have now seen how TCP uses the window size to tell the sender how much data to transmit
before it will receive an acknowledgment. I also showed you an example of how the window size is
used when the receiver is unable to process its receive bu er in time.

UDP, unlike TCP is a connectionless protocol and will just keep sending tra c. There is no
window size, for this reason you might want to limit your UDP tra c or you might see
starvation of your TCP tra c when there is congestion.

I hope you have enjoyed this lesson, if you have any more questions feel free to leave a comment in
our forum.

 Tags: IP Routing

PDFmyURL easily turns web pages and even entire websites into PDF!
Forum Replies

ReneMolenaar

Hi Zaman,

Originally the window size is a 16 bit value so the largest window size would be 65535. We couldn’t add more bits to the TCP header but it was possible to reassign the purpose of those
16 bits.

What we do nowadays is that we use a scaling factor so that we can use higher window sizes.

For example, the window size value is 400 and the scaling factor is 64.

400 x 64 = 25600

In my lesson one of the screenshots also showed a windows size of 132480.

Window size value = 2070


Window size scaling factor = 64

2070 x 64 = 132480

Here’s a short explanation of th

... Continue reading in our forum

lagapides

Hello Hussein!

First lets take a look and see what is meant by the window size: The window size indicates the size of a device’s receive bu er for the particular connection. In other words, window size
represents how much data a device can handle from its peer at one time before it is passed to the application layer. This bu er size can change based on the hardware being used
(physical memory available on the NIC for bu ering for example) as well as by the total number of TCP sessions the device is taking part in at any given time. Of course this window s

... Continue reading in our forum

lagapides

Hello Azm

PDFmyURL easily turns web pages and even entire websites into PDF!
Yes, these numbers can be confusing. Here is an attempt to clarify these parameters:

The rst thing to keep in mind is that in any TCP communication, there are actually TWO sequence numbers and TWO acknowledgement numbers: those of each party in the exchange of
data. For the sake of this example, and for the diagram below, let’s call these SNL and SNR for Sequence Number Left and Sequence Number Right for the left and right hosts. Similarly,
the acknowledgement numbers will be called ANL and ANR.

Note, these abbreviations are my own and are not ge

... Continue reading in our forum

lagapides

Hello AZM

I can understand the confusion. Keep in mind that the window size, the sequence number and the number of segments sent are somewhat independent from each other. What do I
mean?

Well, let’s say we have a window size of 21000 bytes. It is very unlikely that this will all be sent in one segment. It will de nitely be split into several segments. The window size is “the
number of bytes sent before an acknowledgement is required from the receiver.” These bytes can be sent in one or more segments. So, let’s take the following example:

Host A is sendi

... Continue reading in our forum

lagapides

Hello Juan

Just like any other protocol communicating on the network, BGP requires the appropriate MTU sizes to be set in order for communication to occur successfully. If you have to tune the
MTU value to get BGP to work then it seems that BGP is sending IP packets larger than the interface MTU that have the DF set to 1, which means to not fragment. By adjusting the (IP or
interface MTU) of the subinterface, you are essentially adjusting the allowable MTUs such that the IP MTU will be small enough to t into the interface MTU. It also depends on what
other

... Continue reading in our forum

 42 more replies! Ask a question or join the discussion by visiting our Community Forum

PDFmyURL easily turns web pages and even entire websites into PDF!
Hello There! Social Fans New Lessons Testimonials
I am René Cloud Connectivity
Molenaar (CCIE
#41726), Your
  Virtualization Functions (NFVI, VNF)
LEROY MERINO
NETWORK ENGINEER

main Instructor.
14,293 9,680 Compute Virtualization (Containers
JUNE 26, 2017
FANS FOLLOWERS and Virtual machines)
My goal is to teach 
you everything about Cisco, Cloud Workload Migration
Wireless and Security. I am here to   Cloud Security, Implications, and
Amazing!
Help You Master Networking!
491 13,005 Policy
FOLLOWERS SUBSCRIBERS
NetworkLessons.com has become
Read my story an invaluable resource for me. Of
course, the official Cisco press
books are just fine and cover all
the material in thorough detail.
The difference though is that
Rene emphasizes the important
topics that you really need to
know in a real production
environment. He gives you the
meat and potatoes and does so in
a way that's very easy to
understand. My favorite thing
about NetworkLessons.com is that
I can use it as a quick reference
when I am troubleshooting on the
job. This is much better than
lugging around official Cisco press
books and sifting through pages
and pages to find something
specific I'm looking for.

© 2013 - 2019 NetworkLessons.com Disclaimer Privacy Policy Support

PDFmyURL easily turns web pages and even entire websites into PDF!

You might also like