Accedian is now part of Cisco  |

Avatar photo
By Ludovic Binther

What’s the impact of TCP events on application delivery performance?

The behaviour of clients and servers has an impact on application delivery performance. Tracking key indicators at the TCP level can help to diagnose a variety of application delivery performance issues. Understanding these metrics is key to troubleshooting application performance slowdowns!

0-Windows is one of these key indicators. This article will teach you how to interpret this data whether you use Wireshark or SkyLIGHT PVX.

Defining window size and 0-Windows

During a TCP session, the client and server announce to each other the volume of data that they can manage. This buffer size is called the “window size”. This window size evolves constantly to optimize the data flow according to the changing capacity of the network.

  • If one participant(i.e., client or server) cannot manage more data, it sends TCP zero windows (0-Win) to indicate that the TCP buffer is full
  • These zero windows happen when datagrams are sent out faster than the receiving device can process them; this is TCP flow control using windowing.
  • The transmission can resume again when the 0-win issuer sends a window size superior to 0.

When a machine starts to send more and more 0-win you have to investigate if there are enough resources, CPU, RAM…

For the sake of simplicity, we will not consider here other TCP mechanisms like slow start or congestion control.

Principles

Application delivery performance - TCP window size
TCP Window Size

How can you detect 0-Windows?

Using Wireshark

Simply open a tracefile with Wireshark and take a look at a TCP packet. You will find the TCP Window size values (flagged in red in the image below); to identify the packets containing a 0 Window, you can use the following filter: “tcp.analysis.zero_window” .

Wireshark trace file
Wireshark trace file

Using SkyLIGHT PVX

When you need to identify the one machine—among thousands of workstations—that suffers from slow transfers due to 0-Windows, you may want to use a solution like SkyLIGHT PVX. It computes millions of packets every second to provide statistical and historical data that points you to the right place in seconds. If you are interested in discovering how SkyLIGHT PVX can help you scale up your network troubleshooting capabilities, you should read this article.

It’s so easy to find the 0-Win machine data with SkyLIGHT PVX. You simply go to Application>TCP Events :

TCP events in SkyLIGHT PVX
TCP events in SkyLIGHT PVX

The TCP Events screen displays the conversations that you are interested in. You can simply filter by the number of 0-Window events. You can see which client or server is emitting the most 0-Windows and is hence slowing down data transmission.

TCP events screen in SkyLIGHT PVX
TCP events screen in SkyLIGHT PVX