[6934] in North American Network Operators' Group
Re: Questions about Internet Packet Losses
daemon@ATHENA.MIT.EDU (Vern Paxson)
Mon Jan 13 22:37:35 1997
To: Tony Li <tli@jnx.com>
Cc: avg@pluris.com (Vadim Antonov), nanog@merit.edu
In-reply-to: Your message of Mon, 13 Jan 1997 18:07:37 PST.
Date: Mon, 13 Jan 1997 19:33:49 PST
From: Vern Paxson <vern@ee.lbl.gov>
> Yeah, but I doubt that they're in the majority. Recent stats indicate that
> about 9% of the packets out there are using an MSS of 512. Another 1% are
> using an MSS of 256. Only 6% are using 536, and 7% are using 1460. This
> indicates to me that there are a whole lot of broken boxes out there still.
I believe you're misinterpreting the numbers. The raw data for those
numbers (if they're the same ones I'm thinking of) indicate that 9% of the
packets had a 512 byte *payload*. This is quite different than whether the
TCP sending the packet had a 512 byte MSS, because often the TCP doesn't
*have* 512 bytes to send. Crunching through the 340,000 HTTP connections
in and out of LBNL last Friday, less than 10% had requests exceeding 512
bytes. Even 35% of the replies were <= 512 bytes. Toss in SYN/FIN and
pure acks and you rapidly dilute the relationship between measured packet
size and MSS.
A much more solid way to estimate MSS's is to look at MSS options in SYN
packets. Rich Stevens did this in TCP/IP Illustrated Vol 3. I don't have
it here at home for precise figures, but he found that the large majority
of the MSS's were from a few standard sizes. He also found an immense range
of bizarre values (my personal favorite: 17,520 bytes), but they were rare.
All that said, at the next NANOG I'll talk about some findings from a TCP
behavior study I've been doing (it's part of the packet dynamics study).
One of my main findings is that independently-written (i.e., non-BSD-derived)
TCP's are much more likely to have serious performance and congestion problems.
Vern
