[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on draft-ietf-ipsec-new-auth-00.txt
In message <9704181331.AA15062@cichlid.raleigh.ibm.com>, Thomas Narten writes:
> I also agree, and have been disheartened by the number of times the
> above question has been asked but not answered. Indeed, it has been
> my impression that the vast majority of IP packets are delivered in
> order (one reason why TCP's header prediction works well in
> practice). It is rare in practice to have packets arrive out of
> order. Which begs the question of whether a window is even
> needed. Does someone have data that argues otherwise?
Two sample points, my internet firewalls (A good place to look, since they
re-synthesize all TCP streams in/out. This is roughly akin to combining the
statistics for all 100 hosts behind the firewalls...).
----- elgreco -----
2:39pm up 11 days, 4:51, 1 user, load average: 0.25, 0.16, 0.05
5796665 packets received
2703533 acks (for 1066489852 bytes)
3301088 packets (900448165 bytes) received in-sequence
107878 completely duplicate packets (10966707 bytes)
987 packets with some dup. data (122695 bytes duped)
198927 out-of-order packets (40226774 bytes)
----- janus -----
2:38pm up 11 days, 4:52, 1 user, load average: 0.02, 0.06, 0.02
28417190 packets received
19533317 acks (for 371944057 bytes)
21278080 packets (176197867 bytes) received in-sequence
51170 completely duplicate packets (12418673 bytes)
519 packets with some dup. data (63691 bytes duped)
199859 out-of-order packets (69912188 bytes)
That's 6.4 percent on elgreco, and 2.3 percent on janus, of all data packets
received out-of-order. I wouldn't define that as "rare", especially given the
(additional) performance penalties for dropping them instead of queueing them.
--
Harald Koch <chk@utcc.utoronto.ca>
Follow-Ups:
References: