Re: Routers Part II

["Dr. Neal Krawetz" <hf () hackerfactor com>]

On Tue Nov 29 09:47:10 2005, Chris Buechler wrote:
[snip]
> > I am in one of the 6Mbps "select areas".
> > The interesting thing is, I can get over 6Mbps downloads, without
> > uncapping my cable modem.  Comcast appears to use a threshold trigger
> > at 9Mbps.  If you download, you can get up to 9Mbps.  But the second you
> > cross that 9Mbps mark, they cap you and drop back to 6Mbps.
> > (Benchmarks consistently show 5999Mbps - 6000Mbps after being capped.
> > That is real 6Mbps, not theoretical.)
>
> that's....interesting.  You sure this isn't a, umm, "feature" of your 
> modem?  Or you aren't seeing something else and incorrectly attributing 
> it to this? 
>
> The way speed caps work on virtually all cable services (those that use 
> DOCSIS, which is every major provider in the US at least) is through 
[snip]

Ok...
Now I am really getting curious...

Could I be seeing higher than 8Mb due to compression somewhere?

I just ran a few more tests, this time using iperf.
(BTW, thanks for the tip.  I used to use ttcp and didn't like the tool...
iperf is much better.)

Here's what I have tried so far:
(According to iperf)

  Dumb 100Mb hub:  96.2Mbps
  (This is more likely due to TCP overhead or NIC processing than
  the actual hub.  I bet the hub can handle 100Mbps.)

  DI-604:  LAN-LAN = 92.5Mbps

  Linksys WRT54g: WiFi -> WAN = 23.5Mbps  (Good!)

  host -> WRT54g WAN -> DI-604 LAN -> host = 23.3 Mbps
  
Now for the oddities:
  host -> DI-604 -> Hub -> Cable modem -> Internet -> host
    For 5 seconds: ~7.2Mbps
    For 60 seconds: ~5.9Mbps
  (It really looks like it does drop over time.)

  host -> WRT54g -> Hub -> Cable modem -> Internet -> host
    For 5 seconds: ~2.8Mbps
    For 60 seconds: ~2.8Mbps
  (It really looks slower.)

I ran the cable modem/Internet tests a couple of times.
There is a small range, but not more than +/- 200K.
And the results are not too far off the Speakeasy benchmark.

I also did the simple "Load USA Today" test.
The WRT54g is noticeably slower than the DI-604.


Now I am thinking duplex problem...
But the Motorola Surfboard, hub, Linksys, and D-Link do not permit
changing the duplex.
And using snort via the hub (outside the firewall) did not record any TCP
retries.  (Duplex problems should generate retries.)
There were a few duplicate TCP ACKs, but a dozen out of 11,000 packets
isn't a big problem.

Could it be a TCP window mismatch problem?
Or some kind of flow control issue?
If the window size increases and becomes too big, could that impact
middle routers?  (I wouldn't think so...)

All devices start with a default TCP window size of 1460.
(That's good: 1460 + 20 bytes IP + 20 bytes TCP = 1500 MTU.)
The Motorola Surfboard does use a window scale, but it's scale is zero.
So I'm sorta thinking "not a TCP window mismatch problem".


Side note:
Today's fun lesson:
"How to kill a Motorola Surfboard's web user interface"
  host        SB5120
   SYN     ->
           <- SYN-ACK
       ACK ->
   FIN-ACK ->
This is literally a connect() followed by close().
This will hang the web UI.
Requires a power cycle to reset the UI.
(Yes, this is how I usually get the default window sizes for a system.
After the connect, print the TCP configuration using getsockopt() and exit.
I have rebooted my cable modem five times so far...)

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.