TCP Errors/Retransmits Test

Due to network congestion, traffic load balancing, or other unpredictable network behavior, IP packets can be lost. TCP detects these problems, and requests retransmission of lost data. Most often TCP retransmissions have a significant impact on application performance, and will hence have to be kept at a minimum. Using this test, you can determine how often packets sent to/sent by the ADC were retransmitted, and can promptly detect the following:

  • What type of packets (Client, Server, SYN, FIN, etc.) were retransmitted the most?
  • What is causing the retransmissions - is it a bad network link between the ADC appliance and the virtual server? is it a poor network connection between the client and the ADC appliance? or is it due to an improperly set timeout value for TCP connections?
  • Were the retransmissions successful?
  • Is any packet received with TCP checksum error?

Target of the test : An ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the ADC appliance being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which the test is being configured.

NetScaler Username and NetScaler Password

To monitor a ADC device, the eG agent should be configured with the credentials of a user with read-only privileges to the target ADC device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes.

Confirm Password

Confirm the ADC Password by retyping it here.

SSL

The eG agent collects performance metrics by invoking NITRO (ADC Interface Through Restful interfaces and Objects) APIs on the target ADC device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target ADC device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Client retransmissions

Indicates the number of packets that were retransmitted by a client during the last measurement period.

Number

The packets are retransmitted when the acknowledgment from the ADC has not reached the client.

Server retransmissions

Indicates the number of packets that were retransmitted by a server during the last measurement period.

Number

The packets are retransmitted when the acknowledgment from the ADC has not reached the server.

Full packet retransmissions

Indicates the number of full packets (i.e., the packets as it was originally transmitted) retansmitted by the client or the server during the last measurement period.

Number

 

Partial packet retransmissions

Indicates the number of partial packets that were retransmitted by a client or server during the last measurement period.

Number

Some packets may be lost/dropped during transmission due to network congestion or due to a possible connection failure. When retransmission takes place, the remaining packets will alone be sent by the client/server and such remaining packets are termed as partial packets.

SYN packet retries

Indicates the number of SYN (synchronize) packets resent to a server during the last measurement period.

Number

 

FIN packet retries

Indicates the number of FIN packets resent to a server or client during the last measurement period.

Number

 

SYN packets timeout

Indicates the number of SYN packets that were not retransmitted during the last measurement period.

Number

The SYN packets may not be retransmitted due to the timeout that occurred while establishing a connection on the ADC.

FIN packets timeout

Indicates the number of FIN packets that were not retransmitted even after four attempts during the last measurement period.

Number

The FIN packets may not be retransmitted due to a connection timeout that may have occurred because of not receiving the ACK packet after retransmitting the FIN packet four times.

TCP retransmissions

Indicates the number of TCP packets retransmitted during the last measurement period.

Number

Ideally, the value of this measure has to be low.

TCP retransmission giveup

Indicates the number of times the ADC terminates a connection due to non-retransmission of the packets even after seven attempts on that connection during the last measurement period.

Number

If the value of this measure is high, you may want to check what is causing the repeated transmission failures.

Fast retransmits

Indicates the number of TCP packets on which the ADC performs a fast retransmission in response to three duplicate acknowledgements or a partial acknowledgement during the last measurement period.

Number

Fast retransmission occurs because the ADC assumes that the packet is lost and retransmits the packet before its time-out.

TCP level client header insertion failure

Indicates the number of times the TCP level client header insertion failed during the last measurement period.

Number

 

First retransmissions

Indicates the number of packets that were retransmitted in the first attempt by the ADC during the last measurement period.

Number

If a large number of packets take too long to be successfully retransmitted, you may have to figure out what is causing the repeated retransmission failures and fix it before more packet loss occurs. 

Second retransmissions

Indicates the number of packets that were retransmitted in the second attempt by the ADC during the last measurement period.

Number

Third retransmissions

Indicates the number of packets that were retransmitted in the third attempt by the ADC during the last measurement period.

Number

Fourth retransmissions

Indicates the number of packets that were retransmitted in the fourth attempt by the ADC during the last measurement period.

Number

Fifth retransmissions

Indicates the number of packets that were retransmitted in the fifth attempt by the ADC during the last measurement period.

Number

Sixth retransmissions

Indicates the number of packets that were retransmitted in the sixth attempt by the ADC during the last measurement period.

Number

Seventh retransmissions

Indicates the number of packets that were retransmitted in the seventh attempt by the ADC during the last measurement period.

Number

 

Bad TCP checksum

Indicates the number of packets that are received with TCP checksum errors.

Number

 

Data after FIN

Indicates the number of bytes received following a connection termination request.

Number

This error is usually caused by reordering packets during transmission.

SYN in SYN_RCVD state

Indicates the number of SYN packets received on a connection that is in the SYN_RCVD state.

Number

A connection goes into the SYN_RCVD state after receiving a SYN packet.

SYN in established state

Indicates the number of SYN packets received on a connection that is in the ESTABLISHED state.

Number

A SYN packet is not expected on an ESTABLISHED connection

SYN_SENT incorrect ACK packets

Indicates the number of incorrect ACK packets received on a connection that is in the SYN_SENT state.

Number

An incorrect ACK packet is the third packet in the three-way handshake that has an incorrect sequence number.

Reset packets received

Indicates the number of reset packets received from a client or a server.

Number

 

Reset on not established

Indicates the number of reset packets received on a connection that is not in the ESTABLISHED state.

Number

 

Reset out of window

Indicates the number of reset packets received on a connection that is out of the current TCP Window

Number

 

Reset in time waits

Indicates the number of reset packets received on a connection that is in the TIME_WAIT state.

Number

Typically, packets cannot be transferred on a connection in the TIME_WAIT state. Therefore, the value of this measure is desired to be very low.

Client out of order packets

Indicates the number of out of order TCP packets received from a client.

Number

 

Server out of order packets

Indicates the number of out of order TCP packets received from a server.

Number

TCP holes on client connection

Indicates the number of TCP holes created on a client connection.

Number

TCP holes are created on the ADC appliance for each group of missing packets when out of order packets are received from a client.

TCP holes on server connection

Indicates the number of TCP holes created on a server connection.

Number

TCP holes are created on the ADC appliance for each group of missing packets when out of order packets are received from a server.

Sequence number SYN cookie rejects

Indicates the number of SYN cookie packets rejected due to an incorrect sequence number.

Number

 

Signature SYN cookie rejects

Indicates the number of SYN cookie packets rejected due to an incorrect signature.

Number

 

Sequence number SYN cookie drops

Indicates the number of SYN cookie packets dropped because the sequence number specified in the packets is outside the current Window.

Number

 

MSS SYN cookie rejects

Indicates the number of SYN cookie packets rejected due to the incorrect maximum segment size (MSS) specified in the packets.

Number

 

Any IP port allocation failures

Indicates the number of port allocations failed on a mapped IP address.

Number

These failures occur when the maximum limit of 65536 has exceeded or the mapped IP address is not configured.

IP port allocation failures

Indicates the number of port allocations that failed on a subnet IP address or virtual server IP address.

Number

These kind of failures occur when the maximum limit of 65536 has exceeded.

Stray packets

Indicates the number of packets received on a connection whose state is not maintained on the ADC appliance.

Number

 

Reset packets sent

Indicates the number of reset packets that are sent to a client or a server.

Number

 

Bad state connections

Indicates the number of connections that are not in a valid TCP state.

Number

 

Reset threshold dropped

Indicates the number of reset packets dropped due to the violation in default threshold.

Number

If the value of this measure increases gradually/suddenly, administrators should reconfigure the default threshold value using the set rate Control command.

Packets out of window

Indicates the number of packets received which are out of the current advertised Window.

Number

 

SYNs dropped

Indicates the number of SYN packets dropped due to network congestion

Number