Advertisment: Broadband via satellite
Advertisment: Planet Earth rotating animation

www.satsig.net

Satellite Internet Forum.

Welcome, Guest.        Forum rules.
      Home            Login            Register          
Pages: 1

Maximum TCP Connections/Acceleration

(Read 11210 times)
Ex Member
Ex Member


Nov 9th, 2007 at 3:46pm  
I have a site with an iDirect 3100 where we have a very large number of tcp sessions through the modem.  TCP connections through the satellite are dropping often.  I don't have access to the device but our supplier states we have > 1500 managed tcp connections through the modem.  Our supplier tells us also that this exceeds the maximum number of manageable tcp sessions through the device.

1.  Does anyone know the maximum number of tcp connections (with acceleration) the 3100 can manage?
2.  We don't believe that our users have that many connections open...especially in the middle of the night.  Has anyone heard of any software bugs or conditions under which the tcp connections are not released or timed out after the client closes their desktop applications?

Thanks In Advance
Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #1 - Nov 10th, 2007 at 7:16am  
P2P can cause a lot of open connections.
Check connected PCs for background active P2P.
Also check for trojans malware or so.
Back to top
 
 
IP Logged
 
A.Walker
Senior Member
★★★
Offline



Posts: 316
Reply #2 - Nov 10th, 2007 at 9:26am  
I can tell you I Direct recommend no more than 500 max
Back to top
 
WWW  
IP Logged
 
Maxim Usatov
Senior Member
★★★
Offline



Posts: 116
Czech Republic
Reply #3 - Nov 11th, 2007 at 2:15pm  
This question is a hot topic within the wings of iDirect network operators. I personally saw TAC insisting that a 5100 (not 3100!) router can't handle more than 500 sessions and that is totally wrong. We have managed to SYN flood the 5100 router with more than 5000 sessions and it remained stable.

I guess that somebody has to do the test right in the lab and disclose the figure to the public, but so far I haven't seen anybody doing that. I remember we had problems with older NM-II+ that began to hang when the count was over 1000. Remember those modems had 80 MHz CPU and only 16 Mb of SDRAM. 3100 has 266 MHz and 64 Mb. They are running on a different architecture and software, however I am sure a 3100 should handle more than 1000 sessions with no problems.

Another issue here is how many out of these sessions are in the active state. The session could be open but it won't consume much of resources if it is not passing any traffic. So the number of sessions should vary within different operating environments.

Try to telnet into your modem and check "spoof stats". See if there are any queues accumulating or something that may indicate a problem.

Alternatively, try turning the TCP acceleration off and see if it helps to defeat the problem. That can be done by setting spoof_passthru to 1 in the options file. TCP accel consumes a big part of CPU/RAM resources and sometimes it helps a lot.

By the way, back in NM2+ times when those modems couldn't handle lots of sessions, BusinessCom offered an external PEP accelerator that worked like a TCP accel in the modem. If you switch off TCP accel in your modem and it works for you, think about deploying PEP or any other 3rd party TCP acceleration solution otherwise each session will be able to push something like 100 kbit/s at maximum.

Hope this helps.
Back to top
 
WWW  
IP Logged
 
Y2J
Member
★★
Offline



Posts: 40
Reply #4 - Dec 12th, 2007 at 6:34am  
Dear Maxim,

Your information was really helpful, but now I have a customer want me to apply this settings to his modem:

•      FEC - Enable
•      TCP spoofing/ termination - Disable
•      Compression - Disable
Is it possible in 3100 iDirect Modem ?

how can I manage to do that and how can I re-upload the option file to the modem after the manually editing as you said ?

Thanks in advance.
Back to top
 

Human knowledge belongs to the world..
 
IP Logged
 
Maxim Usatov
Senior Member
★★★
Offline



Posts: 116
Czech Republic
Reply #5 - Dec 12th, 2007 at 8:27pm  
Glad it helped.

If you're a reseller then you should definately coordinate any changes with the network operator. If you're the network operator then I can advise to address these questions to the TAC as I am not sure what software versions you run, what "FEC" option you refer here to, etc.

Turning off the TCP acceleration (the spoof setting) should be pretty safe though as this applies to your modem only. Be sure to back up the options file in case you mess something up. In most of the cases FEC shouldn't be touched anywhere.
Back to top
 
WWW  
IP Logged
 
Y2J
Member
★★
Offline



Posts: 40
Reply #6 - Dec 13th, 2007 at 7:13am  
Dear Max,
Thanks for reply .. I am running 5IF Hub with version 7.0.5

I found this is in FAQs for Network Ops:

How to turn off the TCP Acceleration on a remote modem?
Answer:
1. Telnet to remote.
2. Enter this line exactly (disables TCP Acceleration in the remote):
spoof params set spoof_passthru 1
The telnet session should drop at this time.
--
3. Telnet to Protocol Processor, port xxxxx.
4. Enter the following line:
rmt <s/n>
where <s/n> is the serial number of the remote in line 1.
5. Enter this line exactly (disables TCP Acceleration in the PP):
spoof params set spoof_passthru 1
6. Telnet to remote to verify connectivity.

This customer was trying to apply VPN to his network but he couldn't make it.
Step 1 - 2 was ok , but from step 3 I stopped
I don't know how to telnet with specific port as the iMoitor telent directly with right-click > telnet , and go , and you can not telnet form outside (cmd) the program.
Furthermore, the command
rmt <s/n> not switching to my modem that i want to access, I guess I am missing something ..

From satsig admin:  I have have deleted the port number in the above text, to remove the risk of people damaging their systems.
Back to top
« Last Edit: Dec 13th, 2007 at 5:21pm by Admin1 »  

Human knowledge belongs to the world..
 
IP Logged
 
Scout
Senior Member
★★★
Offline



Posts: 86
Reply #7 - Dec 13th, 2007 at 1:43pm  
If you are running the system I would suggest you contact the iDirect TAC, the change you are looking to make is not done after telnet to the PP from iMonitor.  You need to Telnet to the correct port number from the Linux session or telnet to the PP IP address and correct Port number.  I will just say you have the incorrect port number listed.

I would not post the port number here as doing this yourself without the aide of iDirect's TAC could cause you issues should you make an error.  If you are doing that level of work and have access to the root directory of the PP you should have access either through a service provider or directly to their (iDirect's) support services.

Be sure, you can mess up quite seriously messing with the PP machines at this level if you do not have the absolute correct information available to you.

From satsig admin:  I have deleted the port number mentioned in the previous posting to remove the risk of people damaging their systems.
Back to top
« Last Edit: Dec 13th, 2007 at 5:21pm by Admin1 »  
 
IP Logged
 
Maxim Usatov
Senior Member
★★★
Offline



Posts: 116
Czech Republic
Reply #8 - Dec 13th, 2007 at 11:29pm  
Agree with post above.
Back to top
 
WWW  
IP Logged
 
Y2J
Member
★★
Offline



Posts: 40
Reply #9 - Dec 18th, 2007 at 10:44am  
I agree with you too, although that port is mentioned as it's in the FAQz ,, Thanks for editing the post.

From what you said, I understand the only way to do that is to connect directly with the PP to have a telnet or Linux session as it will not going to work via iMonitor, this to  be done under TAC support supervision..
Back to top
 

Human knowledge belongs to the world..
 
IP Logged
 
TDMAMike
Senior Member
★★★
Offline



Posts: 826
Reply #10 - Dec 18th, 2007 at 12:07pm  
Telneting to the PPs from iMonitor is SUPPOSE to take you to the pp_controller process but since the port is dynamic, the function never really works right.  Therefore to access the pp_controller have to hunt for the port via command line (grep).  However, from the looks of this conversation/thread above, the pp_controller process is NOT where you are wanting to go.  I know where you are wanting to go, but rather than me providing the accurate command lines, it is recommended to go thru the TAC so that you have the proper authority on the line in the event of an anomaly.
Back to top
« Last Edit: Dec 18th, 2007 at 11:23pm by TDMAMike »  

Regards, &&&&M
 
IP Logged
 
Y2J
Member
★★
Offline



Posts: 40
Reply #11 - Dec 24th, 2007 at 5:39pm  
Thanks Mike, but I like to hear from you as well .. Smiley
Back to top
 

Human knowledge belongs to the world..
 
IP Logged
 
Ex Member
Ex Member


Reply #12 - Jan 31st, 2008 at 11:22pm  
i tried the
     spoof_passthru = 1

option in my modem but then web pages dont load at all and the net light take a few seconds longer to lock.

Back to top
 
 
IP Logged
 
Pages: 1