We are using the SAS progaram to run through a drive that is in the data center and the user are experiencing real slowness on a gig link running wireshark I saw a lots of [TCP segment of Reassembled PDU] between two host and the program runs so slow.
The network seems to be not the issue here as we are utilizing less than 10% of the Bandwidth. The latency between sites is 6ms when we do traceroute and ping.
Please assist in explaining / analyzing what this means?
asked 25 Oct ‘11, 11:01
edited 27 Oct ‘11, 07:53
The frame from your posting is part of a message from the workstation to the server. This can be deducted from the destination port 139.
The hint "TCP segment of a reassembled PDU" indicates that the workstation is sending a large message to the server. In fact the message is so large that it is split over several frames. As soon as Wireshark sees the last frame it pieces the segments together and decodes the whole message.
As you have provided some interesting and important information we can find one probable cause for the sluggish response.
The TCP window size controls how many bytes a sender can transmit to the remote end. The window size can roughly be compared to the volume of a water hose: If you don't have enough water in the hose water comes out sputtering. If you have too much water the pressure blows a valve.
The "volume of the network pipe" can be calculated by multiplying the bandwidth given in byte per second with the round trip time. For your network the calculation goes like this:
If the client is running Windows XP this will not be a problem, as SMB requests are limited to something less then 64 kB. If the client is running Windows Vista or 7 the window size can be a problem, as the client can request more than 64 kB at a time using SMB pipelining - if the SAS programmer was smart enough to use the right system calls.
Also, SMB is not the best protocol for WAN links. This is discussed in this answer to another question.
Last, but not least you want to check if the server is busy. Wireshark has some excellent tools for that: Statistics -> Service Response Time -> SMB is a huge help. Use the display filter ip.src == 10.120.yy.yy (your servers address) to focus on the response times for just this server. Finally an advanced IO graph showing the server load for your server reveals the number of concurrent requests handled by that system.
answered 26 Oct '11, 07:00
edited 27 Oct '11, 07:51