Re: Effective bandwidth reduction over WAN

From: Robert Hajime Lanning (robert.lanning_at_gmail.com)
Date: 08/02/05

  • Next message: Darren Tucker: "Re: Effective bandwidth reduction over WAN" 
    Date: Mon, 1 Aug 2005 15:35:42 -0700
To: secureshell@securityfocus.com

    This is probably caused by the way SSH multiplexes the TCP stream.
    I don't think SSH has implemented a sliding window acknowledgement
    scheme. It would behave more like TFTP, send block, wait for ack, repeat.

    Now, I haven't actually looked at the SSH protocol at that detail, but
    that theory matches the test data and is very likely.

    On 7/29/05, Eric Meijer <res0t122@verizon.net> wrote:
    > I have two sites that are distantly connected to each other via a DS3 WAN.
    > When we tried to replace FTP with SCP or SFTP we ran into throughput
    > problems. We then set up a test in our lab to see if we could isolate the
    > factor that was impacting throughput. This test setup was composed of two
    > nodes hooked up through a WAN emulator. They were connected using Gigabit
    > Ethernet, but the rate was throttled back to 45 mbps (DS3 rate). All of the
    > testing used an MTU of 1500 and files sizes of 10 MB, 100Mb, 1 GB, and 5 GB.
    > We ran FTP tests with the same setup for a baseline. For SCP and SFTP we
    > tried each of the three encryption algorithms (3-des, arcfour, & blowfish).
    > We then varied the WAN latency. We are using the latest version of the
    > Portable SSP for Solaris. The OS is Solaris 8.
    >
    > The results were
    >
    > 0 latency FTP – Ave. 39.5 mbps SCP – Ave. 39.4 mbps SFTP – Ave.
    > 38.8 mbps
    > 60 millisec FTP – Ave. 37.7 mbps SCP – Ave. 2.9 mbps SFTP –
    > Ave. 2.9 mbps
    > 100 millisec FTP – Ave. 33.0 mbps SCP – Ave. 2.0 mbps SFTP – Ave.
    > 1.8 mbps
    >
    > Can anyone tell me why the throughput of SCP and SFTP drop so drastically
    > when we try to use SSP protocols over a WAN?

  • Next message: Darren Tucker: "Re: Effective bandwidth reduction over WAN"

    Relevant Pages

    • Effective bandwidth reduction over WAN
      ... I have two sites that are distantly connected to each other via a DS3 WAN. ... When we tried to replace FTP with SCP or SFTP we ran into throughput ... but the rate was throttled back to 45 mbps. ...
      (SSH)
    • Re: Some kind of dictionary type attack?
      ... This is likely a password dictionary attacked aimed at SSH. ... RN> the remote host showing such obvious interest. ... RN> 28142 Dst 22 from WAN] ...
      (comp.security.ssh)
    • Re: Fetch
      ... > ssh works ... > ProFTPD works ... > WAN and LAN connections all working OK. ...
      (freebsd-questions)
    • Re: cannot local login through a domain name
      ... At outside, I can ssh 123.123.33.3, (i have enabled port ... So, basically, in the LAN side, i can't ssh to my wan ip to login my ... but, on the WAN side, I can login my fc3 using ssh. ...
      (comp.security.ssh)
    • Re: cannot local login ssh server using router ip.
      ... At outside, I can ssh 123.123.33.3, (i have enabled port ... So, basically, in the LAN side, i can't ssh to my wan ip to login my ... but, on the WAN side, I can login my fc3 using ssh. ...
      (comp.os.linux.networking)