Re: slow access with China
- From: Digital Mercenary For Honor <dmfh(-2-)nospamr3m0v3th1s.dmfh.cx>
- Date: Wed, 30 Apr 2008 16:28:33 -0400
On 2008-04-29 00:36:58 -0400, phil7269@xxxxxxxxx said:
My question is if this is the expected performance for connectivity
between the US and China? I know that the chinese goverment filters
There might be some general network performance issues, which you should examine through trace analysis to see if this is network malaise and something client-fixable or it's really slow performance through the ISP, it's worth the look.
I can confirm that the Chinese do filter and analyze traffic, I've experienced this in the 2000's in travel there, where, when using standard ports for protocols like http (80/tcp) and IM communication my services disconnected and slowed down to a crawl. Trace analysis of my own socket communication definitely showed that I was being transparently proxied and also filtered by making a connection through to a host in another country where I could see the "results" of the communication, which showed invalid values for TCP windowing and TTL values that proved a new socket connection was being made on behalf of my host's original request (not even close to the correct hop-count or TCP personality of my host).
Once I switched to use a secured tunnel, my performance actually *improved*. While I don't know the legality of this, some potential fixes are:
- Change your infrastructure to use non-standard port connections for Citrix and any other application, or rotate the TCP/UDP ports used on a regular basis to keep "hopping around".
- Encrypt everything with some QoS applied to preserve some semblance of performance. The Open Source OpenVPN package is quite good for this, and it's easy to tunnel everything through and change TCP/UDP ports on a regular basis.
- Consider aggregating your Chinese connectivity to a neutral / friendlier country nearby such as Japan or Korea so that the RTT / latency from an end-point to an end-point is less, and then you can take a "bundle" of your connections from China over unfiltered bandwidth to wherever your corporate HQ is, potentially avoiding the penalty of having both an under-performing filtering system and a long-distance pipe both hitting your bandwidth.
- TCP/IP stacks need performance tuning when operating in special conditions like this. Most OS's tune themselves for LAN-type access or web-server performance where there are many incoming connections. This doesn't suit this connection profile you're mentioning. Along with the OpenVPN idea, it may be worth tuning those theoretical VPN boxes with TCP/IP stack personalities that handle the long-thin or long-fat lossy pipe problem. TCP Hybla, TCP BIC, or TCP CUBIC can help here - they are all modifications of how the congestion-avoidance algorithm works in TCP/IP.
Good luck.
/dmfh
--
_ __ _
__| |_ __ / _| |_ 01100100 01101101
/ _` | ' \| _| ' \ 01100110 01101000
\__,_|_|_|_|_| |_||_| dmfh(-2)dmfh.cx
.
- References:
- slow access with China
- From: phil7269
- slow access with China
- Prev by Date: Re: automatic upgrade_export
- Previous by thread: Re: slow access with China
- Next by thread: Transfer:(ICS Alliance) Global Computer Safety Slert
- Index(es):
Relevant Pages
|
