Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Performance issues with Satellite Internet Connections



Article ID: KB6482 KB Last Updated: 22 Jun 2010Version: 3.0
Performance issues with Satellite Internet Connections
Satellite Internet access Starband Satellite Connection Slow response time with NetScreen in place

This solution applies to all versions of ScreenOS:

Besides compression, the satellite companies play games with the TCP window size.  The long round-trip delay of satellites causes a normally configured TCP transmitter to wait a lot.  Typically, TCP blasts out a series of packets equal to the standard window size.  It then waits until ACKs come back before transmitting more.  On LANs and the Internet by the time the TCP transmitter has sent the last packet of the window size, it is getting the acknowledgment back from the receiver for the first packet.  So, given the sliding window nature of TCP, it can now transmit the first packet of the next window.   Net effect, no waiting.

However, in a satellite network, since it takes so long for the packet to get there (and its ACK to get back).  The transmitter, when using the standard TCP window size, spends most of its time waiting.  The satellite companies fix this by jacking the TCP window size way higher.  The net effect is that the TCP transmitter will dump more packets into the network before stopping and waiting for ACKs.  Since it takes longer to dump more packets into the network, you increase the probability that ACKs will get back to the transmitter before the end of the window is reach.  So it can keep transmitting without waiting. 

Along comes IPSec.  IPSec encaps and encrypts the original IP header.  So now the satellite system can't toy with the TCP window size.  Net effect, an IPSec tunnel seems to run very slow on a satellite link.  They could manually tweak their client's TCP window size but this will entail some Registry hacks (and some scouring of the web site).

Here is the problem or goal:

  • Slow response time with NetScreen in place
  • Performance issues with Satellite Internet Connections

Problem Environment:

  • Satellite Internet access
  • Starband Satellite Connection

Applicable Products:

  • NetScreen-5
  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000
  • NetScreen-5200
  • NetScreen-5400

Applicable ScreenOS:

  • 1.64
  • 1.65
  • 1.66
  • 2.00
  • 2.01
  • 2.10
  • 2.50
  • 2.6.0
  • 2.6.1
  • 2.7.1
  • 2.8.0
  • 2.8.1
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.1.0
  • 4.0.0
  • 4.0.0-DIAL
  • 4.0.0-DIAL2
  • 4.0.1
  • 4.0.2
  • 4.0.3

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search