TCP retransmissions & TCP Dup ACK packet issue over WAN

Unanswered Question
Aug 22nd, 2007


I was working with a issue, in which we were observing that the citrix application page is freezing intermittently for 5-10secs and again working without any discosnnections.

On troubleshooting I did nt observe any abnormal latency or packet loss on the GRE tunnel from source vlan till server destiantions.

The citrix traffic flows via a GRE tunnel to remote location then via plain internet flows to a internet facing citrix server behind a firewall.

On analyzing the traffic using Ethereal I have observed huge number of duplicate ACK packets and TCP retransmissions, hence i derived it has some thing to do with packet fragmentations.Hence I modified that TCP MSS size to 1400 from 1412.

Hence I modified the GRE tunnel configs as below

Router#sh run int tu 691

interface Tunnel691

description XXXX

ip address X.X.X.41

ip mtu 1500

ip tcp adjust-mss 1400

tunnel source Loopback69

tunnel destination X.X.X.X


Still there is intermittent issue.Can you pls help me to find out where excatly the issue can lie.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jwdoherty Wed, 08/22/2007 - 18:02

Assuming you only see this issue across the tunnel, etc., then . . .

You write you haven't observed abnormal packet loss, yet you have observed many dup ACKs and TCP retransmits. The latter usually indicates packet loss. So, you may want to double check that aspect.

As to 5 to 10 second freezes of Citrix, I wonder if the application might drop the TCP connection if it sees high packet loss and then reconnects a new TCP session. This is but a guess, though.

Something you might try is a TTCP test, if possible, from a Citrix client to the Citrix server (outside of Citrix but same network path). Get the verbose result and look there too for retransmits and whether the transfer rate is what you expect. If it's low, that usually is caused by excessive drops.

saugatobanerjee Wed, 08/22/2007 - 19:30


I just wanted to add a couple point and clarify a few thing before I go ahead.

1. These citrix servers are internet facing and can be accesible from plain internet as well, and strangely that is giving better performance than the solution running right now.That is pushing traffic across my backbone via GRE and then connecting to server from location that is geographically nearer to server site.

2. I am seeing any packet loss across the GRE tunnel...

3. can u advice me for any base latency that can give optimum performance on citrix platform.

Pls advice .

jwdoherty Wed, 08/22/2007 - 20:05

"2. I am seeing any packet loss across the GRE tunnel... "

Did you mean you ARE seeing (as above), or NOT seeing, packet lost across the tunnel? If the former, any measure of how high a drop rate? If you meant the latter, how are you NOT seeing loss? E.g., Stats on tunnel interfaces?

With regard to #3, optimal latency for Citrix. Don't know. Would expect the less the better. Might break if too much. Answers that might be found with Citrix's knowledgebase, documentation or by their support.


The reason I like TTCP is because it usually can stress a path, behaves as a proper TCP flow and provides basic statistics. You can also set up a large enough test to look at stats on network devices the test flow is traversing.

You don't have to run TTCP on the both ends; if the receiver supports the discard TCP service, you can point the TTCP sender toward it. This might be important if you can not access the Citrix server. A Cisco router, ideally on the same subnet, can sink the test traffic. (Warning, it usually will put pressure on the router's CPU.)


This Discussion