search cancel

Web Latency and the Web Security.cloud Services

book

Article ID: 163307

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Web latency can be caused by many different factors, from the destination website itself to factors effecting the TCP traffic across the internet. Consistent latency across all websites when using the Symantec Web Security.cloud services can be caused by TCP windows scaling. This is a setting that is configured on the edge device (typically a firewall) that communicates directly to the internet.

 

TCP (Transmission Control Protocol) is a connection oriented protocol which means that we keep track of how much data has been transmitted. The sender will transmit some data and the receiver has to acknowledge it. When we don’t receive the acknowledgment in time then the sender will re-transmit the data.


TCP uses “windowing” which means that a sender will send one or more data segments and the receiver will acknowledge one or all segments. When we start a TCP connection, the hosts will use a receive buffer where we temporarily store data before the application can process it.


When the receiver sends an acknowledgment, it will tell the sender how much data it can transmit before the receiver will send an acknowledgment. We call this the window size. Basically, the window size indicates the size of the receive buffer.


Typically the TCP connection will start with a small window size and every time when there is a successful acknowledgement, the window size will increase. Here’s an example:

TCP Window size 1

Above we have two hosts, the host on the left side will send one segment and the host on the right side will send an acknowledgment in return. Since the acknowledgement was successful, the windows size will increase:

tcp window size 2

The host on the left side is now sending two segments and the host on the right side will return a single acknowledgment. Everything is working fine so the window size will increase even further:

TCP Window size 4

The host is now sending four segments and the host on the right side responds with a single acknowledgment.

In the example above the window size keeps increasing as long as the receiver sends acknowledgments for all our segments or when the window size hits a certain maximum limit. When the receiver doesn’t send an acknowledgment within a certain time period (called the round-trip time) then the window size will be reduced.

Resolution

TCP scaling is an important part to having your network configured to be as efficient as possible. Symantec.cloud can handle TCP windows sizes up to 1024k which allows for more data to be passed across the internet in a single packet.


It can be noticeable that internet speeds are faster when not using the Web Security.cloud services. This is due to the internet traffic connecting out to multiple different webservers to pull down website data. Each webserver delivering the data only has to deliver a small amount of data for the browser to build the site. With Symantec.cloud we will be attempting to deliver all requested websites for all internal users of the service over one connection. Configuring this connection to us in the most efficient way will improve the overall experience for your end users.

We’d recommend if you are experiencing latency whilst using our Web Service you could look at making changes on your NAT device that connects to us to accommodate either a larger windows scaling size or activate windows scaling if you have not done so already.

Due to the amount of different devices available we’d recommend you reach out to the vendor of the NAT device for assistance in this.

Further reading:


https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Window_scaling


In particular please pay attention to this section:
 

Some routers and packet firewalls rewrite the window scaling factor during a transmission. This causes sending and receiving sides to assume different TCP window sizes. The result is non-stable traffic that may be very slow. The problem is visible on some sites behind a defective router.[18]