The WSA is designed
to handle thousands of client and server connections in parallel, and the sizes
of the send and receive buffers are configured to deliver optimal performance,
without sacrificing stability. Generally, actual usage is browse traffic,
consisting of numerous short-lived connections for which we have
receive-packet-steering (RPS) and receive-flow-steering (RFS) data, and for
which the WSA has been optimized.
However, at times you
may experience a noticeable reduction in upload or download speeds; for
example, when transferring large files via proxy. To illustrate: assuming a
10-Mbps line, downloading a 100-MB file that passes through a WSA can be
approximately seven to eight times slower than downloading the file directly
from its server.
In non-typical
environments that include a larger proportion of large-file transfers, you can
use the
networktuning
command to increase send and receive
buffer size to alleviate this issue, but doing so can also cause network memory
exhaustion and affect system stability. See
Web Security Appliance CLI Commands
for details of the
networktuning
command.
Caution |
Exercise care when
changing the TCP receive and send buffer control points and other TCP buffer
parameters. Use the
networktuning command only if you understand the
ramifications.
|
Here are examples of
using the
networktuning
command on two different appliances:
On an
S380
networktuning
sendspace = 131072
recvspace = 131072
send-auto = 1 [Remember to disable miscellaneous > advancedproxy > send buf auto tuning]
recv-auto = 1 [Remember to disable miscellaneous > advancedproxy > recv buf auto tuning]
mbuf clusters = 98304 * (X/Y) where is X is RAM in GBs on the system and Y is 4GB.
sendbuf-max = 1048576
recvbuf-max = 1048576
Questions
What are these
parameters?
The WSA has several
buffers and optimization algorithms which can be altered for specific needs.
Buffer sizes are originally optimized to suit the “most common” deployment
scenarios. However, larger buffer sizes can be used when faster per-connection
performance is needed, but note that overall memory usage will increase.
Therefore, buffer-size increases should be in line with the memory available on
the system. The send- and receive-space variables control the size of the
buffers available for storing data for communication over a socket. The send-
and receive-auto options are used to enable and disable dynamic scaling of send
and receive TCP window sizes. (These parameters are applied in the FreeBSD
kernel.)
How were these
example values determined?
We tested different
sets of values on a customer’s network where this “problem” was observed, and
“zeroed in” on these values. We then further tested these changes for stability
and performance increase in our labs. You are free to use values other than
these at your own risk.
Why are these
values not the defaults?
As mentioned, by
default the WSA is optimized for the most-common deployments, and operating in
a very large number of locations without per-connection performance complaints.
Making the changes discussed here will not increase RPS numbers, and in fact
may cause them to drop.