Hello! Firewall : NetScreen 50NS For analysing the quality of firewall, I want to collect network statistic data and calculate packet error rate(PER). But I don't know the threshold of PER which means the network becoming bad.
There is no hard threshold. The higher the PER, the more likely it is that you are going to require an end-to-end TCP retransmission.
If you are not using SACK (Selective ACK) then a TCP retransmission involves also retransmitting everything for that connection that went into the pipeline between the time that packet was sent and the NAK was received; it is not so much the extra volume but the latency involved that ruins your throughput.
Ethernet is, if I recall correctly, designed for an error rate of around 1 in 1E10 bits (10,000,000,000 bits) -- which is around
11 seconds of transmissions at gigabit rates and less than 2 minutes at 100 megabits. (Remember that the rate applies to -all- bits transmitted, not just payload, and not just those involved in any one TCP connection.)
Ethernet is a uncontrolled, contention network -- the writing of packets takes place without looking to see if the link is already busy. This generates "collision" which must be retried. When the link is running at ~70% utilization, these collisions will start to occur more frequently, and thus generate more retries. This is *not* considered an
Not so: writers look to see if they can tell if the link is already busy, and if they can detect it then they back off.
When a writer cannot tell that a link is currently busy, and that it has been long enough since the link was last busy, then the writer will start trying to write the packet. If another writer happens to start writing in the time before the signal from the first reaches it,
*then* you get a collision and need a packet retry.
Retries due to collisions do not require effectively flushing an entire TCP window-full of data [in the absence of SACK].
Small expansion: the average number of collisions for a packet is proportional to 1 / (average remaining bandwidth fraction), so it goes up rapidly as you get closer to link saturation. It -is- considered an error case for a packet to need 16 retries, but such instances will not show up as PERs.