Sudden drop in 5G DL user throughput while transferring big file

Hi Dears

Anyone here has experience in TCP/IP and wire hark?

I have a case where there is a sudden drop in 5G DL user throughput during Big file transfer; 5 files each file around 2GB). The following is the main analysis inputs and findings

  1. High number of packet retransmission observed during the issue time stamp. (Including DUP ACKs + supurious retransmission)
  2. No issue observed in Window size for both receiver and sender
  3. Good latency observed
  4. Client TTL is 64 and Server TTL is 57 indicates the server is around 7 hibs far from the client
  5. During session ending, the client sent FIN message to close the connection but it was again missed by the server and the server kept sending data to client then the client sent several RST to close the connection
  6. The same test was conducted to other operator and the exact symptoms were observed.

I am expecting the issue is related to Server/Application issue. And it is not related to the network since the exact same issue was replicated in another network.

The question here, how to confirm whether the issue is related to application or not from wireshark pcaps?

Side note: pcaps files are only available for client side.

This is really tough in my view.

By ‘this’ I mean trying to workout issue without having traces e2e and in the middle.

My suggestion:

  • See the packet numbering, if the sequence in good scenario and issue scenario follow same pattern, then that rules out packet loss and/or problems with pcaps.

  • Regarding issue in another network, do both networks share same backhaul by any chance? Sometimes different networks use same backhaul MPLS and there can be very small packet loss in that which might cause problem.

  • Ask your lab teams to replicate this issue with same device, app and server version to see if it happens in lab. If not, that would rule out application and server issue.

Very useful. Thanks a lot.

Sequence number is in good shape.

One network is using IPv6 and the other using IPv4.

I doubt IPv4 or IPv6 might be causing problem.

Most latest have very robust dual IP stack and work well in either networks.

Remember that problem IP layer is deeper than application server and client.

You need to potentially look at every server and a firewall along the way.