Top Five Ways to Strengthen a Security Architecture (by Keith Bromley)
On Second Thought... (by Paul W. Smith)

Fixing TCP Performance Issues Impacting SaaS and Cloud Applications (by Will Moonen)

In my day-to-day practice as a TCP relationship therapist for cloud services, applications, and networks, more often than not, the not-so healthy beginnings and endings of TCP relationships have a significant impact on the user experience. When TCP doesn’t work efficiently, SaaS and cloud application performance rapidly degrades  – this class of applications, in particular, are highly dependent on consistent, efficient network performance.

So, how can you tell if these critical relationships are healthy? And if not, where do you start fixing things? To what extent is the integrity of your data impacted?

Especially in today’s end-to-end encrypted, turbo-charged, hybrid environments, it’s many times like looking for a needle in a haystack!

There is hope. After hundreds of troubleshooting sessions with the dozens of enterprises I work with, I’ve found that there is a well defined process that helps you isolate SaaS and Cloud application performance issues using TCP analysis. This means looking into the details of each session, to determine where to start.

The way TCP sessions set up and tear down directly impacts SaaS and Cloud performance, and the user experience, especially if there are reasons to believe that hosts are overloaded and messages are dropped. A persistent increase in the number of TCP zero window (0-Win) events and duplicate acknowledgements (DupAck) are typically good indicators that end-users are suffering from degraded performance.


Knowing there are performance issues is one thing, while isolating the root cause to server, network, client or SaaS vendor is another.

The process I follow comes down to the five TCP fundamental indicators using wire data analysis, which follows easy-to-understand format to help you to identify the “low hanging fruit” as a starting point for improving performance.

Primarily, it’s all about counting - TCP flags: SYN, FIN, RST and TCP events: DupAck and Zero-Windows, then using combinations of these basic five indicators to determine if issues originate from client, network, or server, then applying this knowledge to, (1) improve TCP session initiation, (2) ensuring TCP sessions end efficiently, and (3) improving the overall user experience by optimizing the TCP relationship across the entire application chain.

I provide a detailed approach to using these fundamentals to rapidly isolate the root cause of TCP performance issues to SaaS and Cloud applications, as well as some basic tips on how to interpret key TCP indicators on the SkyLIGHT PVX Blog, see 6 Steps to Fixing TCP Performance Issues Impacting SaaS and Cloud Applications.



Will Moonen, IT Visibility

Will Moonen is an experienced, results-driven consultant working with Accedian, with a proven track record in improving the performance of IT processes, applications, and infrastructure while keeping an open mind for human aspects. His passion is helping DevOps and IT-Ops teams improving their problem analysis skills and knowledge.