A number of network applications make use of multiplexed channels inside of a single TCP connection to handle data transfer and/or control information. Because these channels cannot make use of the TCP windows for flow control they must implement their own. This means that a second window can be imposed on top of the existing TCP window. The result of this is that even if the TCP window is correctly sized for the current to produce exceptional FTP performance a user may still encounter dismal throughput under one of these applications. This is because the
application window, which is often statically defined, is too small for many
typical paths. This forces the connection to slow down to the limit of the smaller of the two windows.
The best current example of this is the SSH2 protocol.It is not uncommon for a user to be sitting on a connection they can utilize less than 1% of because of this double window problem. While a user might not experience any issues in interactive sessions it’s a very noticeable problem in bulk data transfers (eg SCP, rsync -essh, sftp, etc) and is common source of frustration – especially for users with access to high performance
network connections. A researcher trying to transfer a 400GB dataset over a
GigE connection is simply not going to be satisfied with a 1.2 Mbit/sec transfer rate.
Alternatives that meet increased security requirements do exist: Kerberized FTP, Grid Services, and even VPNs. However, the infrastructure investment
associated with them often limits their use to larger institutions. Smaller groups and individuals often don’t have the time, expertise, or money to make use of these alternatives and are often forced to accept poor performance. Fixing the windowing problem in SSH will remove that infrastructure barrier and help speed adoption, spur demand, and inspire new applications to make use of high speed encrypted data transfers.
Additionally, if the problems facing SSH can be effectively addressed the solution may be applicable to other protocol implementations that make use of internal flow control mechanisms. Without a doubt, there are notable
performance problems with NFS and AFS which may be, at least partially,
addressed with programming practices developed through the SSH2 research.