Patching TCPIP.SYS and how it affects P2P performance

-Introduction

Windows XP Service Pack 2 comes with a security measure that limits the number of simultaneous incomplete outbound TCP connection attempts (half-open connections) per second to 10 (which was previously unlimited). Why? If your computer didn't have a firewall/antivirus, and was infected with a worm that attacks (spreads to) other computers, it will slow down your computer from infecting other computers.. just that, it doesn't totally prevent. Also note that Windows Update on other operating systems such as Windows 2000 will now make that change as well, and maybe Sp1 and Pre-Sp1 too?

Anyway, what if we use a firewall and an antivirus, and what if this change slows down P2P performance?

P2P clients need to communicate with a lot of sources, thousands, in a short time. Any P2P network that involves multiple connections, like eD2k or BitTorrent, will be directly effected by the changes done to the maximum half-open connection value. It's not just communicating with other sources more slowly, you actually lose on many sources depending on your download rate and simultaneous number of active/queued downloads.

-What exactly is a half open connection and how do I lose out?

Since my experience is mostly with eMule, I'll explain how that works from this side (though it does not mean BT is uneffected). eMule needs to communicate with other sources over a period of time in order to exchange things like queue status, server and sources information. In simple words, your client will send out a request to communicate with other clients, and while it is waiting for them to respond, it will send to even more request to more clients. When clients responds to you, it becomes an open connection. But if clients have not yet responded for being busy with other clients (you are still requesting to communicate with them), it is called a half-open connection.

When your client reaches 10 half open connections in queue, which is the new Windows XP maximum limit, what else can your client do? In case of plain (original) eMule, it is coded to understand the new xp limit, so it will basically keep waiting. In a case like eMule Plus, which does not abide by the new limit (intentionally), TCP/IP errors will be generated (in your Windows XP Event Viewer) as eMule Plus uselessly tries to contact more clients (trying to initiate new half-open connections).

However, in both cases, the real issue is that you are being delayed. We come back again to the fact that eMule needs to periodically contact sources. This means that after communicating with 2000 sources in 20 minutes for instance, you have no more time to contact more newer sources, because you need to update and communicate with the older ones. Remember what I said earlier, P2P clients need to communicate with thousands of clients in a short period of time and also at a periodic basis.

-How much should I really be concerned?

It all depends on your download bandwidth and the number of downloads you simultaneously download from one or more P2P network. If you're on a broadband connection downloading from two or more networks at the same time with many files at the same time, then take a guess.. your P2P performance is greatly reduced. The main reason is that you would be missing out on a lot of sources, or/and depending on the case, finding them slowly will indirectly reduce your performance. Even if you are only on a 512kbps, you performance is still effected, but it is less serious. Many BitTorrent sites as well as eMule Plus have also encouraged patching TCP/IP.

Thing is.. you are not supposed to patch your TCP/IP to have an unlimited connections again instead of only 10, not by any means. You will choose a number that that will maximize the efficiency of your download rate on P2P and on the other hand not being too heavy on your system. A reason why the original eMule developers is a bit uncomfortable about patching the system is perhaps because raising it too high might make your system unstable. This should be taken seriously of course, but that's why we can choose the values we want.

Make no mistake though, after watching the experience and reaction of people for months on eMule (both original and Plus) forums, patching the system has been better for them. Personally, before Sp2 came with this new limit (when it was unlimited), I never had system crashes.

My value limit recommendation according to bandwidth rates:

256kbps -> Keep it set to 10
512kbps -> Keep it set to 10 or increase it to 50
1-5Mbps -> Increase it to 50 or 100
5-10Mbps -> Increase it to 100 or 200
10Mbps or higher -> Increase it to 200

-How do I patch my TCPIP.SYS using an easy and safe method?

Download XP-Antispy, install and run the program. Click on the Special menu then choose Connection Limit. Read the warning, press the confirm button, and a window (see 1st screenshot below) will appear. It will have information whether you have already patched your TCPIP.SYS or not, and new values to choose from if you want to apply the patch. The program also has other functions which you can find out about at the official site (link above) of the program. You need to resart your computer after you patch your sytem.

eMule Users (not Plus): If you do decide to patch your system, make sure to change the settings in eMule > Preferences > Advanced > Max Half Open Connections from the value of 10 to that which you patched you sistem with using that program.

Another Important Note: If you had already patched your TCPIP.SYS using lvllord, it is still recommended to double check that your system is still patched using that program, as Windows Update might have set it back to the default value.

If you are unsure which value you should use for the patch, you can always use the minimum, which is 50. If you feel that your P2P performance has picked up by enough speed without hogging your system resources, check to see if you are still receiving TCP/IP errors. Start -> Run -> and then type eventvwr.msc and hit ENTER. In your Even Viewer, click System on the left pane and then sort the column on the right pane by Event. Look for Events 4226 with Sources TCP/IP (see 2nd screenshot below). If you have a lot of entries then your system can do more, if you only have a few, then it means it's fair to leave the limit as it is.. no need to increase it.


Image


Image

0 comments:

Post a Comment