Most of the data and studies I have found on this topic are a bit out of date.
I would be interested in find out what the average packet size people are seeing on their backbones is at this point and time? Also for those in the DC space what is average packet size you are seeing for web farm traffic (outbound)? Yes I know there are 1000's of answers and different possibilities in setups so please no, "this is a dumb question". I am well aware of all the variables involved in this. I am just looking for some data points that come from a wide degree of sources.
Is this data even something that you track and if so why?
I predict that if you graph it, there's a ton of packets that are right
around the MTU of the network. almost equal number of tiny packets carrying
the ACK's of the mobygrams, and then a small noise level of "everything else".
I predict that if you graph it, there's a ton of packets that are right
around the MTU of the network. almost equal number of tiny packets carrying
the ACK's of the mobygrams, and then a small noise level of "everything else".
That's pretty much the case for the last decade. Way back when the "net" had more telnet and "terminal based things" the numbers were skewed to the left, but you can hardly say "Hello World" in HTTP/HTML/XML/CSS/Ajax/Javascript these days in under a megabyte
CAIDA has been doing a lot of that, at least in the past. Last I asked them, which was quite a while back, they said that O(35%) of traffic in their samples was at the path MTU (which included 576 bytes for historical reasons), O(40%) was about the size of a TCP SYN or ACK, for reasons that are apparent if you think about common TCP implementations, and sizes were scattered more or less uniformly in between - last packet in a burst or transaction exchanges. From the numbers that Valdis posted the other day, it sounds like the logic remains about the same but the relevance of "576" has largely gone away.
This is about what I would expect but as others haev noted does not
include jumbos.
This says that the majority of packets are session control and
open/close sequences on the one side and big, fat, WRED eligible data
packets on the other side.
This is consistant with the trends of youtube, "high resolution" video
streams, mp3 type traffic, and web pages that just can't seem to
understand that a 150k jpeg looks just as good on an index as a 2 meg
jpeg.
I don't think these figures are likely to change signifcantly in the
near future until we start seeing jumbo frames available from user to
server, not simply somewhere inbetween.
It might be interesting to see what of the other sizes are the final
packet in a data transfer before close vs other types of data.
note there are more tiny packets in our recent ipv6 data,
but that could just be someone's ping experiment,
it's too small a sample (76k pkts)
k
CAIDA has been doing a lot of that, at least in the past. Last I asked
them, which was quite a while back, they said that O(35%) of traffic
in their samples was at the path MTU (which included 576 bytes for
historical reasons), O(40%) was about the size of a TCP SYN or ACK,
for reasons that are apparent if you think about common TCP
implementations, and sizes were scattered more or less uniformly in
between - last packet in a burst or transaction exchanges. From the
numbers that Valdis posted the other day, it sounds like the logic
remains about the same but the relevance of "576" has largely gone away.