This article describes the following TCP features in Microsoft Windows 2000 and Microsoft Windows Server 2003:

•	TCP Window Size
•	TCP Options Now Supported
•	Windows Scaling - RFC 1323
•	Timestamp - RFC 1323
•	Protection against Wrapped Sequence Numbers (PAWS)
•	Selective Acknowledgments (SACKS) - RFC 2018
•	TCP Retransmission Behavior and Fast Retransmit

The TCP features can be changed by changing the entries in the registry.

Back to the top

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

Back to the top

TCP window size

The TCP receive window size is the amount of receive data (in bytes) that can be buffered during a connection. The sending host can send only that amount of data before it must wait for an acknowledgment and window update from the receiving host. The Windows TCP/IP stack is designed to self-tune itself in most environments, and uses larger default window sizes than earlier versions.

Instead of using a hard-coded default receive window size; TCP adjusts to even increments of the maximum segment size (MSS), which is negotiated during connection setup. Adjusting the receive window to even increments of the MSS increases the percentage of full-sized TCP segments utilized during bulk data transmissions.

The receive window size is determined in the following manner:

1.	The first connection request sent to a remote host advertises a receive window size of 16K (16,384 bytes).
2.	When the connection is established, the receive window size is rounded up to an even increment of the MSS.
3.	The window size is adjusted to 4 times the MSS, to a maximum size of 64K, unless the window scaling option (RFC 1323) is used.

Note See the "Windows scaling" section.

For Ethernet connections, the window size will normally be set to 17,520 bytes (16K rounded up to twelve 1460-byte segments). The window size may decrease when a connection is established to a computer that supports extended TCP head options, such as Selective Acknowledgments (SACKS) and Timestamps. These two options increase the TCP header size to more than 20 bytes, which results in less room for data.

In previous versions of Windows NT, the window size for an Ethernet connection was 8,760 bytes, or six 1460-byte segments.

To set the receive window size to a specific value, add the TcpWindowSize value to the registry subkey specific to your version of Windows. To do this, follow these steps:

1.	Click Start, click Run, type Regedit, and then click OK.
2.	Expand the registry subkey specific to your version of Windows: • For Windows 2000, expand the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces • For Windows Server 2003, expand the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3.	On the Edit menu, point to New, and then click DWORD Value.
4.	Type TcpWindowSize in the New Value box, and thne press Enter
5.	Click Modify on the Edit menu.
6.	Type the desired window size in the Value data box. Note. The valid range for window size is 0-0x3FFFC000 Hexadecimal.

This value is not present by default. When you add the TcpWindowSize value, it overrides the default window size algorithm discussed above.

Note TcpWindowSize can also be added to the Parameters key to set the window size globally for all interfaces.

Back to the top

TCP options now supported

In the past, TCP options were used primarily for negotiating maximum segment sizes. In Windows, TCP options are used for Window Scaling, Time Stamp, and Selective ACK.

There are two types of TCP options:

1.	A single octet TCP option, which is used to indicate a specific option kind.
2.	A multiple octet TCP option, which consists of an option kind, an option length and a series of option octets.

The following list shows each TCP option kind, length, name, and description.

Back to the top

Windows scaling

For more efficient use of high bandwidth networks, a larger TCP window size may be used. The TCP window size field controls the flow of data and is limited to 2 bytes, or a window size of 65,535 bytes.

Since the size field cannot be expanded, a scaling factor is used. TCP window scale is an option used to increase the maximum window size from 65,535 bytes to 1 Gigabyte.

The window scale option is used only during the TCP 3-way handshake. The window scale value represents the number of bits to left-shift the 16-bit window size field. The window scale value can be set from 0 (no shift) to 14.

To calculate the true window size, multiply the window size by 2^S where S is the scale value. The following Network Monitor trace shows how the window scale option is used: It's important to note that the window size used in the actual 3-way handshake is NOT the window size that is scaled. This is per RFC 1323 section 2.2, "The Window field in a SYN (for example, a [SYN] or [SYN,ACK]) segment itself is never scaled."

This means that the first data packet sent after the 3-way handshake is the actual window size. If there is a scaling factor, the initial window size of 65,535 bytes is always used. The window size is then multiplied by the scaling factor identified in the 3-way handshake. The table below represents the scaling factor boundaries for various window sizes.

Scale Factor	Scale Value	Initial Window	Window Scaled
0	1	65535 or less	65535 or less
1	2	65535	131,070
2	4	65535	262,140
3	8	65535	524,280
4	16	65535	1,048,560
5	32	65535	2,097,120
6	64	65535	4,194,240
7	128	65535	8,388,480
8	256	65535	16,776,960
9	512	65535	33,553,920
10	1024	65535	67,107,840
11	2048	65535	134,215,680
12	4096	65535	268,431,360
13	8192	65535	536,862,720
14	16384	65535	1,073,725,440

For Example:

If the window size in the registry is entered as 269000000 (269M) in decimal, the scaling factor during the 3-way handshake is 13, because a scaling factor of 12 only allows a window size up to 268,431,360 bytes (268M).

The initial window size in this example would be calculated as follows: When the value for window size is added to the registry and its size is larger than the default value, Windows attempts to use a scale value that accommodates the new window size.

The Tcp1323Opts value in the following registry key can be added to control scaling windows and timestamp:

1.	On the toolbar click Start, click Run, and then type Regedit to start the Registry Editor.
2.	In the Registry Editor, click Edit, point to New, and then click DWORD Value.
3.	In the New Value box, type Tcp1323Opts, press ENTER, and then on the Edit menu, click Modify. Note The valid range is 0,1,2 or 3 where:

This registry entry controls RFC 1323 timestamps and window scaling options. Timestamps and Window scaling are enabled by default, but can be manipulated with flag bits. Bit 0 controls window scaling, and bit 1 controls timestamps.

Back to the top

Timestamps

Previously, the TCP/IP stack used one sample per window of data sent to calculate the round trip time (RTT). A timer (retransmit timer) was set when the packet was sent, until the acknowledgment was received. For example, if the window size was 64,240 bytes (44 full segments) on an Ethernet network, only one of every 44 packets were used to recalculate the round trip time. With a maximum window size of 65,535 bytes, this sampling rate was sufficient. Using window scaling, and a maximum window size of 1 Gigabyte, this RTT sampling rate is not sufficient.

The TCP Timestamp option can now be set to be used on segments (data and ACK) deemed appropriate by the stack, to perform operations such as RTT computation, PAWS check, and so on. Using this data, the RTT can be accurately calculated with large window sizes. RTT is used to calculate retransmission intervals. Accurate RTT and retransmission timeouts are needed for optimum throughput.

When TCP time stamp is used in a TCP session, the originator of the session sends the option in its first packet of the TCP three way handshake (SYN packet). Either side can then use the TCP option during the session.

TCP Timestamps Option (TSopt):

Kind = 8	Length = 10	TS Value (Tsval)	TS Echo Reply (Tsecr)
1 byte	1 byte	4 bytes	4 bytes

The timestamp option field can be viewed in a Network Monitor trace by expanding the TCP options field, as shown below:

Back to the top

Protection against Wrapped Sequence Numbers (PAWS)

The TCP sequence number field is limited to 32 bits, which limits the number of sequence numbers available. With high capacity networks and a large data transfer, it is possible to wrap sequence numbers before a packet traverses the network. If sending data on a 1 Giga-byte per second (Gbps) network, the sequence numbers could wrap in as little as 34 seconds. If a packet is delayed, a different packet could potentially exist with the same sequence number. To avoid confusion in the event of duplicate sequence numbers, the TCP timestamp is used as an extension to the sequence number. Packets have current and progressing time stamps. An old packet has an older time stamp and is discarded.

Back to the top

Selective Acknowledgements (SACKs)

Windows introduces support for a performance feature known as Selective Acknowledgement, or SACK. SACK is especially important for connections that use large TCP window sizes. Prior to SACK, a receiver could only acknowledge the latest sequence number of a contiguous data stream that had been received, or the "left edge" of the receive window. With SACK enabled, the receiver continues to use the ACK number to acknowledge the left edge of the receive window, but it can also acknowledge other blocks of received data individually. SACK uses TCP header options, as shown below.

SACK uses two types of TCP Options.

The TCP Sack-Permitted Option is used only in a SYN packet (during the TCP connection establishment) to indicate that it can do selective ACK.

The second TCP option, TCP Sack Option, contains acknowledgment for one or more blocks of data. The data blocks are identified using the sequence number at the start and at the end of that block of data. This is also known as the left and right edge of the block of data.

Kind 4 is TCP Sack-Permitted Option, Kind 5 is TCP Sack Option. Length is the length in bytes of this TCP option.

Tcp Sack Permitted:

Kind = 4	Length = 2
1 byte	1 byte

Tcp SACK Option:

Kind = 5	Length = Variable
1 byte	Left edge of 1st block to Right edge of 1st block ... Left edge of Nth block to Right edge of Nth block

With SACK enabled (default), a packet or series of packets can be dropped, and the receiver informs the sender which data has been received, and where there may be "holes" in the data. The sender can then selectively retransmit the missing data without a retransmission of blocks of data that have already been received successfully. SACK is controlled by the SackOpts registry parameter.

The SackOpts value in the following registry key can be edited to control the use of selective acknowledgements:

1.	On the toolbar click Start, click Run, and then type Regedit to start the Registry Editor.
2.	Locate and click the above key in the Registry Editor, and then click Modify on the Edit menu.
3.	Type the desired value in the Value data box.

NOTE: The valid binary value is 0 or 1, the default value is 1. This parameter controls whether or not Selective ACK (SACK - RFC 2018) support is enabled.

The following Network Monitor trace illustrates a host acknowledging all data up to sequence number 54857341, plus the data from sequence number 54858789-54861685. The missing data is from 54857341 to 54858788.

Back to the top

TCP retransmission behavior and fast retransmit

TCP Retransmission

As a review of normal retransmission behavior, TCP starts a retransmission timer when each outbound segment is handed down to the Internet Protocol (IP). If no acknowledgment has been received for the data in a given segment before the timer expires, then the segment is retransmitted.

The retransmission timeout (RTO) is adjusted continuously to match the characteristics of the connection using Smoothed Round Trip Time (SRTT) calculations as described in RFC 793. The timer for a given segment is doubled after each retransmission of that segment. Using this algorithm, TCP tunes itself to the normal delay of a connection.

Fast Retransmit

TCP retransmits data before the retransmission timer expires under some circumstances. The most common of these occurs due to a feature known as fast retransmit. When a receiver that supports fast retransmits receives data with a sequence number beyond the current expected one, and then it is likely that some data was dropped. To help inform the sender of this event, the receiver immediately sends an ACK, with the ACK number set to the sequence number that it was expecting. It will continue to do this for each additional TCP segment that arrives. When the sender starts to receive a stream of ACKs that is acknowledging the same sequence number, it is likely that a segment has been dropped. The sender will immediately resend the segment that the receiver is expecting, without waiting for the retransmission timer to expire. This optimization greatly improves performance when packets are frequently dropped.

By default, Windows resends a segment if it receives three ACKs for the same sequence number, (one ACK and 2 duplicates) and that sequence number lags the current one. This is controllable with the TcpMaxDupAcks registry parameter.

The TcpMaxDupAcks value in the following registry key can be edited to control the number of ACKs necessary to start a fast retransmits:

1.	On the toolbar click Start, click Run, and then type Regedit to start the Registry Editor.
2.	Locate and click the above key in the Registry Editor, and then click Modify on the Edit menu.
3.	Type the desired value in the Value data box.

NOTE: The valid range is 1-3, the default value is 2.

This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before "fast retransmit" is triggered to resend the segment that has been dropped in transit.

Back to the top