This document explores network performance issues through latency and bandwidth concepts, covering how physical distance and connection capacity affect data transmission. It examines traffic prioritization using traffic shaping, connection limits, and diagnostic tools like iftop for identifying bandwidth consumption patterns across network services.
This document examines network performance through the critical concepts of latency and bandwidth, exploring how these factors determine data transmission speed across local and remote services. It covers diagnostic techniques for identifying slow network connections, strategies for optimizing performance based on data transfer patterns, and tools for managing bandwidth allocation through traffic shaping and connection monitoring.
When working in IT, interaction occurs with services all over the Internet. At one moment, connection might happen to a service running on the local network, and the next might use another service running in a data center located on a different continent.
Service location diversity:
| Service Location | Network Type | Typical Latency | Connection Type |
|---|---|---|---|
| Same computer | Loopback | <1 ms | localhost/127.0.0.1 |
| Local network | LAN | 1-5 ms | Ethernet/WiFi |
| Same city | MAN | 5-20 ms | ISP network |
| Same country | WAN | 20-80 ms | Internet backbone |
| Different continent | Internet | 100-300 ms | Undersea cables |
If the network connection is good, it might not be possible to tell the difference where the website being browsed is hosted.
User perception of network quality:
| Connection Quality | Latency | Page Load Time | User Experience |
|---|---|---|---|
| Excellent | <50 ms | <1 second | Instant response |
| Good | 50-100 ms | 1-2 seconds | Fast, acceptable |
| Fair | 100-200 ms | 2-4 seconds | Noticeable delay |
| Poor | >200 ms | >4 seconds | Frustrating |
But if dealing with a network service that isn’t exactly up to speed, more details about the connection being used might be needed.
When to investigate network performance:
| Symptom | Possible Cause | Investigation Tool |
|---|---|---|
| Slow page loads | Bandwidth limitation | Speed test |
| Delayed responses | High latency | ping, traceroute |
| Intermittent failures | Packet loss | ping with statistics |
| Connection timeouts | Network congestion | traceroute, mtr |
| Slow file transfers | Bandwidth saturation | iftop, nethogs |
The two most important factors that determine the time it takes to get the data over the network are the latency and the bandwidth of the connection. The latency is the delay between sending a byte of data from one point and receiving it on the other.
Latency characteristics:
| Aspect | Description | Impact |
|---|---|---|
| Definition | Round-trip time for data | Affects responsiveness |
| Measurement | Milliseconds (ms) | Lower is better |
| Primary factor | Physical distance | Cannot eliminate |
| Secondary factor | Intermediate hops | Can optimize |
This value is directly affected by the physical distance between the two points and how many intermediate devices there are between them.
Factors affecting latency:
| Factor | Impact on Latency | Example |
|---|---|---|
| Physical distance | Speed of light limit | Cross-ocean: +100ms |
| Router hops | Processing delay per hop | Each hop: +1-5ms |
| Network congestion | Queuing delays | Variable: +10-100ms |
| Connection type | Medium transmission speed | Fiber > copper > satellite |
Typical latency by distance:
| Connection | Distance | Latency | Use Case |
|---|---|---|---|
| Localhost | 0 km | <1 ms | Local services |
| Same building | <1 km | 1-2 ms | LAN services |
| Same city | <50 km | 5-10 ms | CDN edge servers |
| Same region | <500 km | 10-30 ms | Regional services |
| Cross-country | 1,000-5,000 km | 30-80 ms | National services |
| Cross-ocean | 5,000-20,000 km | 100-300 ms | Global services |
The bandwidth is how much data can be sent or received in a second. This is effectively the data capacity of the connection.
Bandwidth specifications:
| Aspect | Description | Measurement |
|---|---|---|
| Definition | Data transfer rate | Bits per second (bps) |
| Typical units | Mbps, Gbps | Higher is better |
| Direction | Upload vs download | Often asymmetric |
| Effective capacity | Theoretical vs actual | Real-world lower |
Common bandwidth levels:
| Connection Type | Download Speed | Upload Speed | Use Case |
|---|---|---|---|
| Dial-up | 56 Kbps | 48 Kbps | Legacy |
| DSL | 1-100 Mbps | 384 Kbps - 20 Mbps | Home |
| Cable | 100-1000 Mbps | 10-50 Mbps | Home/small business |
| Fiber | 100-10,000 Mbps | 100-10,000 Mbps | Business/enterprise |
| Gigabit Ethernet | 1000 Mbps | 1000 Mbps | Local network |
| 10 Gigabit | 10,000 Mbps | 10,000 Mbps | Data centers |
Internet connections are usually sold by the amount of bandwidth the customer will see. But it’s important to know that the usable bandwidth to transmit data to and from a network service will be determined by the available bandwidth at each endpoint and every hop between them.
Bandwidth bottleneck principle:
| Point in Path | Advertised Bandwidth | Result |
|---|---|---|
| Home connection | 100 Mbps | - |
| ISP backbone | 10 Gbps | - |
| Internet exchange | 100 Gbps | - |
| Destination ISP | 1 Gbps | - |
| Destination server | 100 Mbps | - |
| Effective bandwidth | 100 Mbps | Slowest link wins |
Real-world bandwidth limitations:
| Limitation | Cause | Impact |
|---|---|---|
| Slowest hop | Bottleneck in path | Entire connection limited |
| Shared connection | Multiple users | Divided capacity |
| Protocol overhead | TCP/IP headers | ~5-10% loss |
| Congestion | Network traffic | Variable reduction |
| Peering agreements | ISP relationships | Route inefficiency |
To understand how latency and bandwidth interact, think about what happens when trying to visit a website over the Internet.
Website request lifecycle:
| Step | Action | Time Component | Delay |
|---|---|---|---|
| 1. DNS lookup | Resolve domain name | Latency | ~20-50 ms |
| 2. TCP handshake | Establish connection | Latency (3 round trips) | ~300 ms |
| 3. HTTP request | Send GET request | Latency | ~100 ms |
| 4. Server processing | Generate response | Server time | Variable |
| 5. Initial response | First bytes arrive | Latency | ~100 ms |
| 6. Full download | Receive all data | Bandwidth | Depends on size |
If the web server is hosted somewhere across the ocean, the latency might be 100 milliseconds or so. That’s the time it takes for the request to reach the server.
Request-response with high latency:
| Event | Time | Cumulative Time |
|---|---|---|
| Send request | 0 ms | 0 ms |
| Request arrives at server | +100 ms latency | 100 ms |
| Server processes | +50 ms | 150 ms |
| Response starts journey | - | 150 ms |
| First byte arrives | +100 ms latency | 250 ms |
| Full content received | +Bandwidth time | 250 ms + download time |
The server will then generate a response and send it back. The first bytes of the response will again take 100 milliseconds to zap across the pond to the computer.
Once the response is on its way, the time it takes for the rest of the data to arrive is determined by the bandwidth.
Bandwidth calculation:
| Bandwidth | Bytes per Second | Megabytes per Second |
|---|---|---|
| 1 Mbps | 125,000 bytes | 0.125 MB |
| 10 Mbps | 1,250,000 bytes | 1.25 MB |
| 100 Mbps | 12,500,000 bytes | 12.5 MB |
| 1 Gbps | 125,000,000 bytes | 125 MB |
If the available bandwidth between the two points is 10 megabits per second, 1.25 megabytes can be received every second.
So for a website of about one megabyte of content, that large initial latency will be noticeable, since it’s an extra 20 percent on top of the total time to download it.
Small file download analysis (1 MB website, 10 Mbps bandwidth):
| Component | Time | Percentage of Total |
|---|---|---|
| Initial latency (round trip) | 200 ms | 20% |
| Download time (1 MB ÷ 1.25 MB/s) | 800 ms | 80% |
| Total time | 1000 ms (1 second) | 100% |
But if the content is 10 megabytes or more, the initial latency will be less than five percent of the total time to download it, so it matters less.
Large file download analysis (10 MB website, 10 Mbps bandwidth):
| Component | Time | Percentage of Total |
|---|---|---|
| Initial latency (round trip) | 200 ms | 2.4% |
| Download time (10 MB ÷ 1.25 MB/s) | 8000 ms | 97.6% |
| Total time | 8200 ms (8.2 seconds) | 100% |
Latency impact by file size:
| File Size | Download Time (10 Mbps) | Latency (200ms) | Latency % |
|---|---|---|---|
| 100 KB | 80 ms | 200 ms | 71% |
| 1 MB | 800 ms | 200 ms | 20% |
| 10 MB | 8000 ms | 200 ms | 2.4% |
| 100 MB | 80,000 ms | 200 ms | 0.25% |
Important
For small data transfers, latency dominates performance impact. For large transfers, bandwidth becomes the primary factor. Understanding which matters more for a specific use case is crucial for optimization decisions.
Let’s say there’s an attempt to figure out why a network connection isn’t going as fast as desired. Remember that if transmitting a lot of small pieces of data, latency matters more than bandwidth.
Small data transfer characteristics:
| Transfer Type | Data Size | Frequency | Latency Impact | Bandwidth Impact |
|---|---|---|---|---|
| API requests | <10 KB | High | Critical | Minimal |
| Chat messages | <1 KB | Continuous | Very high | Negligible |
| Database queries | 1-100 KB | Very high | Critical | Low |
| Sensor data | <1 KB | Constant | High | Low |
| IoT telemetry | <500 bytes | Frequent | Very high | Minimal |
In this case, ensuring the server is as close as possible to the users of the service is desired, aiming for a latency of less than 50 milliseconds if possible, and up to 100 milliseconds in the worst-case.
Latency optimization strategies:
| Strategy | Latency Reduction | Implementation | Cost |
|---|---|---|---|
| CDN deployment | 50-150 ms | Content delivery network | Medium |
| Regional servers | 30-100 ms | Multi-region deployment | High |
| Edge computing | 40-120 ms | Process at network edge | Medium |
| Caching | 50-200 ms | Cache common responses | Low |
| Protocol optimization | 10-50 ms | HTTP/2, connection pooling | Low |
Acceptable latency targets:
| Use Case | Target Latency | Maximum Acceptable | User Impact if Exceeded |
|---|---|---|---|
| Real-time gaming | <20 ms | 50 ms | Unplayable |
| Video calls | <50 ms | 150 ms | Noticeable lag |
| Interactive apps | <50 ms | 100 ms | Feels sluggish |
| Web browsing | <100 ms | 200 ms | Slow response |
| File transfers | <200 ms | 500 ms | Minimal (bandwidth matters) |
On the flip side, if transmitting large chunks of data, bandwidth matters more than latency.
Large data transfer characteristics:
| Transfer Type | Data Size | Latency Sensitivity | Bandwidth Need | Example |
|---|---|---|---|---|
| Video streaming | GB per hour | Low | High | Netflix, YouTube |
| File downloads | MB to GB | Low | High | Software updates |
| Backup operations | GB to TB | Very low | Very high | Cloud backups |
| Data replication | GB daily | Low | High | Database sync |
| Media uploads | MB to GB | Low | High | Photo/video sharing |
In this case, having as much bandwidth available as possible is desired regardless of where the server is hosted.
Bandwidth optimization strategies:
| Strategy | Bandwidth Gain | Implementation | Trade-off |
|---|---|---|---|
| Compression | 50-90% | Gzip, Brotli | CPU overhead |
| Delta sync | 70-95% | Only send changes | Complexity |
| Deduplication | 40-80% | Identify duplicates | Storage overhead |
| Parallel transfers | 2-10× | Multiple connections | Connection limits |
| Upgrade connection | Variable | Higher tier service | Direct cost |
What is meant by bandwidth available? Computers can transmit data to and from many different points of the Internet at the same time, but all those separate connections share the same bandwidth.
Bandwidth sharing example (100 Mbps connection):
| Scenario | Active Connections | Bandwidth per Connection | Total Used |
|---|---|---|---|
| Single download | 1 | 100 Mbps | 100 Mbps |
| Two equal downloads | 2 | 50 Mbps each | 100 Mbps |
| Ten connections | 10 | 10 Mbps each | 100 Mbps |
| Mixed usage | 5 (varied) | Uneven split | 100 Mbps |
Each connection will get a portion of the bandwidth, but the split isn’t necessarily even. If one connection is transmitting a lot of data, there may be no bandwidth left for the other connections.
Bandwidth competition scenarios:
| Connection Type | Bandwidth Consumed | Impact on Others | Priority |
|---|---|---|---|
| Large file download | 95 Mbps | Starves other connections | High volume |
| Video streaming | 5-25 Mbps | Moderate impact | Medium |
| Web browsing | 1-5 Mbps | Minimal impact | Low |
| <1 Mbps | Negligible | Very low | |
| Background sync | Variable | Can monopolize | Unpredictable |
When these traffic jams happen, the latency can increase a lot because packets might get held back until there’s enough bandwidth to send them.
Congestion impact on latency:
| Network State | Normal Latency | Congested Latency | Increase Factor |
|---|---|---|---|
| Idle | 20 ms | 20 ms | 1× |
| Light load (30%) | 20 ms | 25 ms | 1.25× |
| Moderate load (60%) | 20 ms | 40 ms | 2× |
| Heavy load (90%) | 20 ms | 100 ms | 5× |
| Saturated (100%) | 20 ms | 500+ ms | 25×+ |
This has probably already been experienced on personal computers. If several applications have been run using the same network at once, the overall connection speed may have seemed slower.
Application bandwidth consumption:
| Application | Typical Bandwidth | Impact Level |
|---|---|---|
| Video call (HD) | 2-4 Mbps | Moderate |
| Video streaming (4K) | 25 Mbps | High |
| Online gaming | 1-3 Mbps | Low (but latency-sensitive) |
| File download | Variable (can max out) | Very high |
| Music streaming | 0.3-1 Mbps | Low |
| Web browsing | 1-5 Mbps | Low to moderate |
| System updates | Variable (can max out) | Very high |
Processes using the network connection can be checked by running a program like iftop. This shows how much data each active connection is sending over the network.
iftop command usage:
1# Install iftop (if not present)
2sudo apt-get install iftop # Debian/Ubuntu
3sudo yum install iftop # RHEL/CentOS
4
5# Run iftop (requires root)
6sudo iftop
7
8# Monitor specific interface
9sudo iftop -i eth0
10
11# Show port numbers
12sudo iftop -P
13
14# Show bandwidth in bytes instead of bits
15sudo iftop -B
iftop output interpretation:
1 12.5Mb 25.0Mb 37.5Mb 50.0Mb
2┌─────────────────┴─────────────┴─────────────┴─────────────┴────────
3myserver.local => cdn.example.com 15.2Mb 12.1Mb 10.5Mb
4 <= 1.5Mb 1.2Mb 1.1Mb
5myserver.local => api.service.com 2.1Mb 3.5Mb 2.8Mb
6 <= 0.5Mb 0.8Mb 0.6Mb
| Column | Meaning | Use |
|---|---|---|
| Source/Destination | Connection endpoints | Identify services |
| => | Outgoing traffic | Upload bandwidth |
| <= | Incoming traffic | Download bandwidth |
| Last 3 columns | 2s, 10s, 40s averages | Trend analysis |
Alternative network monitoring tools:
| Tool | Platform | View Type | Best For |
|---|---|---|---|
| iftop | Linux | Connection-based | Real-time bandwidth by host |
| nethogs | Linux | Process-based | Bandwidth per application |
| iotop | Linux | I/O operations | Disk and network I/O |
| tcpdump | Unix/Linux | Packet capture | Deep packet analysis |
| Wireshark | Cross-platform | GUI packet analysis | Detailed protocol debugging |
| nload | Linux | Interface-based | Simple bandwidth graph |
It might also have been noticed that the more users sharing the same network, the slower the data comes in. This is true for home connections and office connections alike.
Shared connection capacity:
| Users | Connection Speed | Per-User Bandwidth | Performance |
|---|---|---|---|
| 1 user | 100 Mbps | 100 Mbps | Excellent |
| 5 users | 100 Mbps | 20 Mbps average | Good |
| 10 users | 100 Mbps | 10 Mbps average | Adequate |
| 25 users | 100 Mbps | 4 Mbps average | Slow |
| 50 users | 100 Mbps | 2 Mbps average | Very slow |
No matter how much bandwidth is available, it’s a limited resource, so care will be needed with how it’s shared among users.
Note
Bandwidth is a finite shared resource. Even with high-capacity connections, simultaneous usage by many users or applications will divide the available capacity, potentially degrading performance for all parties when demand exceeds supply.
If some applications are using so much bandwidth that others can’t transmit anymore data, it’s possible to restrict how much each connection takes by using traffic shaping.
Traffic shaping purpose:
| Problem | Solution | Benefit |
|---|---|---|
| One connection monopolizes | Limit per-connection bandwidth | Fair distribution |
| Critical services starved | Prioritize important traffic | Maintain service quality |
| Bulk transfers block interactive | Deprioritize large transfers | Responsive UI |
| Network congestion | Shape overall traffic | Prevent saturation |
This is a way of marking the data packets sent over the network with different priorities.
Traffic priority levels:
| Priority | Traffic Type | Examples | Latency Tolerance |
|---|---|---|---|
| Critical | Real-time, interactive | VoIP, video calls | Very low |
| High | Important interactive | SSH, RDP, database | Low |
| Medium | Normal traffic | Web browsing, email | Moderate |
| Low | Bulk transfers | Backups, downloads | High |
| Best effort | Background | Updates, sync | Very high |
To avoid having huge chunks of data use all the bandwidth, by prioritizing accordingly, processes that send and receive small packets can keep working fine, while processes that need the most bandwidth can use the rest.
Traffic shaping strategies:
| Strategy | Implementation | Use Case |
|---|---|---|
| Rate limiting | Cap connection speed | Prevent single user monopoly |
| Priority queuing | Serve high-priority first | Protect interactive traffic |
| Fair queuing | Equal share per flow | Democratic distribution |
| Class-based queuing | Group by application type | Policy-based management |
| Token bucket | Allow bursts within limits | Smooth traffic flow |
Linux traffic shaping example (tc command):
1# Limit outgoing bandwidth on eth0 to 1 Mbps
2sudo tc qdisc add dev eth0 root tbf rate 1mbit burst 32kbit latency 400ms
3
4# Create priority-based queuing
5sudo tc qdisc add dev eth0 root handle 1: prio bands 3
6
7# Assign SSH traffic to high priority (band 0)
8sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 \
9 match ip dport 22 0xffff flowid 1:1
10
11# Show current tc configuration
12sudo tc -s qdisc show dev eth0
Traffic shaping benefits vs trade-offs:
| Benefit | Trade-off |
|---|---|
| Fair bandwidth distribution | Configuration complexity |
| Protected critical services | Requires continuous monitoring |
| Improved user experience | May limit legitimate bulk transfers |
| Prevented network saturation | Overhead in packet processing |
There’s also a limit to how many network connections can be established on a single computer. This isn’t usually a problem, but there could be bugs in the software that causes it to open way too many connections, or keep old connections open even if they’re no longer in use.
Connection limit factors:
| Limit Type | Typical Value | Controlled By | Symptom When Exceeded |
|---|---|---|---|
| File descriptors | 1024-65535 | OS ulimit | “Too many open files” |
| Port numbers | 65535 total | TCP/IP stack | Port exhaustion |
| Kernel connections | 100,000+ | Kernel parameters | System slowdown |
| Application connections | Varies | Application design | App crashes |
Common connection limit issues:
| Issue | Cause | Manifestation | Solution |
|---|---|---|---|
| Connection leak | Not closing connections | Growing count over time | Fix cleanup code |
| File descriptor limit | Default too low | Cannot accept new connections | Increase ulimit |
| TIME_WAIT buildup | High connection churn | Port exhaustion | Tune TCP parameters |
| Connection pool exhaustion | Misconfigured pool | Requests timeout | Adjust pool size |
If this happens on a server, no new users will be able to connect to it until whatever is keeping those connections open closes them.
Server connection exhaustion:
| Stage | Connection Count | Service State | User Experience |
|---|---|---|---|
| Normal | 0-500 | Healthy | Fast connections |
| Busy | 500-5000 | Loaded | Slower responses |
| Near limit | 5000-10000 | Stressed | Timeouts starting |
| Exhausted | 10000+ | Failing | “Connection refused” |
Diagnosing connection issues:
1# Count current connections
2ss -s
3
4# Show all TCP connections
5ss -tan | wc -l
6
7# Count connections by state
8ss -tan | awk '{print $1}' | sort | uniq -c
9
10# Show connections per IP
11netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
12
13# Check file descriptor usage
14lsof -u username | wc -l
15
16# Check system-wide file descriptor limit
17cat /proc/sys/fs/file-max
18
19# Check process-specific limits
20ulimit -n
Connection state monitoring:
| TCP State | Meaning | Normal Count | Problem Indicator |
|---|---|---|---|
| ESTABLISHED | Active connection | Hundreds | Thousands = leak |
| TIME_WAIT | Recently closed | Hundreds | Tens of thousands = churn |
| CLOSE_WAIT | Waiting for app to close | Few | Many = app not closing |
| SYN_RECV | Incoming connection | Few | Many = SYN flood attack |
Mitigation strategies:
| Strategy | Implementation | Prevents |
|---|---|---|
| Connection pooling | Reuse connections | Opening too many |
| Timeout configuration | Close idle connections | Indefinite holds |
| Resource limits | Set max connections | Uncontrolled growth |
| Proper cleanup | Always close in finally blocks | Connection leaks |
| Monitoring alerts | Alert on threshold | Exhaustion scenarios |
Network performance in IT environments depends fundamentally on two factors: latency representing the delay between sending and receiving data affected by physical distance and intermediate hops, and bandwidth representing data transfer capacity that determines how much information can move per second, with internet connections sold by bandwidth but actual usable capacity limited by the slowest link in the entire path from source to destination. The interaction between latency and bandwidth determines overall performance differently based on data size—for small frequent transfers like API requests and chat messages latency dominates and servers should be placed close to users targeting under 50ms ideally and 100ms maximum, while for large transfers like video streaming and file downloads bandwidth becomes the primary factor requiring maximum available capacity regardless of server location, with the relative impact shifting as file sizes change from latency being 71% of total time for 100KB files down to only 0.25% for 100MB files. Bandwidth represents a limited shared resource where computers simultaneously connect to multiple services dividing available capacity unevenly, with high-volume connections potentially monopolizing bandwidth and causing traffic jams that dramatically increase latency from normal 20ms to over 500ms when fully saturated, observable through tools like iftop showing per-connection bandwidth consumption and alternative tools like nethogs for process-based monitoring. Traffic shaping manages bandwidth distribution by marking packets with different priorities to prevent huge data chunks from monopolizing capacity, allowing processes with small packets like interactive applications to maintain performance while bulk transfer processes use remaining bandwidth through strategies like rate limiting, priority queuing, and class-based management implemented via tools like Linux tc command. Connection limits on computers typically ranging from 1024 to 65535 file descriptors can be exhausted by software bugs causing excessive connection opening or failing to close old connections, manifesting on servers as inability for new users to connect until existing connections close, with diagnosis through commands like ss and netstat revealing connection states where thousands of ESTABLISHED connections indicate leaks and mitigation requiring connection pooling, proper cleanup code, timeout configuration, and monitoring alerts to prevent exhaustion scenarios.