Metadata Card
| Attribute | Content |
|---|---|
| Volume | Vol 4 — Computer Networking |
| Chapter | Chapter 14: Network Performance & Optimization |
| Prerequisites | Chapter 1 (Layering), Chapter 3 (TCP), Chapter 7 (DNS/CDN/LB), Chapter 10 (Congestion Control), Chapter 13 (IPv6) |
| Next | — (Last chapter of Vol 4) |
| Theory Depth | (2/5) — Tools and practice, no derivations required |
| Python Relevance | ≈40%; focus on Bash toolchain (curl/iperf/ss/tcpdump) |
| Core Skills | Find root cause of "slowness", TCP kernel tuning, HTTP performance optimization |
| Code | ~100 lines Python + extensive Shell commands |
Your Progress
"You've traveled from Chapter 1 to Chapter 13 — layering models, Sockets, TCP, HTTP, TLS, DNS, CDN, data link, IP, congestion control, QUIC, debugging, IPv6. Now you string them all together — from a mage saying 'slow' to finding root cause to optimization solutions. This is the practical culmination of your post road knowledge."
Full-Stack Analysis — Where is "Slow" Actually Slow?
Break down request time into five phases:
DNS TCP TLS TTFB Content
──────┬────────┬────────┬────────┬──────────────┬─────→
Time: t1 t2 t3 t4 t5Use curl -w to measure each phase precisely:
| Phase | Normal | If Slow | Possible Cause |
|---|---|---|---|
| DNS | < 50ms | > 500ms | Slow DNS server, long recursive chain, no local cache |
| TCP | < 100ms (same region) | > 500ms | Physical distance, added device latency, loss causing SYN retransmit |
| TLS | < 100ms (TLS 1.3) | > 500ms | TLS 1.2 full (2-RTT), long cert chain, slow OCSP |
| TTFB | < 200ms | > 1s | Server-side processing slow (DB query, template rendering), edge cache miss |
| Content Transfer | Depends on bandwidth | Slow | Bandwidth limit, small congestion window, high packet loss |
DNS Optimization
- Use local DNS cache (dnsmasq, systemd-resolved)
- Pre-fetch with
<link rel="dns-prefetch">in HTML - Use fast DNS resolvers (1.1.1.1, 8.8.8.8)
- CDN Anycast DNS automatically routes queries to nearest node
TCP Connection Optimization
- Keep-Alive: Reuse connections instead of opening new ones
- TCP Fast Open (TFO): Carry data in SYN packet, save 1 RTT
- Reduce physical distance: CDN moves content closer to users
TLS Handshake Optimization
- Upgrade to TLS 1.3 — reduces from 2 RTT to 1 RTT
- Enable Session Resumption — cache Session Tickets, 0-RTT on reconnect
- OCSP Stapling — server provides cert status, no need for client to query OCSP
- Optimize cert chain — reduce number of intermediate certificates
- Trim cipher suites — keep only the fastest (AES-GCM, ChaCha20-Poly1305)
TTFB — The Server-Side Performance Black Hole
When TTFB >> DNS + TCP + TLS combined, the problem isn't in the network layer. Stop tuning TCP parameters and check the database.
| Cause | Characteristic | How to Check |
|---|---|---|
| Slow DB query | TTFB correlates with query count | Enable slow query log |
| Upstream API slow | Server waiting for others' network | Add tracing on server |
| Template rendering slow | Large page, complex template | Optimize SSR or add CDN caching |
| Disk I/O | File reads blocking | iostat / strace |
| No caching | Every request recalculated | Add cache layer (Redis, Memcached, CDN) |
TCP Kernel Tuning
BDP (Bandwidth-Delay Product):
BDP = Bandwidth × RTT
Example: Singapore → Virginia: RTT ≈ 200ms, bandwidth 1Gbps
BDP = (1 × 10⁹ bps) × 0.2s = 200,000,000 bits ≈ 24 MBIf TCP receive window < BDP, bandwidth utilization is window-limited.
# High BDP optimization settings
cat >> /etc/sysctl.d/99-network-performance.conf << 'EOF'
# Receive buffer: min=64KB, default=256KB, max=16MB
net.ipv4.tcp_rmem = 65536 262144 16777216
# Send buffer: min=64KB, default=256KB, max=16MB
net.ipv4.tcp_wmem = 65536 262144 16777216
# Enable window scaling
net.ipv4.tcp_window_scaling = 1
# Disable slow start after idle
net.ipv4.tcp_slow_start_after_idle = 0
# Enable SACK and FACK
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
# Increase connection queue
net.core.somaxconn = 65535
EOF
sysctl --systemMeasuring with iperf3
# Server side
iperf3 -s
# Client side
iperf3 -c server-ip -t 30 -P 4Traveler's Notes
Between knowing "TCP congestion control uses CUBIC cubic function" and actually finding the root cause when a mage says "slow", there's a gap of ten post roads. This chapter is that road. We don't learn any "new transmission spells" — we learn how to use all the previous knowledge as a troubleshooting toolkit. When you face a network problem, systematically check: DNS → TCP → TLS → TTFB → Content Transfer. Each phase has its own tools and optimization strategies.