For slow speed links, the application designers should be aware of the underlying behavior of the network. A designer may generate code that uses many more packets than are necessary to accomplish a given task. This approach will result in an increase in latency that will be apparent in interactive sessions.
Kerberos handles encrypted data by transmitting two separate packets for each transmission of an otherwise unencrypted packet: one packet holds the length of encrypted data, and the second packet holds the data itself. In klogin this behavior results in the generation of 7 packets for a single keystroke, caused by the application doing two writes rather than a writev to merge the data into a single buffer. By using writev on both sides, we reduce 7 packets to 3 and save network bandwidth as well as latency.
: packet traces of single keystroke with two versions of klogin
Figure 3 shows packet traces for the transmission of a single character stroke, using both the original klogin and our modified version of klogin.
We also added a byte at the beginning of the encryped data to indicate whether the data is compressed. This mechanism allows us to forgo compression for cases where it does not provide a benefit.