Hacker News new | past | comments | ask | show | jobs | submit login
Network Support for TCP Fast Open [pdf] (nanog.org)
58 points by jsnell on June 16, 2016 | hide | past | web | favorite | 8 comments



So the headline number here is that 20% of clients are on networks where TCP fast open doesn't work. TFO is just about the worst case when it comes to this. It's not simply adding a TCP option that could be ignored by middleboxes. It's essentially modifying the TCP state machine. It's also a very fresh standard; networking equipment doesn't get replaced every 2 years.

(I happened to implement TFO for a middlebox just a couple of weeks ago. The changes were much more invasive than for the average TCP extension).

Unfortunately there isn't a breakdown of that 20%. Is it just connections where the SYN was dropped or the connection breaks after the SYN was let through? Or does it also include cases where the TFO options get stripped away? There's a huge difference in how serious these cases are.


I've been wanting TCPFO for a while, but I'm wondering seeing if QUIC will arrive first and have fewer issues.


It'd be great if someone put together a test suite for networking equipment to test for things like this. It could give a scorecard after checking that TCP fast open, SCTP, Websockets-over-HTTP, IPv6, WebRTC and any other new networking technologies work correctly.

I have no idea how to tell which routers and IDSes will silently make my network / internet connectivity crappy.


Not exactly what you are asking for, but http://netalyzr.icsi.berkeley.edu/ comes close.


Talk is here: https://youtu.be/Qo9rFpiLMWI

For the other talks in this edition of NANOG see: https://www.nanog.org/meetings/nanog67/agenda


We built a similar feature into Caffeine—http://www.caffei.net/

they're absolutely right about the affect on UX & revenue...


This is a special case example of why middle-boxes, especially those that actually modify traffic rather than just scanning or prioritizing it, are evil.


It is a miracle that things even work at all with each and every one of your packets being molested every step of the way.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: