woonizzooni

TFO (TCP Fast Open) 본문

Standard/TCP

TFO (TCP Fast Open)

woonizzooni 2019. 6. 13. 05:20

 

TCP Fast Open

    https://tools.ietf.org/html/rfc7413

 

 

2017/02/02 Enabling TCP Fast Open for NGINX on CentOS 7

    - What is TCP Fast Open?

    https://designhost.gr/topic/799-enabling-tcp-fast-open-for-nginx-on-centos-7/

 

Enabling TCP Fast Open for NGINX on CentOS 7

What is TCP Fast Open? The TCP protocol underpins most application-layer protocols like HTTP, SSH, FTP, NFS, etc. In fact TCP sits in between the IP layer (IP address routing) and the Application layer (user data), and is responsible for guaranteed and ord

designhost.gr

 

https://stackoverflow.com/questions/30079248/how-to-activate-the-tcp-fast-open-in-linux

 

how to activate the TCP Fast Open in linux

I have 2 PCs linux (PC1: kernel 3.13.0-37 and PC2: kernel 3.11.0-12) PC1-------PC2(TCP server port 4410) From PC1, I m sending a tcp packet with TCP Fast Open (Fast Open Cookie Request) I m expe...

stackoverflow.com

 

 

https://lwn.net/Articles/508865/

 

TCP Fast Open: expediting web services [LWN.net]

Please consider subscribing to LWNSubscriptions are the lifeblood of LWN.net. If you appreciate this content and would like to see more of it, your subscription will help to ensure that LWN continues to thrive. Please visit this page to join up and keep LW

lwn.net

 

Figure 2: Generating the TFO cookie

At this point, the client TCP now has a token that it can use to prove to the server TCP that an earlier three-way handshake to the client's IP address completed successfully.

For subsequent conversations with the server, the client can short circuit the three-way handshake as shown in Figure 3.

 

 

https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

tcp_fastopen - INTEGER 
    Enable TCP Fast Open (RFC7413) to send and accept data in the opening 
    SYN packet. 

    The client support is enabled by flag 0x1 (on by default). The client 
    then must use sendmsg() or sendto() with the MSG_FASTOPEN flag, 
    rather than connect() to send data in SYN. 

    The server support is enabled by flag 0x2 (off by default). Then 
    either enable for all listeners with another flag (0x400) or 
    enable individual listeners via TCP_FASTOPEN socket option with 
    the option value being the length of the syn-data backlog. 

    The values (bitmap) are 
      0x1: (client) enables sending data in the opening SYN on the client. 
      0x2: (server) enables the server support, i.e., allowing data in a SYN packet to be accepted and passed to the 
           application before 3-way handshake finishes. 
      0x4: (client) send data in the opening SYN regardless of cookie availability and without a cookie option. 
      0x200: (server) accept data-in-SYN w/o any cookie option present. 
      0x400: (server) enable all listeners to support Fast Open by default without explicit TCP_FASTOPEN socket option. 

    Default: 0x1 --> cat /proc/sys/net/ipv4/tcp_fastopen 이 0이던데.... 보통 3으로 하는 듯?

    Note that that additional client or server features are only effective if the basic support (0x1 and 0x2) are enabled 
     respectively. 

tcp_fastopen_blackhole_timeout_sec - INTEGER 
    Initial time period in second to disable Fastopen on active TCP sockets when a TFO firewall blackhole issue happens. 
    This time period will grow exponentially when more blackhole issues get detected right after Fastopen is re-
    enabled and will reset to initial value when the blackhole issue goes away. 
    0 to disable the blackhole detection. 
    By default, it is set to 1hr.

 

기타 참고

https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks

 

shadowsocks/shadowsocks

Contribute to shadowsocks/shadowsocks development by creating an account on GitHub.

github.com

 

Comments