Introduction to Linux Support TFO (TCP Fast Open)

Others 2020-04-14 10:46:13 views: null

1. Overview of TFO

TCP Fast Open ( TFO ) is an extension of TCP to simplify handshake procedures and is used to increase the opening speed of connections between two ends. In short, actually useful data is transmitted during the three-way handshake of TCP. This extension was originally implemented on Linux systems, Linux servers, Chrome browsers on Linux systems, or other supported software running on Linux (such as shadowsocks) can benefit. (Note: Shadowsocks is an excellent Socks proxy open source software.)

It uses the TFO cookie in the SYN packet at the beginning of the handshake to verify a previously connected client. If the verification is successful, it can start sending data before the final ACK packet of the three-way handshake is received, which skips a detour and reduces the delay at the beginning of the transmission. This encrypted cookie is stored on the client and is set at the beginning of the connection. Then every time the client connects, this cookie is returned repeatedly. (Reference: Wikipedia )

2. TFO schematic diagram

The ordinary TCP connection process is shown below



The connection process of TFO is as follows



After the client disconnects for a period of time, the connection process is as follows

It can be seen that after using TFO, the connection time is reduced by an RTT delay.

3. The opening of TFO

The TFO function is integrated in the Linux 3.7 kernel, so RHEL7 / CentOS7 is supported, but it is not enabled by default. Use the following method to enable it:

echo 3 > /proc/sys/net/ipv4/tcp_fastopen
#3的意思是开启TFO客户端和服务器端
#1表示开启客户端,2表示开启服务器端

In addition to the kernel support, applications must also enable support, for example, nginx (1.5.8+) opening method is as follows:

 server {
        listen 80 backlog=4096 fastopen=256 default;
        server_name _;

Fourth, TFO client support

The kernel after Linux 3.7 can be started manually. Kernels after 3.13 are enabled by default (default is 1).
Windows 10 has 1607+ enabled by default (when auto update is enabled)
Windows default Edge browser version 14352 or later.
Chrome browser version on Linux and Android. The version is not supported on windows.
The Firefox browser is closed by default and can be opened manually.
Apple's iOS 9 and OS X 10.11 can be supported, but may not be enabled by default.
Supported by curl 7.49 and later under linux.

Five, TFO test

We enable TFO on the server and configure nginx to support TFO.
The client opens TFO and upgrades curl to version 7.61 . Then use curl to access the HTTP page for testing.
The client is as follows

# curl -s -o/dev/null --tcp-fastopen http://10.140.10.16/
使用ip tcp_metrics show可以看到cookie
# ip tcp_metrics show | grep "fo_cookie"
10.140.10.16 age 41.955sec tw_ts 282422045/42sec ago rtt 250us rttvar 250us cwnd 10 metric_5 2380 metric_6 1190 fo_mss 1460 fo_cookie 1640a20f99195995

The server captures the packet as follows, you can see the cookie sent, 1640a20f99195995.

20:17:10.533466 IP 10.140.12.45.28722 > 10.140.10.16.80: Flags [S], seq 1532602092, win 29200, options [mss 1460,sackOK,TS val 982198124 ecr 0,nop,wscale 9,tfo cookiereq,nop,nop], length 0
20:17:10.533518 IP 10.140.10.16.80 > 10.140.12.45.28722: Flags [S.], seq 108109466, ack 1532602093, win 28960, options [mss 1460,sackOK,TS val 282422044 ecr 982198124,nop,wscale 9,tfo cookie 1640a20f99195995,nop,nop], length 0


Use the following command to view TFO connection statistics

# grep '^TcpExt:' /proc/net/netstat | cut -d ' ' -f 87-92 | column -t
TCPOFOMerge TCPChallengeACK TCPSYNChallenge TCPFastOpenActive TCPFastOpenActiveFail TCPFastOpenPassive
9306 29958 2457 0 0 11

6. Other issues

The following issues have not been resolved:

  1. How long will the client's TFO cookie be deleted, who will maintain and delete it?
  2. What exactly does nginx's TFO queue mean? What happens when the queue is full? How appropriate is the value setting?
    The queue is a security protection mechanism for the server in RFC7413. The data packets beyond the queue will be downgraded to the ordinary cookieless connection mode, that is, the TFO function fails. However, the specific setting of this value is not easy to determine.

7. Reference materials

http://martinbj2008.github.io/2016/11/23/what-is-tfo/
https://zhuanlan.zhihu.com/p/36239657
http://abcdxyzk.github.io/blog/2018/07/30/kernel-tcp_metric/
https://tools.ietf.org/html/rfc7413

King Furi
Published 59 original articles · 21 praises · 20,000+ views
Private letter concerns

Guess you like

Origin blog.csdn.net/tony_vip/article/details/105203109
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com