Improving TCP performance, eBPF in the Linux kernel, sending packets faster in go, time to repair undersea cables, TLS certificates, netlab and the NTP pool

TCP remains the most widely used reliable transport protocol. During the last years, QUIC has started to replace TLS over TCP for some applications such as HTTP/3. This is not the first time that new transport protocols are proposed to replace TCP. During the late 1980s, XTP and similar protocols aimed at being faster than TCP that was already to be considered as an old protocol. David Clark, Van Jacobson and their colleagues showed that TCP implementations could run much faster. They introduced a fast path, i.e. a part of the TCP implementation where the stack is optimized to process the next packet if it arrives in sequence. Improving the performance of TCP implementations is an ongoing effort. A recent set of patches proposed by Coco Li for the Linux kernel achieves 30-40% performance improvements on AMD processors by better exploiting their caches.

The Linux kernel is a key operating system for the Internet since it is used on servers, routers and smartphones. This Linux kernel continues to evolve. During the last years, the Linux kernel gained a lot of flexibility thanks to the addition of the eBPF virtual machine that can execute user-supplied programs directly inside the kernel. This allows to monitor various kernel components, tune various algorithms and provide advanced functions in the networking stack and elsewhere. A recent documentary explains the evolution of eBPF since 2014 and its main usages.

Andree Toonk explores in a blog post the different techniques that allow to send packets quickly in go. One the techniques he discusses uses eBPF programs to send packets.

Last week, three optical fibers were damaged in the Red Sea. This forced Internet providers to reroute traffic between Marseille and Singapore over different paths. An interesting article discusses the time to repair the damages on undersea cables.

TLS certificates were initially only distributed by certification authorities that charged a lot of money for each certificate. Fortunately, the non-profit Let’s Encrypt certification authority democratized the utilization of TLS certificates. Nowadays, any server administrator can easily obtain TLS certificates. However, this still requires installing and configuring software that supports the ACME protocol. The EFF discusses in a blog post possible next steps such as including these modules directly in popular web servers.

The Web Check provides an open-source set of checks that can be launched on a web server to verify several dozen aspects of its configuration, including TLS, DNS records, … A good starting point to explore the configuration of web sites.

Web check

netlab is a set of python modules that allow to build virtual network labs. netlab supports images from various commercial router vendors. The latest version has added support for open-source daemons including Bird or DNSMasq. Another blog post reports that netlab can emulate networks with up to 50 devices on a server equipped with 128 GB of RAM and 32 CPU cores…

For satellite-based access networks like Starlink, latency is an important concern. The Starlink engineers have managed to significantly reduce the latency of their commercial services by tuning the configuration of their network. A technical report provides some additional information about this change.

Starlink latency

The NTP pool project manages more than 4k NTP servers to provide time synchronization services to anyone. A recent scientific article analyzes a lot of measurements about this important service.

NTP Pool

This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.

Written on March 11, 2024