Recent TCP pointers

Despite its age, TCP continues to evolve and the existing TCP implementations continue to be improved. Some recent blog posts provide useful information about the evolution of TCP in the wild.

A lot of the research work on TCP has been conducted with open-source implementations such as the BSD variants or Linux. Lots of details have been published on these stacks. Being closed source, the Microsft TCP stacks are less known, but they still control a large fraction of the TCP traffic. On Linux for example, TCP tuning is explained in the tcp(7) man page. On Windows, similar tools exist and they are documented in https://docs.microsoft.com/en-us/powershell/module/nettcpip/?view=win10-ps.

One of the factors that influences the performance of TCP for short transfers such as small web pages is the initial value for the congestion window. A recent blog post summarises a measurement study presented last at IMC. The researchers tried to measure the initial congestion window of the reachable IPv4 addressing space. They found that 50% of the servers using HTTP had an initial congestion window of 10 packets while slightly less than 50% of HTTPS servers had an initial congestion window of 4 packets only. They then restricted their analysis on the top 1,000,000 websites and found that the difference between HTTP and HTTPS servers was small. If you plan to condut the same measurement, note that a conclusion from their study is that smapling 1% of the population is sufficient to obtain a good estimation of the distribution of the initial congestion windows on TCP servers.

The Linux TCP stack is full of features to deal with attacks or improve performance. A blog post describes with many details how TCP SYN and SYN+ACK packets are processed by the Linux kernel. This post provides both an explanation of how TCP packets are handled and also details about the statistics that can be collected in the TCP/IP stack and sample scripts to monitor the state of the kernel.

Written on January 16, 2018