Optimising TCP

in today’s changing network environment

Philippe CLOUP – EMEA Solution Architect

F5 Agility 2014 2

The evolution of TCP

1997TCP slow start, congestion avoidance, fast retransmit and fast recovery algorithms RFC 2001

1988Congestion Avoidance and Control paper results in Tahoe algorithm.

2002First 3G network available commercially

1994TCP Vegas altered way in which set timeouts and RTT delays were measured.

1980’s 1990s 2000’s

1990Reno introduced in 4.3BSD-Reno AKA "Networking Release 2" or 4.4BSD-Lite

2006First 4G system deployed (South Korea)

1981TCP ratified (RFC793) for DARPA

F5 Agility 2014 3

TCP Performance challenges

EMEA - Mobile Connection Speeds

• Varying conditions based on connection• 3G limited bandwdith/high latency vs 4G High bandwidth and low latency • Loss & queuing

• Bursty transmissions • Delays when mobile device switches between wi-fi and carrier

How TMOS canhelp adjust to

TCP behavior ?

F5 Agility 2014 5

Pure « FastL4 » config winthin TMOS

SaaS

Available everywhere

Application Services

Built for the application

ePVAControl

FastL4

• Some of the TCP Parameters are negotiated during 3-WAY Handshake (MSS for example)• No buffering done by TMOS

FPGA

ToS/QoSAdaptations

FRAGMgmt

TCP defaults (Timeout, MSS,

…)

F5 Agility 2014 6

• FastL4 Profile is attached at a VS level:• Helps use specific profile for specific applications

or networks• Benefit from the FPGA Acceleration (F5 ePVA

HW)• 27 parameters can be changed/modified

FastL4 config

F5 Agility 2014 7

• Reset on Timeout:• Helpful to properly reset connections from

stateful devices (or Routers XLAT tables)• Must be aligned with the other « timeouts »

in the network• Mostly enabled (default)

FastL4 : usual parameters tuned

F5 Agility 2014 8

• MSS Override:• Help enforce a different MSS (Ethernet

MTU(1500) – IP Hdrs(20)-TCP Hdrs(20))• IP Tunneling protocols carrying TCP

segments requires MSS changes

FastL4 : usual parameters tuned

F5 Agility 2014 9

• Loose Initiation/Loose Close:• Required when you want to handle

asymetric traffic (BigIP see only incomingtraffic)

• If you want the system to « reopen » connections that already timed out

• Main concern: SecurityAny TCP segment can open a new connection in the system

Is it also a good option to close a connection withthe first FIN ?

FastL4 : usual parameters tuned

F5 Agility 2014 10

• TCP Close Timeout, Handshake Timeout• Mainly for security reasons• they can be lowered to evict quickly half

open or half closed connections

-> can impact the normal traffic in high latency or congested networks

FastL4 : usual parameters tuned

F5 Agility 2014 11

• Hardware SYN Cookie Protection:• Useful for SYN Flood Attacks for example• Use the capacity of F5 FPGA Hardware

and not CPU cores

FastL4 : usual parameters tuned

Client FPGA TMOS Stack

1 – No Ack received2 – Ack received with no Cookie3 – Ack received with corresponding cookie

XX

F5 Agility 2014 12

ROADSMultiple path for a single

connection

LOSSReduce the throughput

APPLICATIONSExhaust network resources

CONGESTIONImpact QoE

Is it enough to make TCP optimum and efficient ?

DELAYIncrease number of packets

in flight

F5 Agility 2014 13

In the « Basic TCP »

• When a connection is opened (after 3WHS), Slow Start and cwnd are set.

• « Slow Start » defines how much packets can be sent in the network beforeexpecting a ACK. It increases exponentially with the ACKs received

• « cwnd » defines the transmit window at the sender end (in most cases it is a multiple of the MSS), controlled by slow-start

• « ssthresh » (slow start threshold) indicate when to leave Slow Start (thresholdreached)

Reminder: TCP Slow Start and cwnd

Between TCP RFC and now, networks have changed as well as the computers and stacks

F5 Agility 2014 14

Packet transmission behavior

0

10000

20000

30000

40000

50000

60000

70000

1 11 21 31 41

Normal TCP

• Stretch Acks• Exponential CWND growth• High latency • High bandwidth• Small buffers

What influences packet transmission

CWND : Congestion Window

F5 Agility 2014 15

Congestion Control

Congestion

Congestion Causes Packet Loss

Packet Loss

Congestion Control Algorithm

Poor ExperienceCaused by Packet

Loss

Congestion

Congestion Causes Packet Loss

Packet Loss

Monitors for packet loss & latencyslows transmission as needed

Without Congestion Control

With Congestion Control

F5 Agility 2014 16

The New TCP Express

SaaS

Optimized for the device

Tailored to the location

Available everywhere

NetworkClient Data center

Application Services

Professional Services and Support

Built for the application

ResourceManagement

Proxy Behavior

Congestion Control

Loss Detection

Quality of Service

Always on, always fast, and on any device

A network built for

innovationThe New TCP Express

AckBehavior

F5 Agility 2014 17

The New TCP Express

SaaS

Optimized for the device

Tailored to the location

Available everywhere

NetworkClient Data center

Application Services

Professional Services and Support

Built for the application

Proxy Behavior

Congestion Control

Loss Detection

Quality of Service

Always on, always fast, and on any device

A network built for

innovationThe New TCP Express

AckBehavior

ResourceManagement

• Drop packets under pressure*

• Timer management• Memory management

RESOURCE MANAGEMENT

*New in 11.5

F5 Agility 2014 18

The New TCP Express

SaaS

Optimized for the device

Tailored to the location

Available everywhere

NetworkClient Data center

Application Services

Professional Services and Support

Built for the application

ResourceManagement

Congestion Control

Loss Detection

Quality of Service

Always on, always fast, and on any device

A network built for

innovationThe New TCP Express

AckBehavior

• Multi-Path TCP (MPTCP)*

• Maximum Segment Size (MSS)*

• Full proxy

PROXY BEHAVIOR

Proxy Behavior

*New in 11.5

F5 Agility 2014 19

The New TCP Express

SaaS

Optimized for the device

Tailored to the location

Available everywhere

NetworkClient Data center

Application Services

Professional Services and Support

Built for the application

ResourceManagement

Proxy Behavior

Congestion Control

Loss Detection

Quality of Service

Always on, always fast, and on any device

A network built for

innovationThe New TCP Express

• Delayed Ack• Nagel’s Algorithm

ACKNOWLEDGEMENT

AckBehavior

F5 Agility 2014 20

The New TCP Express

SaaS

Optimized for the device

Tailored to the location

Available everywhere

NetworkClient Data center

Application Services

Professional Services and Support

Built for the application

ResourceManagement

Proxy Behavior

Always on, always fast, and on any device

A network built for

innovationThe New TCP Express

AckBehavior

Loss Detection

Quality of Service

• Mobile Optimized Profile

• New Algorithms• Woodside• Vegas• Illinois• H-TCP

• Initial Congestion Window Size

CONGESTION CONTROL

Congestion Control

*New in 11.5

F5 Agility 2014 21

Congestion Control Algorithms

TCP Woodside• F5 created algorithm.• Hybird loss and latency based algorithm.• Minimizes buffer bloat by constantly monitoring

network buffering.

TCP Vegas• Emphasizes packet delay rather than packet loss• Detects congestion based on increasing RTT

values of packets.

TCP Illinois

• Targeted at high speed long distance networks• Loss-delay based algorithm.• Primary congestion of packet loss determines

direction of window size change.• Secondary congestion of queuing delay

determines the pace of window size changes.

H-TCP • Targeted for high speed networks with high latency.• Loss-based algorithm.

F5 Agility 2014 22

The New TCP Express

SaaS

Optimized for the device

Tailored to the location

Available everywhere

NetworkClient Data center

Application Services

Professional Services and Support

Built for the application

ResourceManagement

Proxy Behavior

Always on, always fast, and on any device

A network built for

innovationThe New TCP Express

AckBehavior

Congestion Control

Quality of Service

• Rate Pacing• Forward Error

Correction (FEC)• Retransmission Timeout

LOSS DETECTION

Loss Detection

*New in 11.5

F5 Agility 2014 23

The New TCP Express

SaaS

Optimized for the device

Tailored to the location

Available everywhere

NetworkClient Data center

Application Services

Professional Services and Support

Built for the application

ResourceManagement

Proxy Behavior

Always on, always fast, and on any device

A network built for

innovationThe New TCP Express

Congestion Control

Loss Detection

AckBehavior

• ToS• QoS• MD5 Signature

QUALITY OF SERVICE

Quality of Service

F5 Agility 2014 24

Multipath TCPMobility

What’s New• The ability to connect and maintain a continuous

connection to the internet over multiple wired and wireless connections

Use Case• Device initially connects to site over mobile

network.• Device comes in range of wifi, associates with and

connects over Wifi• Congestion control favors high bandwidth Wifi

path• Device disconnects from Wifi but continues to use

3G network

Mobile Network3G/4G LTE

WiFi

Mobile User

BIG-IP Platform

Multipath TCP

F5 Agility 2014 25

Packet Loss

Event Driven Stack

Stretch ACKs

Exponential CWND Growth

High Latency

High Bandwidt

h

Small Buffers

Mobile Optimization: Rate Based TCP

What’s NewTCP Express with Rate Pacing• Rate Pacing prevents bursts

• Transmission is paced smoothly by the stack• Speed of transmission determined by

congestion controlMinimal overruns even in high BDP networks

BenefitImprove the user experience by altering how packets are sent based on feedback received from client.

F5 Agility 2014 26

Recent Advancements in TCP Profiles

• TCP-mobile-optimized• MPTCP-mobile-optimized• WAM-TCP-LAN-Optimized• WAM-TCP-WAN-

Optimized

Increase initial congestion window to

minimum of 16

• MPTCP-mobile-optimized

New Congestion Control Algorithms

Rate PacingMPTCP

Next Steps

TCP is a complex protocol, and tuning it is not as simple as clicking on a button.

F5 is porividing profiles for different network environments, to help our customers fine tune those profiles in their environment.

If I can be of further assistance please contact me:

p.cloup@f5.com | +33.1.4144.8950