February 24, 2012

Lower initial TCP RTO - Redhat kernel patch

I have recently back-ported the rfc2988bis changes (initRTO=1 and fallack) to the redhat 2.6.32 kernel - find the patch on my github account at @ https://github.com/alouche/redhat-2.6.32-kernel-patches/blob/master/rfc2988bis.patch On short lived connections with a lot of 3WHS, a lower initial RTO will improve 3WHS latency by 2*2000ms*X% (X% being the average of packet drops of a specific route). For further technical details, refer to https://www.ietf.org/proceedings/77/slides/tcpm-1.pdf

September 23, 2009

Ethernet flow control and IGMP snooping

It is important to note that** TCP flow control mechanism** as well as Ethernet flow control mechanism are completely 2 different mechanism, which strive to achieve the same unique goal but when in used, are completely unaware of each other. As a matter of fact, Ethernet flow control can fully alienate your network if not planned and used carefully :)… So What is TCP flow control? Flow control is a mechanism implemented in the TCP stack which enables a receiver endpoint to notify a sender that it can no longer receive data in its buffer. ... Read more

September 16, 2009

Mathis Equation and TCP performance

As simple as possible laid off, the Mathis equation goes as follow Rate <= (MSS/RTT)*(1 / p) MSS This is the Maximum Segment Size, which is the MTU excluding the TCP/IP headers. MSS = MTU - TCP/IP headers - for example 1460 with an MTU of 1500 (20b IP and 20b TCP headers) RTT RTT is the Round Trip Time as measured by TCP. The round trip is the time it would take a packet to travel from endpoint A to B and from endpoint B to A. ... Read more

October 8, 2008

Denial of Service - Sockstress

Sock Stress is a new type of Denial of Service which was developed by Jack C. Louis. According to nmap creator Fyodor, the attacker sends a TCP SYN packet to a targeted port, but first by making sure that a firewall protects his own machine as to prevent it to interfere with the attack process. The main reason for the protection is as to avoid the attacker’s computer to reset the unexpected returned SYN/ACK packet (2nd step of the TCP 3 way handshake). ... Read more