Optimising TCP

in today’s changing network

environment

Philippe CLOUP – EMEA Solution Architect

 The evolution of TCP
1988 1994 2002
1981 Congestion Avoidance TCP Vegas altered way in which First 3G network available
TCP ratified and Control paper results set timeouts and RTT delays were commercially
(RFC793) for in Tahoe algorithm. measured.
DARPA

1980’s 1990s 2000’s

1990 1997 2006

Reno introduced in 4.3BSD- TCP slow start, congestion First 4G system
Reno AKA "Networking Release avoidance, fast retransmit and fast deployed (South
2" or 4.4BSD-Lite recovery algorithms RFC 2001 Korea)

F5 Agility 2014 2
 TCP Performance challenges
• Varying conditions based on connection
• 3G limited bandwdith/high latency vs 4G High bandwidth and low latency
• Loss & queuing
• Bursty transmissions
• Delays when mobile device switches between wi-fi and carrier

EMEA - Mobile Connection Speeds

F5 Agility 2014 3
How TMOS can
help adjust to
TCP behavior ?
 Pure « FastL4 » config winthin TMOS
• Some of the TCP Parameters are negotiated during 3-WAY Handshake (MSS for example)
• No buffering done by TMOS
Built for the application

Application Services

FastL4

SaaS
ePVA ToS/QoS FRAG TCP defaults
Control Adaptations Mgmt (Timeout, MSS,
…) Available
everywhere

FPGA

F5 Agility 2014 5
 FastL4 config

• FastL4 Profile is attached at a VS level:

• Helps use specific profile for specific applications
or networks
• Benefit from the FPGA Acceleration (F5 ePVA
HW)
• 27 parameters can be changed/modified

F5 Agility 2014 6
 FastL4 : usual parameters tuned

• Reset on Timeout:
• Helpful to properly reset connections from
stateful devices (or Routers XLAT tables)
• Must be aligned with the other « timeouts »
in the network
• Mostly enabled (default)

F5 Agility 2014 7
 FastL4 : usual parameters tuned

• MSS Override:
• Help enforce a different MSS (Ethernet
MTU(1500) – IP Hdrs(20)-TCP Hdrs(20))
• IP Tunneling protocols carrying TCP
segments requires MSS changes

F5 Agility 2014 8
 FastL4 : usual parameters tuned

• Loose Initiation/Loose Close:

• Required when you want to handle
asymetric traffic (BigIP see only incoming
traffic)
• If you want the system to « reopen »
connections that already timed out

• Main concern: Security

Any TCP segment can open a new
connection in the system

Is it also a good option to close a connection with

the first FIN ?

F5 Agility 2014 9
 FastL4 : usual parameters tuned

• TCP Close Timeout, Handshake Timeout

• Mainly for security reasons
• they can be lowered to evict quickly half
open or half closed connections

-> can impact the normal traffic in high latency or

congested networks

F5 Agility 2014 10
 FastL4 : usual parameters tuned

• Hardware SYN Cookie Protection:

• Useful for SYN Flood Attacks for example
• Use the capacity of F5 FPGA Hardware
and not CPU cores
Client FPGA TMOS Stack

X
X 1 – No Ack received
2 – Ack received with no Cookie
3 – Ack received with corresponding cookie
F5 Agility 2014 11
 Is it enough to make TCP optimum and efficient ?

CONGESTION
Impact QoE
APPLICATIONS
Exhaust network resources
LOSS
Reduce the throughput

ROADS
Multiple path for a single DELAY
connection Increase number of packets
in flight

F5 Agility 2014 12
 Reminder: TCP Slow Start and cwnd

In the « Basic TCP »

• When a connection is opened (after 3WHS), Slow Start and cwnd are set.
• « Slow Start » defines how much packets can be sent in the network before
expecting a ACK. It increases exponentially with the ACKs received
• « cwnd » defines the transmit window at the sender end (in most cases it is a
multiple of the MSS), controlled by slow-start
• « ssthresh » (slow start threshold) indicate when to leave Slow Start (threshold
reached)

Between TCP RFC and now, networks have changed as well as the computers and stacks

F5 Agility 2014 13
 Packet transmission behavior
70000

What influences 60000

packet transmission 50000

• Stretch Acks
40000
• Exponential CWND growth
• High latency 30000

• High bandwidth
• Small buffers 20000

10000

0
1 11 21 31 41

Normal TCP

CWND : Congestion Window

F5 Agility 2014 14
 Congestion Control
Without Congestion Control
Congestion Causes
Packet Loss

Poor Experience
Congestion Packet Loss Caused by Packet
Loss

With Congestion Control

Congestion Causes
Packet Loss

Congestion Packet Loss

Monitors for packet loss & latency

slows transmission as needed
Congestion Control
Algorithm

F5 Agility 2014 15
 The New TCP Express
Client Network Data center

Optimized for the device Built for the application

Application Services

Always on, A network

always fast, and The New TCP Express built for
on any device innovation

SaaS
Resource Proxy Ack Congestion Loss Quality of
Management Behavior Behavior Control Detection Service
Tailored to the Available
location everywhere
Professional Services and Support

F5 Agility 2014 16
 The New TCP Express
Client Network Data center

Optimized for the device RESOURCE MANAGEMENT

Built for the application

Application Services • Drop packets under

pressure*
Always on, • Timer management
A network
always fast, and The New TCP Express built for
on any device innovation
• Memory management
SaaS
Resource Proxy Ack Congestion Loss Quality of
Management Behavior Behavior Control Detection Service
Tailored to the Available
location everywhere
Professional Services and Support

*New in 11.5

F5 Agility 2014 17
 The New TCP Express
Client Network Data center

Optimized for the device PROXY BEHAVIOR

Built for the application

Application Services • Multi-Path TCP

(MPTCP)*
Always on, • Maximum Segment
A network
always fast, and The New TCP Express built for
on any device Size (MSS)*
innovation

• Full proxy
SaaS
Resource Proxy Ack Congestion Loss Quality of
Management Behavior Behavior Control Detection Service
Tailored to the Available
location everywhere
Professional Services and Support

*New in 11.5

F5 Agility 2014 18
 The New TCP Express
Client Network Data center

Optimized for the device ACKNOWLEDGEMENT

Built for the application

Application Services • Delayed Ack

• Nagel’s Algorithm
Always on, A network
always fast, and The New TCP Express built for
on any device innovation

SaaS
Resource Proxy Ack Congestion Loss Quality of
Management Behavior Behavior Control Detection Service
Tailored to the Available
location everywhere
Professional Services and Support

F5 Agility 2014 19
 The New TCP Express
Client Network Data center

CONGESTION CONTROL
Optimized for the device Built for the application

• Mobile Optimized Application Services

Profile
Always on, A network
• New Algorithms always fast, and The New TCP Express built for
on any device innovation

• Woodside
• Vegas SaaS
Resource Proxy Ack Congestion Loss Quality of

• Illinois
Tailored to the
Management Behavior Behavior Control Detection Service
Available
location everywhere
• H-TCP Professional Services and Support

• Initial Congestion
Window Size
*New in 11.5
F5 Agility 2014 20
 Congestion Control Algorithms
• F5 created algorithm.
• Hybird loss and latency based algorithm.
TCP Woodside
• Minimizes buffer bloat by constantly monitoring
network buffering.

• Emphasizes packet delay rather than packet loss

TCP Vegas • Detects congestion based on increasing RTT
values of packets.

• Targeted at high speed long distance networks

• Loss-delay based algorithm.
• Primary congestion of packet loss determines
TCP Illinois direction of window size change.
• Secondary congestion of queuing delay
determines the pace of window size changes.

• Targeted for high speed networks with high latency.

H-TCP • Loss-based algorithm.

F5 Agility 2014 21
 The New TCP Express
Client Network Data center

LOSS
OptimizedDETECTION
for the device Built for the application

• Rate Pacing Application Services

• Forward Error
Correction (FEC) Always on,
always fast, and The New TCP Express
A network
built for
on any device innovation
• Retransmission Timeout
SaaS
Resource Proxy Ack Congestion Loss Quality of
Management Behavior Behavior Control Detection Service
Tailored to the Available
location everywhere
Professional Services and Support

*New in 11.5

F5 Agility 2014 22
 The New TCP Express
Client Network Data center

QUALITY OFdevice
Optimized for the SERVICE Built for the application

• ToS Application Services

• QoS
Always on, A network
• MD5 Signature always fast, and The New TCP Express built for
on any device innovation

SaaS
Resource Proxy Ack Congestion Loss Quality of
Management Behavior Behavior Control Detection Service
Tailored to the Available
location everywhere
Professional Services and Support

F5 Agility 2014 23
Multipath TCP
Mobility

What’s New
• The ability to connect and maintain a continuous Mobile Network
3G/4G LTE Multipath TCP
connection to the internet over multiple wired and
wireless connections
BIG-IP Platform

Use Case Mobile User

• Device initially connects to site over mobile

network. WiFi
• Device comes in range of wifi, associates with and
connects over Wifi
• Congestion control favors high bandwidth Wifi
path
• Device disconnects from Wifi but continues to use
3G network
F5 Agility 2014 24
 Mobile Optimization: Rate Based TCP
Exponential
High
CWND
Latency
Growth
What’s New Stretch
High
Bandwidt
ACKs
TCP Express with Rate Pacing h

• Rate Pacing prevents bursts

• Transmission is paced smoothly by the stack Event Packet Small
Driven
Loss Buffers
• Speed of transmission determined by Stack
congestion control
Minimal overruns even in high BDP networks

Benefit
Improve the user experience by altering how packets
are sent based on feedback received from client.

F5 Agility 2014 25
 Recent Advancements in TCP Profiles

• TCP-mobile-optimized
Increase initial • MPTCP-mobile-optimized
congestion window to • WAM-TCP-LAN-Optimized
minimum of 16 • WAM-TCP-WAN-
Optimized

New Congestion
Control Algorithms
• MPTCP-mobile-optimized
Rate Pacing
MPTCP
F5 Agility 2014 26
Next Steps

TCP is a complex protocol, and tuning it is not as simple as clicking on a

button.
F5 is porividing profiles for different network environments, to help our
customers fine tune those profiles in their environment.

If I can be of further assistance please contact me:

[email protected] | +33.1.4144.8950