Bug 11945 - unbound - TCP Fast Open
Summary: unbound - TCP Fast Open
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: unspecified Unspecified
: - Unknown - Balancing
Assignee: Erik Kapfer
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-07 15:09 UTC by Erik Kapfer
Modified: 2019-11-12 13:05 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Kapfer 2018-12-07 15:09:50 UTC
Hi all,
should we enable "TCP Fast Open"

  --enable-tfo-client     Enable TCP Fast Open for client mode
  --enable-tfo-server     Enable TCP Fast Open for server mode

on unbound --> https://tools.ietf.org/html/rfc7413 --> https://tools.ietf.org/html/rfc7413 ? Might be interesting for DoT...

Best,

Erik
Comment 1 Michael Tremer 2018-12-07 15:16:07 UTC
Yes, our kernel should support that. Are there any known downsides?
Comment 2 Erik Kapfer 2018-12-08 16:25:56 UTC
By setting only the configure options TFO is not activated or can be used. There is also the need for a

net.ipv4.tcp_fastopen = 3

entry in sysctl.conf but if TFO should be permanent active something like this

echo 3 > /proc/sys/net/ipv4/tcp_fastopen

in e.g. rc.local --> https://blog.wasin.io/blog/2016/12/26/how-to-enable-fast-tcp-open-on-ubuntu.html is needed too.

Some possible problems with an active one can be found in here --> https://tools.ietf.org/html/rfc7413#section-4.2.2

Some improvement tests --> https://reproducingnetworkresearch.wordpress.com/2014/06/03/cs244-14-tcp-fast-open-2/ are also pretty interesting.

nginx and haproxy (may more) can also benefit from TFO .


Am currently building it and will also go for some testings but wanted to ask if in there is in general interest in it.

Best,

Erik
Comment 3 Erik Kapfer 2018-12-09 04:51:43 UTC
There is probably more to thinking about --> https://blog.donatas.net/blog/2017/03/09/tfo/ ...
Comment 4 Michael Tremer 2018-12-09 21:38:36 UTC
I think we should go ahead with this. We can definitely compile in support for TFO into unbound. We can still disable this using the sysctl option.

Would you please prepare two patches for this?
Comment 5 Erik Kapfer 2018-12-10 12:28:43 UTC
Yes i can do this am currently building it and will go then for a fast test and if positive i deliver it then to the mailinglist.

Best,

Erik
Comment 6 Michael Tremer 2019-11-12 13:05:12 UTC
As far as I am aware this is all built and shipped. If not, please re-open.