最後更新: 2019-05-02

介紹

It is an extension to the transmission control protocol (TCP)

Shaving your RTT with TCP Fast Open (reduce network latency)

Allows connections to be started during the handshake(3-way SYN, SYN/ACK, ACK)

By

• Client: send data during the initial SYN
• Server: allowing data in the payload of a TCP-SYN packet

 * TFO is only possible after a normal, initial handshake has been performed ( 建立 TFO cookie 後)

A sender and receiver can save some data about each other, and recognize each other historically based on a TFO cookie.

 * TFO is a kernel setting         # all applications that want to benefit from TFO

Enabling TFO for NGINX

 - Update the kernel settings to support TFO;
 - Compile NGINX from source with TFO support;
 - Modify NGINX configuration to accept TFO connections.

Kernel

/etc/sysctl.conf

net.ipv4.tcp_fastopen = 3

sysctl -p

# Checking

cat /proc/sys/net/ipv4/tcp_fastopen

# A zero value indicates it’s disabled;
# bit 0 corresponds to client operations (enabled on outgoing connections)
# bit 1 corresponds to server operations (available on listening sockets)
# Setting tcp_fastopen to 3 enables both (bit: 11)

Nginx

./configure ... --with-cc-opt='-DTCP_FASTOPEN=23' \

make

Checking

./objs/nginx -V |& grep DTCP_FASTOPEN

Setting

# limits the maximum length for the queue of connections that have not yet completed the three-way handshake.

listen 80 fastopen=64;

fastopen=number

enables “TCP Fast Open”
number: maximum length for the queue of connections that have not yet completed the three-way handshake.

測試

grep '^TcpExt:' /proc/net/netstat | cut -d ' ' -f 87-92  | column -t

TCPOFOMerge  TCPChallengeACK  TCPSYNChallenge  TCPFastOpenActive  TCPFastOpenPassive  TCPFastOpenPassiveFail
7            166              0                0                  0                   0