TCP Control Block Interdependence

Manhattan Beach CA 90266 United States of America +1 (310) 560-0334 touch@strayalpha.com

University of Oslo

PO Box 1080 Blindern Oslo N-0316 Norway +47 22 85 24 20 michawe@ifi.uio.no

University of Oslo

PO Box 1080 Blindern Oslo N-0316 Norway +47 22 84 08 37 safiquli@ifi.uio.no

TCPM WG This memo provides guidance to TCP implementers that is intended to help improve connection convergence to steady-state operation without affecting interoperability. It updates and replaces RFC 2140's description of sharing TCP state, as typically represented in TCP Control Blocks, among similar concurrent or consecutive connections.

Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .

Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

. Introduction
. Conventions Used in This Document
. Terminology
. The TCP Control Block (TCB)
. TCB Interdependence
. Temporal Sharing
- . Initialization of a New TCB
- . Updates to the TCB Cache
- . Discussion
. Ensemble Sharing
- . Initialization of a New TCB
- . Updates to the TCB Cache
- . Discussion
. Issues with TCB Information Sharing
- . Traversing the Same Network Path
- . State Dependence
- . Problems with Sharing Based on IP Address
. Implications
- . Layering
- . Other Possibilities
. Implementation Observations
. Changes Compared to RFC 2140
. Security Considerations
. IANA Considerations
. References
- . Normative References
- . Informative References
. TCB Sharing History
. TCP Option Sharing and Caching
. Automating the Initial Window in TCP over Long Timescales
- . Introduction
- . Design Considerations
- . Proposed IW Algorithm
- . Discussion
- . Observations
Acknowledgments
Authors' Addresses

Introduction TCP is a connection-oriented reliable transport protocol layered over IP . Each TCP connection maintains state, usually in a data structure called the "TCP Control Block (TCB)". The TCB contains information about the connection state, its associated local process, and feedback parameters about the connection's transmission properties. As originally specified and usually implemented, most TCB information is maintained on a per-connection basis. Some implementations share certain TCB information across connections to the same host . Such sharing is intended to lead to better overall transient performance, especially for numerous short-lived and simultaneous connections, as can be used in the World Wide Web and other applications . This sharing of state is intended to help TCP connections converge to long-term behavior (assuming stable application load, i.e., so-called "steady-state") more quickly without affecting TCP interoperability. This document updates RFC 2140's discussion of TCB state sharing and provides a complete replacement for that document. This state sharing affects only TCB initialization and thus has no effect on the long-term behavior of TCP after a connection has been established or on interoperability. Path information shared across SYN destination port numbers assumes that TCP segments having the same host-pair experience the same path properties, i.e., that traffic is not routed differently based on port numbers or other connection parameters (also addressed further in ). The observations about TCB sharing in this document apply similarly to any protocol with congestion state, including the Stream Control Transmission Protocol (SCTP) and the Datagram Congestion Control Protocol (DCCP) , as well as to individual subflows in Multipath TCP .

Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. The core of this document describes behavior that is already permitted by TCP standards. As a result, this document provides informative guidance but does not use normative language except when quoting other documents. Normative language is used in as examples of requirements for future consideration.

Terminology The following terminology is used frequently in this document. Items preceded with a "+" may be part of the state maintained as TCP connection state in the TCB of associated connections and are the focus of sharing as described in this document. Note that terms are used as originally introduced where possible; in some cases, direction is indicated with a suffix (_S for send, _R for receive) and in other cases spelled out (sendcwnd).

+cwnd:: TCP congestion window size
host:: a source or sink of TCP segments associated with a single IP address
host-pair:: a pair of hosts and their corresponding IP addresses
ISN:: Initial Sequence Number
+MMS_R:: maximum message size that can be received, the largest received transport payload of an IP datagram
+MMS_S:: maximum message size that can be sent, the largest transmitted transport payload of an IP datagram
path:: an Internet path between the IP addresses of two hosts
PCB:: protocol control block, the data associated with a protocol as maintained by an endpoint; a TCP PCB is called a "TCB"
PLPMTUD:: packetization-layer path MTU discovery, a mechanism that uses transport packets to discover the Path Maximum Transmission Unit (PMTU)
+PMTU:: largest IP datagram that can traverse a path
PMTUD:: path-layer MTU discovery, a mechanism that relies on ICMP error messages to discover the PMTU
+RTT:: round-trip time of a TCP packet exchange
+RTTVAR:: variation of round-trip times of a TCP packet exchange
+rwnd:: TCP receive window size
+sendcwnd:: TCP send-side congestion window (cwnd) size
+sendMSS:: TCP maximum segment size, a value transmitted in a TCP option that represents the largest TCP user data payload that can be received
+ssthresh:: TCP slow-start threshold
TCB:: TCP Control Block, the data associated with a TCP connection as maintained by an endpoint
TCP-AO:: TCP Authentication Option
TFO:: TCP Fast Open option
+TFO_cookie:: TCP Fast Open cookie, state that is used as part of the TFO mechanism, when TFO is supported
+TFO_failure:: an indication of when TFO option negotiation failed, when TFO is supported
+TFOinfo:: information cached when a TFO connection is established, which includes the TFO_cookie

The TCP Control Block (TCB) A TCB describes the data associated with each connection, i.e., with each association of a pair of applications across the network. The TCB contains at least the following information :

Local process state
- pointers to send and receive buffers
- pointers to retransmission queue and current segment
- pointers to Internet Protocol (IP) PCB
Per-connection shared state
- macro-state
  - connection state
  - timers
  - flags
  - local and remote host numbers and ports
  - TCP option state
- micro-state
  - send and receive window state (size*, current number)
  - congestion window size (sendcwnd)*
  - congestion window size threshold (ssthresh)*
  - max window size seen*
  - sendMSS#
  - MMS_S#
  - MMS_R#
  - PMTU#
  - round-trip time and its variation#

The per-connection information is shown as split into macro-state and micro-state, terminology borrowed from . Macro-state describes the protocol for establishing the initial shared state about the connection; we include the endpoint numbers and components (timers, flags) required upon commencement that are later used to help maintain that state. Micro-state describes the protocol after a connection has been established, to maintain the reliability and congestion control of the data transferred in the connection. We distinguish two other classes of shared micro-state that are associated more with host-pairs than with application pairs. One class is clearly host-pair dependent (shown above as "#", e.g., sendMSS, MMS_R, MMS_S, PMTU, RTT), because these parameters are defined by the endpoint or endpoint pair (of the given example: sendMSS, MMS_R, MMS_S, RTT) or are already cached and shared on that basis (of the given example: PMTU ). The other is host-pair dependent in its aggregate (shown above as "*", e.g., congestion window information, current window sizes, etc.) because they depend on the total capacity between the two endpoints. Not all of the TCB state is necessarily shareable. In particular, some TCP options are negotiated only upon request by the application layer, so their use may not be correlated across connections. Other options negotiate connection-specific parameters, which are similarly not shareable. These are discussed further in . Finally, we exclude rwnd from further discussion because its value should depend on the send window size, so it is already addressed by send window sharing and is not independently affected by sharing.

TCB Interdependence There are two cases of TCB interdependence. Temporal sharing occurs when the TCB of an earlier (now CLOSED) connection to a host is used to initialize some parameters of a new connection to that same host, i.e., in sequence. Ensemble sharing occurs when a currently active connection to a host is used to initialize another (concurrent) connection to that host.

Temporal Sharing The TCB data cache is accessed in two ways: it is read to initialize new TCBs and written when more current per-host state is available.

Initialization of a New TCB TCBs for new connections can be initialized using cached context from past connections as follows: Temporal Sharing - TCB Initialization

Cached TCB	New TCB
old_MMS_S	old_MMS_S or not cached (2)
old_MMS_R	old_MMS_R or not cached (2)
old_sendMSS	old_sendMSS
old_PMTU	old_PMTU (1)
old_RTT	old_RTT
old_RTTVAR	old_RTTVAR
old_option	(option specific)
old_ssthresh	old_ssthresh
old_sendcwnd	old_sendcwnd

(1): Note that PMTU is cached at the IP layer .
(2): Note that some values are not cached when they are computed locally (MMS_R) or indicated in the connection itself (MMS_S in the SYN).

gives an overview of option-specific information that can be shared. Additional information on some specific TCP options and sharing is provided in . Temporal Sharing - Option Info Initialization

Cached	New
old_TFO_cookie	old_TFO_cookie
old_TFO_failure	old_TFO_failure

Updates to the TCB Cache During a connection, the TCB cache can be updated based on events of current connections and their TCBs as they progress over time, as shown in . Temporal Sharing - Cache Updates

Cached TCB	Current TCB	When?	New Cached TCB
old_MMS_S	curr_MMS_S	OPEN	curr_MMS_S
old_MMS_R	curr_MMS_R	OPEN	curr_MMS_R
old_sendMSS	curr_sendMSS	MSSopt	curr_sendMSS
old_PMTU	curr_PMTU	PMTUD (1) / PLPMTUD (1)	curr_PMTU
old_RTT	curr_RTT	CLOSE	merge(curr,old)
old_RTTVAR	curr_RTTVAR	CLOSE	merge(curr,old)
old_option	curr_option	ESTAB	(depends on option)
old_ssthresh	curr_ssthresh	CLOSE	merge(curr,old)
old_sendcwnd	curr_sendcwnd	CLOSE	merge(curr,old)

(1): Note that PMTU is cached at the IP layer .

Merge() is the function that combines the current and previous (old) values and may vary for each parameter of the TCB cache. The particular function is not specified in this document; examples include windowed averages (mean of the past N values, for some N) and exponential decay (new = (1-alpha)*old + alpha *new, where alpha is in the range [0..1]). gives an overview of option-specific information that can be similarly shared. The TFO cookie is maintained until the client explicitly requests it be updated as a separate event. Temporal Sharing - Option Info Updates

Cached	Current	When?	New Cached
old_TFO_cookie	old_TFO_cookie	ESTAB	old_TFO_cookie
old_TFO_failure	old_TFO_failure	ESTAB	old_TFO_failure

Discussion As noted, there is no particular benefit to caching MMS_S and MMS_R as these are reported by the local IP stack. Caching sendMSS and PMTU is trivial; reported values are cached (PMTU at the IP layer), and the most recent values are used. The cache is updated when the MSS option is received in a SYN or after PMTUD (i.e., when an ICMPv4 Fragmentation Needed or ICMPv6 Packet Too Big message is received or the equivalent is inferred, e.g., as from PLPMTUD ), respectively, so the cache always has the most recent values from any connection. For sendMSS, the cache is consulted only at connection establishment and not otherwise updated, which means that MSS options do not affect current connections. The default sendMSS is never saved; only reported MSS values update the cache, so an explicit override is required to reduce the sendMSS. Cached sendMSS affects only data sent in the SYN segment, i.e., during client connection initiation or during simultaneous open; the MSS of all other segments are constrained by the value updated as included in the SYN. RTT values are updated by formulae that merge the old and new values, as noted in . Dynamic RTT estimation requires a sequence of RTT measurements. As a result, the cached RTT (and its variation) is an average of its previous value with the contents of the currently active TCB for that host, when a TCB is closed. RTT values are updated only when a connection is closed. The method for merging old and current values needs to attempt to reduce the transient effects of the new connections. The updates for RTT, RTTVAR, and ssthresh rely on existing information, i.e., old values. Should no such values exist, the current values are cached instead. TCP options are copied or merged depending on the details of each option. For example, TFO state is updated when a connection is established and read before establishing a new connection. Sections and discuss compatibility issues and implications of sharing the specific information listed above. gives an overview of known implementations. Most cached TCB values are updated when a connection closes. The exceptions are MMS_R and MMS_S, which are reported by IP ; PMTU, which is updated after Path MTU Discovery and also reported by IP ; and sendMSS, which is updated if the MSS option is received in the TCP SYN header. Sharing sendMSS information affects only data in the SYN of the next connection, because sendMSS information is typically included in most TCP SYN segments. Caching PMTU can accelerate the efficiency of PMTUD but can also result in black-holing until corrected if in error. Caching MMS_R and MMS_S may be of little direct value as they are reported by the local IP stack anyway. The way in which state related to other TCP options can be shared depends on the details of that option. For example, TFO state includes the TCP Fast Open cookie or, in case TFO fails, a negative TCP Fast Open response. RFC 7413 states,

The client MUST cache negative responses from the server in order to avoid potential connection failures. Negative responses include the server not acknowledging the data in the SYN, ICMP error messages, and (most importantly) no response (SYN-ACK) from the server at all, i.e., connection timeout.

TFOinfo is cached when a connection is established. State related to other TCP options might not be as readily cached. For example, TCP-AO success or failure between a host-pair for a single SYN destination port might be usefully cached. TCP-AO success or failure to other SYN destination ports on that host-pair is never useful to cache because TCP-AO security parameters can vary per service.

Ensemble Sharing Sharing cached TCB data across concurrent connections requires attention to the aggregate nature of some of the shared state. For example, although MSS and RTT values can be shared by copying, it may not be appropriate to simply copy congestion window or ssthresh information; instead, the new values can be a function (f) of the cumulative values and the number of connections (N).

Initialization of a New TCB TCBs for new connections can be initialized using cached context from concurrent connections as follows: Ensemble Sharing - TCB Initialization

Cached TCB	New TCB
old_MMS_S	old_MMS_S
old_MMS_R	old_MMS_R
old_sendMSS	old_sendMSS
old_PMTU	old_PMTU (1)
old_RTT	old_RTT
old_RTTVAR	old_RTTVAR
sum(old_ssthresh)	f(sum(old_ssthresh), N)
sum(old_sendcwnd)	f(sum(old_sendcwnd), N)
old_option	(option specific)

(1): Note that PMTU is cached at the IP layer .

In , the cached sum() is a total across all active connections because these parameters act in aggregate; similarly, f() is a function that updates that sum based on the new connection's values, represented as "N". gives an overview of option-specific information that can be similarly shared. Again, the TFO_cookie is updated upon explicit client request, which is a separate event. Ensemble Sharing - Option Info Initialization

Cached	New
old_TFO_cookie	old_TFO_cookie
old_TFO_failure	old_TFO_failure

Updates to the TCB Cache During a connection, the TCB cache can be updated based on changes to concurrent connections and their TCBs, as shown below: Ensemble Sharing - Cache Updates

Cached TCB	Current TCB	When?	New Cached TCB
old_MMS_S	curr_MMS_S	OPEN	curr_MMS_S
old_MMS_R	curr_MMS_R	OPEN	curr_MMS_R
old_sendMSS	curr_sendMSS	MSSopt	curr_sendMSS
old_PMTU	curr_PMTU	PMTUD+ / PLPMTUD+	curr_PMTU
old_RTT	curr_RTT	update	rtt_update(old, curr)
old_RTTVAR	curr_RTTVAR	update	rtt_update(old, curr)
old_ssthresh	curr_ssthresh	update	adjust sum as appropriate
old_sendcwnd	curr_sendcwnd	update	adjust sum as appropriate
old_option	curr_option	(depends)	(option specific)

+: Note that the PMTU is cached at the IP layer .

In , rtt_update() is the function used to combine old and current values, e.g., as a windowed average or exponentially decayed average. gives an overview of option-specific information that can be similarly shared. Ensemble Sharing - Option Info Updates

Cached	Current	When?	New Cached
old_TFO_cookie	old_TFO_cookie	ESTAB	old_TFO_cookie
old_TFO_failure	old_TFO_failure	ESTAB	old_TFO_failure

Discussion For ensemble sharing, TCB information should be cached as early as possible, sometimes before a connection is closed. Otherwise, opening multiple concurrent connections may not result in TCB data sharing if no connection closes before others open. The amount of work involved in updating the aggregate average should be minimized, but the resulting value should be equivalent to having all values measured within a single connection. The function "rtt_update" in indicates this operation, which occurs whenever the RTT would have been updated in the individual TCP connection. As a result, the cache contains the shared RTT variables, which no longer need to reside in the TCB. Congestion window size and ssthresh aggregation are more complicated in the concurrent case. When there is an ensemble of connections, we need to decide how that ensemble would have shared these variables, in order to derive initial values for new TCBs. Sections and discuss compatibility issues and implications of sharing the specific information listed above. There are several ways to initialize the congestion window in a new TCB among an ensemble of current connections to a host. Current TCP implementations initialize it to 4 segments as standard and 10 segments experimentally . These approaches assume that new connections should behave as conservatively as possible. The algorithm described in adjusts the initial cwnd depending on the cwnd values of ongoing connections. It is also possible to use sharing mechanisms over long timescales to adapt TCP's initial window automatically, as described further in .

Issues with TCB Information Sharing Here, we discuss various types of problems that may arise with TCB information sharing. For the congestion and current window information, the initial values computed by TCB interdependence may not be consistent with the long-term aggregate behavior of a set of concurrent connections between the same endpoints. Under conventional TCP congestion control, if the congestion window of a single existing connection has converged to 40 segments, two newly joining concurrent connections will assume initial windows of 10 segments and the existing connection's window will not decrease to accommodate this additional load. As a consequence, the three connections can mutually interfere. One example of this is seen on low-bandwidth, high-delay links, where concurrent connections supporting Web traffic can collide because their initial windows were too large, even when set at 1 segment. The authors of recommend caching ssthresh for temporal sharing only when flows are long. Some studies suggest that sharing ssthresh between short flows can deteriorate the performance of individual connections , although this may benefit aggregate network performance.

Traversing the Same Network Path TCP is sometimes used in situations where packets of the same host-pair do not always take the same path, such as when connection-specific parameters are used for routing (e.g., for load balancing). Multipath routing that relies on examining transport headers, such as ECMP and Link Aggregation Group (LAG) , may not result in repeatable path selection when TCP segments are encapsulated, encrypted, or altered -- for example, in some Virtual Private Network (VPN) tunnels that rely on proprietary encapsulation. Similarly, such approaches cannot operate deterministically when the TCP header is encrypted, e.g., when using IPsec Encapsulating Security Payload (ESP) (although TCB interdependence among the entire set sharing the same endpoint IP addresses should work without problems when the TCP header is encrypted). Measures to increase the probability that connections use the same path could be applied; for example, the connections could be given the same IPv6 flow label . TCB interdependence can also be extended to sets of host IP address pairs that share the same network path conditions, such as when a group of addresses is on the same LAN (see ). Traversing the same path is not important for host-specific information (e.g., rwnd), TCP option state (e.g., TFOinfo), or for information that is already cached per-host (e.g., path MTU). When TCB information is shared across different SYN destination ports, path-related information can be incorrect; however, the impact of this error is potentially diminished if (as discussed here) TCB sharing affects only the transient event of a connection start or if TCB information is shared only within connections to the same SYN destination port. In the case of temporal sharing, TCB information could also become invalid over time, i.e., indicating that although the path remains the same, path properties have changed. Because this is similar to the case when a connection becomes idle, mechanisms that address idle TCP connections (e.g., ) could also be applied to TCB cache management, especially when TCP Fast Open is used .

State Dependence There may be additional considerations to the way in which TCB interdependence rebalances congestion feedback among the current connections. For example, it may be appropriate to consider the impact of a connection being in Fast Recovery or some other similar unusual feedback state that could inhibit or affect the calculations described herein.

Problems with Sharing Based on IP Address It can be wrong to share TCB information between TCP connections on the same host as identified by the IP address if an IP address is assigned to a new host (e.g., IP address spinning, as is used by ISPs to inhibit running servers). It can be wrong if Network Address Translation (NAT) , Network Address and Port Translation (NAPT) , or any other IP sharing mechanism is used. Such mechanisms are less likely to be used with IPv6. Other methods to identify a host could also be considered to make correct TCB sharing more likely. Moreover, some TCB information is about dominant path properties rather than the specific host. IP addresses may differ, yet the relevant part of the path may be the same.

Implications There are several implications to incorporating TCB interdependence in TCP implementations. First, it may reduce the need for application-layer multiplexing for performance enhancement . Protocols like HTTP/2 avoid connection re-establishment costs by serializing or multiplexing a set of per-host connections across a single TCP connection. This avoids TCP's per-connection OPEN handshake and also avoids recomputing the MSS, RTT, and congestion window values. By avoiding the so-called "slow-start restart", performance can be optimized . TCB interdependence can provide the "slow-start restart avoidance" of multiplexing, without requiring a multiplexing mechanism at the application layer. Like the initial version of this document , this update's approach to TCB interdependence focuses on sharing a set of TCBs by updating the TCB state to reduce the impact of transients when connections begin, end, or otherwise significantly change state. Other mechanisms have since been proposed to continuously share information between all ongoing communication (including connectionless protocols) and update the congestion state during any congestion-related event (e.g., timeout, loss confirmation, etc.) . By dealing exclusively with transients, the approach in this document is more likely to exhibit the "steady-state" behavior as unmodified, independent TCP connections.

Layering TCB interdependence pushes some of the TCP implementation from its typical placement solely within the transport layer (in the ISO model) to the network layer. This acknowledges that some components of state are, in fact, per-host-pair or can be per-path as indicated solely by that host-pair. Transport protocols typically manage per-application-pair associations (per stream), and network protocols manage per-host-pair and path associations (routing). Round-trip time, MSS, and congestion information could be more appropriately handled at the network layer, aggregated among concurrent connections, and shared across connection instances . An earlier version of RTT sharing suggested implementing RTT state at the IP layer rather than at the TCP layer. Our observations describe sharing state among TCP connections, which avoids some of the difficulties in an IP-layer solution. One such problem of an IP-layer solution is determining the correspondence between packet exchanges using IP header information alone, where such correspondence is needed to compute RTT. Because TCB sharing computes RTTs inside the TCP layer using TCP header information, it can be implemented more directly and simply than at the IP layer. This is a case where information should be computed at the transport layer but could be shared at the network layer.

Other Possibilities Per-host-pair associations are not the limit of these techniques. It is possible that TCBs could be similarly shared between hosts on a subnet or within a cluster, because the predominant path can be subnet-subnet rather than host-host. Additionally, TCB interdependence can be applied to any protocol with congestion state, including SCTP and DCCP , as well as to individual subflows in Multipath TCP . There may be other information that can be shared between concurrent connections. For example, knowing that another connection has just tried to expand its window size and failed, a connection may not attempt to do the same for some period. The idea is that existing TCP implementations infer the behavior of all competing connections, including those within the same host or subnet. One possible optimization is to make that implicit feedback explicit, via extended information associated with the endpoint IP address and its TCP implementation, rather than per-connection state in the TCB. This document focuses on sharing TCB information at connection initialization. Subsequent to RFC 2140, there have been numerous approaches that attempt to coordinate ongoing state across concurrent connections, both within TCP and other congestion-reactive protocols, which are summarized in . These approaches are more complex to implement, and their comparison to steady-state TCP equivalence can be more difficult to establish, sometimes intentionally (i.e., they sometimes intend to provide a different kind of "fairness" than emerges from TCP operation).

Implementation Observations The observation that some TCB state is host-pair specific rather than application-pair dependent is not new and is a common engineering decision in layered protocol implementations. Although now deprecated, T/TCP was the first to propose using caches in order to maintain TCB states (see ). describes the current implementation status for TCB temporal sharing in Windows as of December 2020, Apple variants (macOS, iOS, iPadOS, tvOS, and watchOS) as of January 2021, Linux kernel version 5.10.3, and FreeBSD 12. Ensemble sharing is not yet implemented. KNOWN IMPLEMENTATION STATUS

TCB data	Status
old_MMS_S	Not shared
old_MMS_R	Not shared
old_sendMSS	Cached and shared in Apple, Linux (MSS)
old_PMTU	Cached and shared in Apple, FreeBSD, Windows (PMTU)
old_RTT	Cached and shared in Apple, FreeBSD, Linux, Windows
old_RTTVAR	Cached and shared in Apple, FreeBSD, Windows
old_TFOinfo	Cached and shared in Apple, Linux, Windows
old_sendcwnd	Not shared
old_ssthresh	Cached and shared in Apple, FreeBSD, Linux
TFO failure	Cached and shared in Apple

*: Note: In FreeBSD, new ssthresh is the mean of curr_ssthresh and its previous value if a previous value exists; in Linux, the calculation depends on state and is max(curr_cwnd/2, old_ssthresh) in most cases.

In , "Apple" refers to all Apple OSes, i.e., macOS (desktop/laptop), iOS (phone), iPadOS (tablet), tvOS (video player), and watchOS (smart watch), which all share the same Internet protocol stack.

Changes Compared to RFC 2140 This document updates the description of TCB sharing in RFC 2140 and its associated impact on existing and new connection state, providing a complete replacement for that document . It clarifies the previous description and terminology and extends the mechanism to its impact on new protocols and mechanisms, including multipath TCP, Fast Open, PLPMTUD, NAT, and the TCP Authentication Option. The detailed impact on TCB state addresses TCB parameters with greater specificity. It separates the way MSS is used in both send and receive directions, it separates the way both of these MSS values differ from sendMSS, it adds both path MTU and ssthresh, and it addresses the impact on state associated with TCP options. New sections have been added to address compatibility issues and implementation observations. The relation of this work to T/TCP has been moved to (which describes the history to TCB sharing) partly to reflect the deprecation of that protocol. has been added to discuss the potential to use temporal sharing over long timescales to adapt TCP's initial window automatically, avoiding the need to periodically revise a single global constant value. Finally, this document updates and significantly expands the referenced literature.

Security Considerations These presented implementation methods do not have additional ramifications for direct (connection-aborting or information-injecting) attacks on individual connections. Individual connections, whether using sharing or not, also may be susceptible to denial-of-service attacks that reduce performance or completely deny connections and transfers if not otherwise secured. TCB sharing may create additional denial-of-service attacks that affect the performance of other connections by polluting the cached information. This can occur across any set of connections in which the TCB is shared, between connections in a single host, or between hosts if TCB sharing is implemented within a subnet (see "Implications"). Some shared TCB parameters are used only to create new TCBs; others are shared among the TCBs of ongoing connections. New connections can join the ongoing set, e.g., to optimize send window size among a set of connections to the same host. PMTU is defined as shared at the IP layer and is already susceptible in this way. Options in client SYNs can be easier to forge than complete, two-way connections. As a result, their values may not be safely incorporated in shared values until after the three-way handshake completes. Attacks on parameters used only for initialization affect only the transient performance of a TCP connection. For short connections, the performance ramification can approach that of a denial-of-service attack. For example, if an application changes its TCB to have a false and small window size, subsequent connections will experience performance degradation until their window grows appropriately. TCB sharing reuses and mixes information from past and current connections. Although reusing information could create a potential for fingerprinting to identify hosts, the mixing reduces that potential. There has been no evidence of fingerprinting based on this technique, and it is currently considered safe in that regard. Further, information about the performance of a TCP connection has not been considered as private.

IANA Considerations This document has no IANA actions.

References Normative References Transmission Control Protocol Requirements for Internet Hosts - Communication Layers This RFC is an official specification for the Internet community. It incorporates by reference, amends, corrects, and supplements the primary protocol standards documents relating to hosts. [STANDARDS-TRACK] Path MTU discovery This memo describes a technique for dynamically discovering the maximum transmission unit (MTU) of an arbitrary internet path. It specifies a small change to the way routers generate one type of ICMP message. For a path that passes through a router that has not been so changed, this technique might not discover the correct Path MTU, but it will always choose a Path MTU as accurate as, and in many cases more accurate than, the Path MTU that would be chosen by current practice. [STANDARDS-TRACK] Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Packetization Layer Path MTU Discovery This document describes a robust method for Path MTU Discovery (PMTUD) that relies on TCP or some other Packetization Layer to probe an Internet path with progressively larger packets. This method is described as an extension to RFC 1191 and RFC 1981, which specify ICMP-based Path MTU Discovery for IP versions 4 and 6, respectively. [STANDARDS-TRACK] TCP Congestion Control This document defines TCP's four intertwined congestion control algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery. In addition, the document specifies how TCP should begin transmission after a relatively long idle period, as well as discussing various acknowledgment generation methods. This document obsoletes RFC 2581. [STANDARDS-TRACK] Computing TCP's Retransmission Timer This document defines the standard algorithm that Transmission Control Protocol (TCP) senders are required to use to compute and manage their retransmission timer. It expands on the discussion in Section 4.2.3.1 of RFC 1122 and upgrades the requirement of supporting the algorithm from a SHOULD to a MUST. This document obsoletes RFC 2988. [STANDARDS-TRACK] TCP Fast Open This document describes an experimental TCP mechanism called TCP Fast Open (TFO). TFO allows data to be carried in the SYN and SYN-ACK packets and consumed by the receiving end during the initial connection handshake, and saves up to one full round-trip time (RTT) compared to the standard TCP, which requires a three-way handshake (3WHS) to complete before data can be exchanged. However, TFO deviates from the standard TCP semantics, since the data in the SYN could be replayed to an application in some rare circumstances. Applications should not use TFO unless they can tolerate this issue, as detailed in the Applicability section. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Path MTU Discovery for IP version 6 This document describes Path MTU Discovery (PMTUD) for IP version 6. It is largely derived from RFC 1191, which describes Path MTU Discovery for IP version 4. It obsoletes RFC 1981. Informative References Initial Congestion Window Specification This document specifies the progression of initial TCP congestion window sizes over the next nine years. Work in Progress LISA: A linked slow-start algorithm for MPTCP IEEE ICC ECN++: Adding Explicit Congestion Notification (ECN) to TCP Control Packets Universidad Carlos III de Madrid Independent This document describes an experimental modification to ECN when used with TCP. It allows the use of ECN on the following TCP packets: SYNs, pure ACKs, Window probes, FINs, RSTs and retransmissions. Work in Progress The World-Wide Web Communications of the ACM V37, pp. 76-82 Understanding Internet traffic streams: dragonflies and tortoises IEEE Communications Magazine, pp. 110-117 T/TCP -- Transaction TCP: Source Changes for Sun OS 4.1.3 USC/ISI Release 1.0 Internetworking with TCP/IP Research Impacting the Practice of Congestion Control Computer Communication Review The ACM SIGCOMM newsletter The FreeBSD Project FreeBSD Issues in TCP Slow-Start Restart After Idle Work in Progress Enhanced metric caching for short TCP flows IEEE International Conference on Communications Transmission Control Protocol (TCP) Parameters IANA ctrlTCP: Reducing latency through coupled, heterogeneous multi-flow TCP congestion control IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) Congestion Avoidance and Control SIGCOMM Symposium proceedings on Communications architectures and protocols Extending TCP for Transactions -- Concepts This memo discusses extension of TCP to provide transaction-oriented service, without altering its virtual-circuit operation. This memo provides information for the Internet community. It does not specify an Internet standard. T/TCP -- TCP Extensions for Transactions Functional Specification This memo specifies T/TCP, an experimental TCP extension for efficient transaction-oriented (request/response) service. This memo describes an Experimental Protocol for the Internet community. TCP Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery Algorithms Modern implementations of TCP contain four intertwined algorithms that have never been fully documented as Internet standards: slow start, congestion avoidance, fast retransmit, and fast recovery. [STANDARDS-TRACK] TCP Control Block Interdependence This memo makes the case for interdependent TCP control blocks, where part of the TCP state is shared among similar concurrent connections, or across similar connection instances. TCP state includes a combination of parameters, such as connection state, current round-trip time estimates, congestion control information, and process information. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Increasing TCP's Initial Window This document specifies an increase in the permitted initial window for TCP from one segment to roughly 4K bytes. This memo defines an Experimental Protocol for the Internet community. IP Network Address Translator (NAT) Terminology and Considerations This document attempts to describe the operation of NAT devices and the associated considerations in general, and to define the terminology used to identify various flavors of NAT. This memo provides information for the Internet community. The Congestion Manager This document describes the Congestion Manager (CM), an end-system module that enables an ensemble of multiple concurrent streams from a sender destined to the same receiver and sharing the same congestion properties to perform proper congestion avoidance and control, and allows applications to easily adapt to network congestion. [STANDARDS-TRACK] Increasing TCP's Initial Window Datagram Congestion Control Protocol (DCCP) The Datagram Congestion Control Protocol (DCCP) is a transport protocol that provides bidirectional unicast connections of congestion-controlled unreliable datagrams. DCCP is suitable for applications that transfer fairly large amounts of data and that can benefit from control over the tradeoff between timeliness and reliability. [STANDARDS-TRACK] Stream Control Transmission Protocol This document obsoletes RFC 2960 and RFC 3309. It describes the Stream Control Transmission Protocol (SCTP). SCTP is designed to transport Public Switched Telephone Network (PSTN) signaling messages over IP networks, but is capable of broader applications. SCTP is a reliable transport protocol operating on top of a connectionless packet network such as IP. It offers the following services to its users: -- acknowledged error-free non-duplicated transfer of user data, -- data fragmentation to conform to discovered path MTU size, -- sequenced delivery of user messages within multiple streams, with an option for order-of-arrival delivery of individual user messages, -- optional bundling of multiple user messages into a single SCTP packet, and -- network-level fault tolerance through supporting of multi-homing at either or both ends of an association. The design of SCTP includes appropriate congestion avoidance behavior and resistance to flooding and masquerade attacks. [STANDARDS-TRACK] The TCP Authentication Option This document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. [STANDARDS-TRACK] IPv6 Flow Label Specification This document specifies the IPv6 Flow Label field and the minimum requirements for IPv6 nodes labeling flows, IPv6 nodes forwarding labeled packets, and flow state establishment methods. Even when mentioned as examples of possible uses of the flow labeling, more detailed requirements for specific use cases are out of the scope for this document. The usage of the Flow Label field enables efficient IPv6 flow classification based only on IPv6 main header fields in fixed positions. [STANDARDS-TRACK] TCP Options and Maximum Segment Size (MSS) This memo discusses what value to use with the TCP Maximum Segment Size (MSS) option, and updates RFC 879 and RFC 2385. This document is not an Internet Standards Track specification; it is published for informational purposes. Increasing TCP's Initial Window This document proposes an experiment to increase the permitted TCP initial window (IW) from between 2 and 4 segments, as specified in RFC 3390, to 10 segments with a fallback to the existing recommendation when performance issues are detected. It discusses the motivation behind the increase, the advantages and disadvantages of the higher initial window, and presents results from several large-scale experiments showing that the higher initial window improves the overall performance of many web services without resulting in a congestion collapse. The document closes with a discussion of usage and deployment for further experimental purposes recommended by the IETF TCP Maintenance and Minor Extensions (TCPM) working group. Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content The Hypertext Transfer Protocol (HTTP) is a stateless \%application- level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response header fields, along with the payload of messages (metadata and body content) and mechanisms for content negotiation. TCP Extensions for High Performance This document specifies a set of TCP extensions to improve performance over paths with a large bandwidth * delay product and to provide reliable operation over very high-speed paths. It defines the TCP Window Scale (WS) option and the TCP Timestamps (TS) option and their semantics. The Window Scale option is used to support larger receive windows, while the Timestamps option can be used for at least two distinct mechanisms, Protection Against Wrapped Sequences (PAWS) and Round-Trip Time Measurement (RTTM), that are also described herein. This document obsoletes RFC 1323 and describes changes from it. Mechanisms for Optimizing Link Aggregation Group (LAG) and Equal-Cost Multipath (ECMP) Component Link Utilization in Networks Demands on networking infrastructure are growing exponentially due to bandwidth-hungry applications such as rich media applications and inter-data-center communications. In this context, it is important to optimally use the bandwidth in wired networks that extensively use link aggregation groups and equal-cost multipaths as techniques for bandwidth scaling. This document explores some of the mechanisms useful for achieving this. Hypertext Transfer Protocol Version 2 (HTTP/2) This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2). HTTP/2 enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients. This specification is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged. Updating TCP to Support Rate-Limited Traffic This document provides a mechanism to address issues that arise when TCP is used for traffic that exhibits periods where the sending rate is limited by the application rather than the congestion window. It provides an experimental update to TCP that allows a TCP sender to restart quickly following a rate-limited interval. This method is expected to benefit applications that send rate-limited traffic using TCP while also providing an appropriate response if congestion is experienced. This document also evaluates the Experimental specification of TCP Congestion Window Validation (CWV) defined in RFC 2861 and concludes that RFC 2861 sought to address important issues but failed to deliver a widely used solution. This document therefore reclassifies the status of RFC 2861 from Experimental to Historic. This document obsoletes RFC 2861. TCP Extensions for Multipath Operation with Multiple Addresses TCP/IP communication is currently restricted to a single path per connection, yet multiple paths often exist between peers. The simultaneous use of these multiple paths for a TCP/IP session would improve resource usage within the network and thus improve user experience through higher throughput and improved resilience to network failure. Multipath TCP provides the ability to simultaneously use multiple paths between peers. This document presents a set of extensions to traditional TCP to support multipath operation. The protocol offers the same type of service to applications as TCP (i.e., a reliable bytestream), and it provides the components necessary to establish and use multiple TCP flows across potentially disjoint paths. This document specifies v1 of Multipath TCP, obsoleting v0 as specified in RFC 6824, through clarifications and modifications primarily driven by deployment experience.

TCB Sharing History T/TCP proposed using caches to maintain TCB information across instances (temporal sharing), e.g., smoothed RTT, RTT variation, congestion-avoidance threshold, and MSS . These values were in addition to connection counts used by T/TCP to accelerate data delivery prior to the full three-way handshake during an OPEN. The goal was to aggregate TCB components where they reflect one association -- that of the host-pair rather than artificially separating those components by connection. At least one T/TCP implementation saved the MSS and aggregated the RTT parameters across multiple connections but omitted caching the congestion window information , as originally specified in . Some T/TCP implementations immediately updated MSS when the TCP MSS header option was received , although this was not addressed specifically in the concepts or functional specification . In later T/TCP implementations, RTT values were updated only after a CLOSE, which does not benefit concurrent sessions. Temporal sharing of cached TCB data was originally implemented in the Sun OS 4.1.3 T/TCP extensions and the FreeBSD port of same . As mentioned before, only the MSS and RTT parameters were cached, as originally specified in . Later discussion of T/TCP suggested including congestion control parameters in this cache; for example, hints at initializing the congestion window to the old window size.

TCP Option Sharing and Caching In addition to the options that can be cached and shared, this memo also lists known TCP options for which state is unsafe to be kept. This list is not intended to be authoritative or exhaustive. Obsolete (unsafe to keep state):

Echo
Echo Reply
Partial Order Connection Permitted
Partial Order Service Profile
CC
CC.NEW
CC.ECHO
TCP Alternate Checksum Request
TCP Alternate Checksum Data

No state to keep:

End of Option List (EOL)
No-Operation (NOP)
Window Scale (WS)
SACK
Timestamps (TS)
MD5 Signature Option
TCP Authentication Option (TCP-AO)
RFC3692-style Experiment 1
RFC3692-style Experiment 2

Unsafe to keep state:

Skeeter (DH exchange, known to be vulnerable)
Bubba (DH exchange, known to be vulnerable)
Trailer Checksum Option
SCPS capabilities
Selective Negative Acknowledgements (S-NACK)
Records Boundaries
Corruption experienced
SNAP
TCP Compression Filter
Quick-Start Response
User Timeout Option (UTO)
Multipath TCP (MPTCP) negotiation success (see below for negotiation failure)
TCP Fast Open (TFO) negotiation success (see below for negotiation failure)

Safe but optional to keep state:

Multipath TCP (MPTCP) negotiation failure (to avoid negotiation retries)
Maximum Segment Size (MSS)
TCP Fast Open (TFO) negotiation failure (to avoid negotiation retries)

Safe and necessary to keep state:

TCP Fast Open (TFO) Cookie (if TFO succeeded in the past)

Automating the Initial Window in TCP over Long Timescales

Introduction Temporal sharing, as described earlier in this document, builds on the assumption that multiple consecutive connections between the same host-pair are somewhat likely to be exposed to similar environment characteristics. The stored information can become less accurate over time and suitable precautions should take this aging into consideration (this is discussed further in ). However, there are also cases where it can make sense to track these values over longer periods, observing properties of TCP connections to gradually influence evolving trends in TCP parameters. This appendix describes an example of such a case. TCP's congestion control algorithm uses an initial window value (IW) both as a starting point for new connections and as an upper limit for restarting after an idle period . This value has evolved over time; it was originally 1 maximum segment size (MSS) and increased to the lesser of 4 MSSs or 4,380 bytes . For a typical Internet connection with a maximum transmission unit (MTU) of 1500 bytes, this permits 3 segments of 1,460 bytes each. The IW value was originally implied in the original TCP congestion control description and documented as a standard in 1997 . The value was updated in 1998 experimentally and moved to the Standards Track in 2002 . In 2013, it was experimentally increased to 10 . This appendix discusses how TCP can objectively measure when an IW is too large and that such feedback should be used over long timescales to adjust the IW automatically. The result should be safer to deploy and might avoid the need to repeatedly revisit IW over time. Note that this mechanism attempts to make the IW more adaptive over time. It can increase the IW beyond that which is currently recommended for wide-scale deployment, so its use should be carefully monitored.

Design Considerations TCP's IW value has existed statically for over two decades, so any solution to adjusting the IW dynamically should have similarly stable, non-invasive effects on the performance and complexity of TCP. In order to be fair, the IW should be similar for most machines on the public Internet. Finally, a desirable goal is to develop a self-correcting algorithm so that IW values that cause network problems can be avoided. To that end, we propose the following design goals:

Impart little to no impact to TCP in the absence of loss, i.e., it should not increase the complexity of default packet processing in the normal case.
Adapt to network feedback over long timescales, avoiding values that persistently cause network problems.
Decrease the IW in the presence of sustained loss of IW segments, as determined over a number of different connections.
Increase the IW in the absence of sustained loss of IW segments, as determined over a number of different connections.
Operate conservatively, i.e., tend towards leaving the IW the same in the absence of sufficient information, and give greater consideration to IW segment loss than IW segment success.

We expect that, without other context, a good IW algorithm will converge to a single value, but this is not required. An endpoint with additional context or information, or deployed in a constrained environment, can always use a different value. In particular, information from previous connections, or sets of connections with a similar path, can already be used as context for such decisions (as noted in the core of this document). However, if a given IW value persistently causes packet loss during the initial burst of packets, it is clearly inappropriate and could be inducing unnecessary loss in other competing connections. This might happen for sites behind very slow boxes with small buffers, which may or may not be the first hop.

Proposed IW Algorithm Below is a simple description of the proposed IW algorithm. It relies on the following parameters:

MinIW = 3 MSS or 4,380 bytes (as per )
MaxIW = 10 MSS (as per )
MulDecr = 0.5
AddIncr = 2 MSS
Threshold = 0.05

We assume that the minimum IW (MinIW) should be as currently specified as standard . The maximum IW (MaxIW) can be set to a fixed value (we suggest using the experimental and now somewhat de facto standard in ) or set based on a schedule if trusted time references are available ; here, we prefer a fixed value. We also propose to use an Additive Increase Multiplicative Decrease (AIMD) algorithm, with increase and decreases as noted. Although these parameters are somewhat arbitrary, their initial values are not important except that the algorithm is AIMD and the MaxIW should not exceed that recommended for other systems on the Internet (here, we selected the current de facto standard rather than the actual standard). Current proposals, including default current operation, are degenerate cases of the algorithm below for given parameters, notably MulDec = 1.0 and AddIncr = 0 MSS, thus disabling the automatic part of the algorithm. The proposed algorithm is as follows:

On boot: IW = MaxIW; # assume this is in bytes and indicates an integer # multiple of 2 MSS (an even number to support # ACK compression)
Upon starting a new connection: CWND = IW; conncount++; IWnotchecked = 1; # true
During a connection's SYN-ACK processing, if SYN-ACK includes ECN (as similarly addressed in Section 5 of ECN++ for TCP ), treat as if the IW is too large: if (IWnotchecked && (synackecn == 1)) { losscount++; IWnotchecked = 0; # never check again }
During a connection, if retransmission occurs, check the seqno of the outgoing packet (in bytes) to see if the re-sent segment fixes an IW loss: if (Retransmitting && IWnotchecked && ((seqno - ISN) < IW))) { losscount++; IWnotchecked = 0; # never do this entire "if" again } else { IWnotchecked = 0; # you're beyond the IW so stop checking }
Once every 1000 connections, as a separate process (i.e., not as part of processing a given connection): if (conncount > 1000) { if (losscount/conncount > threshold) { # the number of connections with errors is too high IW = IW * MulDecr; } else { IW = IW + AddIncr; } }

As presented, this algorithm can yield a false positive when the sequence number wraps around, e.g., the code might increment losscount in step 4 when no loss occurred or fail to increment losscount when a loss did occur. This can be avoided using either Protection Against Wrapped Sequences (PAWS) context or internal extended sequence number representations (as in TCP Authentication Option (TCP-AO) ). Alternately, false positives can be tolerated because they are expected to be infrequent and thus will not significantly impact the algorithm. A number of additional constraints need to be imposed if this mechanism is implemented to ensure that it defaults to values that comply with current Internet standards, is conservative in how it extends those values, and returns to those values in the absence of positive feedback (i.e., success). To that end, we recommend the following list of example constraints:

The automatic IW algorithm MUST initialize MaxIW a value no larger than the currently recommended Internet default in the absence of other context information. Thus, if there are too few connections to make a decision or if there is otherwise insufficient information to increase the IW, then the MaxIW defaults to the current recommended value.
An implementation MAY allow the MaxIW to grow beyond the currently recommended Internet default but not more than 2 segments per calendar year. Thus, if an endpoint has a persistent history of successfully transmitting IW segments without loss, then it is allowed to probe the Internet to determine if larger IW values have similar success. This probing is limited and requires a trusted time source; otherwise, the MaxIW remains constant.
An implementation MUST adjust the IW based on loss statistics at least once every 1000 connections. An endpoint needs to be sufficiently reactive to IW loss.
An implementation MUST decrease the IW by at least 1 MSS when indicated during an evaluation interval. An endpoint that detects loss needs to decrease its IW by at least 1 MSS; otherwise, it is not participating in an automatic reactive algorithm.
An implementation MUST increase by no more than 2 MSSs per evaluation interval. An endpoint that does not experience IW loss needs to probe the network incrementally.
An implementation SHOULD use an IW that is an integer multiple of 2 MSSs. The IW should remain a multiple of 2 MSS segments to enable efficient ACK compression without incurring unnecessary timeouts.
An implementation MUST decrease the IW if more than 95% of connections have IW losses. Again, this is to ensure an implementation is sufficiently reactive.
An implementation MAY group IW values and statistics within subsets of connections. Such grouping MAY use any information about connections to form groups except loss statistics.

There are some TCP connections that might not be counted at all, such as those to/from loopback addresses or those within the same subnet as that of a local interface (for which congestion control is sometimes disabled anyway). This may also include connections that terminate before the IW is full, i.e., as a separate check at the time of the connection closing. The period over which the IW is updated is intended to be a long timescale, e.g., a month or so, or 1,000 connections, whichever is longer. An implementation might check the IW once a month and simply not update the IW or clear the connection counts in months where the number of connections is too small.

Discussion There are numerous parameters to the above algorithm that are compliant with the given requirements; this is intended to allow variation in configuration and implementation while ensuring that all such algorithms are reactive and safe. This algorithm continues to assume segments because that is the basis of most TCP implementations. It might be useful to consider revising the specifications to allow byte-based congestion given sufficient experience. The algorithm checks for IW losses only during the first IW after a connection start; it does not check for IW losses elsewhere the IW is used, e.g., during slow-start restarts.

An implementation MAY detect IW losses during slow-start restarts in addition to losses during the first IW of a connection. In this case, the implementation MUST count each restart as a "connection" for the purposes of connection counts and periodic rechecking of the IW value.

False positives can occur during some kinds of segment reordering, e.g., that might trigger spurious retransmissions even without a true segment loss. These are not expected to be sufficiently common to dominate the algorithm and its conclusions. This mechanism does require additional per-connection state, which is currently common in some implementations and is useful for other reasons (e.g., the ISN is used in TCP-AO ). The mechanism in this appendix also benefits from persistent state kept across reboots, which would also be useful to other state sharing mechanisms (e.g., TCP Control Block Sharing per the main body of this document). The receive window (rwnd) is not involved in this calculation. The size of rwnd is determined by receiver resources and provides space to accommodate segment reordering. Also, rwnd is not involved with congestion control, which is the focus of the way this appendix manages the IW.

Observations The IW may not converge to a single global value. It also may not converge at all but rather may oscillate by a few MSSs as it repeatedly probes the Internet for larger IWs and fails. Both properties are consistent with TCP behavior during each individual connection. This mechanism assumes that losses during the IW are due to IW size. Persistent errors that drop packets for other reasons, e.g., OS bugs, can cause false positives. Again, this is consistent with TCP's basic assumption that loss is caused by congestion and requires backoff. This algorithm treats the IW of new connections as a long-timescale backoff system.

Acknowledgments The authors would like to thank for information regarding TCB sharing in Windows; for information regarding TCB sharing in Apple OSs; , , , and for comments on earlier draft versions of this document; as well as members of the TCPM WG. Earlier revisions of this work received funding from a collaborative research project between the University of Oslo and Huawei Technologies Co., Ltd. and were partly supported by USC/ISI's Postel Center.

Authors' Addresses

Manhattan Beach CA 90266 United States of America +1 (310) 560-0334 touch@strayalpha.com

University of Oslo

PO Box 1080 Blindern Oslo N-0316 Norway +47 22 85 24 20 michawe@ifi.uio.no

University of Oslo

PO Box 1080 Blindern Oslo N-0316 Norway +47 22 84 08 37 safiquli@ifi.uio.no