Re: [iccrg] Disadvantages of TCP connection splitters

Kuhn Nicolas <> Mon, 13 January 2020 14:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BE3BF12003E; Mon, 13 Jan 2020 06:41:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Qv-kVHULyEIg; Mon, 13 Jan 2020 06:41:06 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E8BF21200D6; Mon, 13 Jan 2020 06:41:05 -0800 (PST)
X-IronPort-AV: E=Sophos; i="5.69,429,1571702400"; d="scan'208,217"; a="13482527"
X-URL-LookUp-ScanningError: 1
From: Kuhn Nicolas <>
To: 'Marie-Jose Montpetit' <>, Yuchung Cheng <>, Michael Welzl <>
CC: "" <>, iccrg IRTF list <>, "Keith Winstein" <>
Thread-Topic: [iccrg] Disadvantages of TCP connection splitters
Thread-Index: AQHVx+4EzmgBxo+DYUyKchH208KKYKfkPiaAgAAcbgCAACOqgIAEJYjw
Date: Mon, 13 Jan 2020 14:40:01 +0000
Deferred-Delivery: Mon, 13 Jan 2020 14:41:01 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--17.591700-0.000000-31
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
Content-Type: multipart/alternative; boundary="_000_F3B0A07CFD358240926B78A680E166FF1ED38388TWMBXP03cnesnet_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [iccrg] Disadvantages of TCP connection splitters
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussions of Internet Congestion Control Research Group \(ICCRG\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Jan 2020 14:41:10 -0000

Advantages :
TCP split have lots of performance advantage (getting up to speed, tuned congestion control, etc). They can divide by two the time needed to download a web page.
FYI, an open-source PEP for testing :

                The issue with application layer PEP is that you have to split the encrypted communication – making it hard to deploy at large scale.
Transport layer PEP can be deployed for years in an operator infrastructure and may not follow the pace at which the Linux stack (and/or end points) is moving. It may not be relevant to keep the equipment in the network. That being said, PEP equipment can provide more than “just” TCP split (e.g. compression, QoS management, etc) and deactivating the split function can be tricky. I would say a practical issue is the flexibility of the operation of a PEP equipment in adjunction with end point evolutions. Another one would be their integration in complexed network architecture or constrained hardware components.

IMHO to make progress, we should induce more knowledge of the network underneath to end points so that adequate congestion control parameters can be applied.
There is an opportunity with QUIC here.

I hope this helps,


De : iccrg <> De la part de Marie-Jose Montpetit
Envoyé : samedi 11 janvier 2020 00:41
À : Yuchung Cheng <>om>; Michael Welzl <>
Cc :; iccrg IRTF list <>rg>; Keith Winstein <>
Objet : Re: [iccrg] Disadvantages of TCP connection splitters

(NWCRG chair off) We did peps years ago when satellite networks were impacted by TCP - it used to be our main sales pitch for Teledesic that we did not need it. But of course other networks needed them for like was all mentioned in this thread.

Open source PEPs now are really rudimentary and application layer PEPs like in "I am an app needing fast ACK” are more or less non existent.

What should we do to make progress?

Marie-José Montpetit, Ph.D.
Research Affiliate, MIT Media Laboratory<><>

On January 10, 2020 at 4:33:51 PM, Michael Welzl (<>) wrote:
Hi all,

This is all interesting, but it’s not going in the direction that I hoped. I mean, these problems are well known and obvious due to the nature of PEPs.
Imagine that connection-splitting PEPs would be a part of the architecture - known, signaled to, and officially doing what they’re doing, rather than secretly “cheating”.
Think of something more like an application-layer proxy, for example.

Then, some problems would remain, due to the way these devices operate - what they do with buffering, what they do with congestion control. That’s what I was interested in.

I’m getting the impression that problems in the style of those mentioned below are the ONLY types of problems that people have noticed…. is that true?


> On Jan 10, 2020, at 8:51 PM, Yuchung Cheng <<>> wrote:
> On Fri, Jan 10, 2020 at 11:41 AM Keith Winstein <<>> wrote:
>> In practice, I suspect some of the main downsides to these TCP (transparent) connection splitters are probably the ones cited by Google in their QUIC paper at SIGCOMM 2017: they have led to ossification of the TCP protocol by enforcing various assumptions about transport behavior on traffic that passes through.
>> See, e.g., "Is it Still Possible to Extend TCP?" (IMC 2011), "Fitting Square Pegs Through Round Pipes" (NSDI 2012), or "How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP" (NSDI 2012).
>> A whole bunch of interesting TCP behavior seems to be frustrated by a non-negligable percentage of these middleboxes. I've personally experienced several middleboxes (for me, I've seen this on local virus scanners and airplane WiFi services) that will kill a connection as soon as one side sends FIN. This frustrates any application that uses half-open connections in an interesting way. Middleboxes will forget about an idle connection even if the endpoints still have the state. Middleboxes will freak out if there is payload alongside SYN or SYN/ACK. SomemMiddleboxes will freak out if they see TCP options they don't know about (including ENO/tcpcrypt). Middleboxes will freak out if a segment appears unacked to them but never gets retransmitted, or if a segment is acked but they didn't see it on the forward path. And, as you say, the TCP connection splitters frustrate any attempt by the endpoints to deploy newer/better/more path-appropriate congestion-control schemes.
>> Just the FUD itself about what some lazy middlebox might freak out about probably contributes substantially to the ossification of TCP.
> Similar sentiments here on real practical disadvantages as a TCP
> developer dealing with Internet issues over a decade.
> There are good PEPs. The real disadvantages are the poorly implemented
> ones and the upkeep. In my personal experience I've worked with a
> cellular provider to disable their PEPS that ended up delivering much
> better (YouTube video) performance. They were very happy to get rid of
> those boxes to save both latency and money.
>> -Keith
>> On Fri, Jan 10, 2020 at 12:54 AM Michael Welzl <<>> wrote:
>>> Hi,
>>> I’ve been thinking a lot about TCP connection splitters lately ( ).
>>> I’m curious: what are the real practical disadvantages of this type of PEPs that people have seen?
>>> I'll appreciate any kind of feedback, also anecdotes, but pointers to citable papers would be best.
>>> BTW, let’s keep multi-path apart from this discussion please. My question is about single path TCP.
>>> Cheers,
>>> Michael
>>> PS: I’m not trying to indirectly hint that such devices would be *always good*. However, the scenarios where they are not strike me as surprisingly narrow, so I wonder if I’m missing more.
>>> _______________________________________________
>>> iccrg mailing list
>> _______________________________________________
>> iccrg mailing list

iccrg mailing list<>