RFC: 64-Bit Sequence Numbers for TCP
The draft proposes optional 64-bit sequence numbers for TCP to improve performance on high-speed networks while ensuring backward compatibility with 32-bit implementations and addressing security concerns during the handshake.
Read original article
not support 64-bit sequence numbers, it may disrupt the connection. To mitigate this, the document outlines a method for detecting such middle boxes by ensuring that the initial sequence numbers (ISNs) are chosen in a way that allows for verification of their integrity during the connection establishment phase. The draft proposes that both endpoints must agree to use 64-bit sequence numbers, which will be negotiated during the TCP handshake. The least significant 32 bits will remain in the standard TCP header, while the most significant 32 bits will be included in a new TCP option. This approach aims to maintain backward compatibility with existing TCP implementations that only support 32-bit sequence numbers. The document also addresses potential security concerns, including attacks that exploit sequence number guessing and downgrade attacks. Overall, the introduction of 64-bit sequence numbers is intended to enhance TCP's performance on high-speed networks by expanding the sequence number space, thereby reducing the likelihood of sequence number wrapping and improving packet handling.
- The draft proposes optional 64-bit sequence numbers for TCP to enhance performance on high-speed networks.
- It maintains backward compatibility with existing 32-bit TCP implementations.
- The negotiation of 64-bit sequence numbers occurs during the TCP handshake.
- Security considerations include protection against sequence number guessing and downgrade attacks.
- The document updates several existing standards to support the extended sequence number space.
Related
Timeliness without datagrams using QUIC
The debate between TCP and UDP for internet applications emphasizes reliability and timeliness. UDP suits real-time scenarios like video streaming, while QUIC with congestion control mechanisms ensures efficient media delivery.
Beyond bufferbloat: End-to-end congestion control cannot avoid latency spikes
End-to-end congestion control methods like TCP and QUIC face challenges in preventing latency spikes, especially in dynamic networks like Wi-Fi and 5G. Suggestions include anticipating capacity changes and prioritizing latency-sensitive traffic for a reliable low-latency internet.
Offload-friendly network encryption in the kernel
The PSP security protocol enhances encryption efficiency by offloading tasks to NICs, supporting AES encryption. Despite benefits, concerns about unidirectional connections and standardization persist, prompting discussions on integration challenges.
Comparing TCP and QUIC (2022)
Geoff Huston compares TCP and QUIC protocols in the October 2022 ISP Column. QUIC is seen as a transformative protocol with enhanced privacy, speed, and flexibility, potentially replacing TCP on the Internet. QUIC offers improved performance for encrypted traffic and independent transport control for applications.
Single-packet race condition breaking the 65535 byte lim
A Flatt Security article discusses a new method for exploiting single-packet race conditions using IP fragmentation and TCP sequence number reordering, enhancing attack efficiency and addressing vulnerabilities in server configurations.
3 commentsWhy isn’t this a serious problem then? I’d love a networking expert to chime in.
Is it that high bandwidth links also have very low packet error rates?
Or is it that individual TCP flows rarely saturate the link? (Because of congestion control, lower end to end throughput, sharing links, or some other reason?)
"This Internet-Draft will expire on September 14, 2017."
Related
Timeliness without datagrams using QUIC
The debate between TCP and UDP for internet applications emphasizes reliability and timeliness. UDP suits real-time scenarios like video streaming, while QUIC with congestion control mechanisms ensures efficient media delivery.
Beyond bufferbloat: End-to-end congestion control cannot avoid latency spikes
End-to-end congestion control methods like TCP and QUIC face challenges in preventing latency spikes, especially in dynamic networks like Wi-Fi and 5G. Suggestions include anticipating capacity changes and prioritizing latency-sensitive traffic for a reliable low-latency internet.
Offload-friendly network encryption in the kernel
The PSP security protocol enhances encryption efficiency by offloading tasks to NICs, supporting AES encryption. Despite benefits, concerns about unidirectional connections and standardization persist, prompting discussions on integration challenges.
Comparing TCP and QUIC (2022)
Geoff Huston compares TCP and QUIC protocols in the October 2022 ISP Column. QUIC is seen as a transformative protocol with enhanced privacy, speed, and flexibility, potentially replacing TCP on the Internet. QUIC offers improved performance for encrypted traffic and independent transport control for applications.
Single-packet race condition breaking the 65535 byte lim
A Flatt Security article discusses a new method for exploiting single-packet race conditions using IP fragmentation and TCP sequence number reordering, enhancing attack efficiency and addressing vulnerabilities in server configurations.