TCP Splice
Many designs for internet services use split-connection proxies, in which
proxy machine is interposed between the server and the client machines
in order to mediate the communication between them. Common examples are
firewalls, HTTP proxies, telnet and ftp gateways. Split-connection
proxies typically suffer from three related problems: they have poor performance;
they add a significant latency to the client-server communication path;
and they potentially violate the end-to-end semantics of the transport
protocol in use.
TCP Splice is a new technique that provides solution to all of the above
problems. By making minor changes to proxy's TCP/IP stack, we retain the
session set up functions of the application layer proxy, but provide a
method to push the data copying into kernel space. These modifications
enable the application layer proxy to forward data at router speeds.
Applications of TCP Splicing are numerous. We first tried TCP Splice
on a SOCKS firewall. Our lab results show that SOCKS firewall using TCP
Splice can sustain a data throughput twice that of normal firewalls, with
an average forwarding latency 30 times less. See the TCP
splice paper for detailed performance results.
Here is a slide
presentation on TCP Splicing. |