TCP Splice

Many designs for internet services use split-connection proxies, in which proxy machine is interposed between the server and the client machines in order to mediate the communication between them. Common examples are firewalls, HTTP proxies,  telnet and ftp gateways. Split-connection proxies typically suffer from three related problems: they have poor performance; they add a significant latency to the client-server communication path; and they potentially violate the end-to-end semantics of the transport protocol in use. 

TCP Splice is a new technique that provides solution to all of the above problems. By making minor changes to proxy's TCP/IP stack, we retain the session set up functions of the application layer proxy, but provide a method to push the data copying into kernel space. These modifications enable the application layer proxy to forward data at router speeds. 

Applications of TCP Splicing are numerous. We first tried TCP Splice on a SOCKS firewall. Our lab results show that SOCKS firewall using TCP Splice can sustain a data throughput twice that of normal firewalls, with an average forwarding latency 30 times less.  See the TCP splice paper for detailed performance results. 

Here is a slide presentation on TCP Splicing. 

TCP Tap

TCP Tap is a technique for keeping a local copy of the segments forwarded over a spliced connection.  See the TCP tap paper for more details.