TCP Fast Open (TFO) is a TCP mechanism that enables speedy data exchange between a client and a server during TCP’s initial handshake. By using the TFO mechanism, you can reduce an application’s network latency by the time required for one full round trip, which significantly reduces the delay experienced in short TCP transfers.
So how does it work? This picture describes it alot better!
It is important however that we need to have a supported client and a supported server to make this feature work. This feature was introduced in NetScaler 11.1 as it just needs some configuration to be able to work properly.
This can be done by adjusting a TCP Profile with the TCP Fast Open value
We can also define how long the TCP cookie should be used, by default this is set to zero (Which is defined in the TCP parameters on the NetScaler
After this setting is configured we need to enable TCP fast open for Microsoft Edge. Note that this feature is not enabled by default. Microsoft wrote a blog about TCP fast open earlier this year –> https://blogs.windows.com/msedgedev/2016/06/15/building-a-faster-and-more-secure-web-with-tcp-fast-open-tls-false-start-and-tls-1-3/
But not everything is well documented in the blogpost! first of you need to have 1607 build to get suppor for TCP fast open in the Windows Kernel. If you have TCP fast open you can see that enabled by using this command
netsh interface tcp show global (You will see TCP fast open) if you do not see it present you need to update your Windows 10.
To enable TCP fast open in Edge you need to open Microsoft Edge (Using build 14352 or higher) and type
Then scroll down and enable TCP fast open, then restart the browser.
Next we need to test this that it is working! by default in Microsoft Edge it ONLY WORKS UNDER HTTPS/TLS it makes sense but it is not documented.
Here we can see from WireShark the client request going to the web-server
(10.217.215.153 = Windows 10 client, 10.217.215.223 = NetScaler Virtual Server)
And here I can see the NetScaler responding with the Cookie
And here we can see that the client uses the TCP Open Cookie for second request
So voila! So will this small chance improve web performance? No yet! There are still a number of ISP which blocks the TCP Fast Open cookie header in TCP (ref: https://www.simula.no/file/conext2015pdf/download) which means that it falls back to regular TCP and then triggers a TCP retransmission.
But for those that have TCP fast open enabled on their web-servers, as seen here implementing TCP fast open will allow for fast download of websites