RFC 7413 - TCP Fast Open
Publication Date: December 2014
Authors: Y. Cheng, J. Chu, S. Radhakrishnan, A. Jain
Status: Experimental
Organization: Google, Inc.
Abstract
This document describes an experimental TCP mechanism called TCP Fast Open (TFO). TFO allows data to be carried in the SYN and SYN-ACK packets and consumed by the receiving end during the initial connection handshake, providing a reduction in connection latency. TFO is particularly valuable for latency-sensitive applications such as web services.
Technical Significance: TCP Fast Open can reduce HTTP request-response time by one full round-trip time (RTT), especially beneficial for short-lived connections.
Contents
Main Sections
-
- 1.1. Motivation
- 1.2. Key Concepts
-
- 2.1. TFO Cookie Request
- 2.2. TFO Cookie Response
- 2.3. TCP Fast Open Connection
- 2.4. Cookie Reuse
-
- 3.1. TCP Fast Open Cookie Request
- 3.2. TCP Fast Open Cookie Grant
- 3.3. TCP Fast Open
- 3.4. Cookie Handling
-
- 4.1. Attack Threats
- 4.2. Amplification Attacks
- 4.3. Resource Exhaustion
- 4.4. Privacy Considerations
-
- 6.1. Normative References
- 6.2. Informative References
Appendices
Key Technical Points
TFO Cookie Mechanism
- Cookie Generation: Server generates cookie using encryption based on client IP address
- Cookie Validation: Client includes cookie in subsequent connections for validation
- Data Carrying: After validation, data in SYN packet can be received by application layer
Performance Benefits
- Reduces one full RTT latency
- Particularly suited for short connections and request-response patterns
- Significant performance improvement for web browsing and API calls
Security Protection
- Prevents amplification attacks: Limits SYN data size
- Prevents resource exhaustion: Cookie validation mechanism
- Compatibility: Transparently coexists with traditional TCP
Related RFCs
- RFC 793: Transmission Control Protocol
- RFC 6994: Shared Use of Experimental TCP Options
- RFC 7323: TCP Extensions for High Performance
Implementation Status
This RFC is experimental and has been implemented in several major operating systems:
- Linux kernel (3.6+)
- Apple iOS and macOS
- Windows 10 (1607+)
Note: Experimental status means this mechanism is still under evaluation; implementations should carefully consider security and compatibility implications.