Sources

to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNS operations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – … challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas. … for Internet Service Provider (ISP) that use them to learn more about their customers [4] (①in Fig. 1), attacks are launched to tamper with the information in the DNS to direct users to malicious content [5] ②, and the infrastructure that runs the DNS is constantly undergoing denial-of-service attacks, threatening its … lenges: (i) confidentiality of DNS queries, (ii) integrity of informa- tion stored and sent in the DNS, (iii) availability of the underlying DNS infrastructure, and (iv) abuse of the DNS in attacks and distribution of harmful content on the Internet. Over time, mul- tiple extensions and tools have been developed to address these

TCP is possibly one of the most admired and least loathed protocols, you just have to find a bitter systems researcher and ask them what doesn’t suck that much. Sometimes they’ll say UTF-8, but TCP is also at the top of the list (which is good, because most of the internet is built atop of it). TCP carries email, webpages, and a whole slew of data between computers, providing a reliable, ordered stream of data atop an unreliable, unordered IP network — but TCP isn’t perfect, and has a long history of unused or broken features. For example: when the network became congested, older versions of TCP would retransmit aggressively, causing congestive collapse, bringing the entire internet to a halt. Another problem was SYN flooding, where a computer could be tricked into exhausting all of its connections, but this was eventually solved by adding SYN Cookies. Some features, such as TCP urgent, have never worked in practice.. TCP has some design flaws, but sometimes the problems are with how TCP is implemented and used — TCP is a reliable ordered stream over a series of messages, but many protocols are a series of messages over TCP — forcing implementations to work around or re-implement TCP’s features. Although TCP provides reliable delivery, an acknowledgement only says that the computer has received a message, not processed it. Applications must implement their own acknowledgements atop to ensure that the data has been processed. Some protocols attempt multiplexing or pipelining too, issuing concurrent commands over a single connection, and encounter head of line blocking— where the ordered delivery gets in the way of multiplexing the messages. They also have to implement flow control, framing, and timeouts too. There is an alternative protocol, SCTP, which promises to be a better transport for these messages, built around messages rather than streams, but it hasn’t taken off. Why? We’re stuck with TCP. TCP’s greatest design decision was the end-to-end principle, in that only the computers communicating had to worry about reliability and ordering, and the computers in-between could pass around messages in delightful ignorance. This is no longer true. Now TCP is burnt into the routers, firewalls, and home equipment, it’s really hard to send something that isn’t TCP (or UDP) over the network. TCP is also burnt into the operating systems too, it’s impossible for applications to change TCP’s behaviour to suit their needs. If we admit TCP is fossilised, is this admitting defeat? Not yet. The TCP Minion project attempts to work around TCP as found to evolve the protocol, even if the wire format stays the same. Alternatively, we can just re-implement TCP over UDP, over and over again.

Free CCNA Lesson 4 | TCP/IP Model In this lesson, we will focus on What is TCP/IP Model? What are the layers of TCP/IP Model? Why We Use TCP/IP Model? What are the functions of TCP/IP Model? And the difference of 4 layered old TCP/IP Model and 5 layered TCP/IP Model. . OSI is the abbreviation of Open Systems Interconnection. OSI Referance Model is the standard model of how devices communicate each other over a network. Beginning with Physical Layer (Layer 1), it goes throught the Application Layer (Layer 7). Each OSI layer has specific role in computer network communication. . OSI Layers: - Application Layer (5) - Transport Layer - Network Layer - Data-Link Layer - Physical Layer . OSI Model: https://ipcisco.com/lesson/osi-referance-model/ TCP/IP Model: https://ipcisco.com/lesson/tcp-ip-model/ . 2025 CCNA 200-301 v1.1 . Network Device: https://ipcisco.com/lesson/network-devices-2/ . You can also benefit from the below pages for CCNA, CCNP and CCIE! CCNA Courses and Useful Resources...

### Transcript {ts:0} 99% of developers don't get TCP IP. You hit play on the first episode of Squid {ts:5} Game season 3. You push a oneline hotfix that accidentally takes down your entire team's prod database. You drop the this {ts:12} is fine meme into your Instagram gossip group chat. … And why is the {ts:45} future of the web, HTTP3, being built on UDP instead of the ultra reliable TCP? ... These {ts:210} protocols almost always use TCP underneath to guarantee reliability except for some DNS queries and {ts:217} real-time apps that use UDP. Next, we have the transport layer. The transport layer is where the transmission control {ts:223} protocol or TCP resides and it solves one of the internet's biggest challenges. … It then sends these segments and waits for acknowledgements or acts from the {ts:247} receiver. If a segment is lost or damaged, TCP detects the problem, usually through missing acknowledgements {ts:253} or corrupted check sums and automatically retransmits the affected segment. This process is called positive {ts:260} acknowledgement with retransmission or PR. To avoid overwhelming the receiver, TCP uses flow control via the sliding {ts:267} window protocol, which allows the sender to send multiple segments before requiring an acknowledgement, but within {ts:273} a limit that the receiver can handle. TCB also adjusts its sending rate based on network congestion. These monitor {ts:279} signs of congestion such as dropped packets or increased roundtrip times and throttle transmission rates when needed {ts:285} to avoid flooding the network. Because of these mechanisms, TCP is considered connectionoriented. Before any data is {ts:292} exchanged, a three-way handshake occurs. … For applications where speed is more important than reliability like video {ts:326} calls on FaceTime, online games or live streams on Twitch, TCB can be too slow. In such cases, a different transport {ts:333} layer protocol called UDP or user datagramgram protocol is used. UDP is connectionless and does not guarantee … But that very strength the stable singular connection can become a {ts:376} massive weakness. Imagine you're not just loading one web page. Imagine you're a developer building a service {ts:381} that needs to gather public data from thousands of web pages. If you try to open thousands of these TCB connections {ts:386} from your single server, the target's website's firewall will see it instantly. Your server's IP address gets {ts:391} blacklisted and your project is dead in the water. This is the fundamental challenge of large-scale data {ts:396} collection. And solving that exact problem is why I'm going to introduce you to Dakota. … {ts:492} It abstracts away the fragility of individual websites, handling bot detection and site changes for you. This {ts:498} means you can build more resilient data pipelines that require less maintenance, ensuring your data links and vector {ts:503} databases are constantly fed with fresh, high-quality data for training and rag systems. … And for software engineers and QA teams, flaky end-to-end {ts:539} tests are a nightmare. Stop debugging test failures caused by your CI/CD runner's IP getting rate limited or {ts:545} banned by a thirdparty API you integrate with. By routing your Playright or Selenium tests through Dakota's network,

AI tools are rapidly advancing, but their success hinges on the underlying network infrastructure. Institutions embracing AI for administrative automation, predictive analytics, or interactive learning must ensure their networks can handle increased traffic without bottlenecks. Poorly optimized networks lead to delays and inefficiencies, undermining the potential of AI. The other element is a harsh financial reality: the costs of AI innovation are fully incremental. IT and financial departments will have to work together to find savings elsewhere to fund AI implementation. Prior investments in enterprise network technology are hard to justify – it may be time to look at high-performance network technology without huge license/maintenance costs. … ## Balancing Security and Performance Increased focus on cybersecurity often hampers network performance. There are two issues here, actually. The rapid deployment of Zero Trust (ZT) or Secure Access Service Edge (SASE) models has lead to systems delays and low performance, frustrating users. Much of the post-COVID budgets for networking and info-security have been used for modern security improvements, often at permanent and significant cost increases for large organizations. The result is that other parts of the IT infrastructure, like wired and wireless networks, have become bottlenecks, worsening over-all performance even more.

TCP/IP networks are complex systems where multiple layers and protocols interact. This complexity can lead to various issues that impact network performance and connectivity. Some of the most common problems include: - **Connectivity Problems**: Inability to connect to a network or access specific resources. - **IP Address Conflicts**: When two devices on the same network are assigned the same IP address, leading to communication issues. - **Routing Errors**: Incorrect routing configurations or tables cause data packets to be misdirected or dropped. - **DNS Resolution Issues**: Failures in converting domain names to IP addresses, preventing access to websites and online services. - **Slow Network Performance**: High latency, packet loss, or bandwidth congestion affecting network speed. Understanding these issues and their root causes is critical for effective troubleshooting. … 4. **Check Firewall Settings**: Ensure firewalls are not blocking necessary ports or protocols. 5. **Reboot Network Devices**: Restart routers, modems, and switches to reset configurations. **Solution**: ... 3 ** Release/Renew IP Addresses**: Use ipconfig /release and ipconfig /renew to obtain a new IP address. ... 2. **Configure Dynamic Routing Protocols**: Implement protocols like OSPF or BGP for automatic route updates. 3. **Restart Routing Devices**: Reboot routers to reset configurations. ... 1. Update DNS Settings: Change to a reliable DNS server or update DNS records if hosting your own DNS. 2. Inspect Host Files: Ensure no incorrect mappings are present in the hosts file that might override DNS settings. 3. Monitor DNS Servers: If managing a DNS server, monitor logs for errors and ensure it is correctly forwarding queries to upstream servers. … 1. Monitor Bandwidth Usage: Identify applications or devices consuming excessive bandwidth using tools like nload or network monitoring software. 2. Ping Tests: Check for high latency or packet loss by pinging local and remote hosts. 3. Check for Network Congestion: Analyze traffic patterns to identify congestion points, such as overloaded routers or switches. 4. Examine Network Hardware: Ensure cables, switches, and routers are functioning correctly and not causing bottlenecks. 5. Review Quality of Service (QoS) Settings: Check if QoS is correctly prioritizing critical traffic. **Solution**: 1. Optimize Network Traffic: Implement QoS policies to prioritize important traffic and limit bandwidth for non-essential applications. 2. Upgrade Hardware: Consider upgrading to higher-capacity switches or routers to handle increased load. 3. Load Balancing: Distribute network traffic across multiple paths or devices to reduce congestion.

As the core of the Internet infrastructure, the TCP/IP protocol stack undertakes the task of network data transmission. However, due to the complexity of the protocol and the uncertainty of cross-layer interaction, there are often inconsistencies between the implementation of the protocol stack code and the RFC standard. This inconsistency may not only lead to differences in protocol functions but also cause serious security vulnerabilities. … We conduct extensive evaluations to validate the effectiveness of our framework, demonstrating its effectiveness in identifying potential vulnerabilities caused by RFC code inconsistencies. Our experiments reveal 15 inconsistencies between code implementations and protocol specifications, including ISN generation, TCP challenge acknowledgments, TCP authentication, and TCP timestamp options across multiple operating systems. These inconsistencies can introduce serious vulnerabilities (e.g., traffic amplification and replay attacks) in the TCP/IP protocol suite. … ## 1 Introduction In the field of network and distributed systems, adherence to RFC (Request for Comments) specifications is crucial for ensuring the security and robustness of protocol implementations. ... However, inconsistencies between these specifications and their corresponding code can introduce various vulnerabilities, ranging from functional deviations to severe security risks such as traffic amplification and replay attacks. … Experimental results show that our approach achieves 91.1% accuracy and an F1 score of 0.857 based on GPT-4o, significantly outperforms vanilla LLM-based detection. As a result, our framework identified 15 inconsistencies between the code implementations and protocol specifications, including ISN generation, TCP challenge acknowledgment, TCP authentication, and TCP timestamp options, , which can introduce serious vulnerabilities like traffic amplification, data injection, and TCP RST spoofing. … ## 2 Background The TCP/IP protocol stack has experienced decades of development. As security issues and new features emerge, RFC standard documents are frequently updated, making compatibility and maintenance between versions a huge challenge. There are significant differences in code implemented by different vendors and communities, leading to increased collaboration and interoperability issues. At the same time, due to developers’ different understandings of standards and the fact that certain features are not implemented according to the standards (or are not implemented), inconsistencies between code and protocol standards may lead to corresponding security issues and functional failures. … An attacker can easily disconnect a legitimate TCP connection by guessing the connection’s four-tuple (source IP, destination IP, source port, destination port) and the sliding window range, and then sending a forged RST packet. Such attacks can lead to service disruptions (e.g., termination of HTTP, SSH, or database connections) and present a denial of service (DoS) risk, particularly affecting long-lived connections like video streams or remote control services. … Scalability in Large-Scale Code and Specifications The amount of code implemented in the protocol stack and the length of the RFC documents are very large, which poses a serious challenge to the scalability of the detection process. In addition, there are multiple protocol implementation versions (such as Linux and FreeBSD), and achieving comprehensive coverage requires a lot of human effort and computing resources, resulting in high time costs and computing costs. … #### 4.3.2 Incremental Specification Graph Construction ... With advancements in technology and evolving security requirements, protocol specifications are continually updated—typically through revisions and deprecations in RFC documents, which are indicated in the Standard Track to guide developers in their code implementations. However, system development and standard updates are not always synchronized, therefore different versions of systems may not timely adapt to the latest standards, leading to inconsistencies between the code implementation and the specification, potentially introducing security vulnerabilities. … - • RFC793 → RFC2385 → RFC5925: Addresses TCP authentication, transitioning from TCP MD5 signatures to TCP Authentication Options (TCP-AO). ... RFC793 → RFC1323 → RFC7323: Pertains to TCP performance extensions, such as window scaling and timestamps, and includes security considerations like PAWS and timestamp-related issues. … |Replay attack risks.| | |RFC 7323|Non-RST segment timestamps are not enforced (only check `sysctl_tcp_timestamps`) and `tcp_v4_reqsk_send_ack` directly uses `req->rcv_wnd` without right-shift, ignoring the window scaling factor; Random per-connection timestamp offsets are not implemented, with timestamp handling relying on `tcp_time_stamp`. … |RST spoofing attack. Blind in-window attack. ACK injection attack.| | |RFC 5925|Missing the support of TCP Authentication Option (TCP-AO).|Replay attack risks.| | |RFC 7323|Non-RST segment timestamps are not enforced (only check `sysctl_tcp_timestamps`) and `tcp_v4_reqsk_send_ack` directly uses `req->rcv_wnd` without right-shift; Random per-connection timestamp offsets are not implemented, relying on `tcp_time_stamp`.

In releasing this section for comment, I would like to point out that the report’s conclusions are based on a cumulative examination of various protocols and systems. We are at a point of time where other protocols and systems are equally problematic—the report points to some significant problems with DNS structure and scalability, and also points out that, to all intents and purposes, the basic email protocol, SMTP, is broken and needs immediate replacement. … Some of the significant developments not foreseen at the time of the original design include: Parts of the system are now over 20 years old, and the Internet is required to perform a number of important functions not included in the original design. New protocols have been developed, and various patches have been applied to base protocols, not always evenly. It seems appropriate to examine whether the current systems and processes are still appropriate. … It appears that TCP/IP’s main advantage is its capacity to scale backwards to existing old systems. Apart from that it appears to be in need of fairly significant modification for scaling to the future, where voice traffic, Internet television and other factors (see Future Needs section of the report) may demand a more sympathetic base protocol. … **Traffic Prioritization Issue** Although TCP/IP has proven to be remarkably robust, it may not scale to the future. In particular, TCP/IP does not know how to differentiate between traffic priorities (e.g. visiting a website requires a fairly immediate response as soon as we click on it, email delivery can wait a few seconds). This lack of prioritization is one of the major causes of the “slowness” of the Internet as perceived by users (real speed is something quite different and has a lot of other factors). **Unsuitability for Financial Transactions** As pointed out by Dr. Greg Adamson, “A financial transactions architecture must be deterministic: the result of the transaction in the overwhelming majority of cases has to be what was meant, and when it is not there should be evidence of what went wrong. The design of the Internet protocol suite TCP/IP is non-deterministic. It aims to achieve overall reliability in a network, not necessarily individual reliability for each segment of that network. … There are also security issues with TCP/IP, with researchers warning of vulnerabilities that need to be addressed. In April 2004, a major alert was issued to deal with a fundamental vulnerability. **Performance Issues** Users of large scale sites are already experiencing problems with the protocol, which tends to suggest that ordinary users will become affected in the near future, as bandwidth and processing availability continues to grow. **Assessment** TCP—if not TCP/IP—needs to be replaced, probably within a five to ten year time frame. The major issue to overcome is the migration issues (see below) **Migration Considerations** The problem of a new TCP is as complex (if not more so) that the TCPIPv4/v6 changeover which the Internet community has found very hard to deal with. However, the factors in slow IPv6 deployment largely revolve around the fact that there is no communicated compelling reason to change. Given that a point of time will arise when changes to TCP are necessary for basic performance, it can be expected that, if a migration is conducted with appropriate change management planning, the adoption will be far quicker and far smoother than the IPv6 changeover. However, some basic factors need to be taken into account:

This section will discuss the problems with the IP protocol and why it it not a good fit for the IoT. ## Small MTU The maximum transfer unit (MTU) refers to the maximum amount of bytes you can fit in a data-packet. The MTU can be as little as 64 bytes in many wireless IoT systems. This is in clear contrast with today’s IP networks which typically assume a minimum MTU of 1500 bytes or higher. ## Multi-link subnets Multi-link subnets is the notion that a subnet may span multiple links connected by routers. RFC 4903, “Multi-Link Subnet Issues” [29], documents the reasons why the IETF decided to abandon the multi-link subnet model in favor of 1:1 mapping between Layer-2 links and IP subnets. An IoT mesh network, on other hand, contains a collection of Layer-2 links joined without any Layer-3 device (i.e., IP routers) in between. This essentially creates a multi-link subnet model that is not anticipated by the original IP addressing architecture. ## Multicast Multicast is a group communication model where data-transmission is addressed to a group of destination devices simultaniously. A lot of IP-based protocols make heavy use of IP multicast to achieve one of the two functionalities: notifying all the members in a group and making a query without knowing exactly whom to ask. Using multicast raises a number of concerns: - Devices sleeping will not receive the data-transmission - Receivers may have different data-transmission rate - Broadcasting data is too expensive, so a routing mechanism is necessary - Encryption for IP multicast still needs to be invented ## Mesh network routing IP based host-routing is a major challenge in constrained IoT devices as each host needs to maintain a routing table. This consumes memory and causes network overhead when the network changes. Also, forwarding traffic may involve decrypting the data from the incoming link and then encrypting it on the outgoing link – an expensive operation for battery-driven devices. ## Transport layer problems Due to the energy constraints, devices may frequently go into sleep mode, thus it is infeasible to maintain a long-lived connection in IoT applications. Also, a lot of communication involves only a small amount of data making the overhead of establishing a connection unacceptable. Unfortunately, current TCP/IP architecture does not allow to embed application semantics into network packets, thus failing to provide sufficient support for application level framing, which would allow the application more control over the data transmission. ## Application layer problems Many IoT applications implement a resource-oriented request-response communication model. ZigBee, CHIP/Matter are such examples. Influenced by the web, many IoT protocols has been working on bringing the same REST architecture into IoT applications. CoAP is an example of such a standard, which is also being used in the Thread protocol. There are a number of problems with this approach: - It usually requires resource discovery, such as DNS or Core-RD which in turn uses broadcast. - It requires that the client (requester) and the server (resource) is online at the same time - It requires a fundamental change to the security model in order to make the in-network caches secure and trustworthy ## Security In the IP based host-centric model, TLS/DTLS is used to secure the communication channel between the requester and the resource. However, this model does not fit with the requirements of IoT: - TLS/DTLS requires two or more exchanges of data to negotiate the communication channel, a resource and energy extensive task. Also, both ends have to maintain the state of the channel until it is closed, stopping devices from entering sleep-mode - Encryption for IP multicast still needs to be invented so security only works in host-based communication … These connections are secured with DTLS, which is energy- and bandwidth consuming task, so a better way is clearly needed. So why not just use CoAP multicast? Well, you can, but there is no standard for encrypting CoAP multicast traffic. In fact, (DTLS) encryption in IP multicast still needs to be invented, meaning that you can not send encrypted information over the air to other CoAP devices using multicast!

**Intermittent failures** can't be reproduced on demand. Packet captures and alerts only happen after the fact. Without continuous monitoring and historical baselines for comparison, you're troubleshooting in the dark. **Asymmetric routing** can cause traffic flows to work one direction but fail in the other, or use different paths with different network performance characteristics. Your basic ping tests succeed but applications timeout. **Bandwidth and performance problems** first show as degraded application performance, higher latency, and packet loss during load. But identifying which traffic is consuming capacity, and whether that usage is legitimate or a problem caused by malware or other bad actors, is difficult. **Configuration drift** occurs slowly. Over months and years your actual network configurations begin to diverge from your network diagram, making troubleshooting exponentially more difficult. … |**Symptom**|**Likely Cause**|**First Diagnostic Step**| |--|--|--| |**One direction works, other doesn't**|Asymmetric routing or stateful firewall issues|Run `traceroute` in both directions and compare paths| |**Slow performance for specific applications**|QoS misconfiguration, application server issues, or port blocking|Test application ports specifically and check QoS policies| |**Everything worked until recent change**|Configuration error or incompatible firmware|Review change logs and consider rollback| |**No valid IP address assigned**|DHCP server failure, IP address pool exhaustion, or DHCP relay issues|Check DHCP server logs and verify scope availability|

The IP Service Model The underlying networks provide a possibly unreliable “datagram” sevice Unreliable: packets may be dropped, damaged, duplicated, reordered Packets are forwarded to the next hop to their eventual destination—or dropped if not deliverable Packets may be dropped because of network congestion Very little concern for the correctness of any packet Stateless forwarding—what happens with a packet does not affect what happens to the next packet Note: this is the service model—implementations can behave differently to optimize things if they wish TCP/IP Issues 10 / 42 … sequence number Note that at this point, the server has to create state for this half-opened connection The client’s reply has only the ACK bit set, plus n acknowledgment of the server’s initial sequence number This is called the three-way handshake, which takes 1.5 round trips The connection is not fully open until the server receives this last message TCP/IP Issues 22 / 42 … Error Handling Only in TCP Why doesn’t the IP layer drop damaged packets? TCP/IP Issues 25 / 42 Error Handling Only in TCP Why doesn’t the IP layer drop damaged packets? IP could check (and many link layers do check)—but that’s redundant TCP has to check anyway UDP might not want a check–think OFB encryption This is the end-to-end principle Worth noting: because most links are very reliable (and many have their own checksums), very, very few packets are dropped because of TCP checksum issues TCP/IP Issues 25 / 42

- Unicast flooding - Out of order packets - Asymmetric routing - The impact of microbursts - ICMP unreachables and redirects - IPv4 options and IPv6 extension headers - IPv4 and IPv6 fragmentation - TTL - IP MTU - IPv4 and IPv6 path MTU discovery - MSS - TCP latency - Windowing - Bandwidth delay product - Global synchronization - TCP options - Starvation - UDP latency. Unicast Flooding: … However, packets that arrive out of order typically inhibit network performance dramatically. For example, the TCP receiver could send duplicate ACKs to trigger the fast retransmit algorithm. The TCP sender, upon receiving the duplicate ACKs, assumes packets were lost in transit and reduces the TCP window size, which reduces the TCP throughput. Forwarding schemes that implement per-packet load distribution often result in out-of-order packets being received at the destination. … A packet may need to be fragmented multiple times during transmission if the MTU decreases multiple times along the path. Routers along the path do not perform fragmentation reassembly, even when a fragment is fragmented again due to an even lower MTU along the path. It is up to the TCP/IP stack in the end device to reassemble the fragments. Fragmentation in the network introduces extra overhead, since only the ultimate destination device can re-assemble the fragments. … When performing a traceroute from Cisco devices, which send three probes to each hop by default, the second probe in the final hop usually times out. This is due to the default ICMP rate limiting of Cisco IOS. The error messages returned from the intermediate routers are “TTL Exceeded”, whereas the message returned by the ultimate destination is “Destination Unreachable”. … For example, the default Ethernet MTU is usually 1500 bytes in most implementations. When an IP packet carrying a TCP segment needs to be sent, 20 bytes are used for the IP header, and 20 for the TCP header, which leaves 1460 bytes left for the actual data payload. When setting the MTU, some platforms (like Classic IOS) do not consider the Layer 2 header, while others (like IOS-XR) do. The default MTU of 1500 for an Ethernet interface on Classic IOS is equivalent to the default Ethernet MTU 1514 on IOS-XR. If the data to be sent is larger than the supported MTU on an interface, it must be either fragmented or dropped. Larger MTU values reduce protocol overhead at the expense of having to re-transmit more data when data is lost or corrupted during transport. MTU can be an issue for IP when different tunneling protocols are used on top of IP. For example, IP-in-IP adds another 20 bytes of overhead, effectively reducing the MTU of the payload by 20. … Likewise, when implementing tunneling, the TCP MSS is often adjusted to avoid fragmentation at the IP layer because of the overhead associated with the tunneling protocol(s). Cisco IOS supports changing the MSS of TCP SYN packets that are sent through the router. This is commonly used with PPPoE, which supports an MTU of 1492 bytes. … TCP latency is often defined by the RTT Round Trip Time, which is the length of time it takes to receive back a response from a TCP message. For example, establishing a new TCP session involves sending a SYN and expecting to receive a SYN/ACK in response. Latency begins with the propagation delay, which is no faster than the speed of light. Serialization delay, and intermediary device processing also add to the overall latency. … Global synchronization results as a combination of how TCP uses slow-start and windowing, combined with tail-drop queuing on the router. One way to alleviate these symptoms is to use Random Early Detection queuing, where packets in a queue approaching congestion are randomly discarded, which causes the individual TCP stream to reduce its window size temporarily. By perform this action randomly on individual TCP streams, instead of all at once on all TCP streams (tail drop), the bandwidth of the link is used more efficiently.