The Transfer Control Protocol (TCP) is a stream-oriented, transport-level protocol widely used in the Internet [21]. It is sometimes called TCP/IP, due to its tight relation to Internet Protocol (IP), a network-level protocol forming the core protocol in the Internet. A TCP stream is a bidirectional network connection established between two communicating parties. Each party is identified by means of an end point - a combination of the network address of the machine on which the party resides and the port number it uses. All data in the TCP stream are sent in portions, called segments. Each segment consists of a header, identifying the end points of both parties, and of a so-called payload, which is simply a piece of raw data provided by the higher-level software. TCP provides reliable communication by means of acknowledgments and retransmissions.
What is important for us is that the complete TCP segment is assembled on the machine that sends it. In particular, the machine can use an arbitrary origin end point when producing the header (instead of its own), and pretend that the segment originates from somewhere else. Not only can the end point machines play with the headers, but the routers in the path can do it as well.
Falsifying the end points in the segment headers is called ``IP spoofing,'' and can be used to break into remote systems. In our case, however, it can be used with good intentions. Basically, we want to modify the behavior of the service network gateway. Instead of forwarding all the service-related traffic to the service machine, the gateway can switch the traffic between many service replicas. By looking at the target end point in the segment header, the gateway can recognize for which service the segment is intended. It can then select the best replica for the segment, and rewrite the destination address of the segment to forward it to the selected replica. The replica can send its responses directly to the client without bothering the gateway. It uses the ``IP spoofing'' technique to pretend that the response segments originate from the service machine (see Figure 2.4). What is important is that the selection made for the first segment of each stream has to be kept consistent through the lifetime of the stream, as no single stream can be shared by several replicas.
Another important detail is that the acknowledgments sent by the client still have to be dealt with by the gateway, as they are addressed to the service machine. In particular, they have to be forwarded to the respective replica as well. The complete mechanism is called a ``TCP handoff,'' as it is based on passing the duty of servicing the TCP connection to the selected replica [23].
The TCP handoff is totally transparent from the client's point of view. Since it operates on transport-level streams, clients can never be aware of being redirected. They send their requests to the service machine and do not know that the intermediate gateway switches them between replicas.
Unfortunately, operating on such a low level also has a few negative consequences. The main one is that the complete mechanism is relatively complex. It requires using a specific network structure, modifying the operating system of each machine hosting a service replica, and implementing switching mechanisms on the gateway. All these requirements make it difficult to deploy and maintain this kind of redirection mechanism.
Another negative aspect of using the low-level traffic switching is that it does not scale efficiently over a wide-area network. This technique was originally designed for clusters and local-area networks where it proved to be highly efficient. But if we want to use it with replicas distributed worldwide, the matter starts to look much worse. We can no longer use local network facilities to pass a segment to a replica. Instead, we have to encapsulate the segment, and forward it through the external network, which introduces additional traffic and increases the response latency. This need for switching every incoming segment can dramatically degrade the overall performance of the system. Imagine a situation in which the service machine is placed in Europe and one of its replicas is in Australia. Usually, a client from Sydney is redirected to the Australian site. But every request is first sent to Europe, from where it is forwarded to Australia. Only the response is sent directly from the Australian site to the client. It is clear that something is wrong here. We can conclude that the TCP handoff mechanism does not fit well in wide-area systems.
One more drawback of the TCP handoff treated as a redirection mechanism is that it distinguishes services based only on the combination of the target machine address and port number. In this way, if we want to replicate a service, we need to make a full copy on each replica, thus losing the flexibility of partial replication.
Yet another disadvantage of the TCP handoff, as was the case in the HTTP-based redirection, is that the client cannot be offered more than one replica to choose from. The redirection mechanism remains in full charge of what happens to the client requests.
![\includegraphics[width=10cm]{xfig-tcpprinc.eps}](img5.png)