RFC 7413, "TCP Fast Open", December 2014Source of RFC: tcpm (tsv)
See Also: RFC 7413 w/ inline errata
Errata ID: 5373
Publication Format(s) : TEXT
Reported By: Vladimir Nicolici
Date Reported: 2018-05-31
Verifier Name: Mirja Kühlewind
Date Verified: 2018-06-14
Section 188.8.131.52. says:
For any negative responses, the client SHOULD disable Fast Open on the specific path (the source and destination IP addresses and ports) at least temporarily.
It should say:
For any negative responses, the client SHOULD disable Fast Open on the specific path (the source and destination IP addresses and the destination port) at least temporarily.
The original language seems to imply that the cached negative response should only affect connections if they are initiated from the same source port and source IP.
Since the client source port can change for subsequent TCP connections, and it's unlikely that just changing the source port would result in a successful TCP FO connection when a previous connection from a different source port failed, associating the cached negative response with the source port is probably not very useful, and could actually be detrimental to performance and reliability, depending on the implementation.
If the implementation would decide to check the source port when matching negative cached responses to a new connection, it would negatively impact performance when the source port changes, because the implementation wouldn't find a matching negative response in the cache.
Furthermore, if each connection retry is made from a different source port, checking the source port when matching the cached negative responses would make the client unable to connect to the server, until all possible source ports are included in cached negative responses.
This means it's much better not recommending to associate the source port to the cached negative responses, to prevent any confusion and possible implementation issues.
Either that, or add additional clarification, describing exactly how a negative cached response should be matched to a subsequent connection attempt.