Notice

I wrote this article and was originally published on Qiita on 26 February 2023.

This passage is to explain why running network tunnel under TCP (for example running OpenVPN under TCP) is horrible idea.

Characteristic of TCP

1. Stateful: sequence number is marked on every packet, so receiver can reconstruct the data stream ever if packet is received out of sequence

2. Lossless: receiver need to acknowledge which packet is received, otherwise sender will resend it. Furthermore flow control mechanism is also implemented in TCP, sender will limit number of packet send if resend mechanism is triggered.

Why it is horrible idea

Stateful and lossless are not necessary for network tunnel protocol. Sequence maintenance of packet of TCP increase the latency of tunnel traffic because tunnel destination must wait for packet with small sequence number before sending already received packet with large sequence number.

Lossless is useless because packet tracing will be handled by destination (if TCP is used).

Furthermore, flow control mechanism makes thing worse. For example, current throughput of tunnel is 1Mbps, if one of the packet is lost (packet loss is very common in network), the throughput will drop significantly due to number of packet send is limited in resend mechanism. As a result tunnel buffer is full and packet will be dropped.