User Tools

Site Tools



PEPsal : A TCP proxy

PEPsal is a Performance Enhancing Proxy (PEP), used for optimizing TCP connections on satellite links. It works at multiple layers (IP, TCP, and Application): it uses netfilter to intercept those connections that would involve a satellite links and “steals” the TCP SYN packet in the three-way handshake phase of a TCP connection, then pretends to be the other side of that connection, and initiate a new connection to the real endpoint, using a userspace application that directly copy data between the two sockets. It thus effectively splits the TCP connection in two.

PEPsal represents a valid solution for the degraded TCP performance when satellite links are involved. It does not require modifications on content servers, or satellite receivers, it is sufficient to set it up in a computer traversed by the TCP connections.

It is designed to follow the advices in IETF RFC3135, to implement a simple TCP Split technique.

This work has been originally done by Daniele Lacamere, Carlo Caini, …

CNES has proposed to maintain and make some evolutions for the satellite community alongside OpenSAND, in a complementary way.


By default, PEPsal will be launched as a service, running the pepsal binary as a daemon.

For more details, here is :

OpenSAND manual provides an example of use with OpenSAND.

PepSAL design

PEPsal works a multi-layer proxy, that works at two levels: at network level, and at application level.

At the network level, PEPsal uses netfilter, a Linux framework that handles all network packets that pass through the system. netfilter is configured to reroute the packets belonging to TCP connections that have to be optimized to a local socket handled by the PEP, instead of being routed to the destination.

At application level, a binary, called pepsal, receives these redirected packets. If these packets are SYN segments establishing a new connection, PEPsal accepts the connection on behalf of the destination, and creates new socket that connects to it, splitting in two the connection. If the packets received by PEPsal are data segments, then they are copied between the endpoints, to relay the information from one host to another.

For a more detailed description, refer to PEPsal design


pepsal/index.txt · Last modified: 2020/04/02 15:26 by duboise