So the headline number here is that 20% of clients are on networks where TCP fast open doesn't work. TFO is just about the worst case when it comes to this. It's not simply adding a TCP option that could be ignored by middleboxes. It's essentially modifying the TCP state machine. It's also a very fresh standard; networking equipment doesn't get replaced every 2 years.
(I happened to implement TFO for a middlebox just a couple of weeks ago. The changes were much more invasive than for the average TCP extension).
Unfortunately there isn't a breakdown of that 20%. Is it just connections where the SYN was dropped or the connection breaks after the SYN was let through? Or does it also include cases where the TFO options get stripped away? There's a huge difference in how serious these cases are.
It'd be great if someone put together a test suite for networking equipment to test for things like this. It could give a scorecard after checking that TCP fast open, SCTP, Websockets-over-HTTP, IPv6, WebRTC and any other new networking technologies work correctly.
I have no idea how to tell which routers and IDSes will silently make my network / internet connectivity crappy.
This is a special case example of why middle-boxes, especially those that actually modify traffic rather than just scanning or prioritizing it, are evil.
(I happened to implement TFO for a middlebox just a couple of weeks ago. The changes were much more invasive than for the average TCP extension).
Unfortunately there isn't a breakdown of that 20%. Is it just connections where the SYN was dropped or the connection breaks after the SYN was let through? Or does it also include cases where the TFO options get stripped away? There's a huge difference in how serious these cases are.