Use Protective ReRoute to optimize TCP network resiliency

Protective ReRoute (PRR) is a host-based technique to route packets around faults in a multipath network. PRR is deployed across Google's global network, where it works with existing resiliency mechanisms to improve network availability for all users.

Choose a PRR mode

Google Cloud provides PRR in two modes: Hypervisor mode and Guest mode.

PRR in hypervisor mode

PRR in hypervisor mode protects most traffic by default, but has the following limitations:

• If an instance has a huge traffic fan-out, for example, if an instance is actively sending packets to thousands of cross-region instances at the same time, not all packets are protected.

• Hypervisor mode PRR protects key segments of the network path but isn't fully end-to-end.

• Hypervisor mode PRR reacts within single-digit seconds.

PRR in guest mode

Guest mode PRR can be used for critical applications that are particularly sensitive to short-duration network events, have large fanout patterns, are highly sensitive to packet loss, or require the fastest possible network recovery time (at RTT timescale).

All Google Cloud customers automatically get hypervisor mode PRR with no configuration actions required.

Configure guest mode PRR

You should use guest mode for applications that are highly sensitive to packet loss, require large fan-out patterns, or need the fastest possible network recovery.

To configure guest mode PRR, performing the following steps.

1. Verify the version of the Linux kernel. Use the following command to confirm that the instance OS is using version 4.20 or later:

   uname -r
   

2. Verify that IPv6 flow labels are automatically generated. Use the following command to check that the /proc/sys/net/ipv6/auto_flowlabels setting is enabled. This sysctl setting is often enabled by default.

   cat /proc/sys/net/ipv6/auto_flowlabels
   

   If the value is not 1, then enable it in your system configuration.

3. Use the gVNIC network interface driver for full PRR support. To protect both IPv4 and IPv6 traffic, your instance must use a gVNIC network interface. If the instance uses the VirtIO network interface, then PRR protects only IPv6 traffic.

What's next

• Learn about global networking products for Google Cloud.
• Read more about network service tiers for Google Cloud.