IETF Logo Mail Archive

Re: [Int-area] Middleboxes to aid the deployment of MPTCP

Tom Herbert <tom@herbertland.com> Wed, 19 July 2017 15:45 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F582131A76 for <int-area@ietfa.amsl.com>; Wed, 19 Jul 2017 08:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fcKfiCbGPgO for <int-area@ietfa.amsl.com>; Wed, 19 Jul 2017 08:45:06 -0700 (PDT)
Received: from mail-wr0-x22b.google.com (mail-wr0-x22b.google.com [IPv6:2a00:1450:400c:c0c::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 407481317BE for <int-area@ietf.org>; Wed, 19 Jul 2017 08:45:06 -0700 (PDT)
Received: by mail-wr0-x22b.google.com with SMTP id 33so3714484wrz.4 for <int-area@ietf.org>; Wed, 19 Jul 2017 08:45:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=CCA8uCf1rl17RLz3Jmv/5hgHdHMez4gHC7u9VG6r6FA=; b=o3MfY53N9FllsxqODB7YnckSKJ31dSVLdVzRw/A/2LA7VMOsiSr3F1GrLx7qQFs5bL DI3Vykz9vqS4uS2jE43VvvE7XLThb3K5pA9gmYsCO/JRKNuR5SnJQyp0AhL+mbCn7P2g qTjUl+IanBnE/dI4uDNibMGgEtnvsnyzB1gJ8MzdxiVNVzAnDR0qbZ3YGMOj55xfi0tV JmaIU/WQsu92dG7ksZeQZQOYFeeziGrwrCEGv5PWwpAlZUfyi8jYYF/lopA88f6Qa0kb xdknf491pbvy8gPXJ2lgI5WQ3uDZg2H23g7ETlnfyf1tDwt20p1jjYy7WCDlvLWQe/xG VOzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=CCA8uCf1rl17RLz3Jmv/5hgHdHMez4gHC7u9VG6r6FA=; b=SzGF5y9tDQfzwfvP20mmO7+a7JKHa83A0loCut16TQ3jhxGTnetAOkTrU8e6QkawLg slKgmTWmtKMqUcL5S4X5H/67U7sSF5KZ0SR1CoyNfjXVINz0gDme71U5cqc2b+Ki05y1 ZAyHEOVcWQz7k/B6V4WAv1RFmcGxCPda2isyyN/H7Pnl88qwI6x7ZYXfT37DHPtTQdWS wq6PvNq/Nq0ff+pbVFZ9yBExmShfgL7LIyKIXyuVsJlNvy3LMyE2J/sLnpLH2W88LKKk hx+qlVrMsZLTOPsnY+3lQ0fFp6hQp2hAmuA1ya3XM76CWpLS/cnIz6ZQvX8Zl6FDYOVc SNqw==
X-Gm-Message-State: AIVw112OkFFlaRnxJbT/33z5nq8q3z496p5Fu/1dUlgzPEx3ys3lflyY KeeWyOqovkroU53jSPWf97SX4tbabmr8
X-Received: by 10.223.169.2 with SMTP id u2mr713962wrc.288.1500479104427; Wed, 19 Jul 2017 08:45:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.128.66 with HTTP; Wed, 19 Jul 2017 08:45:03 -0700 (PDT)
In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A00EA6D@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <fe384d2b-a0ba-9444-2ee9-cd0de6d24b7c@tessares.net> <61608b70-6861-e7f8-96de-5679718a9680@isi.edu> <CALx6S35LpE=Z8DhanPuVcN9sVR2rkxtFPUZMd6Z4v1PHsnzF0w@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93300A00EA6D@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 19 Jul 2017 08:45:03 -0700
Message-ID: <CALx6S34SicdYJj662qwu3CMHrU_ZDg2qsEQFQwnSW4y-H87FCA@mail.gmail.com>
To: mohamed.boucadair@orange.com
Cc: Joe Touch <touch@isi.edu>, "tsv-area@ietf.org" <tsv-area@ietf.org>, Internet Area <int-area@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/K4cJnSRZGfPvh-Wq7LPZ8oKkDyg>
Subject: Re: [Int-area] Middleboxes to aid the deployment of MPTCP
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 15:45:08 -0000

On Tue, Jul 18, 2017 at 11:37 PM,  <mohamed.boucadair@orange.com> wrote:
> Hi Tom,
>
> Please see inline.
>
> Cheers,
> Med
>
>> -----Message d'origine-----
>> De : Int-area [mailto:int-area-bounces@ietf.org] De la part de Tom Herbert
>> Envoyé : mercredi 19 juillet 2017 00:43
>> À : Joe Touch
>> Cc : tsv-area@ietf.org; Internet Area
>> Objet : Re: [Int-area] Middleboxes to aid the deployment of MPTCP
>>
>> On Tue, Jul 18, 2017 at 3:31 PM, Joe Touch <touch@isi.edu> wrote:
>> > Hi, all,
>> >
>> > I've noted this before, but to share with other areas:
>> >
>> > Although I'm not averse to middleboxes as optional optimizations, I find
>> > the proposed mechanisms aren't quite optional -- they inject option
>> > information into the SYN data. That information would poison a
>> > connection to a legacy receiver if (more to the point, when) that info
>> > isn't removed by a proxy upstream of the receiver.
>> >
>> > TCP must be E2E and fall back to legacy endpoints without a reconnection
>> > attempt, as required by RFC793.
>> >
>> > These aren't generic solutions; they're attacks on a TCP connection,
>> IMO.
>> >
>> I agree. This seems be akin to stateful firewalls model that impose
>> artificial requirements on networking (like every TCP packet for a
>> connection must got through some middlebox or the connection is
>> dropped). We need to move things back to E2E semantics for transport
>> protocols-- nodes that try to maintain transport state in the network
>> should be considered the problem not the solution!
>>
>
> [Med] We would love to avoid requiring adding a function in the network to assist devices to make use of their multiple interfaces/paths. Nevertheless, the situation is that servers do not support MPTCP.
>
> The proposed solution allows to:
> * elect some flows to benefit from network-assisted MPTCP while avoiding session failures.
> * Policies are configured to identify traffic that won't be forwarded via a proxy
> * 0-RTT proxying
> * MPTCP can be used e2e if both end points are MPTCP-capable (that is, the proxy is withdrawn from the path).
> * No interference with TCP options to be negotiated between endpoints.
>
> Do you have in mind such use cases when you referred to the "stateful firewalls model"?

One of the problems with stateful firewalls (as well as transparent
proxies) is that they require all packets for a flow to consistently
traverse the same middlebox device. The middlebox is not addressed by
the packet, so the assumed requirement is that packets for the flow go
though the same network node by virtue of routing. For a firewall in a
single-homed site to the Internet this works because the firewall is
the only egress/ingress point to the network. If a site is
multi-homed, then the hope is that routing of packets in both
directions will go through the same point. But there is absolutely no
requirement that network layer packets for a flow are always routed
the same way, and if routing does change and packets need to flow
through different points the session breaks.

If I'm reading the draft correctly, then it has the same property of
maintaining transport state in the network so it implies the same
requirement that all packets for a flow follow the same path.
Personally,  would find it ironic that a a protocol to allow muli-path
transport would require the network layer to be single path.

Tom

>
>> Tom
>>
>> > Joe
>> >
>> >
>> > On 7/18/2017 3:22 PM, Olivier Bonaventure wrote:
>> >> The working group has discussed this issue several times and today we
>> >> have presented a new design that supports the creation of such
>> >> functions to convert MPTCP connections into TCP connections and vice
>> >> versa. The design was done with MPTCP in mind, but the proposed
>> >> solution could be more generic and applied to other use cases than
>> >> MPTCP. The draft that describes the new design is available via:
>> >>
>> >> https://www.ietf.org/internet-drafts/draft-bonaventure-mptcp-
>> converters-01.txt
>> >>
>> >>
>> >> Mirja Kuehlewind suggested to send the document on the int-area and
>> >> tsv-area mailing lists to see whether other working groups could be
>> >> interested by this approach.
>> >
>> > _______________________________________________
>> > Int-area mailing list
>> > Int-area@ietf.org
>> > https://www.ietf.org/mailman/listinfo/int-area
>>
>> _______________________________________________
>> Int-area mailing list
>> Int-area@ietf.org
>> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email