IETF Logo Mail Archive

Re: [Masque] IP Proxying

Andreas Kassler <andreas.kassler@kau.se> Tue, 14 April 2020 06:59 UTC

Return-Path: <andreas.kassler@kau.se>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E24B3A0E1E for <masque@ietfa.amsl.com>; Mon, 13 Apr 2020 23:59:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kau.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TCBS539wrdJc for <masque@ietfa.amsl.com>; Mon, 13 Apr 2020 23:59:24 -0700 (PDT)
Received: from smtp1.kau.se (smtp1.kau.se [130.243.21.250]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED463A0E1D for <masque@ietf.org>; Mon, 13 Apr 2020 23:59:23 -0700 (PDT)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [192.36.171.201]) by smtp1.kau.se (Postfix) with ESMTP id 5F7B41855E19; Tue, 14 Apr 2020 08:59:22 +0200 (CEST)
Received: from Exch-A1.personal.kau (exch-a1.kau.se [130.243.19.82]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 03E6xLha113027 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Tue, 14 Apr 2020 08:59:21 +0200
Received: from Exch-A2.personal.kau (130.243.19.83) by Exch-A1.personal.kau (130.243.19.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1847.3; Tue, 14 Apr 2020 08:59:20 +0200
Received: from Exch-A2.personal.kau ([fe80::d09:7e68:ff95:4a60]) by Exch-A2.personal.kau ([fe80::d09:7e68:ff95:4a60%6]) with mapi id 15.01.1847.009; Tue, 14 Apr 2020 08:59:05 +0200
From: Andreas Kassler <andreas.kassler@kau.se>
To: Victor Vasiliev <vasilvv=40google.com@dmarc.ietf.org>
CC: Eric Rescorla <ekr@rtfm.com>, David Schinazi <dschinazi.ietf@gmail.com>, Martin Duke <martin.h.duke@gmail.com>, MASQUE <masque@ietf.org>
Thread-Topic: [Masque] IP Proxying
Thread-Index: AQHWD2ARSQZ/AcR2SkGghVpcq/GF+ahyg2SAgAACoYCABVWKgIAAOJoA
Date: Tue, 14 Apr 2020 06:59:05 +0000
Message-ID: <7057AFB9-F310-4DAC-99BF-2D5F9BAD9A28@kau.se>
References: <CAM4esxRzXhM7cYNDJkwZ4vMRE6D3iw4L63wKW=SYF7w3HuNLNw@mail.gmail.com> <CAPDSy+7NDRBVEh8ofVfXq_sMpak5eA1RHKO9yk114-1FV4agJg@mail.gmail.com> <CABcZeBOBa6Wd3obnqSbWxwsJXqpj_G5BQB4GKd+cm4GMOFdqKQ@mail.gmail.com> <CAAZdMae=WGg_urSbKDY7qB0PekRb37kGAmLLzAiCpCUEX3pD_A@mail.gmail.com>
In-Reply-To: <CAAZdMae=WGg_urSbKDY7qB0PekRb37kGAmLLzAiCpCUEX3pD_A@mail.gmail.com>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.243.27.149]
Content-Type: text/plain; charset="utf-8"
Content-ID: <7EB2B5C71D72334D917A5D4AF1196E53@personal.kau>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Bayes-Prob: 0.9999 (Score 5, tokens from: outbound, outbound-kau-se:default, kau-se:default, base:default, @@RPTN)
X-p0f-Info: os=Windows 7 or 8, link=Ethernet or modem
X-CanIt-Geo: No geolocation information available for fe80::d09:7e68:ff95:4a60
X-CanItPRO-Stream: outbound-kau-se:outbound (inherits from outbound-kau-se:default, kau-se:default, base:default)
X-Canit-Stats-ID: 092quXlLd - f60ff1c429fa - 20200414
X-Antispam-Training-Forget: https://mailfilter.sunet.se/canit/b.php?c=f&i=092quXlLd&m=f60ff1c429fa&rlm=outbound-kau-se&t=20200414
X-Antispam-Training-Nonspam: https://mailfilter.sunet.se/canit/b.php?c=n&i=092quXlLd&m=f60ff1c429fa&rlm=outbound-kau-se&t=20200414
X-Antispam-Training-Phish: https://mailfilter.sunet.se/canit/b.php?c=p&i=092quXlLd&m=f60ff1c429fa&rlm=outbound-kau-se&t=20200414
X-Antispam-Training-Spam: https://mailfilter.sunet.se/canit/b.php?c=s&i=092quXlLd&m=f60ff1c429fa&rlm=outbound-kau-se&t=20200414
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=kau.se; h=from:to:cc :subject:date:message-id:references:in-reply-to:content-type :content-id:content-transfer-encoding:mime-version; s=canit; bh= Eh+g17fCtQ4FQpySnfQyEY4T/CCAdmB2SbtNUxlUXxc=; b=dzIKI61p2KuLxCtP 0z9XHKXUfUk3UnNLva3nNweKfmji8KqDRzjwHwkI0ZucNkCmcFppufORRNW1k3Kq NZRJ6/5kxTcM/WJupdd6U22FzlX4hPIbY0NMmqIPpIjN+tfmPeRCOeJOCVVC4fDR kZA8vxEGhyiqYH8BZM4ai59zvmSnBwasUidmKEgcu4WGihvwUnC7KHFGVmu4I0KT JznKbDZ6I1o5mARHt19o+a//o4E910Cdad0Jv5IG+e9+vhZ/ToRhaphk+6WP+gaq z2A07mZApUiDVuQ6kU3RP9Aiu3uJfaKmCbEXsCfjQqO1J+ixTxt50twhjXdijo15 +nMpRQ==
X-Scanned-By: CanIt (www . roaringpenguin . com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/vTx00Pi70sZJzTO4xveJoOv2vv4>
Subject: Re: [Masque] IP Proxying
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 06:59:28 -0000

Its perfectly possible to implement a L4 proxying solution that does NOT require cooperation from the applications. You would create a TUN device and implement a scheduler that schedules IP packets entering the TUN device over different L4 connections that span from the TUN device to the proxy. The proxy can optionally implement reordering methods. By doing so, you could use individual TCP tunnels, MP-TCP tunnels, MP-QUIC tunnels or DCCP tunnels to tunnel IP packets. 
Please see https://tools.ietf.org/html/draft-amend-tsvwg-multipath-framework-mpdccp-01
for more information. There is also a LCN 2019 paper on this with performance evaluation.

Andreas

> On 14 Apr 2020, at 05:36, Victor Vasiliev <vasilvv=40google.com@dmarc.ietf.org> wrote:
> 
> I think the question is not "do protocols other than TCP and UDP exist", but more of L3 vs L4 proxying.  L3 forwarding is usually easier to implement consistently, since it involves creating and configuring a TUN device and using OS-level mechanisms to ensure all of the traffic goes there.   L4, on the other hand, requires cooperation from individual applications.  Of course, terminating an L4 proxy is much easier than terminating a VPN, so they have different applicability domains.
> 
> On Fri, Apr 10, 2020 at 2:10 PM Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> On Fri, Apr 10, 2020 at 11:00 AM David Schinazi <dschinazi.ietf@gmail.com> wrote:
> What about other protocols such as ICMP or IPv6 extension headers?
> 
> What about them? Pretty much any modern application layer protocol has to be designed under the assumption that they don't exist.
> 
> 
> The Internet isn’t limited to TCP and UDP :-)
> 
> I've got some bad news for you.....
> 
> -Ekr
> 
> 
> On Fri, Apr 10, 2020 at 10:46 Martin Duke <martin.h.duke@gmail.com> wrote:
> Apologies for being slow on the uptake, but what is the use case for IP proxying? For a VPN scenario, simply assigning a stream to each TCP and UDP flow the client wants should be sufficient, no?
> 
> Martin
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email