Re: [multipathtcp] Two proxy scenario (network proxy off path)

Christoph Paasch <cpaasch@apple.com> Wed, 29 March 2017 15:47 UTC

Return-Path: <cpaasch@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DFEC1296EA for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 08:47:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KC5dv6idlzGJ for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 08:47:01 -0700 (PDT)
Received: from mail-in23.apple.com (mail-out23.apple.com [17.171.2.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C91129422 for <multipathtcp@ietf.org>; Wed, 29 Mar 2017 08:46:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1490802413; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=LIBHXJgapDOm4YyNbaRhHl/TZHkLhhMnHKz5JuoL5qk=; b=RhOAYGYiSAleQIq8oolsLneSmjvKfsmK0txHPWnEl1UfIFsWK2CW+TIGkVeJMFv2 OCaXAuZhMSINJJ8fZVFpYjuF4uBwBy7onm4jIZxNz7mWXI7kwheOCZ+20M3ddw+L jBbr2mUeC2o6YW3nxd6AyP1+yJwIR9fjYkPd0usrToGT7D2bL0UV89nfFy2gFB5M H1r+EkTZTFjgHmRazhRB+f2vXc34QQM9LR2gmP8ebjVQnQiRR1fIlXXtZ5E3ENqH tKNjqqakO7tCoo0D7GtoNjXmHPaPx4EU1ZAPJa9/N19fac6t6ITwfEgDIuqRyerL Dtep/QxmKEBktrU5/3SIxQ==;
Received: from relay26.apple.com (relay26.apple.com [17.171.128.107]) by mail-in23.apple.com (Apple Secure Mail Relay) with SMTP id 7B.89.29767.DE6DBD85; Wed, 29 Mar 2017 08:46:53 -0700 (PDT)
X-AuditID: 11ab0217-0fc2f9a000007447-90-58dbd6ed03b4
Received: from ma1-mmpp-sz08.apple.com (st1-02-mail-lb2-v365-snip.apple.com [17.171.128.5]) by relay26.apple.com (Apple SCV relay) with SMTP id F0.80.18300.DE6DBD85; Wed, 29 Mar 2017 11:46:53 -0400 (EDT)
MIME-version: 1.0
Content-transfer-encoding: 8BIT
Content-disposition: inline
Content-type: text/plain; charset=iso-8859-1
Received: from localhost ([17.168.191.252]) by ma1-mmpp-sz08.apple.com (Oracle Communications Messaging Server 8.0.1.2.20170210 64bit (built Feb 10 2017)) with ESMTPSA id <0ONL006F72I55600@ma1-mmpp-sz08.apple.com>; Wed, 29 Mar 2017 08:46:53 -0700 (PDT)
Sender: cpaasch@apple.com
Date: Wed, 29 Mar 2017 10:46:52 -0500
From: Christoph Paasch <cpaasch@apple.com>
To: "Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com>
Cc: "philip.eardley@bt.com" <philip.eardley@bt.com>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "multipathtcp@ietf.org" <multipathtcp@ietf.org>
Message-id: <20170329154652.GG2779@dhcp-8507.meeting.ietf.org>
References: <70EAECD3-22A6-420A-B84C-04B0673020DF@nokia.com> <20170329153901.GF2779@dhcp-8507.meeting.ietf.org> <3D71318E-8644-4FB3-8C7F-9DD4E5AFE89B@nokia.com>
In-reply-to: <3D71318E-8644-4FB3-8C7F-9DD4E5AFE89B@nokia.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrFLMWRmVeSWpSXmKPExsUiuLohW/fttdsRBn0LTS0Ov33KbvF59XU2 i2VrVzBaTPq9icWBxaPty2QmjyVLfjJ53L11icmj5dlJtgCWKC6blNSczLLUIn27BK6MgzPf MRVsMKiYf/0WawPjJrkuRk4OCQETid87VrB0MXJxCAkcZJRY0/CPGSYxafcWNojEWUaJru+b 2EESvAKCEj8m3wPq4OBgFpCXOHIpGyTMLCAt8ejvDHYIW0ei9/s3ZojeJiaJ9zs3M4IkhAUk Jbrv3AFbwCKgKtGwci0TiM0moCXx9nY7K4gtIuAqcWXPcrBmZoHljBKnz8xkhWh2l/h4pJ8N 4gg7iX0PN7JCbFjCKPHp0imwqZwCthL9h6aAFYkKKEv8PXwP7DcJgR1sEkduHmGfwCgyC8kX sxC+mIXki1lIvljAyLKKUTg3MTNHNzPPyFgvsaAgJ1UvOT93EyM4cpjEdzB+fm14iFGAg1GJ h7di7e0IIdbEsuLK3EOM0hwsSuK8+/bdihASSE8sSc1OTS1ILYovKs1JLT7EyMTBKdXAWLq7 6LdOUPxVzsP+DftvlCT8mC2ScLEyWfDKxYXPK1bsbLQ0b+0qMhbk++N/JWDvlh2qhq/2vmd6 sPLzS6/r+5vjFzg+aouwO7L9o9QqezGHI06/vxTK11+JnJVie1lJZK3CzzXluhHL1ddyHVG3 j3z8a+nqo26tsVtZliXwfMzMv3piSq9kixJLcUaioRZzUXEiAOGTgLx9AgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrLLMWRmVeSWpSXmKPExsUiuLqBVffttdsRBj8XGVgcfvuU3eLz6uts FsvWrmC0mPR7E4sDi0fbl8lMHkuW/GTyuHvrEpNHy7OTbAEsUVw2Kak5mWWpRfp2CVwZB2e+ YyrYYFAx//ot1gbGTXJdjJwcEgImEpN2b2HrYuTiEBI4yyjR9X0TO0iCV0BQ4sfkeyxdjBwc zALyEkcuZYOEmQWkJR79ncEOYetI9H7/xgzR28Qk8X7nZkaQhLCApET3nTvMIDaLgKpEw8q1 TCA2m4CWxNvb7awgtoiAq8SVPcvBmpkFljNKnD4zkxWi2V3i45F+Nogj7CT2PdzICrFhCaPE p0unwKZyCthK9B+aAlYkKqAs8ffwPZYJjIKzkBw+C+HwWUgOn4Xk8AWMLKsYBYtScxIrjcz0 EgsKclL1kvNzNzFCAj17B+PJe2aHGAU4GJV4eCvW3o4QYk0sK67MPcQowcGsJMLrdgooxJuS WFmVWpQfX1Sak1p8iFGag0VJnHevPVBKID2xJDU7NbUgtQgmy8TBKdXAmLl0hePO65ey3A4F fZTKL5muY3UtaUOC8uJLxqrBnRFX4zhij+4Jv6D3itXtMp/6bP+o/P538vxfLj5wtipY92wx dwuz+Kb77189tz/d9EZ+5umNtQsvMrP+vi6icDzukOncwnPZ93ZXlaVMrzz2cQ0/m/vdn1Xv p1QEzjh9I7H0vu6K5X6XviuxFGckGmoxFxUnAgB0uEbGcAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/1wZbzYA7OynDk8XRqWtncSw__L0>
Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path)
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 15:47:07 -0000

On 29/03/17 - 15:42:59, Henderickx, Wim (Nokia - BE/Antwerp) wrote:
> Christoph, yes but again it something new and less optimal from the proposed MP_CONVERT IE in the SYN.

No, that's what I wrote below. It's not less optimal. It's exactly the same in
terms of performance as MP_CONVERT IE in the SYN!


Christoph


> 
> On 29/03/2017, 10:39, "cpaasch@apple.com on behalf of Christoph Paasch" <cpaasch@apple.com> wrote:
> 
>     Hello Wim,
>     
>     inline:
>     
>     On 29/03/17 - 15:29:04, Henderickx, Wim (Nokia - BE/Antwerp) wrote:
>     > Phil, you will be a bit more optimal but not a lot as you can see or you end up changing the SOCKs protocol. Even if you do this MP_CONVERT IE will always be the most optimal and hence this is what we propose for doing this proxy function.
>     > 
>     > On 29/03/2017, 10:12, "multipathtcp on behalf of philip.eardley@bt.com" <multipathtcp-bounces@ietf.org on behalf of philip.eardley@bt.com> wrote:
>     > 
>     >     By non-chatty, I meant a version that didn't do all the authentication messages. After all, the home gateway and network proxy can be expected to know about each other already - at least don't need to do for every new TCP connection from devices behind home gateway
>     >     
>     >     -----Original Message-----
>     >     From: mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] 
>     >     Sent: 29 March 2017 06:30
>     >     To: Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>om>; multipathtcp@ietf.org
>     >     Subject: RE: Two proxy scenario (network proxy off path)
>     >     
>     >     Hi Phil, 
>     >     
>     >     Can you please clarify what you mean by a "non-chatty version"? version of what?
>     >     
>     >     You can refer to Section 3 of RFC1928 to have an idea about the number of messages that are required before sending actual traffic when SOCKSv5 is used. 
>     >     
>     >     Below an excerpt of signaling messages observed to create an initial subflow using SOCKSv5:
>     >     
>     >     ==============
>     >     (MP Client) ->    TCP SYN    ->  (MCP)
>     >                        <- TCP SYN/ACK <- 
>     >                        ->    TCP ACK    ->
>     >                        -> SOCKS Method Request (1)(a) ->
>     
>     you would of course use TFO with SOCKS, so that you gain one RTT.
>     
>     If then in addition to that you remove the authentication part of SOCKS, and
>     you can even put the payload right after the SOCKS Connection Request inside
>     the SYN-payload, then you are effectively also at a 0-RTT connection
>     establishment.
>     
>     
>     Christoph
>     
>     
>     >                        <-    TCP ACK (b)   <-
>     >                         <- SOCKS Method Response (2)(c) <-
>     >                         ->   TCP ACK (d)   ->
>     >                         -> SOCKS Authentication Request (3)(e) ->
>     >                         <-    TCP ACK (f)    <-
>     >                         <- SOCKS Auth. Response (4)(g) <-
>     >                         ->   TCP ACK (h)   ->
>     >                         -> SOCKS Connection Request (5)(i) -> (MCP)
>     >                         <-   TCP ACK (j)                   <- (MCP)
>     >                                                               (MCP)  -> TCP SYN (k) -> (Server)
>     >                                                               (MCP)  <- SYN/ACK (l) <- (Server)
>     >                         <- SOCKS Connection Response (n) (6) <-(MCP) -> TCP ACK (m) -> (Server)
>     >                         ->   TCP ACK (o)  ->
>     >     =================
>     >     
>     >     I let you compare it with the 0-RTT and 0-extra signaling approach with MP_CONVERT IE. 
>     >     
>     >     Cheers,
>     >     Med
>     >     
>     >     > -----Message d'origine-----
>     >     > De : multipathtcp [mailto:multipathtcp-bounces@ietf.org] De la part de 
>     >     > philip.eardley@bt.com Envoyé : mardi 28 mars 2017 20:24 À : 
>     >     > multipathtcp@ietf.org Objet : [multipathtcp] Two proxy scenario 
>     >     > (network proxy off path)
>     >     > 
>     >     > Hi,
>     >     > 
>     >     > I'm now thinking about the scenario where there are two proxies, one 
>     >     > in the home gateway or Customer Premises Equipment and one in the 
>     >     > network, both under the control of the operator. And looking at the 'explicit mode'
>     >     > scenario, which - if I get it right - means that the network proxy is 
>     >     > not on the default path. (It's safe to assume that the home gateway 
>     >     > proxy is on the default path)
>     >     > 
>     >     > Thinking about the use of SOCKS in this context.
>     >     > 
>     >     > Earlier Olivier said (in the context of the smartphone scenario -  
>     >     > sorry if your comments don't apply to this scenario and I'm just 
>     >     > creating
>     >     > confusion) that there are different variants of SOCKS that can be 
>     >     > used, which mainly depend on the number of messages that are used to 
>     >     > authenticate.
>     >     > In the two proxy scenario, it's probably reasonable to assume that the 
>     >     > home gateway and network proxy are already authenticated. So a 
>     >     > non-chatty version would be ok.
>     >     > 
>     >     > Is that right?
>     >     > 
>     >     > Thanks
>     >     > phil
>     >     > 
>     >     > _______________________________________________
>     >     > multipathtcp mailing list
>     >     > multipathtcp@ietf.org
>     >     > https://www.ietf.org/mailman/listinfo/multipathtcp
>     >     
>     >     _______________________________________________
>     >     multipathtcp mailing list
>     >     multipathtcp@ietf.org
>     >     https://www.ietf.org/mailman/listinfo/multipathtcp
>     >     
>     > 
>     > _______________________________________________
>     > multipathtcp mailing list
>     > multipathtcp@ietf.org
>     > https://www.ietf.org/mailman/listinfo/multipathtcp
>     
>