Re: [multipathtcp] Two proxy scenario (network proxy off path) - far end connection initiation?

<mohamed.boucadair@orange.com> Thu, 30 March 2017 15:28 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A021129512 for <multipathtcp@ietfa.amsl.com>; Thu, 30 Mar 2017 08:28:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlpzjKlqIYxQ for <multipathtcp@ietfa.amsl.com>; Thu, 30 Mar 2017 08:28:54 -0700 (PDT)
Received: from relais-inet.orange.com (mta239.mail.business.static.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE27012922E for <multipathtcp@ietf.org>; Thu, 30 Mar 2017 08:28:53 -0700 (PDT)
Received: from opfedar01.francetelecom.fr (unknown [xx.xx.xx.2]) by opfedar24.francetelecom.fr (ESMTP service) with ESMTP id 4116FC050B for <multipathtcp@ietf.org>; Thu, 30 Mar 2017 17:28:52 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.60]) by opfedar01.francetelecom.fr (ESMTP service) with ESMTP id 211BB160065; Thu, 30 Mar 2017 17:28:52 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM7F.corporate.adroot.infra.ftgroup ([fe80::c1d7:e278:e357:11ad%19]) with mapi id 14.03.0319.002; Thu, 30 Mar 2017 17:28:51 +0200
From: <mohamed.boucadair@orange.com>
To: "philip.eardley@bt.com" <philip.eardley@bt.com>, "multipathtcp@ietf.org" <multipathtcp@ietf.org>
Thread-Topic: Two proxy scenario (network proxy off path) - far end connection initiation?
Thread-Index: AdKoqZQj3P7/pAIXTnqu4Vz1prXvCgADHRQAACvfs8AAANtNkA==
Date: Thu, 30 Mar 2017 15:28:51 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933009E43E5D@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <6d6cd823acc9416a83801684c73cb22c@rew09926dag03b.domain1.systemhost.net> <787AE7BB302AE849A7480A190F8B933009E431BF@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <627564a6096f425eb9010ad3f9e011e1@rew09926dag03b.domain1.systemhost.net>
In-Reply-To: <627564a6096f425eb9010ad3f9e011e1@rew09926dag03b.domain1.systemhost.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.3]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/3vOMPiWGki_-BljLtx11XEcEvvM>
Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path) - far end connection initiation?
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 15:28:56 -0000

Re,

Please see inline.

Cheers,
Med

> -----Message d'origine-----
> De : philip.eardley@bt.com [mailto:philip.eardley@bt.com]
> Envoyé : jeudi 30 mars 2017 10:03
> À : BOUCADAIR Mohamed IMT/OLN; multipathtcp@ietf.org
> Objet : RE: Two proxy scenario (network proxy off path) - far end
> connection initiation?
> 
> If I get it right, the assumption here is that for a TCP connection
> initiated from the remote end point , the remote network proxy is on path.

[Med] No. 

> (in the other direction we're assuming the remote proxy is off path, so
> seems a bit odd?)
> 
> I think there's also the assumption that the local endpoint (in the home)
> has previously made a connection out which has instantiated state in the
> remote proxy.

[Med] Not necessarily sending a connection out to the same remote peer. The assumption is that a state is created on the proxy to prepare for incoming connections by means specific protocols such as PCP (RFC6887). BTW, this is exactly the same concern for e2e MPTCP connections when a firewall or a NAT is on the path. The same tools to create that state for the e2e MPTCP case can be reused in the case of the proxy connection. 

 So in this scenario, when the TCP SYN from the remote end
> point hits the remote proxy, then the remote proxy knows which home
> gateway the other end is on.

[Med] Yes

 Or something like that - to be honest, I
> couldn't understand the slide /section of the draft.

[Med] The text says: 

   In order to appropriately handle incoming SYN packets, the
   concentrator (resp.  CPE) are supposed to be configured with
   instructions that allows to redirect the traffic to the appropriate
   CPE (resp.  Internal host). 

> 
> 
> -----Original Message-----
> From: mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com]
> Sent: 29 March 2017 13:11
> To: Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>om>;
> multipathtcp@ietf.org
> Subject: RE: Two proxy scenario (network proxy off path) - far end
> connection initiation?
> 
> Re-,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : multipathtcp [mailto:multipathtcp-bounces@ietf.org] De la part de
> > philip.eardley@bt.com Envoyé : mercredi 29 mars 2017 11:34 À :
> > multipathtcp@ietf.org Objet : [multipathtcp] Two proxy scenario
> > (network proxy off path) - far end connection initiation?
> >
> > <<I'm now thinking about the scenario where there are two proxies, one
> > in the home gateway or Customer Premises Equipment and one in the
> > network, both under the control of the operator. And looking at the
> 'explicit mode'
> > scenario, which - if I get it right - means that the network proxy is
> > not on the default path. (It's safe to assume that the home gateway
> > proxy is on the default path)>>
> >
> > In this scenario, do we assume that the TCP connection is always
> > initiated by the endpoint that's behind the home gateway, or do we
> > also handle connections initiated by the other end?  The former is the
> > main case
> 
> [Med] The MPTCP connection can be initiated from both ends.
> 
> >
> > I couldn't see anything about the latter in the drafts - think I
> > remember some discussion on the list, but I can't find it (please just
> > send a pointer if already resolved)
> 
> [Med] You can check slide 7 of
> https://www.ietf.org/proceedings/95/slides/slides-95-mptcp-1.pdf or
> https://tools.ietf.org/html/draft-boucadair-mptcp-plain-mode-08#section-
> 4.4.2.
> 
> >
> > Thanks
> > phil
> >
> > _______________________________________________
> > multipathtcp mailing list
> > multipathtcp@ietf.org
> > https://www.ietf.org/mailman/listinfo/multipathtcp