Re: [multipathtcp] towards a potential work item on two-ended proxy

<mohamed.boucadair@orange.com> Thu, 04 August 2016 05:53 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A826612D638 for <multipathtcp@ietfa.amsl.com>; Wed, 3 Aug 2016 22:53:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.906
X-Spam-Level:
X-Spam-Status: No, score=-3.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XkJ8CfTqrbBM for <multipathtcp@ietfa.amsl.com>; Wed, 3 Aug 2016 22:53:21 -0700 (PDT)
Received: from relais-inet.orange.com (relais-nor36.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F5312B04F for <multipathtcp@ietf.org>; Wed, 3 Aug 2016 22:53:21 -0700 (PDT)
Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 80848C035C; Thu, 4 Aug 2016 07:53:19 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.32]) by opfednr05.francetelecom.fr (ESMTP service) with ESMTP id 5529F20077; Thu, 4 Aug 2016 07:53:19 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM32.corporate.adroot.infra.ftgroup ([fe80::8924:188:2124:a046%19]) with mapi id 14.03.0301.000; Thu, 4 Aug 2016 07:53:19 +0200
From: <mohamed.boucadair@orange.com>
To: Alan Ford <alan.ford@gmail.com>, "Henderickx, Wim (Nokia - BE)" <wim.henderickx@nokia.com>
Thread-Topic: [multipathtcp] towards a potential work item on two-ended proxy
Thread-Index: AQHR7MVWbI5brgUi0UG2rimL5j8Gb6A4SK/Q
Date: Thu, 4 Aug 2016 05:53:18 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933008DF9BB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <b779dd12f1bb412c96c800eddaaf0247@rew09926dag03b.domain1.systemhost.net> <e2aa6ac517194af4b8c25c07f8e469fb@rew09926dag03b.domain1.systemhost.net> <9cafc779-502e-cc7f-676c-f6659e207c81@uclouvain.be> <3100ff74-0c7d-1815-03a1-aa4cec36d1e4@oracle.com> <3D8D4118-39CA-46A6-BFBD-026376C02058@nokia.com> <811b2c78-0976-6994-d759-8cac5fa58864@oracle.com> <0084773F-53E5-41A4-A244-430DAF12322A@nokia.com> <E0278B51-F3D8-4762-B597-41959E7BCF12@gmail.com>
In-Reply-To: <E0278B51-F3D8-4762-B597-41959E7BCF12@gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.3]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/5NwjtJ-QVaxcbKSCzIKvyaGw9JU>
Cc: "multipathtcp@ietf.org" <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] towards a potential work item on two-ended proxy
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2016 05:53:24 -0000

Hi Alan,

Please see inline.

Cheers,
Med

> -----Message d'origine-----
> De : multipathtcp [mailto:multipathtcp-bounces@ietf.org] De la part de
> Alan Ford
> Envoyé : mardi 2 août 2016 15:53
> À : Henderickx, Wim (Nokia - BE)
> Cc : multipathtcp@ietf.org
> Objet : Re: [multipathtcp] towards a potential work item on two-ended
> proxy
> 
> Hi all,
> 
> > On 1 Aug 2016, at 20:05, Henderickx, Wim (Nokia - BE)
> <wim.henderickx@nokia.com> wrote:
> > On 01/08/16 20:42, "Rao Shoaib" <rao.shoaib@oracle.com> wrote:
> >> On 08/01/2016 07:13 AM, Henderickx, Wim (Nokia - BE) wrote:
> >>>> Why is it necessary to know that the connection has been proxied ?
> >>> WH> Otherwise the concentrator will perform the proxy function
> although the destination is the application server.
> >>> So assume an E2E MPTCP flow. The UE initiates it and the element with
> the network assisted MPTCP proxy (Concentrator) receives it. The
> concentrator should not proxy this flow. It should only act upon MPTCP
> flow that should be proxied in network assisted mode. This is the reason
> we need an indication about this
> >> This seems like a deployment issue not a protocol issue. The decision
> to
> >> proxy or not proxy should be based on the IP addresses or out of band
> >> signaling. After all the entity adding the option some how knows to add
> >> the option.
> >>
> >> I liked the initial proposal as it did not require any changes to the
> >> protocol. These change (as I have said before) seem very deployment
> >> specific and IMHO should not be part of the protocol.
> > WH> I would disagree since you don’t always control the addressing and
> it is better to have an explicit signaling in the protocol what to expect
> to happen.
> 
> I’m trying to distinguish the various use cases; can we confirm this is
> correct?
> 
> Transparent Mode
> - Source address = real source address
[Med] I would say, the transparent mode does not touch to the source IP address of the initial subflow. The source address of secondary subflows will be rewritten to be the same as for the initial subflow.  

> - Destination address = real destination address
[Med] This is only true for the first subflow. Subsequent subflows are sent with a destination address of the MPTCP proxy. This is the same as in the plain mode.

> - Transparent proxies create MPTCP functionality in the stream, adding and
> removing the MPTCP headers, mapping seq numa, etc
> - Latest proposal is to add an indicator to say “this is proxied” so that
> a proxy can intercept it
> 
> Plain Mode
> - Source address = real source
> - Destination address = proxy destination address
[Med] Yes, for all subflows.

> - Signalling protocol inside indicates real destination address
[Med] and the source address if source address preservation is required (e.g., IPv6).

> 
> So - please correct me if this is wrong - but the main difference is that
> Plain Mode is targeted towards a proxy server whereas the transparent mode
> does not change src/dst addresses?
[Med] No, see above. A major difference is how the first subflow is established and how a state is built in the MPTPC proxy. The plain mode can operate in both transparent mode (that is preserve an IP address of the CPE/host) or not. Configuration parameters are available to instruct the MPTCP behavior, e.g.,
* preserve the source IP address
* preserve the initial subflow IP address
* N:1 address rewriting
* 1:1 address rewriting
*..

The plain mode as currently written allows to provide: IPv4 bonding over IPv6-only networks, IPv6 bonding over IPvx networks, etc.

> 
> The issue I see with a generic proxy bit is that it does not contain any
> context about what kind of proxy is being intercepted. You could be
> sending in good faith expecting it to be picked up by Proxy from Operator
> A, but in fact is picked up by Operator B.

[Med] The use cases we are targeting assumes these networks are managed by the same operator. 

> 
> As I’ve said before, the plain mode option is not MPTCP-specific and is
> simple a signal that says “everything that follows is actually targeted
> for IP address a.b.c.d” - this is entirely transport-agnostic.

[Med] The plain mode allows for example to distinguish between native and proxied MPTCP connection. 
I'm puzzled here since MPTCP allows to inform a remote peer about an IP address while this is not TCP-specific. Isn't that information transport-agnostic as per you argument? (not mine).

 If the HAG
> could know where to find a proxy (e.g. a well-known anycast address) then
> addresses could be rewritten and packets forwarded, with no need for any
> MPTCP protocol changes.

[Med] You need the information about the ultimate destination IP address...and other information such as the source IP address for cases such as IPv4 bonding over IPv6 networks (IPv6-only networks is now a reality in mobile networks).

> 
> However, I fear I may be misunderstanding some of the elements here, so I
> look forward to a consolidated draft where it should hopefully be much
> clearer what the proposal is.
> 
> Regards,
> Alan
> 
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp