Re: [multipathtcp] Two proxy scenario (network proxy off path)

"Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com> Wed, 29 March 2017 15:29 UTC

Return-Path: <wim.henderickx@nokia.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88867129552 for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 08:29:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id st3yI6y3fGDY for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 08:29:10 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0093.outbound.protection.outlook.com [104.47.1.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 403B812965A for <multipathtcp@ietf.org>; Wed, 29 Mar 2017 08:29:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NSaTa9y2KK4Dhc7fgJTn86iYrZph7Zd7x/SjGERvnXM=; b=GsEkke0/fRDgAKAg7Mt37QAfFme0pjFDtd08PYmG8bEtPqo/cWW6pYOvfVX9HmDgMHgM+U6hduHyJuXDCK2YtKgYia7NengMTU4a3nObe1fCmkqmM924UIiFKnng79LN9wNwoIBZI0a7ZJAhduzP+JbNYl+33f4tMO0KZd/M75U=
Received: from AM2PR07MB0961.eurprd07.prod.outlook.com (10.162.37.144) by AM2PR07MB0964.eurprd07.prod.outlook.com (10.162.37.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1019.8; Wed, 29 Mar 2017 15:29:05 +0000
Received: from AM2PR07MB0961.eurprd07.prod.outlook.com ([fe80::a1c4:2e6c:8c63:20f1]) by AM2PR07MB0961.eurprd07.prod.outlook.com ([fe80::a1c4:2e6c:8c63:20f1%14]) with mapi id 15.01.1005.010; Wed, 29 Mar 2017 15:29:04 +0000
From: "Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com>
To: "philip.eardley@bt.com" <philip.eardley@bt.com>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "multipathtcp@ietf.org" <multipathtcp@ietf.org>
Thread-Topic: [multipathtcp] Two proxy scenario (network proxy off path)
Thread-Index: AQHSqKEzn5tV/NId30ibC6ujzmAk2Q==
Date: Wed, 29 Mar 2017 15:29:04 +0000
Message-ID: <70EAECD3-22A6-420A-B84C-04B0673020DF@nokia.com>
Accept-Language: nl-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: bt.com; dkim=none (message not signed) header.d=none;bt.com; dmarc=none action=none header.from=nokia.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [135.245.212.7]
x-microsoft-exchange-diagnostics: 1; AM2PR07MB0964; 7:LyKsLuwitJskssenqzq/TT9Z8ITbTaCpTZoUgpRtEjfZlaNm1pcf7GSp/MgNcmsYk4dMDAuUVGdVPo2V/H2LpICuvhhUV/zetmdq2EfHTesFyX8H6UqGhnWd1vqNRmVtYsxu4pgC9cy1TKtez2s7CxlUm8Km9Z41h2Gaju0MSzNdkADVsemf/X4u8GhSCQyRPqNYg9mTs5sQWPNjLQQ2woWlG27ttY+cXnULlRdU9U8uU8IulnujJgnaADl1yNIfPdZl8EmjBbAvA+puwvjmGDgs1ht/4oTTIZ7VglFr+nln6xsGSIIJqQ+X4yz/LX92LXMR9bwj5rEbd6YIC2si5w==
x-ms-office365-filtering-correlation-id: e3c9432f-6785-4d07-ddde-08d476b855af
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081)(201702281549075); SRVR:AM2PR07MB0964;
x-microsoft-antispam-prvs: <AM2PR07MB0964F7180174723C3829999B83350@AM2PR07MB0964.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(146908506813832)(18271650672692);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406075)(20161123558025)(20161123564025)(20161123555025)(20161123560025)(20161123562025)(6072148); SRVR:AM2PR07MB0964; BCL:0; PCL:0; RULEID:; SRVR:AM2PR07MB0964;
x-forefront-prvs: 0261CCEEDF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39400400002)(39850400002)(39410400002)(39840400002)(39450400003)(39860400002)(24454002)(13464003)(36756003)(4001350100001)(2201001)(6506006)(6436002)(2501003)(83716003)(305945005)(8936002)(53936002)(6486002)(5250100002)(33656002)(2900100001)(229853002)(6246003)(53546009)(82746002)(2906002)(189998001)(38730400002)(86362001)(6116002)(7736002)(25786009)(3846002)(102836003)(83506001)(3280700002)(99286003)(6306002)(6512007)(50986999)(54356999)(3660700001)(5660300001)(66066001)(81166006)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM2PR07MB0964; H:AM2PR07MB0961.eurprd07.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <2B50F2D77AABED48A6722F69796993B5@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2017 15:29:04.8169 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR07MB0964
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/APWj-XANX2xQ1JPYj6Y1NDvBQTo>
Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path)
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 15:29:12 -0000

Phil, you will be a bit more optimal but not a lot as you can see or you end up changing the SOCKs protocol. Even if you do this MP_CONVERT IE will always be the most optimal and hence this is what we propose for doing this proxy function.

On 29/03/2017, 10:12, "multipathtcp on behalf of philip.eardley@bt.com" <multipathtcp-bounces@ietf.org on behalf of philip.eardley@bt.com> wrote:

    By non-chatty, I meant a version that didn't do all the authentication messages. After all, the home gateway and network proxy can be expected to know about each other already - at least don't need to do for every new TCP connection from devices behind home gateway
    
    -----Original Message-----
    From: mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] 
    Sent: 29 March 2017 06:30
    To: Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>om>; multipathtcp@ietf.org
    Subject: RE: Two proxy scenario (network proxy off path)
    
    Hi Phil, 
    
    Can you please clarify what you mean by a "non-chatty version"? version of what?
    
    You can refer to Section 3 of RFC1928 to have an idea about the number of messages that are required before sending actual traffic when SOCKSv5 is used. 
    
    Below an excerpt of signaling messages observed to create an initial subflow using SOCKSv5:
    
    ==============
    (MP Client) ->    TCP SYN    ->  (MCP)
                       <- TCP SYN/ACK <- 
                       ->    TCP ACK    ->
                       -> SOCKS Method Request (1)(a) ->
                       <-    TCP ACK (b)   <-
                        <- SOCKS Method Response (2)(c) <-
                        ->   TCP ACK (d)   ->
                        -> SOCKS Authentication Request (3)(e) ->
                        <-    TCP ACK (f)    <-
                        <- SOCKS Auth. Response (4)(g) <-
                        ->   TCP ACK (h)   ->
                        -> SOCKS Connection Request (5)(i) -> (MCP)
                        <-   TCP ACK (j)                   <- (MCP)
                                                              (MCP)  -> TCP SYN (k) -> (Server)
                                                              (MCP)  <- SYN/ACK (l) <- (Server)
                        <- SOCKS Connection Response (n) (6) <-(MCP) -> TCP ACK (m) -> (Server)
                        ->   TCP ACK (o)  ->
    =================
    
    I let you compare it with the 0-RTT and 0-extra signaling approach with MP_CONVERT IE. 
    
    Cheers,
    Med
    
    > -----Message d'origine-----
    > De : multipathtcp [mailto:multipathtcp-bounces@ietf.org] De la part de 
    > philip.eardley@bt.com Envoyé : mardi 28 mars 2017 20:24 À : 
    > multipathtcp@ietf.org Objet : [multipathtcp] Two proxy scenario 
    > (network proxy off path)
    > 
    > Hi,
    > 
    > I'm now thinking about the scenario where there are two proxies, one 
    > in the home gateway or Customer Premises Equipment and one in the 
    > network, both under the control of the operator. And looking at the 'explicit mode'
    > scenario, which - if I get it right - means that the network proxy is 
    > not on the default path. (It's safe to assume that the home gateway 
    > proxy is on the default path)
    > 
    > Thinking about the use of SOCKS in this context.
    > 
    > Earlier Olivier said (in the context of the smartphone scenario -  
    > sorry if your comments don't apply to this scenario and I'm just 
    > creating
    > confusion) that there are different variants of SOCKS that can be 
    > used, which mainly depend on the number of messages that are used to 
    > authenticate.
    > In the two proxy scenario, it's probably reasonable to assume that the 
    > home gateway and network proxy are already authenticated. So a 
    > non-chatty version would be ok.
    > 
    > Is that right?
    > 
    > Thanks
    > phil
    > 
    > _______________________________________________
    > multipathtcp mailing list
    > multipathtcp@ietf.org
    > https://www.ietf.org/mailman/listinfo/multipathtcp
    
    _______________________________________________
    multipathtcp mailing list
    multipathtcp@ietf.org
    https://www.ietf.org/mailman/listinfo/multipathtcp