Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt
Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Thu, 10 September 2015 10:05 UTC
Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DD4B1B6418 for <multipathtcp@ietfa.amsl.com>; Thu, 10 Sep 2015 03:05:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.701
X-Spam-Level:
X-Spam-Status: No, score=-3.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tfIzC4_QqFCb for <multipathtcp@ietfa.amsl.com>; Thu, 10 Sep 2015 03:05:45 -0700 (PDT)
Received: from smtp5.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) by ietfa.amsl.com (Postfix) with ESMTP id 384221B6415 for <multipathtcp@ietf.org>; Thu, 10 Sep 2015 03:05:45 -0700 (PDT)
Received: from mbpobo.dhcp.info.ucl.ac.be (mbpobo.dhcp.info.ucl.ac.be [130.104.228.16]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: obonaventure@smtp5.sgsi.ucl.ac.be) by smtp5.sgsi.ucl.ac.be (Postfix) with ESMTPSA id 93E3CB4116; Thu, 10 Sep 2015 12:03:51 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp5.sgsi.ucl.ac.be 93E3CB4116
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1441879431; bh=cd3eCX9XGWdXO9h+GUVpil7oHHuodWIEQCakDkkANSQ=; h=Reply-To:Subject:References:To:Cc:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=UGrB07JLeicOOx4Z/akSavmZLLenWYd2A6t8gy+TpwH3d5EbGaBkz/v2zQSUCZfwJ dqUg7K4A723Zy1KS9BzDJE1Tg7oE85kAyWPvb2JYWS6PLkGTtu3oxJYcA6bpRJ43oo cyNBtOjoEwqYSMsex1kN5b6Zj3JK1CHeR5ZYpAOw=
References: <20150908035557.GB73228@Chimay.local> <55F098DB.8020201@uclouvain.be> <20150910022151.GF42530@Chimay.local>
To: Christoph Paasch <cpaasch@apple.com>
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
Message-ID: <55F15586.3000003@uclouvain.be>
Date: Thu, 10 Sep 2015 12:03:50 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150910022151.GF42530@Chimay.local>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.99-beta1 at smtp-5.sipr-dc.ucl.ac.be
X-Virus-Status: Clean
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: 93E3CB4116.A4B18
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: olivier.bonaventure@uclouvain.be
X-SGSI-Spam-Status: No
Archived-At: <http://mailarchive.ietf.org/arch/msg/multipathtcp/HiCsnhv_lb0-5JGHGvtKw3nxs0U>
Cc: MultiPath WG <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Olivier.Bonaventure@uclouvain.be
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2015 10:05:47 -0000
Christoph, > > I really like this idea. > > Very often, IP-in-IP encapsulation is done from the loadbalancer to the > server. Thus, the key could even be placed in an IP-option. As everything is > local to the data-center there shouldn't be an issue with adding a new > IP-option. > > > But as you point out in the other mail, when multiple loadbalancers are > being used we have an issue again. Maybe, there is a way to generate the key > in such a way that we can guarantee uniqueness across the loadbalancers? > This is one possibility, but I'm not sure that we need to specify that unless we want load balancers from different vendors to cooperate. The load balancing problem could be an opportunity to rethink the three-way handshake used by Multipath TCP so that it can work well with tomorrow's target protocol stack, likely HTTP/2 / TLS / MPTCP / IPv6 To deal with security issues, we have included keys in clear inside the SYN and SYN+ACK segments. Then the limited TCP option space has forced us to use hash functions to compute the IDSN and the tokens. Using a hash to compute the tokens creates difficulties when one wants to coordinate token allocations between a set of load balancers. I wonder whether we should not explore again the work documented in https://tools.ietf.org/html/draft-paasch-mptcp-lowoverhead-00 and https://tools.ietf.org/html/draft-paasch-mptcp-ssl-00 Let us first ignore the security issues and make the toke explicit in the handshake. Host A Host B ---------- ---------- Address A1 Address B1 ---------- ---------- | | | SYN+MP_CAPABLE(Token-A) | |----------------------------------->| | | |SYN/ACK+MP_CAPABLE(Token-B) | |<-----------------------------------| | | | ACK+MP_CAPABLE(Token-A, Token-B) | |----------------------------------->| It might also be possible to remove Token-A from the initial SYN since there is little benefit from the server to know this token at this stage. The IDSN could be derived as TokenA|TokenB in one direction and TokenB|TokenA in the other or better a hash of these values. The benefit of this approach is that the Token chosen by the server is not explicitelt sent in the SYN/ACK. Load balancers can coordinate to have one pool of tokens for each LB and pass them to the servers. The next step is to authenticate the establishment of subflows. The best approach with HTTP/2 / TLS is clearly to derive MPTCP keys from the master TLS key and use them to authenticate the subflows with the HMAC mechanism already defined. With this, we leverage the security properties of TLS and do not anymore depend on "keys" that are sent in clear in the SYN segments and consume precious option space. Of course, a drawback of this approach is that you cannot create a subflow until the end of the TLS handshake, but TLS is moving towards faster handshakes. Olivier
- [multipathtcp] Fwd: New Version Notification for … Christoph Paasch
- Re: [multipathtcp] Fwd: New Version Notification … Olivier Bonaventure
- Re: [multipathtcp] Fwd: New Version Notification … Christoph Paasch
- Re: [multipathtcp] Fwd: New Version Notification … Olivier Bonaventure
- Re: [multipathtcp] Fwd: New Version Notification … Christoph Paasch
- Re: [multipathtcp] New Version Notification for d… Costin Raiciu