IETF Logo Mail Archive

Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt

Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Thu, 10 September 2015 10:05 UTC

Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DD4B1B6418 for <multipathtcp@ietfa.amsl.com>; Thu, 10 Sep 2015 03:05:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.701
X-Spam-Level:
X-Spam-Status: No, score=-3.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tfIzC4_QqFCb for <multipathtcp@ietfa.amsl.com>; Thu, 10 Sep 2015 03:05:45 -0700 (PDT)
Received: from smtp5.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) by ietfa.amsl.com (Postfix) with ESMTP id 384221B6415 for <multipathtcp@ietf.org>; Thu, 10 Sep 2015 03:05:45 -0700 (PDT)
Received: from mbpobo.dhcp.info.ucl.ac.be (mbpobo.dhcp.info.ucl.ac.be [130.104.228.16]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: obonaventure@smtp5.sgsi.ucl.ac.be) by smtp5.sgsi.ucl.ac.be (Postfix) with ESMTPSA id 93E3CB4116; Thu, 10 Sep 2015 12:03:51 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp5.sgsi.ucl.ac.be 93E3CB4116
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1441879431; bh=cd3eCX9XGWdXO9h+GUVpil7oHHuodWIEQCakDkkANSQ=; h=Reply-To:Subject:References:To:Cc:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=UGrB07JLeicOOx4Z/akSavmZLLenWYd2A6t8gy+TpwH3d5EbGaBkz/v2zQSUCZfwJ dqUg7K4A723Zy1KS9BzDJE1Tg7oE85kAyWPvb2JYWS6PLkGTtu3oxJYcA6bpRJ43oo cyNBtOjoEwqYSMsex1kN5b6Zj3JK1CHeR5ZYpAOw=
References: <20150908035557.GB73228@Chimay.local> <55F098DB.8020201@uclouvain.be> <20150910022151.GF42530@Chimay.local>
To: Christoph Paasch <cpaasch@apple.com>
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
Message-ID: <55F15586.3000003@uclouvain.be>
Date: Thu, 10 Sep 2015 12:03:50 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150910022151.GF42530@Chimay.local>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.99-beta1 at smtp-5.sipr-dc.ucl.ac.be
X-Virus-Status: Clean
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: 93E3CB4116.A4B18
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: olivier.bonaventure@uclouvain.be
X-SGSI-Spam-Status: No
Archived-At: <http://mailarchive.ietf.org/arch/msg/multipathtcp/HiCsnhv_lb0-5JGHGvtKw3nxs0U>
Cc: MultiPath WG <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Olivier.Bonaventure@uclouvain.be
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2015 10:05:47 -0000

Christoph,
>
> I really like this idea.
>
> Very often, IP-in-IP encapsulation is done from the loadbalancer to the
> server. Thus, the key could even be placed in an IP-option. As everything is
> local to the data-center there shouldn't be an issue with adding a new
> IP-option.
>
>
> But as you point out in the other mail, when multiple loadbalancers are
> being used we have an issue again. Maybe, there is a way to generate the key
> in such a way that we can guarantee uniqueness across the loadbalancers?
>

This is one possibility, but I'm not sure that we need to specify that 
unless we want load balancers from different vendors to cooperate.

The load balancing problem could be an opportunity to rethink the 
three-way handshake used by Multipath TCP so that it can work well with 
tomorrow's target protocol stack, likely HTTP/2 / TLS / MPTCP / IPv6

To deal with security issues, we have included keys in clear inside the 
SYN and SYN+ACK segments. Then the limited TCP option space has forced 
us to use hash functions to compute the IDSN and the tokens. Using a 
hash to compute the tokens creates difficulties when one wants to 
coordinate token allocations between a set of load balancers.

I wonder whether we should not explore again the work documented in
https://tools.ietf.org/html/draft-paasch-mptcp-lowoverhead-00
and
https://tools.ietf.org/html/draft-paasch-mptcp-ssl-00


Let us first ignore the security issues and make the toke explicit in 
the handshake.


                Host A                               Host B
               ----------                           ----------
               Address A1                           Address B1
               ----------                           ----------
                   |                                    |
                   |  SYN+MP_CAPABLE(Token-A)           |
                   |----------------------------------->|
                   |                                    |
                   |SYN/ACK+MP_CAPABLE(Token-B)         |
                   |<-----------------------------------|
                   |                                    |
                   |  ACK+MP_CAPABLE(Token-A, Token-B)  |
                   |----------------------------------->|


It might also be possible to remove Token-A from the initial SYN since 
there is little benefit from the server to know this token at this 
stage. The IDSN could be derived as TokenA|TokenB in one direction and 
TokenB|TokenA in the other or better a hash of these values.

The benefit of this approach is that the Token chosen by the server is 
not explicitelt sent in the SYN/ACK. Load balancers can coordinate to 
have one pool of tokens for each LB and pass them to the servers.

The next step is to authenticate the establishment of subflows. The 
best approach with HTTP/2 / TLS  is clearly to derive MPTCP keys from 
the master TLS key and use them to authenticate the subflows with the 
HMAC mechanism already defined. With this, we leverage the security 
properties of TLS and do not anymore depend on "keys" that are sent in 
clear in the SYN segments and consume precious option space. Of course, 
a drawback of this approach is that you cannot create a subflow until 
the end of the TLS handshake, but TLS is moving towards faster handshakes.


Olivier

v2.23.0 | Report a Bug | By Email