Re: [multipathtcp] SOCKS 6 Draft

[Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>]

Hi Yoshi,

As a response to question 2, the client can send some initial data as 
part of the request. It does have to wait for a reply to send any more 
data, though. As such, the client can get a data response from the 
server in 1 RTT, same as when contacting the server directly with TFO, if:
  * Everyone uses TFO (otherwise, RTTs are incurred only on the segments 
where TFO is not available).
  * Authentication is not required, or 0-RTT authentication succeeds. 
(Otherwise, some extra RTTs are incurred, same as above.)

If nobody uses TFO, but authentication is not an issue (either it's not 
needed or done in 0 RTTs), then SOCKS 6 does no worse than regular TCP 
(2 RTTs for a data response).

As for the use case, there are two possible ways in which it can be handled:
  * The client knows about both proxies.
  * The client knows only about proxy1, but proxy1 is configured to go 
via proxy2 when contacting the server.

Assuming the client knows about both of them, it can speak SOCKS 6 over 
SOCKS 6. The relevant messages are:
C->P1 request(P2, auth data 1, initial data(request(S, auth data 2, 
initial data(application data))))
P1->P2 request(S, auth data 2, initial data(application data))
P2->S application data

If proxy1 is configured to use proxy2:
C->P1 request(S, auth data 1, initial data(application data))
P1->P2 request(S, auth data 2, initial data(application data))
P2->S application data

Cheers,
Vlad

On 07/10/2017 10:00 AM, Yoshifumi Nishida wrote:
> Hi Vlad and Dragos,
>
> I really appreciate you for preparing the draft and brought it to here.
> As you might know, we have been exploring solutions for proxying mptcp 
> sessions.
> We've had lots of discussions on plain mode and other solutions, but 
> because we didn't have concrete proposals other than plain mode, it 
> was difficult to compare the pros and the cons properly. But, now I 
> believe we have a good chance to advance this.
>
> BTW, as I'm curious about this approach to use with mptcp, I have some 
> questions for a certain scenario. In the WG, one use case we discuss 
> is using two proxies like below.
>
>           client ---- proxy1 ============= proxy2 ---- server
>
> In this scenario, we presume using TCP for client-proxy1 and 
> proxy2-server, while using mptcp for proxy1-proxy2.
> The draft says it supports TFO, but I still think it takes some RTTs 
> with approach although I miss something. It would be great if you 
> could clarify the following points.
>
> 1:  How will the connection between proxy1 and proxy2 set up? Does 
> proxy1 need to negotiate proxy2 for authentication, etc? If so, it 
> might add another delays before clients can send data.
>
> 2: Do clients need to wait a response for CONNECT request? If not, how 
> it handles an error case?
>
> Thanks,
> --
> Yoshi
>
>
> On Thu, Jun 29, 2017 at 5:02 AM, Vladimir Olteanu 
> <vladimir.olteanu@cs.pub.ro <mailto:vladimir.olteanu@cs.pub.ro>> wrote:
>
>     Hello,
>
>     We have submitted a draft describing a new version of the SOCKS
>     protocol, which could help in the deployment of MPTCP. You can
>     find the abstract and a link to the draft below.
>
>     Best,
>     Vlad and Dragoș
>
>
>
>     -------- Forwarded Message --------
>     Subject: 	New Version Notification for
>     draft-olteanu-intarea-socks-6-00.txt
>     Date: 	Wed, 28 Jun 2017 22:01:16 -0700
>     From: 	internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
>     To: 	Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>
>     <mailto:vladimir.olteanu@cs.pub.ro>, Dragos Niculescu
>     <dragos.niculescu@cs.pub.ro> <mailto:dragos.niculescu@cs.pub.ro>
>
>
>
>     A new version of I-D, draft-olteanu-intarea-socks-6-00.txt
>     has been successfully submitted by Vladimir Olteanu and posted to the
>     IETF repository.
>
>     Name:		draft-olteanu-intarea-socks-6
>     Revision:	00
>     Title:		SOCKS Protocol Version 6
>     Document date:	2017-06-28
>     Group:		Individual Submission
>     Pages:		12
>     URL:https://www.ietf.org/internet-drafts/draft-olteanu-intarea-socks-6-00.txt
>     <https://www.ietf.org/internet-drafts/draft-olteanu-intarea-socks-6-00.txt>
>     Status:https://datatracker.ietf.org/doc/draft-olteanu-intarea-socks-6/
>     <https://datatracker.ietf.org/doc/draft-olteanu-intarea-socks-6/>
>     Htmlized:https://tools.ietf.org/html/draft-olteanu-intarea-socks-6-00
>     <https://tools.ietf.org/html/draft-olteanu-intarea-socks-6-00>
>     Htmlized:https://datatracker.ietf.org/doc/html/draft-olteanu-intarea-socks-6-00
>     <https://datatracker.ietf.org/doc/html/draft-olteanu-intarea-socks-6-00>
>
>
>     Abstract:
>         The SOCKS protocol is used primarily to proxy TCP connections to
>         arbitrary destinations via the use of a proxy server.  Under the
>         latest version of the protocol (version 5), it takes 2 RTTs (or 3, if
>         authentication is used) before data can flow between the client and
>         the server.
>
>         This memo proposes SOCKS version 6, which reduces the number of RTTs
>         used, takes full advantage of TCP Fast Open, and adds support for
>         0-RTT authentication.
>
>                                                                                        
>
>
>     Please note that it may take a couple of minutes from the time of submission
>     until the htmlized version and diff are available attools.ietf.org <http://tools.ietf.org>.
>
>     The IETF Secretariat
>
>
>     _______________________________________________
>     multipathtcp mailing list
>     multipathtcp@ietf.org <mailto:multipathtcp@ietf.org>
>     https://www.ietf.org/mailman/listinfo/multipathtcp
>     <https://www.ietf.org/mailman/listinfo/multipathtcp>
>
>