IETF Logo Mail Archive

Re: [multipathtcp] Bumping the MPTCP version number: some cons

Alan Ford <alan.ford@gmail.com> Mon, 20 June 2016 19:57 UTC

Return-Path: <alan.ford@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3559112D920 for <multipathtcp@ietfa.amsl.com>; Mon, 20 Jun 2016 12:57:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 794SjuptVyY4 for <multipathtcp@ietfa.amsl.com>; Mon, 20 Jun 2016 12:57:36 -0700 (PDT)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D40E12D928 for <multipathtcp@ietf.org>; Mon, 20 Jun 2016 12:57:36 -0700 (PDT)
Received: by mail-lf0-x235.google.com with SMTP id f6so44941638lfg.0 for <multipathtcp@ietf.org>; Mon, 20 Jun 2016 12:57:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=RE72j/DGplJJWmNu4pCLedD7CT/9+Re1tT4fBOwL8lQ=; b=seOPE4vuM6Xp2zInSchh5uueCab3aRQWSkbrOYk5CbE5C2JjdnB97VwfIsQZhBrsxq LJ7pwbVYhdJ2dT6ybJZRIwAVHLGB1X7niF+Aab0z82uf9aUYQjC5XfvII6bcqZjlRpdl Dqmaveo2aujloiUKGv4f93hPgZsDZA56V2txmSqD0vg3kb9nBm7oBV7Gw9KSH03ljEzG IMJenNPfWSpx218XY9rC6mJ6OvlfoFfXkM79TKTtTGwBn/5kNWRdh8I7eZEYp/X4VozB J+ov2w1a3YGJ81hL6wpRa24dzuiEaAr2k/g0RgOuBJ7QUn7laMrDJ8pbnXN5eFWxTjor pU6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=RE72j/DGplJJWmNu4pCLedD7CT/9+Re1tT4fBOwL8lQ=; b=lu81ahCLDHLClN43Ggh+CaGASfRjkKCT8E6zBCCdjZ8e15IkCekeayIq0GYPTFRECl LQAdTfNDgVscNy9UnWeqkf5Z1Ms5JXnOAN1LP2Y+hU1fBqKlGlCsKlR6zd98nhmZsf7y wi4+QkwDFketxCDN3FYy3ZjSWxbMPk2ic7kiT3fYbX2Pji/NFgM6mcVA1i4LpCvFKHfU bs5EIiIJHIFTpIgD8xaAdiR1ozALxhY7T659pMUfmRn0+J5O2MpKctESIuvW2RPffgUq 7ZUNe5eOPve/vNBCq00qErjjm4DHh6E8kYLdCo4XfPR7Vcp92YYq8l1O2MGTivrm4Lwy m6wQ==
X-Gm-Message-State: ALyK8tLr4S8gxrJf+GLWpuIHZCDRhbzQJYIJvphqv9xlP3qyc30aHSBw5vhygv4eP93z/A==
X-Received: by 10.28.227.136 with SMTP id a130mr13407787wmh.3.1466452654144; Mon, 20 Jun 2016 12:57:34 -0700 (PDT)
Received: from triton.lan (116.35.199.146.dyn.plus.net. [146.199.35.116]) by smtp.gmail.com with ESMTPSA id b200sm15223130wmb.9.2016.06.20.12.57.33 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 20 Jun 2016 12:57:33 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: multipart/alternative; boundary="Apple-Mail=_F66C0B99-B4A6-442A-B0AB-2E22F8C0C401"
From: Alan Ford <alan.ford@gmail.com>
In-Reply-To: <20160407173442.GJ1732@dhcp-a286.meeting.ietf.org>
Date: Mon, 20 Jun 2016 20:57:20 +0100
Message-Id: <035BFB2F-FC6F-479E-B0CA-5D84D2D9BE87@gmail.com>
References: <8ED39350-21EE-43B6-9D30-8786A7709702@cs.pub.ro> <20160406214450.GA1732@dhcp-a286.meeting.ietf.org> <CAO249yd-ziWwjwt_g1F24k2=_uc0JV-oRp3csoSWnyq3_x0CuA@mail.gmail.com> <20160407173442.GJ1732@dhcp-a286.meeting.ietf.org>
To: Christoph Paasch <cpaasch@apple.com>
X-Mailer: Apple Mail (2.1283)
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/LWBOOJXcADyz8R_Z0x7spgl6eqg>
Cc: MultiPath WG <multipathtcp@ietf.org>, Costin Raiciu <costin.raiciu@cs.pub.ro>
Subject: Re: [multipathtcp] Bumping the MPTCP version number: some cons
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2016 19:57:40 -0000

Hi all,

Costin re-visited the issue of version number bumping in today's interim. In order to clarify matters here, I think it's worth just going back over why working group consensus for -05 was to do this.

The thread can be found here: http://www.ietf.org/mail-archive/web/multipathtcp/current/msg02572.html

The benefits this has so far brought are:

- Support for stateless servers:
  - No need for key in initial SYN (saves option space)
  - Reliability of third ACK (including carrying data)
- Save 1 subtype (ADD_ADDR2 -> ADD_ADDR)

And we can potentially make other protocol-level changes before finalising v1 for standards track, for example the keyless SYN makes the proposal in draft-paasch-mptcp-application-authentication simpler (although it could be done with discarded key whilst retaining compatibility with the SHA-1 exchange).

I guess support for stateless servers could be signalled in the flags, i.e. the client saying "I will echo this reliably in the ACK if you want me to" and the server also sets that flag if it wants the client do this.

What do you think? Bear in mind the MPTCP version negotiation is specified anyway:

   The MP_CAPABLE exchange in this specification (v1) is different to
   that specified in v0 [5].  If a host supports multiple versions of
   MPTCP, the sender of the MP_CAPABLE option SHOULD signal the highest
   version number it supports.  The passive opener, on receipt of this,
   will signal the version number it wishes to use, which MUST be equal
   to or lower than the version number indicated in the initial
   MP_CAPABLE.  Given the SYN exchange is different between v1 and v0
   the exchange cannot be immediately downgraded, and therefore if the
   far end has requested a lower version then the initiator SHOULD
   respond with an ACK without any MP_CAPABLE option, to fall back to
   regular TCP.  If the initiator supports the requsted version, on
   future connections to the target host, the initiator MAY cache the
   version preference.  Alternatively, the initiator MAY close the
   connection with a TCP RST and immediately re-establish with the
   requested version of MPTCP.

Regards,
Alan


On 7 Apr 2016, at 18:34, Christoph Paasch wrote:

> On 06/04/16 - 20:48:04, Yoshifumi Nishida wrote:
>> Just in case, I might want to clarify some points. I think the new
>> handshake mechanism in 6824bis can have the two benefits for stateful nodes.
>> You won't fallback to normal TCP when the 3rd ack is lost. Also, you can
>> save lots of option space in the first SYN packet which might increase the
>> chance to combine other features with mptcp.
> 
> Yes, independent from what we do with the TLS/load-balancer issue I think
> that the gain in option-space is a nice addition.
> 
> 
> Christoph
> 
>> From my personal point of view, supporting stateless server looks
>> additional advantage.
>> 
>> I believe load balancer and TLS key negotiation are not included in 6824bis
>> yet.
>> I think we will need more discussions if it is integrated.
>> Please let me know if I miss some points. (Sorry, I couldn't find time to
>> check audio archive yet..)
>> 
>> Regards,
>> --
>> Yoshi
>> 
>> 
>> On Wed, Apr 6, 2016 at 2:44 PM, Christoph Paasch <cpaasch@apple.com> wrote:
>> 
>>> Hello,
>>> 
>>> On 06/04/16 - 20:47:59, Costin Raiciu wrote:
>>>> I first have to admit that I missed the MPTCP version number bump.
>>>> 
>>>> While I see it has a few benefits, from what I heard in Christoph’s talk
>>> I am not convinced the change is worth those benefits. I’ll take them in
>>> turn:
>>>> - the SYN cookie reliability bug - a nice feature, but not enough to
>>> change version number - after all, TCP works fine without it!
>>> 
>>> TCP does not have this issue, as it already echoes the information
>>> necessary
>>> for the server to create the TCP-state in subsequent segments that do
>>> contain data.
>>> 
>>> MPTCP doesn't do this yet, as the keys are not sent in the data-segments.
>>> 
>>> I can see that it might be considered a minor issue (after all, we only
>>> fall
>>> back to regular TCP if there is one unfortunate packet-loss). However, when
>>> the packet-loss rate is high, this is the scenario where we really want
>>> MPTCP to work, as that's where it provides the benefits. That's why I would
>>> like to make MPTCP as reliable as possible in scenarios where there is a
>>> high packet-loss.
>>> 
>>> 
>>>> - the load balancer support - we have a solution that requires no
>>> protocol changes whatsoever and works fine at datacenter scale. Will
>>> present it in the next meeting.
>>>> - the TLS key integration - I honestly see no benefit - if you have e2e
>>> encryption, the actual routing of paths doesn’t matter that much honestly.
>>> The attacker could DDos, at most.
>>> 
>>> I think one more benefit is that splitting the token from the key allows to
>>> easily ensure that the token is unique.
>>> At the moment, a server has to generate a key randomly, hash it to get the
>>> token and then check the hash-table for a colliding token and repeat again
>>> if there is a collision.
>>> 
>>> 
>>>> Now about drawbacks: we have a feeble  deployment so far. If we bump the
>>> version number, we’ll basically have two protocols running in parallel,
>>> since it’s unlikely all (any) implementations will support both. So we
>>> might kill MPTCP before its even born. But maybe I’m just being pessimistic.
>>> 
>>> I don't think so, but it is difficult to foresee this.
>>> 
>>> 
>>> 
>>> One thing to consider is that if we don't bump the version-number, how do
>>> we
>>> "negotiate" support for the new ADD_ADDR option and other changes that are
>>> already in the bis-version (e.g., RST-option and the experimental one).
>>> 
>>> 
>>> Cheers,
>>> Christoph
>>> 
>>> _______________________________________________
>>> multipathtcp mailing list
>>> multipathtcp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/multipathtcp
>>> 
> 
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp

v2.23.0 | Report a Bug | By Email