Re: [multipathtcp] Two proxy scenario (network proxy off path)

<philip.eardley@bt.com> Wed, 29 March 2017 16:38 UTC

Return-Path: <philip.eardley@bt.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02E191294CD for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 09:38:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVv2YVkXSF4E for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 09:38:28 -0700 (PDT)
Received: from smtpb1.bt.com (smtpb1.bt.com [62.7.242.138]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EF8E12948F for <multipathtcp@ietf.org>; Wed, 29 Mar 2017 09:38:26 -0700 (PDT)
Received: from EVHUB03-UKBR.domain1.systemhost.net (193.113.108.185) by EVMED04-UKBR.bt.com (10.216.161.34) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 29 Mar 2017 17:38:23 +0100
Received: from rew09926dag03d.domain1.systemhost.net (10.55.202.30) by EVHUB03-UKBR.domain1.systemhost.net (193.113.108.185) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 29 Mar 2017 17:38:24 +0100
Received: from rew09926dag03b.domain1.systemhost.net (10.55.202.22) by rew09926dag03d.domain1.systemhost.net (10.55.202.30) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 29 Mar 2017 17:38:23 +0100
Received: from rew09926dag03b.domain1.systemhost.net ([fe80::d514:fe50:560c:401e]) by rew09926dag03b.domain1.systemhost.net ([fe80::d514:fe50:560c:401e%12]) with mapi id 15.00.1210.000; Wed, 29 Mar 2017 17:38:23 +0100
From: <philip.eardley@bt.com>
To: <cpaasch@apple.com>, <mohamed.boucadair@orange.com>
CC: <wim.henderickx@nokia.com>, <multipathtcp@ietf.org>
Thread-Topic: [multipathtcp] Two proxy scenario (network proxy off path)
Thread-Index: AQHSqKEzqp6DxGj1TeSb3FIu9At16qGr4yeAgAABG4CAAAEWAIAAB2MAgAAC1oCAABRngA==
Date: Wed, 29 Mar 2017 16:38:23 +0000
Message-ID: <4d63da0dd6594a67b39b8d5d2f252abb@rew09926dag03b.domain1.systemhost.net>
References: <70EAECD3-22A6-420A-B84C-04B0673020DF@nokia.com> <20170329153901.GF2779@dhcp-8507.meeting.ietf.org> <3D71318E-8644-4FB3-8C7F-9DD4E5AFE89B@nokia.com> <20170329154652.GG2779@dhcp-8507.meeting.ietf.org> <787AE7BB302AE849A7480A190F8B933009E4303A@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <20170329162327.GH2779@dhcp-8507.meeting.ietf.org>
In-Reply-To: <20170329162327.GH2779@dhcp-8507.meeting.ietf.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.216.161.27]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/NUaiaP_gbAYInxWiEi5T4YyWJZc>
Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path)
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 16:38:31 -0000

<< The point I am trying to make is that a 0-RTT proxying solution is not something that the MPTCP working-group should be in charge of. There are other places in the IETF that are probably more appropriate for this.>>
If possible the WG can discuss a solution for a while without worrying about this - at least to get to a protocol model that we like. then we (or rather Mirja & IESG) can worry about Whether this needs a re-charter, another wg involved etc

-----Original Message-----
From: cpaasch@apple.com [mailto:cpaasch@apple.com] 
Sent: 29 March 2017 11:23
To: mohamed.boucadair@orange.com
Cc: Henderickx, Wim (Nokia - BE/Antwerp) <wim.henderickx@nokia.com>om>; Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>om>; multipathtcp@ietf.org
Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path)

On 29/03/17 - 16:13:18, mohamed.boucadair@orange.com wrote:
> Christoph,
> 
> If you remove the initial TCP connection, If you remove the 
> authentication negotiation, If you include the payload of the original 
> SYN as part of the NEW SOCKS request
> 
> You are just cloning the MP_CONVERT behavior by overloading SOCKS semantic without providing an extra feature compared to the MP_CONVERT.
> 
> For the particular case of IPv6 when source address/prefix 
> preservation is required, I don't see how this can be supported by 
> SOCKS. Of course, you can modify the SOCKS command to clone MP_CONVERT 
> :)

The point is that we should try to do something that is architecturally clean, without being closely linked to MPTCP.

Just imagine, if you deploy a proxy that enables the use of TCP-BBR, a congestion-control that is much better than what servers/clients currently use. This would also need a 0-RTT proxying solution (even if it is not using MPTCP).


The point I am trying to make is that a 0-RTT proxying solution is not something that the MPTCP working-group should be in charge of. There are other places in the IETF that are probably more appropriate for this.


Christoph

> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : cpaasch@apple.com [mailto:cpaasch@apple.com] Envoyé : mercredi 
> > 29 mars 2017 10:47 À : Henderickx, Wim (Nokia - BE/Antwerp) Cc : 
> > philip.eardley@bt.com; BOUCADAIR Mohamed IMT/OLN; 
> > multipathtcp@ietf.org Objet : Re: [multipathtcp] Two proxy scenario 
> > (network proxy off path)
> > 
> > On 29/03/17 - 15:42:59, Henderickx, Wim (Nokia - BE/Antwerp) wrote:
> > > Christoph, yes but again it something new and less optimal from 
> > > the
> > proposed MP_CONVERT IE in the SYN.
> > 
> > No, that's what I wrote below. It's not less optimal. It's exactly 
> > the same in terms of performance as MP_CONVERT IE in the SYN!
> > 
> > 
> > Christoph
> > 
> > 
> > >
> > > On 29/03/2017, 10:39, "cpaasch@apple.com on behalf of Christoph Paasch"
> > <cpaasch@apple.com> wrote:
> > >
> > >     Hello Wim,
> > >
> > >     inline:
> > >
> > >     On 29/03/17 - 15:29:04, Henderickx, Wim (Nokia - BE/Antwerp) wrote:
> > >     > Phil, you will be a bit more optimal but not a lot as you 
> > > can see
> > or you end up changing the SOCKs protocol. Even if you do this 
> > MP_CONVERT IE will always be the most optimal and hence this is what 
> > we propose for doing this proxy function.
> > >     >
> > >     > On 29/03/2017, 10:12, "multipathtcp on behalf of
> > philip.eardley@bt.com" <multipathtcp-bounces@ietf.org on behalf of 
> > philip.eardley@bt.com> wrote:
> > >     >
> > >     >     By non-chatty, I meant a version that didn't do all the
> > authentication messages. After all, the home gateway and network 
> > proxy can be expected to know about each other already - at least 
> > don't need to do for every new TCP connection from devices behind 
> > home gateway
> > >     >
> > >     >     -----Original Message-----
> > >     >     From: mohamed.boucadair@orange.com
> > [mailto:mohamed.boucadair@orange.com]
> > >     >     Sent: 29 March 2017 06:30
> > >     >     To: Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>om>;
> > multipathtcp@ietf.org
> > >     >     Subject: RE: Two proxy scenario (network proxy off path)
> > >     >
> > >     >     Hi Phil,
> > >     >
> > >     >     Can you please clarify what you mean by a "non-chatty
> > version"? version of what?
> > >     >
> > >     >     You can refer to Section 3 of RFC1928 to have an idea about
> > the number of messages that are required before sending actual 
> > traffic when SOCKSv5 is used.
> > >     >
> > >     >     Below an excerpt of signaling messages observed to create an
> > initial subflow using SOCKSv5:
> > >     >
> > >     >     ==============
> > >     >     (MP Client) ->    TCP SYN    ->  (MCP)
> > >     >                        <- TCP SYN/ACK <-
> > >     >                        ->    TCP ACK    ->
> > >     >                        -> SOCKS Method Request (1)(a) ->
> > >
> > >     you would of course use TFO with SOCKS, so that you gain one RTT.
> > >
> > >     If then in addition to that you remove the authentication part 
> > > of
> > SOCKS, and
> > >     you can even put the payload right after the SOCKS Connection
> > Request inside
> > >     the SYN-payload, then you are effectively also at a 0-RTT connection
> > >     establishment.
> > >
> > >
> > >     Christoph
> > >
> > >
> > >     >                        <-    TCP ACK (b)   <-
> > >     >                         <- SOCKS Method Response (2)(c) <-
> > >     >                         ->   TCP ACK (d)   ->
> > >     >                         -> SOCKS Authentication Request (3)(e) ->
> > >     >                         <-    TCP ACK (f)    <-
> > >     >                         <- SOCKS Auth. Response (4)(g) <-
> > >     >                         ->   TCP ACK (h)   ->
> > >     >                         -> SOCKS Connection Request (5)(i) ->
> > (MCP)
> > >     >                         <-   TCP ACK (j)                   <-
> > (MCP)
> > >     >
> > (MCP)  -> TCP SYN (k) -> (Server)
> > >     >
> > (MCP)  <- SYN/ACK (l) <- (Server)
> > >     >                         <- SOCKS Connection Response (n) (6) <-
> > (MCP) -> TCP ACK (m) -> (Server)
> > >     >                         ->   TCP ACK (o)  ->
> > >     >     =================
> > >     >
> > >     >     I let you compare it with the 0-RTT and 0-extra signaling
> > approach with MP_CONVERT IE.
> > >     >
> > >     >     Cheers,
> > >     >     Med
> > >     >
> > >     >     > -----Message d'origine-----
> > >     >     > De : multipathtcp [mailto:multipathtcp-bounces@ietf.org] De
> > la part de
> > >     >     > philip.eardley@bt.com Envoyé : mardi 28 mars 2017 20:24 À :
> > >     >     > multipathtcp@ietf.org Objet : [multipathtcp] Two proxy
> > scenario
> > >     >     > (network proxy off path)
> > >     >     >
> > >     >     > Hi,
> > >     >     >
> > >     >     > I'm now thinking about the scenario where there are two
> > proxies, one
> > >     >     > in the home gateway or Customer Premises Equipment and one
> > in the
> > >     >     > network, both under the control of the operator. And looking
> > at the 'explicit mode'
> > >     >     > scenario, which - if I get it right - means that the network
> > proxy is
> > >     >     > not on the default path. (It's safe to assume that the home
> > gateway
> > >     >     > proxy is on the default path)
> > >     >     >
> > >     >     > Thinking about the use of SOCKS in this context.
> > >     >     >
> > >     >     > Earlier Olivier said (in the context of the smartphone
> > scenario -
> > >     >     > sorry if your comments don't apply to this scenario and I'm
> > just
> > >     >     > creating
> > >     >     > confusion) that there are different variants of SOCKS that
> > can be
> > >     >     > used, which mainly depend on the number of messages that are
> > used to
> > >     >     > authenticate.
> > >     >     > In the two proxy scenario, it's probably reasonable to
> > assume that the
> > >     >     > home gateway and network proxy are already authenticated. So
> > a
> > >     >     > non-chatty version would be ok.
> > >     >     >
> > >     >     > Is that right?
> > >     >     >
> > >     >     > Thanks
> > >     >     > phil
> > >     >     >
> > >     >     > _______________________________________________
> > >     >     > multipathtcp mailing list
> > >     >     > multipathtcp@ietf.org
> > >     >     > https://www.ietf.org/mailman/listinfo/multipathtcp
> > >     >
> > >     >     _______________________________________________
> > >     >     multipathtcp mailing list
> > >     >     multipathtcp@ietf.org
> > >     >     https://www.ietf.org/mailman/listinfo/multipathtcp
> > >     >
> > >     >
> > >     > _______________________________________________
> > >     > multipathtcp mailing list
> > >     > multipathtcp@ietf.org
> > >     > https://www.ietf.org/mailman/listinfo/multipathtcp
> > >
> > >