Re: [multipathtcp] Two proxy scenario (network proxy off path)
<philip.eardley@bt.com> Wed, 29 March 2017 16:38 UTC
Return-Path: <philip.eardley@bt.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02E191294CD for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 09:38:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVv2YVkXSF4E for <multipathtcp@ietfa.amsl.com>; Wed, 29 Mar 2017 09:38:28 -0700 (PDT)
Received: from smtpb1.bt.com (smtpb1.bt.com [62.7.242.138]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EF8E12948F for <multipathtcp@ietf.org>; Wed, 29 Mar 2017 09:38:26 -0700 (PDT)
Received: from EVHUB03-UKBR.domain1.systemhost.net (193.113.108.185) by EVMED04-UKBR.bt.com (10.216.161.34) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 29 Mar 2017 17:38:23 +0100
Received: from rew09926dag03d.domain1.systemhost.net (10.55.202.30) by EVHUB03-UKBR.domain1.systemhost.net (193.113.108.185) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 29 Mar 2017 17:38:24 +0100
Received: from rew09926dag03b.domain1.systemhost.net (10.55.202.22) by rew09926dag03d.domain1.systemhost.net (10.55.202.30) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 29 Mar 2017 17:38:23 +0100
Received: from rew09926dag03b.domain1.systemhost.net ([fe80::d514:fe50:560c:401e]) by rew09926dag03b.domain1.systemhost.net ([fe80::d514:fe50:560c:401e%12]) with mapi id 15.00.1210.000; Wed, 29 Mar 2017 17:38:23 +0100
From: philip.eardley@bt.com
To: cpaasch@apple.com, mohamed.boucadair@orange.com
CC: wim.henderickx@nokia.com, multipathtcp@ietf.org
Thread-Topic: [multipathtcp] Two proxy scenario (network proxy off path)
Thread-Index: AQHSqKEzqp6DxGj1TeSb3FIu9At16qGr4yeAgAABG4CAAAEWAIAAB2MAgAAC1oCAABRngA==
Date: Wed, 29 Mar 2017 16:38:23 +0000
Message-ID: <4d63da0dd6594a67b39b8d5d2f252abb@rew09926dag03b.domain1.systemhost.net>
References: <70EAECD3-22A6-420A-B84C-04B0673020DF@nokia.com> <20170329153901.GF2779@dhcp-8507.meeting.ietf.org> <3D71318E-8644-4FB3-8C7F-9DD4E5AFE89B@nokia.com> <20170329154652.GG2779@dhcp-8507.meeting.ietf.org> <787AE7BB302AE849A7480A190F8B933009E4303A@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <20170329162327.GH2779@dhcp-8507.meeting.ietf.org>
In-Reply-To: <20170329162327.GH2779@dhcp-8507.meeting.ietf.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.216.161.27]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/NUaiaP_gbAYInxWiEi5T4YyWJZc>
Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path)
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 16:38:31 -0000
<< The point I am trying to make is that a 0-RTT proxying solution is not something that the MPTCP working-group should be in charge of. There are other places in the IETF that are probably more appropriate for this.>> If possible the WG can discuss a solution for a while without worrying about this - at least to get to a protocol model that we like. then we (or rather Mirja & IESG) can worry about Whether this needs a re-charter, another wg involved etc -----Original Message----- From: cpaasch@apple.com [mailto:cpaasch@apple.com] Sent: 29 March 2017 11:23 To: mohamed.boucadair@orange.com Cc: Henderickx, Wim (Nokia - BE/Antwerp) <wim.henderickx@nokia.com>; Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>; multipathtcp@ietf.org Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path) On 29/03/17 - 16:13:18, mohamed.boucadair@orange.com wrote: > Christoph, > > If you remove the initial TCP connection, If you remove the > authentication negotiation, If you include the payload of the original > SYN as part of the NEW SOCKS request > > You are just cloning the MP_CONVERT behavior by overloading SOCKS semantic without providing an extra feature compared to the MP_CONVERT. > > For the particular case of IPv6 when source address/prefix > preservation is required, I don't see how this can be supported by > SOCKS. Of course, you can modify the SOCKS command to clone MP_CONVERT > :) The point is that we should try to do something that is architecturally clean, without being closely linked to MPTCP. Just imagine, if you deploy a proxy that enables the use of TCP-BBR, a congestion-control that is much better than what servers/clients currently use. This would also need a 0-RTT proxying solution (even if it is not using MPTCP). The point I am trying to make is that a 0-RTT proxying solution is not something that the MPTCP working-group should be in charge of. There are other places in the IETF that are probably more appropriate for this. Christoph > > Cheers, > Med > > > -----Message d'origine----- > > De : cpaasch@apple.com [mailto:cpaasch@apple.com] Envoyé : mercredi > > 29 mars 2017 10:47 À : Henderickx, Wim (Nokia - BE/Antwerp) Cc : > > philip.eardley@bt.com; BOUCADAIR Mohamed IMT/OLN; > > multipathtcp@ietf.org Objet : Re: [multipathtcp] Two proxy scenario > > (network proxy off path) > > > > On 29/03/17 - 15:42:59, Henderickx, Wim (Nokia - BE/Antwerp) wrote: > > > Christoph, yes but again it something new and less optimal from > > > the > > proposed MP_CONVERT IE in the SYN. > > > > No, that's what I wrote below. It's not less optimal. It's exactly > > the same in terms of performance as MP_CONVERT IE in the SYN! > > > > > > Christoph > > > > > > > > > > On 29/03/2017, 10:39, "cpaasch@apple.com on behalf of Christoph Paasch" > > <cpaasch@apple.com> wrote: > > > > > > Hello Wim, > > > > > > inline: > > > > > > On 29/03/17 - 15:29:04, Henderickx, Wim (Nokia - BE/Antwerp) wrote: > > > > Phil, you will be a bit more optimal but not a lot as you > > > can see > > or you end up changing the SOCKs protocol. Even if you do this > > MP_CONVERT IE will always be the most optimal and hence this is what > > we propose for doing this proxy function. > > > > > > > > On 29/03/2017, 10:12, "multipathtcp on behalf of > > philip.eardley@bt.com" <multipathtcp-bounces@ietf.org on behalf of > > philip.eardley@bt.com> wrote: > > > > > > > > By non-chatty, I meant a version that didn't do all the > > authentication messages. After all, the home gateway and network > > proxy can be expected to know about each other already - at least > > don't need to do for every new TCP connection from devices behind > > home gateway > > > > > > > > -----Original Message----- > > > > From: mohamed.boucadair@orange.com > > [mailto:mohamed.boucadair@orange.com] > > > > Sent: 29 March 2017 06:30 > > > > To: Eardley,PL,Philip,TUB8 R <philip.eardley@bt.com>; > > multipathtcp@ietf.org > > > > Subject: RE: Two proxy scenario (network proxy off path) > > > > > > > > Hi Phil, > > > > > > > > Can you please clarify what you mean by a "non-chatty > > version"? version of what? > > > > > > > > You can refer to Section 3 of RFC1928 to have an idea about > > the number of messages that are required before sending actual > > traffic when SOCKSv5 is used. > > > > > > > > Below an excerpt of signaling messages observed to create an > > initial subflow using SOCKSv5: > > > > > > > > ============== > > > > (MP Client) -> TCP SYN -> (MCP) > > > > <- TCP SYN/ACK <- > > > > -> TCP ACK -> > > > > -> SOCKS Method Request (1)(a) -> > > > > > > you would of course use TFO with SOCKS, so that you gain one RTT. > > > > > > If then in addition to that you remove the authentication part > > > of > > SOCKS, and > > > you can even put the payload right after the SOCKS Connection > > Request inside > > > the SYN-payload, then you are effectively also at a 0-RTT connection > > > establishment. > > > > > > > > > Christoph > > > > > > > > > > <- TCP ACK (b) <- > > > > <- SOCKS Method Response (2)(c) <- > > > > -> TCP ACK (d) -> > > > > -> SOCKS Authentication Request (3)(e) -> > > > > <- TCP ACK (f) <- > > > > <- SOCKS Auth. Response (4)(g) <- > > > > -> TCP ACK (h) -> > > > > -> SOCKS Connection Request (5)(i) -> > > (MCP) > > > > <- TCP ACK (j) <- > > (MCP) > > > > > > (MCP) -> TCP SYN (k) -> (Server) > > > > > > (MCP) <- SYN/ACK (l) <- (Server) > > > > <- SOCKS Connection Response (n) (6) <- > > (MCP) -> TCP ACK (m) -> (Server) > > > > -> TCP ACK (o) -> > > > > ================= > > > > > > > > I let you compare it with the 0-RTT and 0-extra signaling > > approach with MP_CONVERT IE. > > > > > > > > Cheers, > > > > Med > > > > > > > > > -----Message d'origine----- > > > > > De : multipathtcp [mailto:multipathtcp-bounces@ietf.org] De > > la part de > > > > > philip.eardley@bt.com Envoyé : mardi 28 mars 2017 20:24 À : > > > > > multipathtcp@ietf.org Objet : [multipathtcp] Two proxy > > scenario > > > > > (network proxy off path) > > > > > > > > > > Hi, > > > > > > > > > > I'm now thinking about the scenario where there are two > > proxies, one > > > > > in the home gateway or Customer Premises Equipment and one > > in the > > > > > network, both under the control of the operator. And looking > > at the 'explicit mode' > > > > > scenario, which - if I get it right - means that the network > > proxy is > > > > > not on the default path. (It's safe to assume that the home > > gateway > > > > > proxy is on the default path) > > > > > > > > > > Thinking about the use of SOCKS in this context. > > > > > > > > > > Earlier Olivier said (in the context of the smartphone > > scenario - > > > > > sorry if your comments don't apply to this scenario and I'm > > just > > > > > creating > > > > > confusion) that there are different variants of SOCKS that > > can be > > > > > used, which mainly depend on the number of messages that are > > used to > > > > > authenticate. > > > > > In the two proxy scenario, it's probably reasonable to > > assume that the > > > > > home gateway and network proxy are already authenticated. So > > a > > > > > non-chatty version would be ok. > > > > > > > > > > Is that right? > > > > > > > > > > Thanks > > > > > phil > > > > > > > > > > _______________________________________________ > > > > > multipathtcp mailing list > > > > > multipathtcp@ietf.org > > > > > https://www.ietf.org/mailman/listinfo/multipathtcp > > > > > > > > _______________________________________________ > > > > multipathtcp mailing list > > > > multipathtcp@ietf.org > > > > https://www.ietf.org/mailman/listinfo/multipathtcp > > > > > > > > > > > > _______________________________________________ > > > > multipathtcp mailing list > > > > multipathtcp@ietf.org > > > > https://www.ietf.org/mailman/listinfo/multipathtcp > > > > > >
- [multipathtcp] Two proxy scenario (network proxy … philip.eardley
- Re: [multipathtcp] Two proxy scenario (network pr… mohamed.boucadair
- Re: [multipathtcp] Two proxy scenario (network pr… philip.eardley
- Re: [multipathtcp] Two proxy scenario (network pr… Henderickx, Wim (Nokia - BE/Antwerp)
- Re: [multipathtcp] Two proxy scenario (network pr… mohamed.boucadair
- Re: [multipathtcp] Two proxy scenario (network pr… Christoph Paasch
- Re: [multipathtcp] Two proxy scenario (network pr… Henderickx, Wim (Nokia - BE/Antwerp)
- Re: [multipathtcp] Two proxy scenario (network pr… Christoph Paasch
- Re: [multipathtcp] Two proxy scenario (network pr… Henderickx, Wim (Nokia - BE/Antwerp)
- Re: [multipathtcp] Two proxy scenario (network pr… mohamed.boucadair
- Re: [multipathtcp] Two proxy scenario (network pr… cpaasch@apple.com
- Re: [multipathtcp] Two proxy scenario (network pr… mohamed.boucadair
- Re: [multipathtcp] Two proxy scenario (network pr… philip.eardley
- Re: [multipathtcp] Two proxy scenario (network pr… Olivier Bonaventure
- Re: [multipathtcp] Two proxy scenario (network pr… Henderickx, Wim (Nokia - BE/Antwerp)