Re: [multipathtcp] Consensus call on potential MPTCP proxy work

Joe Touch <touch@isi.edu> Mon, 24 April 2017 15:24 UTC

Return-Path: <touch@isi.edu>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A62131692 for <multipathtcp@ietfa.amsl.com>; Mon, 24 Apr 2017 08:24:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HI-wURWSZnvV for <multipathtcp@ietfa.amsl.com>; Mon, 24 Apr 2017 08:24:25 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4F6A131674 for <multipathtcp@ietf.org>; Mon, 24 Apr 2017 08:24:19 -0700 (PDT)
Received: from [192.168.1.189] (cpe-172-250-240-132.socal.res.rr.com [172.250.240.132]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id v3OFNVBD007370 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 24 Apr 2017 08:23:41 -0700 (PDT)
To: mohamed.boucadair@orange.com
Cc: "philip.eardley@bt.com" <philip.eardley@bt.com>, "multipathtcp@ietf.org" <multipathtcp@ietf.org>
References: <8c5ffa879686472594bfd3db2fa06076@rew09926dag03b.domain1.systemhost.net> <99affa00-5118-1a0f-227a-b3f4b751ffd4@isi.edu> <787AE7BB302AE849A7480A190F8B933009E4FBB2@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <11026acd-8f91-ff42-299d-b646c19c953e@isi.edu> <787AE7BB302AE849A7480A190F8B933009E503BE@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <d53d6f13-f412-c42f-53a6-04637c7fef9b@isi.edu> <787AE7BB302AE849A7480A190F8B933009E50F91@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <5df14875-b0ec-1052-d3e9-bb7936d4429a@isi.edu> <787AE7BB302AE849A7480A190F8B933009E51CDF@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <9a803d8c-0c2a-9b5c-cd2a-fb4ce23ea3bd@isi.edu> <787AE7BB302AE849A7480A190F8B933009E52977@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <78A398AB-57BC-4CB2-BEE6-46704FA6E849@isi.edu> <787AE7BB302AE849A7480A190F8B933009E52E56@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
From: Joe Touch <touch@isi.edu>
Message-ID: <e96adf18-f116-f424-9067-74b38ced6eee@isi.edu>
Date: Mon, 24 Apr 2017 08:23:30 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1
MIME-Version: 1.0
In-Reply-To: <787AE7BB302AE849A7480A190F8B933009E52E56@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/O7R0G8MH4Xios5UABuaqVDqf2Ec>
Subject: Re: [multipathtcp] Consensus call on potential MPTCP proxy work
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 15:24:27 -0000


On 4/24/2017 8:03 AM, mohamed.boucadair@orange.com wrote:
> Re-,
>
> Do you consider a NAT implementation as part of your first category or the second one?
A NAT is part of the second one. You'll notice that there are no
IETF-endorsed NAT solutions - only protocols to talk directly to NATs or
methods to overcome what NATs do.

> BTW, the mptcp proxy documents do only describe the external behavior. No implementation-specific assumptions/details are included. 
When you require the MPTCP SYN to be issued before the SYN-ACK is sent
to the originating client, that is specifying split-TCP behavior that
the IETF has never endorsed.

The same is true when you try to reinvent ways to interpret SYN data
before the MPTCP 3WHS completes - reinventing TFO without TFO's protections.

Joe

>
> Cheers,
> Med
>
>> -----Message d'origine-----
>> De : Joe Touch [mailto:touch@isi.edu]
>> Envoyé : lundi 24 avril 2017 16:49
>> À : BOUCADAIR Mohamed IMT/OLN
>> Cc : philip.eardley@bt.com; multipathtcp@ietf.org
>> Objet : Re: [multipathtcp] Consensus call on potential MPTCP proxy work
>>
>> Med,
>>
>> A proxy can operate at the conventional socket layer and would not have or
>> need direct access to SYN segments. Any information needed to reconstitute
>> the SYN at the upstream proxy could be retrieved in other ways.
>>
>> You're pushing a split-TCP solution, one that (again, I repeat) the IETF
>> has never sanctioned and I do not agree with.
>>
>> Joe
>>
>>> On Apr 24, 2017, at 1:23 AM, <mohamed.boucadair@orange.com>;
>> <mohamed.boucadair@orange.com>; wrote:
>>> Joe,
>>>
>>> Transforming a TCP connection into MPTCP connection will obviously need
>> to access to SYNs to insert MPTCP options.
>>> This is the basic behavior of ** any ** MPTCP proxy.
>>>
>>> Cheers,
>>> Med
>>>
>>>> -----Message d'origine-----
>>>> De : Joe Touch [mailto:touch@isi.edu]
>>>> Envoyé : vendredi 21 avril 2017 18:04
>>>> À : BOUCADAIR Mohamed IMT/OLN; philip.eardley@bt.com;
>>>> multipathtcp@ietf.org
>>>> Objet : Re: [multipathtcp] Consensus call on potential MPTCP proxy work
>>>>
>>>> Med,
>>>>
>>>> I've made my position clear too.
>>>>
>>>> I do not support this doc as MPTCP work.
>>>>
>>>> I also call into question whether this is in-scope for MPTCP. MPTCP is
>>>> chartered to work within MPTCP - but this solution requires access to
>>>> raw incoming SYNs inside a different TCP connection, which is no longer
>>>> in-scope IMO.
>>>>
>>>> Joe
>>>>