Re: [multipathtcp] comments on draft-amend-mptcp-robe-00
Yoshifumi Nishida <nsd.ietf@gmail.com> Sat, 20 July 2019 10:42 UTC
Return-Path: <nsd.ietf@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90E7812006D for <multipathtcp@ietfa.amsl.com>; Sat, 20 Jul 2019 03:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x_WmycwGiich for <multipathtcp@ietfa.amsl.com>; Sat, 20 Jul 2019 03:42:25 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D13E120043 for <multipathtcp@ietf.org>; Sat, 20 Jul 2019 03:42:25 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id g17so34600950wrr.5 for <multipathtcp@ietf.org>; Sat, 20 Jul 2019 03:42:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1d+o/lP8yCjJxR+d/+H4Vjno9C9CANbJ7yKnQ/ovFkc=; b=eglFPyxib62/AaN02G8gb/LbK3eN09vI6+ARszR0KwMh3OscqhYIfXj6qTB6Du/b24 eu04y4q6H0CUmbp15z5M50y4nYDnXB+7rrIsa0ETwn26LocUKGMmOxuZoD//Tsnc6l27 EuRS6+sQIAhmcLycS1W3MGyBA32g236O+fOUcrkxo9Lt0M3BThzXU0ZB78MHfOTB+HQk 89ZzbFN9kVXUzfdXaJDEaSaYH6W34Mck2gKn0jDMdaKqcwtgVWsATEQnKnktwi9Vi/Wv Nvv+5jmvqTrfne7HIT9fAc9VQitByZtqmdRwq3XTcSgcxoiFIGjXJYfP3Qv38/VoN5O6 q/mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1d+o/lP8yCjJxR+d/+H4Vjno9C9CANbJ7yKnQ/ovFkc=; b=GcErrrrwnCkXGs1cskt55d8F6gfQE285pr83UTmS1lFbH1rSwF7ZVZLAJXLk61FdcE zSvsI2N87j0I90oHuv92EyWsi4tCK6O94fHnhkNReOGf2ur/mDZB4Msg39aBuhocsoCS Tb65TNHcAJL/BnK23nBwGUilBRZzZKD+MprsTeyiEYtZ5HsE8mc5Qf068KlFGV1iPjb2 5NEmaxw2Tz5GHDAfoekOpC+HK3XtQDLEtq5VmjZ+ip2qR84GZccfQp3ZyXtEz24Dk4tr UEM3kMmFVwU2SEg/4Cs0+9ADAxh6jwiB+Pmfjo4FHAlVu/6uFPRcNoaOo6je7v+8AL+0 L7FA==
X-Gm-Message-State: APjAAAUvMlMwBni6fsYgFTvLkw3Esj2zmvOXxQ4YJmi0StvgcOS7zoDV aZuEybbCWNSSGd/74g+rKTQaoDXHpKXkPJ0VHsE=
X-Google-Smtp-Source: APXvYqx0B6dH86ZyHQWL40Q20bdj7A4RrZzHGSXl40ZICMV/MJgTOHZ0IKTt62d1GjWnSHwdQo/lCO9G4/Wm8Anfkcg=
X-Received: by 2002:a05:6000:100f:: with SMTP id a15mr41846805wrx.325.1563619343736; Sat, 20 Jul 2019 03:42:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAAK044S6U05Vh2V5-TQt6Rr=n0t3_Fp9vBoJG0TGK1CjH9cBEg@mail.gmail.com> <FRAPR01MB1170BA28B1E18F71FD61B0ADFACB0@FRAPR01MB1170.DEUPRD01.PROD.OUTLOOK.DE>
In-Reply-To: <FRAPR01MB1170BA28B1E18F71FD61B0ADFACB0@FRAPR01MB1170.DEUPRD01.PROD.OUTLOOK.DE>
From: Yoshifumi Nishida <nsd.ietf@gmail.com>
Date: Sat, 20 Jul 2019 03:42:12 -0700
Message-ID: <CAAK044S+pN-+ajYon2WAjdiArAQWL_ZBkffiLnC+L7-UmDa79w@mail.gmail.com>
To: Markus.Amend@telekom.de
Cc: multipathtcp <multipathtcp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c24db058e1a7f1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/QWpbyH2VZHC6mKZGEGZTqyQlZwU>
Subject: Re: [multipathtcp] comments on draft-amend-mptcp-robe-00
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2019 10:42:29 -0000
Hi Markus, Thanks for the response. On Fri, Jul 19, 2019 at 8:12 AM <Markus.Amend@telekom.de> wrote: > Hi Yoshi, > > > > thanks for your comment. To be honest I wrote the draft in a hurry to have > something available for the upcoming meeting, that is the reason why not > everything is explained in depth. A revision of the content is planned for > IETF 106 then, for which I have already collected some potential co-authors > and reviewers J > > > > But coming to your questions. RobE in general guarantees session > establishment if at least one path out of a bunch is functional, without > knowing which one is functional beforehand. > > A simple break-before-make can ensure this by the cost of establishing (a > lot of) MPTCP-connections which needs to be dropped afterwards and may be > re-established using a MP_JOIN. In the draft you can find this concept > referred to as RobE_SIM. Further it is present in Fig. 2 at step > SA6.1->SB6.1, when sender decides to go for the first established initial > flow and drop (RST) the other one. > > > > Another option in Fig. 2 is drawn using MP_JOIN_CAP instead of RST to gain > immediate use of such a – from a RobE_SIM view useless - path and join it > to the initial path. This offers shortest latency to establish e2e > connection and faster subflow establishment to accelerate transmission > speed. > > > > The big benefit of MP_JOIN_CAP are twofold. > > > > 1. MP_JOIN_CAP can immediately join an initial flow to another > initial flow > > 2. MPTCP v1 (RFC6824bis) explicitly requires the final ACK with a > Key-A of the initial flow 3WHS, which is not the case when using MP_JOIN_CAP > > > > As I presented the idea of RobE at IETF 99 first in a more rudimentary > state, the comment from the audience was, that RobE > > > > - must not require (much) more calculation time inside a MPTCP > implementation compared to the traditional MP_CAPABLE/MP_JOIN > > - must be secure like traditional MPTCP > > - must cover MPTCP v0 and v1 > > > > To fulfill this, the HMAC of a MP_JOIN_CAP contains information on the > selected initial path’s Key A and Key B (which is not the path sending the > MP_JOIN_CAP) and also a fast hash of Key_B to. > > Section 2.3.2 in the draft explains the cases which kind of information > carried by the MP_JOIN_CAP is needed in which scenario. > > > > - When everything goes well, the path which returns first a SYN/ACK will > be selected as initial path on initiator side (Host A, Fig 2). If the > corresponding last ACK+MP_CAPABLE is received first before the MP_JOIN_CAP > arrives on receiver side (Host B), than Key-A from the MP_JOIN_CAP can > identify relationship and authenticate by the HMAC. This effort is > comparable to MP_JOIN and is true for MPTCP v0 and v1 > > > > - When the MP_JOIN_CAP arrives before the final ACK of the selected > initial path we have to differentiate between v1 and v0. For v0 the effort > is like MP_JOIN, because Key-A is known on receiver side already. For v1 > Key-A is not known since it is carried first with the final ACK. For that a > very little amount of extra calculation has to be executed. It is assumed, > that the receiver calculates a Key-B__fast_hash and stores this information > with the not yet established connection. Iterating over this connections > only (presumably small effort) and compare with Key-B__fast_hash of the > MP_JOIN_CAP gives on the other hand the huge effect, that even the not yet > established connection and the flow carrying the MP_JOIN_CAP become > immediately usable! Fur sure after identifying a flow with the less secure > fast_hash this is followed by an authentication with the HMAC. > Thanks for the clarification. this is helpful. I am thinking we will need to think about a corner case where there's conflict of Key-B_fast_hash. I am also wondering if we need to include Key-A for HMAC calculation as MP_JOIN_CAP already has Key-A. > If I got your second question right, it raises the issue of MP_JOIN_CAP > support negotiation?! That will be addressed in a later revision of the > draft in section 2.4. However a simple solution could be just resetting a > flow, if the receiver does not support MP_JOIN_CAP, analogous to the error > handling in RFC6824 section 3.7. > Yes, reset will work in some situations. But, what I was thinking is what will happen when MP_JOIN_CAP has not reached to Host B for some reasons. (e.g. the ACK has been lost or a middlebox removed the option) Thanks, -- Yoshi > > > *From:* multipathtcp <multipathtcp-bounces@ietf.org> *On Behalf Of *Yoshifumi > Nishida > *Sent:* Montag, 15. Juli 2019 10:40 > *To:* multipathtcp <multipathtcp@ietf.org> > *Subject:* [multipathtcp] comments on draft-amend-mptcp-robe-00 > > > > Hi, > > I've read this draft and I personally like the idea in the draft. Thanks > for an interesting proposal. > > Bellows are my comments on the draft. > > 1: I'm trying to understand the rationale behinds the format of > MP_JOIN_CAP, such as the purpose of Key-B_fast_cash and the calculation of > HMAC_keys. Could you elaborate? > > 2: Don't we have a certain ACK mechanism for MP_JOIN_CAP such as ADD_ADDR? > Otherwise, we cannot confirm that the peer has agreed with sender's > intention and it can cause errors in the mptcp session. > > > > Thanks, > > -- > > Yoshi >
- [multipathtcp] comments on draft-amend-mptcp-robe… Yoshifumi Nishida
- Re: [multipathtcp] comments on draft-amend-mptcp-… Markus.Amend
- Re: [multipathtcp] comments on draft-amend-mptcp-… Yoshifumi Nishida
- Re: [multipathtcp] comments on draft-amend-mptcp-… Markus.Amend