IETF Logo Mail Archive

Re: [multipathtcp] comments on draft-amend-mptcp-robe-00

Yoshifumi Nishida <nsd.ietf@gmail.com> Sat, 20 July 2019 10:42 UTC

Return-Path: <nsd.ietf@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90E7812006D for <multipathtcp@ietfa.amsl.com>; Sat, 20 Jul 2019 03:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x_WmycwGiich for <multipathtcp@ietfa.amsl.com>; Sat, 20 Jul 2019 03:42:25 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D13E120043 for <multipathtcp@ietf.org>; Sat, 20 Jul 2019 03:42:25 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id g17so34600950wrr.5 for <multipathtcp@ietf.org>; Sat, 20 Jul 2019 03:42:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1d+o/lP8yCjJxR+d/+H4Vjno9C9CANbJ7yKnQ/ovFkc=; b=eglFPyxib62/AaN02G8gb/LbK3eN09vI6+ARszR0KwMh3OscqhYIfXj6qTB6Du/b24 eu04y4q6H0CUmbp15z5M50y4nYDnXB+7rrIsa0ETwn26LocUKGMmOxuZoD//Tsnc6l27 EuRS6+sQIAhmcLycS1W3MGyBA32g236O+fOUcrkxo9Lt0M3BThzXU0ZB78MHfOTB+HQk 89ZzbFN9kVXUzfdXaJDEaSaYH6W34Mck2gKn0jDMdaKqcwtgVWsATEQnKnktwi9Vi/Wv Nvv+5jmvqTrfne7HIT9fAc9VQitByZtqmdRwq3XTcSgcxoiFIGjXJYfP3Qv38/VoN5O6 q/mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1d+o/lP8yCjJxR+d/+H4Vjno9C9CANbJ7yKnQ/ovFkc=; b=GcErrrrwnCkXGs1cskt55d8F6gfQE285pr83UTmS1lFbH1rSwF7ZVZLAJXLk61FdcE zSvsI2N87j0I90oHuv92EyWsi4tCK6O94fHnhkNReOGf2ur/mDZB4Msg39aBuhocsoCS Tb65TNHcAJL/BnK23nBwGUilBRZzZKD+MprsTeyiEYtZ5HsE8mc5Qf068KlFGV1iPjb2 5NEmaxw2Tz5GHDAfoekOpC+HK3XtQDLEtq5VmjZ+ip2qR84GZccfQp3ZyXtEz24Dk4tr UEM3kMmFVwU2SEg/4Cs0+9ADAxh6jwiB+Pmfjo4FHAlVu/6uFPRcNoaOo6je7v+8AL+0 L7FA==
X-Gm-Message-State: APjAAAUvMlMwBni6fsYgFTvLkw3Esj2zmvOXxQ4YJmi0StvgcOS7zoDV aZuEybbCWNSSGd/74g+rKTQaoDXHpKXkPJ0VHsE=
X-Google-Smtp-Source: APXvYqx0B6dH86ZyHQWL40Q20bdj7A4RrZzHGSXl40ZICMV/MJgTOHZ0IKTt62d1GjWnSHwdQo/lCO9G4/Wm8Anfkcg=
X-Received: by 2002:a05:6000:100f:: with SMTP id a15mr41846805wrx.325.1563619343736; Sat, 20 Jul 2019 03:42:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAAK044S6U05Vh2V5-TQt6Rr=n0t3_Fp9vBoJG0TGK1CjH9cBEg@mail.gmail.com> <FRAPR01MB1170BA28B1E18F71FD61B0ADFACB0@FRAPR01MB1170.DEUPRD01.PROD.OUTLOOK.DE>
In-Reply-To: <FRAPR01MB1170BA28B1E18F71FD61B0ADFACB0@FRAPR01MB1170.DEUPRD01.PROD.OUTLOOK.DE>
From: Yoshifumi Nishida <nsd.ietf@gmail.com>
Date: Sat, 20 Jul 2019 03:42:12 -0700
Message-ID: <CAAK044S+pN-+ajYon2WAjdiArAQWL_ZBkffiLnC+L7-UmDa79w@mail.gmail.com>
To: Markus.Amend@telekom.de
Cc: multipathtcp <multipathtcp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008c24db058e1a7f1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/QWpbyH2VZHC6mKZGEGZTqyQlZwU>
Subject: Re: [multipathtcp] comments on draft-amend-mptcp-robe-00
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2019 10:42:29 -0000

Hi Markus,

Thanks for the response.

On Fri, Jul 19, 2019 at 8:12 AM <Markus.Amend@telekom.de> wrote:

> Hi Yoshi,
>
>
>
> thanks for your comment. To be honest I wrote the draft in a hurry to have
> something available for the upcoming meeting, that is the reason why not
> everything is explained in depth. A revision of the content is planned for
> IETF 106 then, for which I have already collected some potential co-authors
> and reviewers J
>
>
>
> But coming to your questions. RobE in general guarantees session
> establishment if at least one path out of a bunch is functional, without
> knowing which one is functional beforehand.
>
> A simple break-before-make can ensure this by the cost of establishing (a
> lot of) MPTCP-connections which needs to be dropped afterwards and may be
> re-established using a MP_JOIN. In the draft you can find this concept
> referred to as RobE_SIM. Further it is present in Fig. 2 at step
> SA6.1->SB6.1, when sender decides to go for the first established initial
> flow and drop (RST) the other one.
>
>
>
> Another option in Fig. 2 is drawn using MP_JOIN_CAP instead of RST to gain
> immediate use of such a – from a RobE_SIM view useless -  path and join it
> to the initial path. This offers shortest latency to establish e2e
> connection and faster subflow establishment to accelerate transmission
> speed.
>
>
>
> The big benefit of MP_JOIN_CAP are twofold.
>
>
>
> 1.       MP_JOIN_CAP can immediately join an initial flow to another
> initial flow
>
> 2.       MPTCP v1 (RFC6824bis) explicitly requires the final ACK with a
> Key-A of the initial flow 3WHS, which is not the case when using MP_JOIN_CAP
>
>
>
> As I presented the idea of RobE at IETF 99 first in a more rudimentary
> state, the comment from the audience was, that RobE
>
>
>
> - must not require (much) more calculation time inside a MPTCP
> implementation compared to the traditional MP_CAPABLE/MP_JOIN
>
> - must be secure like traditional MPTCP
>
> - must cover MPTCP v0 and v1
>
>
>
> To fulfill this, the HMAC of a MP_JOIN_CAP contains information on the
> selected initial path’s Key A and Key B (which is not the path sending the
> MP_JOIN_CAP) and also a fast hash of Key_B to.
>
> Section 2.3.2 in the draft explains the cases which kind of information
> carried by the MP_JOIN_CAP is needed in which scenario.
>
>
>
> - When everything goes well, the path which returns first a SYN/ACK will
> be selected as initial path on initiator side (Host A, Fig 2). If the
> corresponding last ACK+MP_CAPABLE is received first before the MP_JOIN_CAP
> arrives on receiver side (Host B), than Key-A from the MP_JOIN_CAP can
> identify relationship and authenticate by the HMAC. This effort is
> comparable to MP_JOIN and is true for MPTCP v0 and v1
>
>
>
> - When the MP_JOIN_CAP arrives before the final ACK of the selected
> initial path we have to differentiate between v1 and v0. For v0 the effort
> is like MP_JOIN, because Key-A is known on receiver side already. For v1
> Key-A is not known since it is carried first with the final ACK. For that a
> very little amount of extra calculation has to be executed. It is assumed,
> that the receiver calculates a Key-B__fast_hash and stores this information
> with the not yet established connection. Iterating over this connections
> only (presumably small effort) and compare with Key-B__fast_hash of the
> MP_JOIN_CAP gives on the other hand the huge effect, that even the not yet
> established connection and the flow carrying the MP_JOIN_CAP become
> immediately usable! Fur sure after identifying a flow with the less secure
> fast_hash this is followed by an authentication with the HMAC.
>

Thanks for the clarification. this is helpful. I am thinking we will need
to think about a corner case where there's conflict of Key-B_fast_hash. I
am also wondering if we need to include Key-A for HMAC calculation as
MP_JOIN_CAP already has Key-A.


> If I got your second question right, it raises the issue of MP_JOIN_CAP
> support negotiation?! That will be addressed in a later revision of the
> draft in section 2.4. However a simple solution could be just resetting a
> flow, if the receiver does not support MP_JOIN_CAP, analogous to the error
> handling in RFC6824 section 3.7.
>

Yes, reset will work in some situations.
But, what I was thinking is what will happen when MP_JOIN_CAP has not
reached to Host B for some reasons. (e.g. the ACK has been lost or a
middlebox removed the option)

Thanks,
--
Yoshi

>
>
> *From:* multipathtcp <multipathtcp-bounces@ietf.org> *On Behalf Of *Yoshifumi
> Nishida
> *Sent:* Montag, 15. Juli 2019 10:40
> *To:* multipathtcp <multipathtcp@ietf.org>
> *Subject:* [multipathtcp] comments on draft-amend-mptcp-robe-00
>
>
>
> Hi,
>
> I've read this draft and I personally like the idea in the draft. Thanks
> for an interesting proposal.
>
> Bellows are my comments on the draft.
>
> 1: I'm trying to understand the rationale behinds the format of
> MP_JOIN_CAP, such as the purpose of Key-B_fast_cash and the calculation of
> HMAC_keys. Could you elaborate?
>
> 2: Don't we have a certain ACK mechanism for MP_JOIN_CAP such as ADD_ADDR?
> Otherwise, we cannot confirm that the peer has agreed with sender's
> intention and it can cause errors in the mptcp session.
>
>
>
> Thanks,
>
> --
>
> Yoshi
>

v2.23.0 | Report a Bug | By Email