Re: [multipathtcp] High-level design decisions /architecture
Joe Touch <touch@ISI.EDU> Tue, 03 November 2009 00:24 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: multipathtcp@core3.amsl.com
Delivered-To: multipathtcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEA0628C135 for <multipathtcp@core3.amsl.com>; Mon, 2 Nov 2009 16:24:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.534
X-Spam-Level:
X-Spam-Status: No, score=-2.534 tagged_above=-999 required=5 tests=[AWL=-0.065, BAYES_00=-2.599, SARE_RMML_Stock10=0.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HedZ1usteczS for <multipathtcp@core3.amsl.com>; Mon, 2 Nov 2009 16:24:03 -0800 (PST)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id BE6FA3A67A3 for <multipathtcp@ietf.org>; Mon, 2 Nov 2009 16:24:03 -0800 (PST)
Received: from [75.212.97.118] (118.sub-75-212-97.myvzw.com [75.212.97.118]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id nA30O145013062 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 2 Nov 2009 16:24:04 -0800 (PST)
Message-ID: <4AEF781E.4070009@isi.edu>
Date: Mon, 02 Nov 2009 16:23:58 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: philip.eardley@bt.com
References: <4A916DBC72536E419A0BD955EDECEDEC06363A62@E03MVB1-UKBR.domain1.systemhost.net>
In-Reply-To: <4A916DBC72536E419A0BD955EDECEDEC06363A62@E03MVB1-UKBR.domain1.systemhost.net>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: multipathtcp@ietf.org
Subject: Re: [multipathtcp] High-level design decisions /architecture
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2009 00:24:04 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'll jump in here ;-) philip.eardley@bt.com wrote: ... > Protocol-related > > ============ > > * IPv4 & IPv6 will have the same high-level design > o [Comment: the Charter implies both v4 & v6 are in scope] Definitely. > * The MPTCP connection is identified, from an apps perspective, by > the addresses associated with the original path Yes, IMO. > (even if that > subflow /path closes) Yes, although, as noted, if the IP address goes away altogether, then IMO the connection needs to be terminated. > * A SYN/ACK exchange (on a single path) checks that both ends > support MPTCP, with automatic fall-back to TCP if not Yes, with as few bytes as possible. > * each MPTCP subflow looks exactly like an ordinary, semantically > independent TCP flow. MPTCP effectively runs on top. So > re-transmission, FINs etc are independent on each subflow Don't care. Seems to make sense for middleboxes that track such things, but IMO they shouldn't care either, esp. since the packets could be encrypted. > * control of the MPTCP connection (as opposed to the subflows) is > carried in TCP options, eg DATA FIN for closing an MPTCP connection I disagree. The option stream is neither reliable or ordered, and so it's a bad idea to put state management there. If you want a control channel, open a separate connection IMO. > * the protocol involves an MPTCP stack at both ends of the MPTCP > connection > o [Comment: this is in our charter] Agreed (as per the charter), but seriously this begs the question of what is "TCP" about the result. I don't like the idea of doing this all inside TCP solely as NAT camouflage. > * Either end of the MPTCP connection can add or remove paths to/from > the MPTCP connection > o [Comment / Question: this seemed a bit unclear in the > protocol i-d, but is presumably required?] Depends on when the paths are created. If they are created at SYN time, then it's OK IMO to develop support asymmetrically. If they can be created once open, AFAICT TCP is memoryless w.r.t. who opened the connection, so I can't see why either side would have privileged rights (or could even tell). > * Subflow end point definition > o [Question: Should we allow subflows in a single MPTCP > connection to have different ports?] Seems like you'd have to - or you have to coordinate port use on different addresses at a single endpoint constantly. > Congestion algorithm > > =============== > > * the goals are: [1] MPTCP is at least as good as TCP would be on > the best subflow path; [2] on any path, an MPTCP connection uses > less (or the same) capacity as a TCP connection would do; [3] > MPTCP moves traffic off more congested paths and onto less > congested ones These sound OK, though it might be useful to consider that [1] and [2] are requirements (IMO), where [3] is an optimization goal, and thus OK to break. > * increases in the congestion windows of the subflows are coupled; > for decreases in the congestion windows, each subflow does new > reno independently (ie they are not coupled) I would assume that both increases and decreases are not coupled. If they are, it seems like a subflow could use bandwidth on one path to justify being more aggressive on another, which seems to violate [2] above. > * slow start, fast re-transmit and fast recovery are the same as > RFC5681 Yes. > API > > === > > * no changes to existing apps are needed to use MPTCP; MPTCP uses > the unaltered TCP socket API I would say this in a way that flows into the next idea below better, e.g., "no changes are required to use MPTCP in its simplest mode". > * There is an optional, extended API > o [Question: would both ends need the extended API, with a > fall-back if not?] Seems like one end could want the extended API for explicit control of flows, but the other end doesn't need to care. > o [Comment: presumably the actual features of the extended API > are outside the initial high-level design decisions] > * congestion control state is shared among application-visible > transport instances (eg multiple HTTPs between the same pair of > hosts) IMO (RFC2140, e.g.), yes ;-) > * 3 application profiles are mentioned (Bulk data transport, > Latency-sensitive transport with overflow, Latency-sensitive > transport with hot stand by) > o [Question: how are these supported? Is a negotiation > mechanism needed?] Seems at odds with the claims above for [1],[2],[3]. I.e., bulk transport seems compatible with all three, but latency-sensitive seems like it might not be compatible with any of these. > Security > > ====== > > * exchange a token in the initial SYN for the MPTCP connection, and > include the token when subflows /paths are added to the connection > o [Question: Is the same token used whether the sender or > receiver (of the MPTCP connection) adds the subflow? Is the > same technique used for removing subflows? And closing > connections, ie DATA FIN?] Let's please not call this "security". Call it a flow identifier, but it's trivial for on-path attackers to see, and anything small enough to be appropriate for a SYN is likely to be too small to prevent exhaustion attacks. > * security mechanisms will not interfere with end-to-end > authentication etc Yes. Specifically IMO there ought to be a TCP-AO mode supported - e.g., using socketpair of the original connection for the pseudoheader used for MAC calculation. (i.e., where this mentions "security mechanisms" I think of TCP-AO, not a nonce) > and will be compatible with legacy middleboxes Well, legacy middleboxes do all sorts of nasty things - many of which are more correctly considered attacks - so this can't be a requirement as worded. E.g., some middleboxes remove unknown options. That's clearly going to break things here. Others change packet boundaries (splitting, joining, etc.). Others rewrite all sorts of header fields. IMO, be more specific about what you would like to support (e.g., simple NATs), and make this a goal, not a requirement. > Modularity > > ======== > > · the architecture has 2 components, multipath scheduler & path > manager – meaning that improved /different modules of each can be > slotted in This seems to confuse architecture with implementation. Although they are specified separately, an implementation might conflate the two to the point where it cannot be modularly modified. I don't know what you're going for here, but IMO just state that they're independently *specified*. > o [Comment: it is unclear from the Architecture i-d how the > congestion control & protocol i-ds map to these components; some of the > text (strangely?) appears in a section about implementation] That might be a place where the implementation cannot reasonably separate the two specification issues. > o [Question: what are the mechanisms for evolvability? How is it > negotiated which new module (for congestion control or path manager) to > use?] This seems like an independent question, i.e., how are versions of the protocol identified and established for each connection? > o [Question: this would seem to imply we need to define an > interface between the modules?] Sounds suspiciously like an API - which I think is needed, and is a good idea, but you ought to get buy-in on this, since it's intraprotocol, and could be easily confused with an implementation issue. It'd be important to make sure this is an architecture interface, not an implementation one. > · there is a default path manager module, meaning it is the MUST > fall-back option > > o [Comment: the charter restricts us - the path manager we work > on will distinguish paths by multiple addresses] See above - version issue. Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkrveB4ACgkQE5f5cImnZrvxfACg4p2+t723PQIFk8OPB4l1wVfI fY8AoPENpgkIi56NIWerwlGQT9A4uv4a =4eEh -----END PGP SIGNATURE-----
- [multipathtcp] High-level design decisions /archi… philip.eardley
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Mark Handley
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Lars Eggert
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- [multipathtcp] This shim6 part of the answer (was… marcelo bagnulo braun
- [multipathtcp] The MPTCP part (was Re: High-level… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Mark Handley
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Mark Handley
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… philip.eardley
- Re: [multipathtcp] High-level design decisions /a… Lars Eggert
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch