Re: [multipathtcp] towards a potential work item on two-ended proxy

<> Thu, 04 August 2016 12:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 22A6D12DDFA for <>; Thu, 4 Aug 2016 05:03:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.506
X-Spam-Status: No, score=-5.506 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RsOHtWsmj8BU for <>; Thu, 4 Aug 2016 05:03:20 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9A05612DDFC for <>; Thu, 4 Aug 2016 05:01:28 -0700 (PDT)
Received: by; Thu, 4 Aug 2016 14:00:58 +0200
From: <>
To: <>, <>, <>
Thread-Topic: [multipathtcp] towards a potential work item on two-ended proxy
Date: Thu, 4 Aug 2016 12:00:56 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <787AE7BB302AE849A7480A190F8B933008DFEBF8@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B933008DFEBF8@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Accept-Language: de-CH, en-US
Content-Language: de-DE
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_7E3E9E2073E441E7B80BA4FA9C8A747Eswisscomcom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [multipathtcp] towards a potential work item on two-ended proxy
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Aug 2016 12:03:24 -0000

Thanks Med for the nice summary of requirements and the problems we have with a SOCKS+MPTCP combination. And yes we looked into many different ways of doing this, and so far MPTCP covers the largest set of requiremnts, except the problems you mentioned, therefore we are looking forward for a fix of those.


Von: multipathtcp <> im Auftrag von "" <>
Datum: Donnerstag, 4. August 2016 um 08:22
An: Tommy Pauly <>, "Henderickx, Wim (Nokia - BE)" <>
Cc: "" <>
Betreff: Re: [multipathtcp] towards a potential work item on two-ended proxy

Dear Tommy,

The problem we have is how to glue multiple TCP connections established among multiple access networks while avoiding making any assumptions about the capabilities of end-users terminals and remote servers: This is a ** multipath TCP ** problem that we called “Network-assisted MPTCP”.

In addition to that problem, we have additional requirements such as:

·         Avoid extra delay to establish TCP sessions among multiple access networks compared to legacy TCP connections.

·         Optimize the load on the network-assisted Proxy (avoid chatty protocols, in particular)

·         Avoid interfering with native MPTCP connections.

·         Have one solution for both IPv4 and IPv6 + Do not make any assumption about the addressing scheme of available network attachment

·         …

Our MPTCP solution to this MPTCP problem is to define a dedicated MPTCP option.

We have investigated various tracks but we believe the MPTCP option is the right MPTCP solution to our MPTCP problem, e.g.,

·         One can optimize SOCKS to reduce the amount of exchanges, but still this out-of-band signaling and at least one RTT will be required to create a new MPTCP connection.

·         One can define an IP option to carry the information we have in the plain-mode but as you know “IP Options are not an option”!

·         One can define an IPv6 Extension Header but this extension imposes certain addressing schemes on access networks. This is not a starting point.

·         One can define an SDP extension but this is specific to that application:

FWIW, the charter of the MPTCP WG already cites the proxy work.


De : multipathtcp [] De la part de Tommy Pauly
Envoyé : jeudi 4 août 2016 02:10
À : Henderickx, Wim (Nokia - BE)
Cc :
Objet : Re: [multipathtcp] towards a potential work item on two-ended proxy

On Aug 3, 2016, at 11:58 AM, Henderickx, Wim (Nokia - BE) <<>> wrote:

Alan, in-line

From: Alan Ford <<>>
Date: Wednesday 3 August 2016 at 09:20
To: Wim Henderickx <<>>
Cc: Rao Shoaib <<>>, "<>" <<>>
Subject: Re: [multipathtcp] towards a potential work item on two-ended proxy

Hi Wim, all,

Comment inline...

On 2 Aug 2016, at 20:11, Henderickx, Wim (Nokia - BE) <<>> wrote:
On 02/08/16 15:52, "Alan Ford" <<>> wrote:

I’m trying to distinguish the various use cases; can we confirm this is correct?

Transparent Mode
- Source address = real source address
WH> not always since NAT can be in the path

- Destination address = real destination address
- Transparent proxies create MPTCP functionality in the stream, adding and removing the MPTCP headers, mapping seq numa, etc
- Latest proposal is to add an indicator to say “this is proxied” so that a proxy can intercept it
WH> indeed or not intercept it based on the indication

Plain Mode
- Source address = real source
WH> could also be NATed in some use cases

- Destination address = proxy destination address
- Signalling protocol inside indicates real destination address
WH> or SRC address

So - please correct me if this is wrong - but the main difference is that Plain Mode is targeted towards a proxy server whereas the transparent mode does not change src/dst addresses?
WH> the main difference is mainly DST IP is changed to get explicit routing to the proxy versus being implicit in the transparent case

OK, so my understanding appears correct here.
WH> yes

The issue I see with a generic proxy bit is that it does not contain any context about what kind of proxy is being intercepted. You could be sending in good faith expecting it to be picked up by Proxy from Operator A, but in fact is picked up by Operator B.
WH> the network assisted proxy is mainly targeting single operator/controlled operator use cases to avoid these issues.

As I’ve said before, the plain mode option is not MPTCP-specific and is simple a signal that says “everything that follows is actually targeted for IP address a.b.c.d” - this is entirely transport-agnostic. If the HAG could know where to find a proxy (e.g. a well-known anycast address) then addresses could be rewritten and packets forwarded, with no need for any MPTCP protocol changes.
WH> you would still need to know the original destination IP@ that the application wanted to go to.

Which is the point of the signalling protocol - the proposed “plain mode option” which is actually carried in the payload. My issue with this is that this is _not MPTCP-specific_. This is simply a signal above the transport layer to inform a proxy what the real destination is.

WH> I hear, you and I understand but we have an explicit use case for this with MPTCP and so far not in any other protocol. Hence I think it is good to extend MPTCP with this capability and liase with other WG(s) about this.

While you may have a use-case for having proxies work with your MPTCP solution, it does not directly follow that the MPTCP protocol or WG is the best place to specify how the proxy works. This really does seem like a proxy solution that can be made more generic, and at the very least belongs as a protocol that is run within the MPTCP stream. This is what the SOCKS protocol does, and there is no reason you can't run SOCKS over MPTCP, or create a new variant of SOCKS or a similar protocol that you will run on top of MPTCP for your solution. Indeed, it could be seen as a benefit to work on the proxying solution independently from MPTCP, since that way it can be used for other transports. The end result will be the same, and the architecture will be cleaner.

Tommy Pauly


multipathtcp mailing list<>