Re: [multipathtcp] potential MPTCP proxy charter item

Olivier Bonaventure <> Sun, 06 November 2016 21:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 925D1129855 for <>; Sun, 6 Nov 2016 13:12:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gQStRoWjuOAZ for <>; Sun, 6 Nov 2016 13:12:15 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 52D60129851 for <>; Sun, 6 Nov 2016 13:12:15 -0800 (PST)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id AE63767DB83; Sun, 6 Nov 2016 22:12:05 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.9.2 AE63767DB83
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=selucl; t=1478466726; bh=vnEVqXCkXmuDD7jo/rdqF13yID1Ehu8XFNnmw55NkNA=; h=Reply-To:Subject:References:To:Cc:From:Date:In-Reply-To; b=iuBR0yHC53Eubeacd2Zzwz/HDrWe6bxGts9wUCmD4c4nMHw7uP172+WkXQbOFGBG3 5RcJoztbgYX36YTw1uX8ALbTLHLPol9AAIiY5r4YLHgEBJmEAW9yKzQyGu8MoH1PrW VLtDDap2hKRnRXYP7lr3skGeTQ5IUJ3h6hebRXuw=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99 at smtp-2
References: <> <> <> <787AE7BB302AE849A7480A190F8B933009D9577B@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <22907_1476946228_58086934_22907_5464_1_a7bca8d2-7656-4ff0-9f01-cf307f017148@OPEXCLILM42.corporate.adroot.infra.ftgroup> <> <> <b8bfd5c6-21eb-4c4f-879a-851c3a71792a@OPEXCLILM31.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B933009D9CA84@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B933009DAAA88@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <> <>
To: Mirja Kühlewind <>, Mohamed Boucadair <>, Alan Ford <>
From: Olivier Bonaventure <>
Message-ID: <>
Date: Sun, 06 Nov 2016 22:12:05 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: AE63767DB83.A603B
X-SGSI-MailScanner: Found to be clean
X-SGSI-Spam-Status: No
Archived-At: <>
Cc: "" <>
Subject: Re: [multipathtcp] potential MPTCP proxy charter item
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 06 Nov 2016 21:12:16 -0000

> first, I agree with Alan that such a signal does not need to/should not be part of the MPTCP protocol.

Adding the signal inside MPTCP reduces the end-to-end delay compared 
with a pure application layer solution likes SOCKS and this is really 

> MPTCP (as TCP is) is an end2end protocol. If you have one (or two) proxies in the middle, you split up the connection into multiple new ‚end2end‘ connections. If you need additional signaling information on one of the new connections, that a question for a high-layer protocol that uses MPTCP (which is what you do, when you propose it to be part of the payload).

SOCKS has been tried in some deployments with MPTCP and it increases the 
end-to-end delay given the additional rtt that are required.
> Second, I’m not a big fan of the a two side proxy scenario where one side simply assumes that the destination is not MPTCP-capable. This does not support MPTCP deployment but hinders native MPTCP deployment (basically ensuring that these proxies stay forever in the network and add additional complexity even if all endpoints are MPTCP-enabled one day). I guess a proxy should always first forward the MCTCP handshake and only if the reply does not support MPTCP, then termite the connection, reply the initiator accordingly and setup a new TCP to the destination. This might cause additional delay but it provides a big benefit if the destination is MPTCP-capable and supports native deployment.

It's clear that the MCP should send the MP_CAPABLE option in the SYN 
towards the destination server and fallback to TCP is this fails. Since 
there are some middleboxes that continue to silently drop the MP_CAPABLE 
option, the MCP should be able to maintain a list of destination servers 
where it had to fallback to regular TCP (e.g. after n retransmissions of 
the SYN with MP_CAPABLE as suggested in RFC6824) and no attempt to use 
MPTCP for these destinations. This cache should be reset on a regular 
basis to probe again the destination servers.