Re: [multipathtcp] Consensus call on potential MPTCP proxy work

<> Wed, 19 April 2017 05:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 78E44131514 for <>; Tue, 18 Apr 2017 22:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.608
X-Spam-Status: No, score=-2.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3Ewa2efQlmxr for <>; Tue, 18 Apr 2017 22:47:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6D6FD120724 for <>; Tue, 18 Apr 2017 22:47:02 -0700 (PDT)
Received: from (unknown [xx.xx.xx.2]) by (ESMTP service) with ESMTP id C6CAD1C070F; Wed, 19 Apr 2017 07:47:00 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.69]) by (ESMTP service) with ESMTP id A7EE616005E; Wed, 19 Apr 2017 07:47:00 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILMA2.corporate.adroot.infra.ftgroup ([fe80::bc1c:ad2f:eda3:8c3d%18]) with mapi id 14.03.0319.002; Wed, 19 Apr 2017 07:47:00 +0200
To: Joe Touch <>, Yoshifumi Nishida <>
CC: multipathtcp <>
Thread-Topic: [multipathtcp] Consensus call on potential MPTCP proxy work
Thread-Index: AQHSuIz+FYN3Pf6Ey0Kw29UUSw2QvaHLipSAgAA26wCAAAGcAIAAadBQ
Date: Wed, 19 Apr 2017 05:46:59 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933009E503E2@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B933009E503E2OPEXCLILMA3corp_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [multipathtcp] Consensus call on potential MPTCP proxy work
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Apr 2017 05:47:04 -0000


Please see inline.


De : multipathtcp [] De la part de Joe Touch
Envoyé : mercredi 19 avril 2017 03:19
À : Yoshifumi Nishida
Cc : multipathtcp
Objet : Re: [multipathtcp] Consensus call on potential MPTCP proxy work

On 4/18/2017 6:12 PM, Yoshifumi Nishida wrote:
Hi Joe,

On Tue, Apr 18, 2017 at 2:56 PM, Joe Touch <<>> wrote:

On 4/18/2017 2:44 PM, Yoshifumi Nishida wrote:
> Hi Joe,
> It's not tunneling. The proxy converts a tcp connection into a mptcp
> connection and converts it back to a tcp connection (if necessary)
> So, it won't be tcp over tcp.
OK, but that's not proxying either.

That's (at best) connection hijacking.

I won't deny it as I'm not 100% sure whether proxy is a good name or not.
But, I am thinking you might want to call NAT hijacking as well.
Yes, but we do know what a NAT is responsible for - i.e., it is 1:1 translation of only addresses and ports.
[Med] That’s the same situation here: the CPE is assigned N addresses but cannot use all these addresses as external ones to communicate with a single path server. In order to benefit from the path diversity and the resources pooling, the CPE and proxy will collaborate as already described in other mails. One way to collaborate is to hide these N addresses (you name it).

Doing more than that has never been part of an IETF standard, AFAICT - for many reasons.

> MPTCP will convey control data for application (proxy) in payload.
> But, MPTCP of course doesn't care the contents of payload.
> It just carries data and app will parse the data. Putting data in SYN
> is trying to reduce the latency and no other meaning as far as I
> understand.

MPTCP is TCP. Putting the data in the SYN of a TCP connection is
hazardous. The goal is irrelevant.

In TCP, we already have a precedence such as TFO.

Sorry, to be more clear:
    Data in the SYN has been part of TCP since it was standardized.

Using the SYN data as control information is the hazardous part.
[Med] It isn’t for the for the simple reason that legacy Internet nodes will never receive a SYN with CPE-supplied data and that the TCP peer is known to process the supplied data. A Guard against misconfigurations is supported: echo in a SYN/ACK.

I think what the solution does won't exceed what TFO does.
TFO changes when the SYN data is delivered, based on the fact that past cookie information "accelerates" the 3WHS.

It does not put control plane information in the data area of the SYN.