Re: [multipathtcp] q about on-path proxy

Olivier Bonaventure <> Wed, 22 March 2017 10:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3CCA41316BB for <>; Wed, 22 Mar 2017 03:13:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id F1uxUtWfOPQt for <>; Wed, 22 Mar 2017 03:13:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F3F4C1316B8 for <>; Wed, 22 Mar 2017 03:13:04 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 692BF67DDCC; Wed, 22 Mar 2017 11:12:54 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.9.2 692BF67DDCC
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=selucl; t=1490177576; bh=Uxdm/PUDAvut9kOUn48UEMBssQJtPSqwCJzYrQm8I+Y=; h=Reply-To:Subject:References:To:From:Date:In-Reply-To; b=DEOpO40n1v6uGhxCAjm8KVuGsHfsOQGYziG4SvOmhVdvG15ttPq8+d7eZJbeI9LYi ArAurLjcvCaSHfrzoGzdbdNicLVPRSnaV12D7Fhvs79ItiCCGdnrwPJNnuhJK1b73M Pbw1qZddTkvSwOsV7tcQFI/kNEnh2eJsRBp1M/Z4=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at smtp-5
References: <> <> <787AE7BB302AE849A7480A190F8B933009E37584@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
To:, Yoshifumi Nishida <>, multipathtcp <>
From: Olivier Bonaventure <>
Message-ID: <>
Date: Wed, 22 Mar 2017 11:12:55 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <787AE7BB302AE849A7480A190F8B933009E37584@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: 692BF67DDCC.A5B0A
X-SGSI-MailScanner: Found to be clean
X-SGSI-Spam-Status: No
Archived-At: <>
Subject: Re: [multipathtcp] q about on-path proxy
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 22 Mar 2017 10:13:06 -0000


>         +------- R4 ---- R5 --------+
> C --- uMCP ---- R1 ---- R2 ------ dMCP ---- R6 --- R7 --- S

>>> Also, in the two proxy scenario, does the downstream MCP have to be
>>> on-path?
>> If the downstream MCP is on path, then it does not have to include any
>> NAT function which is beneficial from an operational viewpoint.
> [Med] Perhaps I misunderstood your point but DNAT/SNAT are still needed for subsequent subflows even for the implicit case. Think about subflows that are placed with a destination address set to the one of the MCP and with a distinct source IP address than the one used to place the initial subflow.

By no NAT, I mean that all the packets between the client and the server 
that the operator would observe on the R1-R2 path or the R6-R7 path have 
C/S as source/destination addresses. This means that the existing 
techniques that are used for logging, traffic control or monitoring that 
depends on addresses can be reused without any modification.

When the uMCP creates a subflow towards the dMCP, it uses other 
addresses than C and S, but these addresses are invisible to both the 
client and the final server.