Re: [multipathtcp] MPTCP and Middleboxes
Scott Brim <swb@internet2.edu> Tue, 30 July 2013 06:20 UTC
Return-Path: <swb@internet2.edu>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 518C821F9F13 for <multipathtcp@ietfa.amsl.com>; Mon, 29 Jul 2013 23:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[AWL=-0.112, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G49lwT6fxY3b for <multipathtcp@ietfa.amsl.com>; Mon, 29 Jul 2013 23:20:48 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0252.outbound.messaging.microsoft.com [213.199.154.252]) by ietfa.amsl.com (Postfix) with ESMTP id 9928B21F9E34 for <multipathtcp@ietf.org>; Mon, 29 Jul 2013 23:20:45 -0700 (PDT)
Received: from mail184-db9-R.bigfish.com (10.174.16.249) by DB9EHSOBE027.bigfish.com (10.174.14.90) with Microsoft SMTP Server id 14.1.225.22; Tue, 30 Jul 2013 06:20:41 +0000
Received: from mail184-db9 (localhost [127.0.0.1]) by mail184-db9-R.bigfish.com (Postfix) with ESMTP id 64E00400D3; Tue, 30 Jul 2013 06:20:41 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.237.5; KIP:(null); UIP:(null); IPV:NLI; H:BY2PRD0811HT004.namprd08.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: 10
X-BigFish: S10(zzzz1f42h1d77h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6h1082kzzz2dh2a8h668h839h947hd25he5bhf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h190ch1946h19b4h19c3h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1b1cn1b1bi1155h)
Received: from mail184-db9 (localhost.localdomain [127.0.0.1]) by mail184-db9 (MessageSwitch) id 1375165238842033_21105; Tue, 30 Jul 2013 06:20:38 +0000 (UTC)
Received: from DB9EHSMHS030.bigfish.com (unknown [10.174.16.244]) by mail184-db9.bigfish.com (Postfix) with ESMTP id BE8032004A; Tue, 30 Jul 2013 06:20:38 +0000 (UTC)
Received: from BY2PRD0811HT004.namprd08.prod.outlook.com (157.56.237.5) by DB9EHSMHS030.bigfish.com (10.174.14.40) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 30 Jul 2013 06:20:38 +0000
Received: from dhcp-1668.meeting.ietf.org (130.129.22.104) by pod51019.outlook.com (10.255.91.167) with Microsoft SMTP Server (TLS) id 14.16.341.1; Tue, 30 Jul 2013 06:20:35 +0000
Message-ID: <51F75B31.50309@internet2.edu>
Date: Tue, 30 Jul 2013 08:20:33 +0200
From: Scott Brim <swb@internet2.edu>
Organization: Internet2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Edward Lopez <elopez@fortinet.com>
References: <7C36DBC9-809A-488A-9B5F-073EA5ACFDA3@fortinet.com> <CAJd=8Cf1oBMina5m7w1KZ_U1i8DS3Kg4HkgRHTfG7ErOQJZAQQ@mail.gmail.com> <3BC3C77B-E06A-4E94-99EC-F6B021E4EE19@fortinet.com>
In-Reply-To: <3BC3C77B-E06A-4E94-99EC-F6B021E4EE19@fortinet.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [130.129.22.104]
X-OriginatorOrg: internet2.edu
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: "multipathtcp@ietf.org" <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] MPTCP and Middleboxes
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 06:20:54 -0000
IMHO you are right. A similar problem occurs in reverse, with intrusion detection systems on multiple ingresses into a site. The answer for those boxes seems to be to be conservative and simply not allow traffic that looks like partial sessions. Unfortunately IDSs and other middleboxes are becoming more useful, not less. Scott
- [multipathtcp] MPTCP and Middleboxes Edward Lopez
- Re: [multipathtcp] MPTCP and Middleboxes Catalin Nicutar
- Re: [multipathtcp] MPTCP and Middleboxes Edward Lopez
- Re: [multipathtcp] MPTCP and Middleboxes Scott Brim