[multipathtcp] Adding two new sections to draft-ietf-mptcp-experience
Christoph Paasch <cpaasch@apple.com> Wed, 23 September 2015 23:41 UTC
Return-Path: <cpaasch@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A1191B33A8 for <multipathtcp@ietfa.amsl.com>; Wed, 23 Sep 2015 16:41:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1lYcjN1kgcU for <multipathtcp@ietfa.amsl.com>; Wed, 23 Sep 2015 16:41:48 -0700 (PDT)
Received: from mail-in4.apple.com (mail-out4.apple.com [17.151.62.26]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EE571B33A6 for <multipathtcp@ietf.org>; Wed, 23 Sep 2015 16:41:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1443051707; x=2306965307; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ubyfC9Eq6SMlzoA7ukJSvHvQIQ6pbbr2Mw56PpMFHVM=; b=orYLZowhoqlOZPpG/A2bF9ytWQ3UF40uatQx+dZmHbj5frh7u/10koxmoAz2oIYg 3vq4+PI97YltwMzN6HkI4q291lZNvUGeei/PWOU737AP0PimEBZqliVOTzvwDfas PQyrltyAUscm72BFc4fqCoMJM5Hz5SuSIbAvMERkLVPgc4YVVvbyZlr8vB0J/681 CwVPskL64r3MDVIbToGmlOiT/sOwD4h0C3U1XMXQ/r5CRzUP/R1jotN82LWqxp8h 6+Tq99rplTXoiopA4o/3ZH3t93DZkMB1LTDeoLoTs3/UjUc+rVoiDVlAAklypOap XSf/zaGhEq2hPmZMP/ylNA==;
Received: from relay6.apple.com (relay6.apple.com [17.128.113.90]) by mail-in4.apple.com (Apple Secure Mail Relay) with SMTP id 3C.B2.04166.BB833065; Wed, 23 Sep 2015 16:41:47 -0700 (PDT)
X-AuditID: 11973e12-f792c6d000001046-93-560338bbcbff
Received: from cardamom.apple.com (cardamom.apple.com [17.128.115.94]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay6.apple.com (Apple SCV relay) with SMTP id DD.C2.22881.BB833065; Wed, 23 Sep 2015 16:41:47 -0700 (PDT)
Received: from localhost ([17.226.23.238]) by cardamom.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTPSA id <0NV500NJZLTN2A30@cardamom.apple.com> for multipathtcp@ietf.org; Wed, 23 Sep 2015 16:41:47 -0700 (PDT)
Sender: cpaasch@apple.com
Date: Wed, 23 Sep 2015 16:41:47 -0700
From: Christoph Paasch <cpaasch@apple.com>
To: MultiPath WG <multipathtcp@ietf.org>
Message-id: <20150923234147.GG1818@Chimay.local>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFLMWRmVeSWpSXmKPExsUi2FAYpbvbgjnM4OEVE4vPq6+zOTB6LFny kymAMYrLJiU1J7MstUjfLoErY9U97YITchWzPjazNTBOkOhi5OSQEDCRmPn3CCOELSZx4d56 ti5GLg4hgb2MEpd+XGCEKTrz7ywrRGIik8T0f4+ZIJxuJomTj1cwg1QJC0hKdN+5A2azCKhK nG3sALPZBLQk3t5uZwWxRQQ0JG63LWeCqLeXuLF6KguIzStgINHxbjYjhC0o8WPyPbA4M1Dv +p3HmSBsaYlHf2ewg9iiAioSVya8ZQc5QkLgK6vE0W3/mCcwCs5C0j8LSf8sJP0LGJlXMQrl Jmbm6GbmmeglFhTkpOol5+duYgQF5nQ7oR2Mp1ZZHWIU4GBU4uGdocMcJsSaWFZcmXuIUZqD RUmc981HpjAhgfTEktTs1NSC1KL4otKc1OJDjEwcnFINjNE7orfqtdpctJ2T+9pT0645KM3G zLa58Ov+GQV8h869ENrq9/XLs09qL5jF8n7PnHkwicnC/dOVS8qVv1ZujPditVX+cMzczYzh hvjRSK10qZc7XNaWtdzV7eePL/8SsPfCNdOcST+LnU6JTf0p/+tT14HILykHOFJqQmdlaiV8 Oblrzz3WLCWW4oxEQy3mouJEAAfydFMtAgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrKLMWRmVeSWpSXmKPExsUi2FAcp7vbgjnMYHuzocXn1dfZHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CVseqedsEJuYpZH5vZGhgnSHQxcnJICJhInPl3lhXCFpO4cG89 WxcjF4eQwEQmien/HjNBON1MEicfr2AGqRIWkJTovnMHzGYRUJU429gBZrMJaEm8vd0ONklE QEPidttyJoh6e4kbq6eygNi8AgYSHe9mM0LYghI/Jt8DizMD9a7feZwJwpaWePR3BjuILSqg InFlwlv2CYx8s5C0zELSMgtJywJG5lWMAkWpOYmVZnqJBQU5qXrJ+bmbGMGBVBi1g7FhudUh RgEORiUe3hk6zGFCrIllxZW5hxglOJiVRHhF5YBCvCmJlVWpRfnxRaU5qcWHGJOBnpzILCWa nA8M8rySeEMTEwMTY2MzY2NzE3PShJXEeXf//RsqJJCeWJKanZpakFoEs4WJg1OqgbG97+ys DcvrNd0ZbuxrmzLvmBLbFvu1rGw/DwSHPp/s92SLyoVlZj8djV03dniVrP6+Zq5x148H/pvZ tlopcZ0qeHf08/k3dhf2tp/Snee+b0fbgQZnyfR+tuaERT1POdkyXjarHt396KG2UlOal+sj s8i3Gy/cE1X9tORRadh19Su9sxTWbw9UYinOSDTUYi4qTgQAoCiKcGgCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/multipathtcp/jJDrc4-nI176x77EE78O3RDBedc>
Subject: [multipathtcp] Adding two new sections to draft-ietf-mptcp-experience
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 23:41:50 -0000
Hello, draft-ietf-mptcp-experience has gone through the WG LC some time ago. Phil asked for updates to the experiences [1] before we progress the document to the AD & IESG. We would like to ask the working group whether information about the SYN-cookies issue (described in draft-paasch-mptcp-syncookies) and MPTCP behind loadbalancers (draft-paasch-mptcp-loadbalancer) should be included in the experience draft. We suggest two new sections: 3.11. Stateless webservers MPTCP has been designed to interoperate with webservers that benefit from SYN-cookies to protect against SYN-flooding attacks [RFC4987]. MPTCP achieves this by echoing the keys negotiated during the MP_CAPABLE handshake in the third ACK of the 3-way handshake. Reception of this third ACK then allows the server to reconstruct the state specific to MPTCP. However, one caveat to this mechanism is the non-reliable nature of the third ACK. Indeed, when the third ACK gets lost, the server will not be able to reconstruct the MPTCP-state. MPTCP will fallback to regular TCP in this case. This is in contrast to regular TCP, as clients usually start the application's transaction by sending data to the server. This data-segment (that is sent reliably by TCP) enables stateless servers to create the TCP-related state, even in case the third ACK has been lost. This issue might be considered as a minor one for MPTCP. Losing the third ACK should only happen when packet loss is high. However, when packet-loss is high MPTCP provides a lot of benefits as it can move traffic away from the lossy link. It is undesirable that MPTCP has a higher chance to fall back to regular TCP in those lossy environments. [I-D.paasch-mptcp-syncookies] discusses this issue and suggests a modified handshake mechanism that ensures reliable delivery of the MP_CAPABLE, following the 3-way handshake. This modification will make MPTCP reliable, even in lossy environments when servers need to use SYN-cookies to protect against SYN-flooding attacks. 3.12. Loadbalanced serverfarms Large-scale serverfarms typically deploy thousands of servers behind a single virtual IP (VIP). Steering traffic to these servers is done through layer-4 loadbalancers that ensure that a TCP-flow will always be routed to the same server [Presto08]. As Multipath TCP uses multiple different TCP subflows to steer the traffic across the different paths, loadbalancers need to ensure that all these subflows are routed to the same server. This implies that the loadbalancers need to track the MPTCP-related state, allowing them to parse the token in the MP_JOIN and assign those subflows to the appropriate server. However, serverfarms typically deploy multiple of these loadbalancers for reliability and capacity reasons. As a TCP subflow might get routed to any of these loadbalancers, they would need to synchronize the MPTCP-related state - a solution that is not feasible at large scale. The token (carried in the MP_JOIN) contains the information indicating which MPTCP-session the subflow belongs to. As the token is a hash of the key, servers are not able to generate the token in such a way that the token can provide the necessary information to the loadbalancers which would allow them to route TCP subflows to the appropriate server. [I-D.paasch-mptcp-loadbalancer] discusses this issue in detail and suggests two alternative MP_CAPABLE handshakes to overcome these. As of September 2015, it is not yet clear how MPTCP might accomodate such use-case to enable its deployment within loadbalanced serverfarms. Christoph [1] https://mailarchive.ietf.org/arch/msg/multipathtcp/XNO9Hqca-XGY7H3izwQs5Ou3-Kk
- [multipathtcp] Adding two new sections to draft-i… Christoph Paasch
- Re: [multipathtcp] Adding two new sections to dra… philip.eardley