Re: [multipathtcp] Two proxy scenario (network proxy off path) - far end connection initiation?

Olivier Bonaventure <> Thu, 30 March 2017 15:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4CEF3128990 for <>; Thu, 30 Mar 2017 08:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gX1hM-ZJvZTc for <>; Thu, 30 Mar 2017 08:20:09 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CC2EF1242EA for <>; Thu, 30 Mar 2017 08:20:08 -0700 (PDT)
Received: from mbpobo.local ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 2C8DE67DBA9; Thu, 30 Mar 2017 17:19:57 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 2C8DE67DBA9
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=selucl; t=1490887197; bh=k7FKTqyRjdJkg9U0WPOCfEbJMR8BruRqXltf63FHREs=; h=Reply-To:Subject:References:To:From:Date:In-Reply-To; b=cTFBBE8ql3em9J8NWv/55bzDY4cTnZfRAi5N7TzMbqivYA2rske/E2ilxi4BH0o/f zAiKeWubnTzqgjDXTRhReuonZvoDFRcais6gcGl4ZAjlmE8rMbuxJhuLuqYWwy4/Im +wpvxiCyzyzlaNmXCkq0n7iWEy+WHa7PwVqWLYQw=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at smtp-3
References: <> <787AE7BB302AE849A7480A190F8B933009E431BF@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <>
From: Olivier Bonaventure <>
Message-ID: <>
Date: Thu, 30 Mar 2017 17:19:56 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: 2C8DE67DBA9.A7875
X-SGSI-MailScanner: Found to be clean
X-SGSI-Spam-Status: No
Archived-At: <>
Subject: Re: [multipathtcp] Two proxy scenario (network proxy off path) - far end connection initiation?
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 30 Mar 2017 15:20:16 -0000

On 30/03/17 17:03, wrote:
> If I get it right, the assumption here is that for a TCP connection initiated from the remote end point , the remote network proxy is on path.  (in the other direction we're assuming the remote proxy is off path, so seems a bit odd?)

This is related to the fact that if the downstream MCP operates in 
explicit mode, then it performs NAT. Typically, the MCP has a block of 
public IP addresses that it uses for the clients that it serves. All 
external packets destined to any of these addresses are routed to the MCP.

> I think there's also the assumption that the local endpoint (in the home) has previously made a connection out which has instantiated state in the remote proxy. So in this scenario, when the TCP SYN from the remote end point hits the remote proxy, then the remote proxy knows which home gateway the other end is on. Or something like that - to be honest, I couldn't understand the slide /section of the draft.

There is an assumption that either there is a one-to-one mapping between 
the client addresses and the public addresses used by the MCP or the 
client has configured some port mapping rules, e.g. with PCP on the dMCP 
and the uMCP