IETF Logo Mail Archive

Re: [multipathtcp] [Int-area] SOCKS 6 Draft

<mohamed.boucadair@orange.com> Wed, 05 July 2017 06:00 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98839127337; Tue, 4 Jul 2017 23:00:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.388
X-Spam-Level:
X-Spam-Status: No, score=-5.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQZ1t5E6lwZM; Tue, 4 Jul 2017 23:00:57 -0700 (PDT)
Received: from relais-inet.orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D355129AE3; Tue, 4 Jul 2017 23:00:56 -0700 (PDT)
Received: from opfednr02.francetelecom.fr (unknown [xx.xx.xx.66]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id DAD34C0624; Wed, 5 Jul 2017 08:00:54 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.24]) by opfednr02.francetelecom.fr (ESMTP service) with ESMTP id 9B0C4120087; Wed, 5 Jul 2017 08:00:54 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM7D.corporate.adroot.infra.ftgroup ([fe80::9044:c5ee:4dd2:4f16%19]) with mapi id 14.03.0352.000; Wed, 5 Jul 2017 08:00:54 +0200
From: mohamed.boucadair@orange.com
To: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>, David Schinazi <dschinazi@apple.com>
CC: "Int-area@ietf.org" <Int-area@ietf.org>, multipathtcp <multipathtcp@ietf.org>
Thread-Topic: [Int-area] SOCKS 6 Draft
Thread-Index: AQHS9R4yxOvkTTTpCU2LgEv+GOAL7qJEs1zg
Date: Wed, 05 Jul 2017 06:00:54 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93300A000D16@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> <c215bf9d-5313-3a4b-ac47-dd34cb22766f@cs.pub.ro> <F42011E7-0F81-44DF-9DFC-A211B615DD33@apple.com> <004b4557-a926-9128-d3cf-0b3f41bef56e@cs.pub.ro> <AE3FC07A-DE86-4765-9D1F-00640942B4E4@apple.com> <3f975b41-78b0-9f50-6c46-cc8e30007f34@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000764@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <b33e4726-f255-75f7-5203-9e30faa36659@cs.pub.ro>
In-Reply-To: <b33e4726-f255-75f7-5203-9e30faa36659@cs.pub.ro>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.3]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B93300A000D16OPEXCLILMA3corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/mgZ_YOtOp1szKPS3wdkAGXbwWt8>
Subject: Re: [multipathtcp] [Int-area] SOCKS 6 Draft
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 06:01:00 -0000

Hi Valdimir,

Thank you for your answer.

Please see inline.

Cheers,
Med

De : Vladimir Olteanu [mailto:vladimir.olteanu@cs.pub.ro]
Envoyé : mercredi 5 juillet 2017 01:35
À : BOUCADAIR Mohamed IMT/OLN; David Schinazi
Cc : Int-area@ietf.org; multipathtcp
Objet : Re: [Int-area] SOCKS 6 Draft

Hi Mohamed,

No problem. BTW, your work on MPTCP Plain Mode has, in fact, served as inspiration for SOCKS 6.

When coupled with TFO on the client-proxy leg, SOCKS 6 also has a 0-RTT overhead.
[Med] Glad to see that we are pursuing the same goal. That's said I'm not sure about the 0-RTT in the current proposal given this text that puts a dependency on the server side:
   In the fast case, when authentication is properly set up, the proxy
   attempts to create the socket immediately after the receipt of the
   request, thus achieving an operational conection in one RTT (provided
   TFO functionality is available at the client, proxy, and server).
                                                            ^^^^^^^^
 It can also be stacked as many times as desired for arbitrarily long proxy chains. However:
 * We avoid using the SYN's payload as extra option space (which, I think, goes against TCP's core philosophy).
[Med] This is also true for MP_CONVERT Information Element which is not a TCP option, but a data supplied for proxy purposes in the SYN payload.
 The magic number at the start of the MP_CONVERT element implies that if any MPTCP stream happens to start with 0xFAA8FAA8, the client should not use TFO.
[Med] This can be fixed by registering a service port for the proxy service because, after all, the ultimate destination port is conveyed in the MP_CONVERT.
I think moving up the protocol stack is a more desirable alternative.
 * We support authentication. Connections to the proxy can also be initiated from networks outside of the operator's control (e.g. home WiFis).
[Med] Authentication/authorization can be supported by various means. This depends on the deployment scheme.

 * SOCKS 6 is easier to extend. If the client needs to request some special behavior from the proxy (e.g. what packet scheduler to use), all we have to do is define (and standardize) a new SOCKS option.
[Med] That's also true for MP_CONVERT Information Element. You can define new "Types" if needed.
Can you please let me know if the proposal supports the following features:

·         Support incoming connections (Proxy<---Remote Host): That is the proxy intercept a TCP connection that it transforms into an MPTCP one.

·         If such feature is supported, how a host located behind a CPE (Host----CPE-----Proxy----Remote Host) can instruct dynamically the CPE so that it can forward appropriately incoming connections?

·         Use MPTCP in the leg between the proxy and server

·         Notify the client that the server is also MPTCP-capable (so that the proxy can be withdrawn from the communication)

·         Relay untouched the set of TCP options supplied by the client/server without any alteration from the proxy

·         IPv6 source address/prefix preservation

(I've also CCed the MPTCP WG).
[Med] Thanks.


Cheers,
Vlad
On 07/04/2017 12:09 PM, mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> wrote:
Hi Vladimir, all,

(focusing only on this part of the message).

I do fully agree that shortening MPTCP connections setup is key. Having 0-RTT is an important requirement for this effort. Achieving it without out-of-band signaling would be even ideal.

Can you please elaborate on the benefits of your proposal compared to https://www.ietf.org/proceedings/98/slides/slides-98-mptcp-sessa-network-assisted-mptcp-03.pdf which allows to achieve 0-RTT proxying.

Thank you.

Cheers,
Med

De : Int-area [mailto:int-area-bounces@ietf.org] De la part de Vladimir Olteanu
Envoyé : vendredi 30 juin 2017 23:37
À : David Schinazi
Cc : Int-area@ietf.org<mailto:Int-area@ietf.org>
Objet : Re: [Int-area] SOCKS 6 Draft


Hi David,
[SNIP]


- Out of curiosity, what specific use case are you using this protocol for?

We are looking into using MPTCP on mobile devices to "bind" 4G/LTE and WiFi. Mobile data networks have high latency, hence the drive to shave off as many RTTs as possible and to take advantage of TFO, at least on the client-proxy leg.

Cheers,
Vlad

v2.23.0 | Report a Bug | By Email