Re: [multipathtcp] [Int-area] SOCKS 6 Draft
Vladimir Olteanu <vladimir.olteanu@cs.pub.ro> Wed, 05 July 2017 16:39 UTC
Return-Path: <vladimir.olteanu@cs.pub.ro>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F034131D72; Wed, 5 Jul 2017 09:39:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5FkTXdCrTexh; Wed, 5 Jul 2017 09:39:15 -0700 (PDT)
Received: from vesa.cs.pub.ro (vesa.cs.pub.ro [141.85.227.187]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD3B13167C; Wed, 5 Jul 2017 09:39:13 -0700 (PDT)
IronPort-PHdr: 9a23:L/KbcxRmU3SbA4g7g9bn4FHFr9psv+yvbD5Q0YIujvd0So/mwa67ZByAt8tkgFKBZ4jH8fUM07OQ6PG/HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlDkIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94RWGhPUdtLVyFZAo2ycpUBD+QCM+hWoYbyqFkBogelCAa2GO/i0CVFimP40KA61ekqDAHI3BYnH9ILqHnbo9H1O70PXuC0yanIzC/DZO5P1zf59IjHbAouofeRXbltdsfR100vGBnYgVWRrIzlPimV2v4Ks2if8+pvS/igi2g6qwxqvjev3d0gipHUho0O0FzE7yJ5zZ8zKNalRkB7ZtukH4FRtyGcL4Z2Q90tQ31muCogzb0Go5G7cDAKyJQ72x7fc/uHc4uS7hLiSOacJypzinF9eL+nmhq//lWsxvf/W8S0ylpGsDRJn9vWun0DzxDe7siKRuF/80qgwzqDyh7f5+JeLUwqiabXNpgsyaMqmJUJq0TMBCr2lV3zjK+Ra0or5PCl6//iYrX6vp+cMJJ0ih3mPqQuhMO/BeM4PxAQX2ie4+u81bnj8VflT7VRlPE2irTZv4vAKcQBoa61Gw5V0oA95BajFzqqzdsVkWQdIF9GeB+LlZblN0/MLfziA/qzm1Gsny1qx/DCML3hGJLNLn3bnbf/ebZy8VNTyAs2zdBe/ZJYELYBIPbvWkDvrtPYCAI5PheozOb8Etl9zp4eVnmVDq+DN6PeqUWI6f43I+mQeI8Vvy7wJOU+5/HyjX85mFkdcrOo3JsWc323BOxmI12dYXXymNsODWAKvg8mRuzwlFKCSSJTZ2q1X68k5T87Dp6mAZ7ZSYC3nrOOxjy2HpxIaWBaBFCAC3Dod5+LW/0UciKdPtdhkiAYVbimU4Ih0AyutAvmy7pmNurb4DEYtZL/1Ndp/+3ejhAy+iJoD8STyW2NSHt0nmwQTT8swK9/uVB9ykuE0aVghvxYEtxT6OlMUggkKJHQ1fd1C9fvWg3dZNiGVUypQtS8ATwqSdIx2cUBY0ByG9q8lBzMwy2qA7pG34CMUZkz8qvZ0nS3LcFgwH/K3ag7p148S81AOCutgas7vyTaGY/F236Sl6esfLYdlHrB72yDzGyHrkBwWRZoVaiDVncaMBj4t9P8s33GRrOvDLU9eixF1cOLLLYCPsPthFlHQfb5ftPaf2+4nXqYDg3O3q6GKpDtLTZOlB7BAVQJxlhAtU2NMhIzU2L4+zrT
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2ADBAABFV1Z/wPjVY1dGgEBAQECAQEBAQgBAQEBFQEBAQECAQEBAQgBAQEBgkSBTQOBDY58kFIimBEuhW4Cg3MBAQEBAQEBAQIBaiiCMyQBgkEBAwItTBALGBULAQYHRhEGAQwGAgEBF4oYDLAUKYsaAQEBAQEBAQMBAQEBAQEBARsFgyeDTIFhKwuCboRGDkwJhTUFkU2FXIddgiKTb4VKg06GepUxAleBCjEhhhQcgWlzAYZDgj8BAQE
X-IPAS-Result: A2ADBAABFV1Z/wPjVY1dGgEBAQECAQEBAQgBAQEBFQEBAQECAQEBAQgBAQEBgkSBTQOBDY58kFIimBEuhW4Cg3MBAQEBAQEBAQIBaiiCMyQBgkEBAwItTBALGBULAQYHRhEGAQwGAgEBF4oYDLAUKYsaAQEBAQEBAQMBAQEBAQEBARsFgyeDTIFhKwuCboRGDkwJhTUFkU2FXIddgiKTb4VKg06GepUxAleBCjEhhhQcgWlzAYZDgj8BAQE
X-IronPort-AV: E=Sophos;i="5.40,312,1496091600"; d="scan'208,217";a="874608"
Received: from mail.cs.pub.ro (HELO vmail.cs.pub.ro) ([141.85.227.3]) by vesa.cs.pub.ro with ESMTP; 05 Jul 2017 19:39:07 +0300
Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id 998841A6012B; Wed, 5 Jul 2017 19:39:07 +0300 (EEST)
Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id INasMXOC9i8j; Wed, 5 Jul 2017 19:39:07 +0300 (EEST)
Received: from vmail.cs.pub.ro (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTPS id 7616B1A60149; Wed, 5 Jul 2017 19:39:07 +0300 (EEST)
Received: from [192.168.1.70] (unknown [95.76.128.201]) by vmail.cs.pub.ro (Postfix) with ESMTPSA id 521791A6012B; Wed, 5 Jul 2017 19:39:07 +0300 (EEST)
From: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>
To: mohamed.boucadair@orange.com, David Schinazi <dschinazi@apple.com>
Cc: "Int-area@ietf.org" <Int-area@ietf.org>, multipathtcp <multipathtcp@ietf.org>
References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> <c215bf9d-5313-3a4b-ac47-dd34cb22766f@cs.pub.ro> <F42011E7-0F81-44DF-9DFC-A211B615DD33@apple.com> <004b4557-a926-9128-d3cf-0b3f41bef56e@cs.pub.ro> <AE3FC07A-DE86-4765-9D1F-00640942B4E4@apple.com> <3f975b41-78b0-9f50-6c46-cc8e30007f34@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000764@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <b33e4726-f255-75f7-5203-9e30faa36659@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000D16@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Message-ID: <a922a59f-2670-8d50-f3c5-99e1c29848ca@cs.pub.ro>
Date: Wed, 05 Jul 2017 19:39:07 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A000D16@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Content-Type: multipart/alternative; boundary="------------F3A5D12EAF8410EBA28959E6"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/pm_4sKSgOt2Mkd3GVGNUGjMIVao>
Subject: Re: [multipathtcp] [Int-area] SOCKS 6 Draft
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 16:39:19 -0000
Hi Mohamed, It's great to talk this through. I've inlined my answers. Cheers, Vlad On 7/5/2017 9:00 AM, mohamed.boucadair@orange.com wrote: > > Hi Valdimir, > > Thank you for your answer. > > Please see inline. > > Cheers, > > Med > > *De :*Vladimir Olteanu [mailto:vladimir.olteanu@cs.pub.ro] > *Envoyé :* mercredi 5 juillet 2017 01:35 > *À :* BOUCADAIR Mohamed IMT/OLN; David Schinazi > *Cc :* Int-area@ietf.org; multipathtcp > *Objet :* Re: [Int-area] SOCKS 6 Draft > > Hi Mohamed, > > No problem. BTW, your work on MPTCP Plain Mode has, in fact, served as > inspiration for SOCKS 6. > > When coupled with TFO on the client-proxy leg, SOCKS 6 also has a > 0-RTT overhead. > > [Med] Glad to see that we are pursuing the same goal. That’s said I’m > not sure about the 0-RTT in the current proposal given this text that > puts a dependency on the server side: > > In the fast case, when authentication is properly set up, the proxy > > attempts to create the socket immediately after the receipt of the > > request, thus achieving an operational conection in one RTT (provided > > TFO functionality is available at the client, proxy, and server). > > ^^^^^^^^ > Oops, we meant to say a data response in 1 RTT (e.g. HTTP GET, then HTTP OK). > > It can also be stacked as many times as desired for arbitrarily long > proxy chains. However: > * We avoid using the SYN's payload as extra option space (which, I > think, goes against TCP's core philosophy). > > [Med] This is also true for MP_CONVERT Information Element which is > not a TCP option, but a data supplied for proxy purposes in the SYN > payload. > Fair enough, but this is not a purely layer 5+ protocol. It seems that you are strongly tied to TFO (between the client and the proxy). MP_CONVERT must be part of the SYN's payload, because the following SYN+ACK depends on the contents of MP_CONVERT and signals that the remote server has accepted your connection. > > The magic number at the start of the MP_CONVERT element implies that > if any MPTCP stream happens to start with 0xFAA8FAA8, the client > should not use TFO. > > [Med] This can be fixed by registering a service port for the proxy > service because, after all, the ultimate destination port is conveyed > in the MP_CONVERT. > I think this is more sensible. > > I think moving up the protocol stack is a more desirable alternative. > * We support authentication. Connections to the proxy can also be > initiated from networks outside of the operator's control (e.g. home > WiFis). > > [Med] Authentication/authorization can be supported by various means. > This depends on the deployment scheme. > > > * SOCKS 6 is easier to extend. If the client needs to request some > special behavior from the proxy (e.g. what packet scheduler to use), > all we have to do is define (and standardize) a new SOCKS option. > > [Med] That’s also true for MP_CONVERT Information Element. You can > define new “Types” if needed. > > Can you please let me know if the proposal supports the following > features: > > ·Support incoming connections (Proxy<---Remote Host): That is the > proxy intercept a TCP connection that it transforms into an MPTCP one. > Yes. See section 7.2. The client makes a request and then has to keep the connection to the proxy open. When the proxy accepts a connection from a remote host, it informs the client of the remote host's address and starts relaying data. SOCKS 5 has the exact same feature. You are limited to one incoming connection per request, though. > > ·If such feature is supported, how a host located behind a CPE > (Host----CPE-----Proxy----Remote Host) can instruct dynamically the > CPE so that it can forward appropriately incoming connections? > It does not have to. The connection on the host-proxy leg is initiated by the client. > > ·Use MPTCP in the leg between the proxy and server > Yes. > > ·Notify the client that the server is also MPTCP-capable (so that the > proxy can be withdrawn from the communication) > It depends on the implementation. A basic implementation just listens for a connection from the client and then opens a socket to the server using the vanilla socket API. It can't do any fancy stuff. A smarter implementation (the one we're aiming for) can mirror the keys/tokens/DSS sequence numbers (also taking the DSS delta(s) incurred by the request/auth. reply/operation reply into account) and advertise the server's real address(es) via ADD_ADDR. We plan to go a step further in -01 and add an option in the operation reply that hints that the main subflow (the one going through the proxy) should be closed once other subflows are established. > > ·Relay untouched the set of TCP options supplied by the client/server > without any alteration from the proxy > Yes-ish. In both SOCKS 6 and MPTCP Plain mode, when you strip away the initial exchange between the client and the proxy, you end up with the actual data that has to be relayed, so I would argue that both solutions are similar and suffer from roughly the same issues. As long as there is a 1:1 mapping between client-proxy and proxy-server subflows, I don't think there are many issues. In case you have TFO on the client-proxy leg, but not on the server, you have to transmit the SYN's payload in a subsequent packet. When you have to convert between MPTCP and regular TCP, you can no longer translate everything packet-by-packet and let end-to-end congestion control do the work for you (and you can't relay ECN, either). Further: * In MPTCP, different subflows may send the same data using different options and/or DSCP. * You can't freely mix TCP timestamps from different subflows. (The only guarantee is that timestamps are numbers that increase monotonically for each individual subflow.) I would go even further and say that, on principle, a proxy should not relay unknown TCP options, but rather strip them. > > ·IPv6 source address/prefix preservation > > I'm not sure what you mean by that. > > (I've also CCed the MPTCP WG). > > [Med] Thanks. > > > > Cheers, > Vlad > > On 07/04/2017 12:09 PM, mohamed.boucadair@orange.com > <mailto:mohamed.boucadair@orange.com> wrote: > > Hi Vladimir, all, > > (focusing only on this part of the message). > > I do fully agree that shortening MPTCP connections setup is key. > Having 0-RTT is an important requirement for this effort. > Achieving it without out-of-band signaling would be even ideal. > > Can you please elaborate on the benefits of your proposal compared > to > https://www.ietf.org/proceedings/98/slides/slides-98-mptcp-sessa-network-assisted-mptcp-03.pdf > which allows to achieve 0-RTT proxying. > > Thank you. > > Cheers, > > Med > > *De :*Int-area [mailto:int-area-bounces@ietf.org] *De la part de* > Vladimir Olteanu > *Envoyé :* vendredi 30 juin 2017 23:37 > *À :* David Schinazi > *Cc :* Int-area@ietf.org <mailto:Int-area@ietf.org> > *Objet :* Re: [Int-area] SOCKS 6 Draft > > Hi David, > > */[/*SNIP] > > > - Out of curiosity, what specific use case are you using this > protocol for? > > We are looking into using MPTCP on mobile devices to "bind" > 4G/LTE and WiFi. Mobile data networks have high latency, hence > the drive to shave off as many RTTs as possible and to take > advantage of TFO, at least on the client-proxy leg. > > Cheers, > Vlad >
- [multipathtcp] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft mohamed.boucadair
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Dragoș Niculescu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft mohamed.boucadair
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft mohamed.boucadair
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft mohamed.boucadair
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] SOCKS 6 Draft Yoshifumi Nishida
- Re: [multipathtcp] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] SOCKS 6 Draft Yoshifumi Nishida
- Re: [multipathtcp] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Dragoș Niculescu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Vladimir Olteanu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Dragoș Niculescu
- Re: [multipathtcp] [Int-area] SOCKS 6 Draft Joe Touch