Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt
Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Wed, 09 September 2015 20:39 UTC
Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 999FE1B3ADE for <multipathtcp@ietfa.amsl.com>; Wed, 9 Sep 2015 13:39:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChRDb8jaZxPS for <multipathtcp@ietfa.amsl.com>; Wed, 9 Sep 2015 13:38:59 -0700 (PDT)
Received: from smtp5.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) by ietfa.amsl.com (Postfix) with ESMTP id DDC861B384E for <multipathtcp@ietf.org>; Wed, 9 Sep 2015 13:38:58 -0700 (PDT)
Received: from mbpobo.local (host-78-129-6-94.dynamic.voo.be [78.129.6.94]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: obonaventure@smtp5.sgsi.ucl.ac.be) by smtp5.sgsi.ucl.ac.be (Postfix) with ESMTPSA id EF3A911E4CD; Wed, 9 Sep 2015 22:38:51 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp5.sgsi.ucl.ac.be EF3A911E4CD
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1441831132; bh=bftYGXu8vN/LL21xYfJPHtmLBz7macLGvWT79UGHFxk=; h=Reply-To:Subject:References:To:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=lbQiTyXbTc6NMRmelHmCTdi4yZqua/YWTSVrKBeeelrJMrFC6Cf5NLJVn8IanR37w EfvxwLjx+YsPzn55x8xLDLG1REe8k+gy1YYj0Mh0xT8PVztxQs3SWKEvnm0GDE8S7Y Gu1uojDQP9o7li3NbbPdN/n7z9NYh5RyfL63CsfM=
References: <20150908035557.GB73228@Chimay.local>
To: Christoph Paasch <cpaasch@apple.com>, MultiPath WG <multipathtcp@ietf.org>
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
Message-ID: <55F098DB.8020201@uclouvain.be>
Date: Wed, 09 Sep 2015 22:38:51 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150908035557.GB73228@Chimay.local>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.99-beta1 at smtp-5.sipr-dc.ucl.ac.be
X-Virus-Status: Clean
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: EF3A911E4CD.A3AD7
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: olivier.bonaventure@uclouvain.be
X-SGSI-Spam-Status: No
Archived-At: <http://mailarchive.ietf.org/arch/msg/multipathtcp/pqP36sdCoUoCVKkTAmvnqOnlYVc>
Subject: Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Olivier.Bonaventure@uclouvain.be
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 20:39:01 -0000
Christoph, > > we have submitted a draft discussing the issues when using MPTCP behind > layer-4 loadbalancers. Thanks for bringing this to the list. This is indeed an important problem. As I might be late during tomorrow's telco, let me try to answer by email. A first point that we might want to clarify in the document is how ECMP works with Multipath TCP and regular TCP. With regular TCP, some load balancers behave in a purely stateless manner and compute a hash over the five-tuple in each packet to distribute the load among a set of servers. ECMP --- server1 +----- server2 With single homed and single stack clients, this ECMP solution ensures that all the connections sent by one host (i.e. one IP address) will be received by the same server if the hashing is independant of the source port. Otherwise, connections from the same host might hit different servers. If the clients are either multihomed (e.g. smartphones) or dual-stack, then using a hash-based load balancing that does not include the source port in the computation does not ensure that all the connections from one client will hit the same server. With Multipath TCP, a single connection may use different subflows and each subflow has its own five-tuple. When ECMP is used, then subflows from the same Multipath TCP connection might hit different servers. Let us now consider stateful load balancers (LB). For simplicity, we assume that the load balancer maintains a table that maps each TCP connection, identified by a five-tuple on a given server. The table might also be used to perform NAT. The LB can use any technique to build this table (random, RR, load-based solutions, ...). As an example, let us consider a load balancer that resieds in front of N servers as shown below : LB ----- server1 +------- server2 When the LB receives a SYN with the MP_CAPABLE option from a client, it must insert an entry for the corresponding five-tuple inside its table. For regular TCP, this would be sufficient. For Multipath TCP, this is not enough since it needs to ensure that all the subflows that belong to this connection will be forwarded to the same server. In your draft, you propose to change the way tokens are computed and discuss different ways to perform the handshake. Let me suggest a different approach that might be worth to compare. To support Multipath TCP efficiently in this setup, we need to ensure the following properties for the tokens that are used (on the server side) : - tokens are unique (at time t, server1 and server2 cannot use the same token for different connections) - tokens are known by both the LB and the server that is handling for the connection Instead of computing the keys (and thus indirectly the token) on the servers, why not selecting the keys for the MP_CAPABLE option in the load balancer ? Let us consider the following scenario : client LB server SYN + MP_CAPABLE (K_A) -----------------------> (client sends normal key) SYN + MP_CAPABLE (K_A,K_B) -----------------------> (LB computes key for server) SYN/ACK + MP_CAPABLE (K_B) <--------------------------- (normal MPTCP segment) ACK + MP_CAPABLE_ACK (K_A, K_B) --------------------------------> (no change to this ack) Since the LB computes the key that will be used by the server, it can ensure that the (token extracted from the key) is unique and also remember it for future subflows to pin them to the good server. There are probably different techniques that the LB could use to generate these keys on behalf of the server, but I don't think that they need to be specified in an IETF document. It's up to each implementor to find an efficient way to do that. One issue that needs to be discussed is how the LB can convey the key to the server in the SYN packet. There are different techniques that are possible and we should probably select one to ensure the interoperability between a LB and servers : - add K_B to the MP_CAPABLE option, but this is likely to be beyond the maximum length of the TCP options - add K_B in the payload of the SYN segment (but we'll need to check the impact on TFO) - encapsulate the SYN segment inside something, like a UDP segment with a TLV format that has enough space for a SYN segment and the additional key - invent a hack to encode the 64 bits key inside some "unused" fields of the IP/TCP headers (say IP id, TCP ack number, IPv6 flowlabel, TCP timestamp echo, ...) - ... At this stage, I'd opt for an encapsulation which seems to be cleaner to me. It also forces the servers to be aware of the presence of the LB, which seems a useful feature to me. Comments are, of course, welcome Olivier
- [multipathtcp] Fwd: New Version Notification for … Christoph Paasch
- Re: [multipathtcp] Fwd: New Version Notification … Olivier Bonaventure
- Re: [multipathtcp] Fwd: New Version Notification … Christoph Paasch
- Re: [multipathtcp] Fwd: New Version Notification … Olivier Bonaventure
- Re: [multipathtcp] Fwd: New Version Notification … Christoph Paasch
- Re: [multipathtcp] New Version Notification for d… Costin Raiciu