Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt
Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Wed, 09 September 2015 20:39 UTC
Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 999FE1B3ADE for <multipathtcp@ietfa.amsl.com>; Wed, 9 Sep 2015 13:39:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChRDb8jaZxPS for <multipathtcp@ietfa.amsl.com>; Wed, 9 Sep 2015 13:38:59 -0700 (PDT)
Received: from smtp5.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) by ietfa.amsl.com (Postfix) with ESMTP id DDC861B384E for <multipathtcp@ietf.org>; Wed, 9 Sep 2015 13:38:58 -0700 (PDT)
Received: from mbpobo.local (host-78-129-6-94.dynamic.voo.be [78.129.6.94]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: obonaventure@smtp5.sgsi.ucl.ac.be) by smtp5.sgsi.ucl.ac.be (Postfix) with ESMTPSA id EF3A911E4CD; Wed, 9 Sep 2015 22:38:51 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp5.sgsi.ucl.ac.be EF3A911E4CD
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1441831132; bh=bftYGXu8vN/LL21xYfJPHtmLBz7macLGvWT79UGHFxk=; h=Reply-To:Subject:References:To:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=lbQiTyXbTc6NMRmelHmCTdi4yZqua/YWTSVrKBeeelrJMrFC6Cf5NLJVn8IanR37w EfvxwLjx+YsPzn55x8xLDLG1REe8k+gy1YYj0Mh0xT8PVztxQs3SWKEvnm0GDE8S7Y Gu1uojDQP9o7li3NbbPdN/n7z9NYh5RyfL63CsfM=
References: <20150908035557.GB73228@Chimay.local>
To: Christoph Paasch <cpaasch@apple.com>, MultiPath WG <multipathtcp@ietf.org>
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
Message-ID: <55F098DB.8020201@uclouvain.be>
Date: Wed, 09 Sep 2015 22:38:51 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150908035557.GB73228@Chimay.local>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.99-beta1 at smtp-5.sipr-dc.ucl.ac.be
X-Virus-Status: Clean
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-MailScanner-ID: EF3A911E4CD.A3AD7
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: olivier.bonaventure@uclouvain.be
X-SGSI-Spam-Status: No
Archived-At: <http://mailarchive.ietf.org/arch/msg/multipathtcp/pqP36sdCoUoCVKkTAmvnqOnlYVc>
Subject: Re: [multipathtcp] Fwd: New Version Notification for draft-paasch-mptcp-loadbalancer-00.txt
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Olivier.Bonaventure@uclouvain.be
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 20:39:01 -0000
Christoph,
>
> we have submitted a draft discussing the issues when using MPTCP behind
> layer-4 loadbalancers.
Thanks for bringing this to the list. This is indeed an important
problem. As I might be late during tomorrow's telco, let me try to
answer by email.
A first point that we might want to clarify in the document is how ECMP
works with Multipath TCP and regular TCP.
With regular TCP, some load balancers behave in a purely stateless
manner and compute a hash over the five-tuple in each packet to
distribute the load among a set of servers.
ECMP --- server1
+----- server2
With single homed and single stack clients, this ECMP solution ensures
that all the connections sent by one host (i.e. one IP address) will be
received by the same server if the hashing is independant of the source
port. Otherwise, connections from the same host might hit different servers.
If the clients are either multihomed (e.g. smartphones) or dual-stack,
then using a hash-based load balancing that does not include the source
port in the computation does not ensure that all the connections from
one client will hit the same server.
With Multipath TCP, a single connection may use different subflows and
each subflow has its own five-tuple. When ECMP is used, then subflows
from the same Multipath TCP connection might hit different servers.
Let us now consider stateful load balancers (LB). For simplicity, we
assume that the load balancer maintains a table that maps each TCP
connection, identified by a five-tuple on a given server. The table
might also be used to perform NAT. The LB can use any technique to build
this table (random, RR, load-based solutions, ...). As an example, let
us consider a load balancer that resieds in front of N servers as shown
below :
LB ----- server1
+------- server2
When the LB receives a SYN with the MP_CAPABLE option from a client, it
must insert an entry for the corresponding five-tuple inside its table.
For regular TCP, this would be sufficient. For Multipath TCP, this is
not enough since it needs to ensure that all the subflows that belong to
this connection will be forwarded to the same server. In your draft, you
propose to change the way tokens are computed and discuss different ways
to perform the handshake. Let me suggest a different approach that might
be worth to compare.
To support Multipath TCP efficiently in this setup, we need to ensure
the following properties for the tokens that are used (on the server side) :
- tokens are unique (at time t, server1 and server2 cannot use the
same token for different connections)
- tokens are known by both the LB and the server that is handling for
the connection
Instead of computing the keys (and thus indirectly the token) on the
servers, why not selecting the keys for the MP_CAPABLE option in the
load balancer ?
Let us consider the following scenario :
client LB server
SYN + MP_CAPABLE (K_A)
----------------------->
(client sends normal key)
SYN + MP_CAPABLE (K_A,K_B)
----------------------->
(LB computes key for server)
SYN/ACK + MP_CAPABLE (K_B)
<---------------------------
(normal MPTCP segment)
ACK + MP_CAPABLE_ACK (K_A, K_B)
-------------------------------->
(no change to this ack)
Since the LB computes the key that will be used by the server, it can
ensure that the (token extracted from the key) is unique and also
remember it for future subflows to pin them to the good server. There
are probably different techniques that the LB could use to generate
these keys on behalf of the server, but I don't think that they need to
be specified in an IETF document. It's up to each implementor to find an
efficient way to do that.
One issue that needs to be discussed is how the LB can convey the key to
the server in the SYN packet. There are different techniques that are
possible and we should probably select one to ensure the
interoperability between a LB and servers :
- add K_B to the MP_CAPABLE option, but this is likely to be beyond the
maximum length of the TCP options
- add K_B in the payload of the SYN segment (but we'll need to check the
impact on TFO)
- encapsulate the SYN segment inside something, like a UDP segment with
a TLV format that has enough space for a SYN segment and the additional key
- invent a hack to encode the 64 bits key inside some "unused" fields of
the IP/TCP headers (say IP id, TCP ack number, IPv6 flowlabel, TCP
timestamp echo, ...)
- ...
At this stage, I'd opt for an encapsulation which seems to be cleaner to
me. It also forces the servers to be aware of the presence of the LB,
which seems a useful feature to me.
Comments are, of course, welcome
Olivier
- [multipathtcp] Fwd: New Version Notification for … Christoph Paasch
- Re: [multipathtcp] Fwd: New Version Notification … Olivier Bonaventure
- Re: [multipathtcp] Fwd: New Version Notification … Christoph Paasch
- Re: [multipathtcp] Fwd: New Version Notification … Olivier Bonaventure
- Re: [multipathtcp] Fwd: New Version Notification … Christoph Paasch
- Re: [multipathtcp] New Version Notification for d… Costin Raiciu