Re: [multipathtcp] Consensus call on potential MPTCP proxy work

[Joe Touch <touch@isi.edu>]

Mohammed,

I'm sorry, but when you talk about CPEs and network interconnection,
you're clearly talking (AFAICT) about using MPTCP as an IP tunnel.

That leads to TCP over TCP (where the first is inside the IP packets
you're transiting).

If that's what you're doing, it is a mistake. Layered congestion control
is never beneficial.

Joe


On 4/18/2017 7:30 AM, mohamed.boucadair@orange.com wrote:
>
> Hi Joe,
>
>  
>
> Some comments from my side :
>
>  
>
> ·         The main target use case is a CPE that is connected to many
> networks (cellular and fixed, typically). Please refer to
> https://www.ietf.org/mail-archive/web/banana/current/pdfwmOoFT30Eh.pdf
> for more business drivers.
>
> ·         In order to enhance resilience and increase resource
> pooling, the CPE is MPTCP-capable.
>
> ·         Because of the lack of MPTCP support at the servers side, a
> proxy is introduced at the network side to assisted MPTCP connections
> of that CPE. Let’s call this proxy: network-located proxy.
>
> ·         Because the network provider does not control hosts that are
> located behind a given CPE, a proxy is enabled on the CPE to transform
> some TCP connections into MPTCP ones.
>
> ·         The CPE is configured with its network-located proxy by
> means of DHCP, for example.
>
> ·         As mentioned in Phil’s text, the proxies are both under the
> control of the operator. In particular, ** both ** the CPE and the
> network-proxy support the mechanism detailed hereafter (that is parse
> and strip any supplied data before forwarding upstream).  
>
> ·         There is no tunnel/encapsulation at all. As such there is no
> ** TCP over TCP ** scheme. All is about plain transport mode.  
>
> o    The CPE forwards MPTCP connections it creates to its configured
> network-located proxy. This is exactly the same as with the data plane
> of SOCKS.
>
> o    In order to inform its proxy about the ultimate destination IP
> address/port while ensuring 0-RTT, an information element is inserted
> in the payload of the SYN message of the initial subflow.
>
> o    That information is stripped by the network-located proxy before
> forwarding the packet to its ultimate server.
>
> o    In order to strengthen the solution, that information must be
> echoed by the proxy in the SYN/ACK as a guard against misconfigured
> proxies.
>
> o    The information echoed in the SYN/ACK is used by the CPE to
> double check that the network-proxy complies with the solution. If
> not, no further MPTCP connection is established with that proxy till a
> TTL expires or a new proxy is configured.
>
> o    More details can be found at
> https://www.ietf.org/proceedings/98/slides/slides-98-mptcp-sessa-network-assisted-mptcp-03.pdf
>
>
>  
>
> So:
>
> ·         “(TCP over TCP), which I already noted in previous
> discussion.” WAS NEVER proposed.   
>
> ·         The proposal does not “interfere with MPTCP’s ability to
> silently fall-back to TCP when talking to legacy endpoints”. Legacy
> endpoints that receive an MP_CAPABLE option (whether from an
> MPTCP-capable client or via a proxy) will ignore it and silently fall
> back to TCP. I don’t see a problem here.
>
>  
>
> Cheers,
>
> Med
>
>  
>
> *De :*multipathtcp [mailto:multipathtcp-bounces@ietf.org] *De la part
> de* Joe Touch
> *Envoyé :* mardi 18 avril 2017 15:30
> *À :* philip.eardley@bt.com; multipathtcp@ietf.org
> *Objet :* Re: [multipathtcp] Consensus call on potential MPTCP proxy work
>
>  
>
> Hi, all,
>
> The description below isn't sufficient to determine whether this work
> is either needed or safe.
>
> My initial conclusion is that this work is either (a) not needed at
> all, (b) out of scope, or (c) involves one if not two very bad ideas.
>
> I have a few questions that determine which of (a), (b), or (c) apply
> (below), but I've already commented on my concerns that conclude (c)
> *based on previously assuming this was intended as an IP tunnel and
> used an option with control plane info in the SYN data) so I won't
> repeat them.
>
> I am curious as to what's really intended here, though.
>
> Joe
>
> 1) what is the reason for needing MPTCP work to support proxy-proxy
> use? True proxies are applications and can already setup MTCP
> themselves. Protocols for operators to configure proxies seem out of
> scope here. And if this "proxy" path is really an IP tunnel, that's a
> very bad idea (TCP over TCP), which I already noted in previous
> discussion.
>
> 2) what does "using the payload...to transfer a signalling message"
> mean? Are you using the MPTCP control plane? or the data plane of the
> MPTCP connection?
>
> 3) I'm not sure I fully understand the details of the optinns, but I
> understand that at least one of them puts data in the SYN that is
> interpreted as something other than TCP data (i.e., control plane).
> That is also a very bad idea - it interferes with MPTCPs ability to
> silently fall-back to TCP when talking to legacy endpoints, and the
> reasons for not using TCP data as control are discussed in
> draft-ietf-tcpm-tcp-edo, Section 8.7 (and are the reason for
> draft-touch-tcpm-tcp-syn-ext-opt), which I also already noted in
> previous discussion.
>
> On 4/18/2017 1:17 AM, philip.eardley@bt.com
> <mailto:philip.eardley@bt.com> wrote:
>
> Hi,
>
> During the MPTCP meeting in Chicago we did several hums about
> potential MPTCP proxy work. Our interpretation of these hums is that
> we should do a consensus call for the following work:
>
> --
> MPTCP is now seeing widespread deployment in networks to bond together
> two accesses, such as fixed and mobile broadband, by using two MPTCP
> proxies, one in the home gateway or Customer Premises Equipment and
> one in the network. The WG develops a solution where the proxies are
> both under the control of the operator and where it is assumed that
> they are not on the default path. The solution is based on using the
> payload of an MPTCP packet to transfer a signalling message between
> the proxies. It is believed the solution will not require changes to
> RFC6824bis. The solution may require a means of configuring set-up
> information in the proxies, which would be done in coordination with
> other IETF WGs such as DHC. The WG does not develop a mechanism for
> the two proxies to discover each other.
>
> --
>
> Please say whether you support, or don’t support, such work – so we
> can see if there’s consensus for it.
>
> Thanks
>
> Phil & Yoshi
>
>  
>
> Hums during the meeting:
>
> ·         Should the MPTCP WG do any MPTCP proxy work, or do none –
> about 2:1 or 3:1 in favour of doing work
>
> ·         Should the MPTCP WG do proxy work based on option #1 in
> slide 12? Strongly more yes than no
>
> ·         Should the MPTCP WG do proxy work based on option #2 in
> slide 12? more no than yes
>
> ·         Should the MPTCP WG do proxy work based on option #3 in
> slide 12? Weak & roughly equal
>
> Ref:
> https://www.ietf.org/proceedings/98/slides/slides-98-mptcp-sessa-chairs-01.pdf
>
> We believe the work does not require an update to the MPTCP WG charter.
>
>  
>
>
>
>
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org <mailto:multipathtcp@ietf.org>
> https://www.ietf.org/mailman/listinfo/multipathtcp
>
>  
>