Re: [multipathtcp] towards a potential work item on two-ended proxy

Alan Ford <alan.ford@gmail.com> Wed, 03 August 2016 07:20 UTC

Return-Path: <alan.ford@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F85812D985 for <multipathtcp@ietfa.amsl.com>; Wed, 3 Aug 2016 00:20:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJGl4dVNNdHN for <multipathtcp@ietfa.amsl.com>; Wed, 3 Aug 2016 00:20:43 -0700 (PDT)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F06F12D504 for <multipathtcp@ietf.org>; Wed, 3 Aug 2016 00:20:43 -0700 (PDT)
Received: by mail-wm0-x231.google.com with SMTP id q128so436256369wma.1 for <multipathtcp@ietf.org>; Wed, 03 Aug 2016 00:20:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=8UlG9U4K8Fptvsv8t+wXdefaQ+pmxaAzmtICLKAiJ0s=; b=FXK/jmuiFmxDSlyWjz4BHlqsviR9IhuYgh3Ua3m0aMtLcS0ch0Ss+GCl+PWU4l1nh5 qlf2zBv+RbpFfxRKK7M2Clf/EAhjqRNAG/LVgOg/TP9ij6hdk+ofnT/XYJtV2eEuzbk+ lOEOmEPKeCrAxUE+oi8zVKoNRHrNzvtA/o1hwm9UlWf+/+au4rA69BjoR+Z79rwYe446 ZofByOEengxKlusnfEZkLaTuSEtb9HS7wYh0Ul1HsXKoQPierxZN6EA/VuBGehrHbtnx iMp0XaoBBrobAqap0s9gBCfIAhdcsBYfWAPECH12vZX/S8ajA0ZSTF8qEO5UYC3xSide C+yQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=8UlG9U4K8Fptvsv8t+wXdefaQ+pmxaAzmtICLKAiJ0s=; b=mCb2/sgFUOIkhn5OJ6RBoRg0tsVgTKYQsMgMiCJynp44taYpYn2fd9bLdE6F31HIfU aTsJWwl92HUv3UO2z6y6WPakBaZDaI/eEzuzASCFB/+3dE2PsTDAV34diWOkt3xhv0l2 ZDyHzlfBK8GxaFmh6vSXfIpwJRNfUJkVwPpo3IFWnavgph01jZ6BWoNYKIfNeIPJ38zw Izhrc54JnqES4LnSi1DaoXMhA7kdsyqgob3WDKuSpj1+DwpUx+xGgRWXFQ2pygt0Xvj9 O2mtwLNZRsTxRUsMi9TmtDzu2V5f+VR4vEHewIz/mEAGTCF+2U7WRZSVMd5Qs64M+fT1 QLog==
X-Gm-Message-State: AEkoouscDtzxSKoOysYhHiuZ2UbtyfZt2gMe3xFBFLA/swTt/xZAK23YufrwQJfmRbwA2w==
X-Received: by 10.194.149.113 with SMTP id tz17mr67271012wjb.64.1470208841771; Wed, 03 Aug 2016 00:20:41 -0700 (PDT)
Received: from alans-mbp.lan (188.201.125.91.dyn.plus.net. [91.125.201.188]) by smtp.gmail.com with ESMTPSA id b186sm6572374wmg.23.2016.08.03.00.20.36 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 Aug 2016 00:20:40 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_2A38FF38-5C73-4A1C-AB53-4EBC4639E71F"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alan Ford <alan.ford@gmail.com>
In-Reply-To: <08A92759-0446-440B-A76E-2E89518E1336@nokia.com>
Date: Wed, 3 Aug 2016 08:20:26 +0100
Message-Id: <F9F23B1F-D802-4971-857F-4BF455EDCF5D@gmail.com>
References: <b779dd12f1bb412c96c800eddaaf0247@rew09926dag03b.domain1.systemhost.net> <e2aa6ac517194af4b8c25c07f8e469fb@rew09926dag03b.domain1.systemhost.net> <9cafc779-502e-cc7f-676c-f6659e207c81@uclouvain.be> <3100ff74-0c7d-1815-03a1-aa4cec36d1e4@oracle.com> <3D8D4118-39CA-46A6-BFBD-026376C02058@nokia.com> <811b2c78-0976-6994-d759-8cac5fa58864@oracle.com> <0084773F-53E5-41A4-A244-430DAF12322A@nokia.com> <E0278B51-F3D8-4762-B597-41959E7BCF12@gmail.com> <08A92759-0446-440B-A76E-2E89518E1336@nokia.com>
To: "Henderickx, Wim (Nokia - BE)" <wim.henderickx@nokia.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/sThj-XZXG6GedCRwrxD03mgsvYQ>
Cc: "multipathtcp@ietf.org" <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] towards a potential work item on two-ended proxy
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 07:20:45 -0000

Hi Wim, all,

Comment inline...

> On 2 Aug 2016, at 20:11, Henderickx, Wim (Nokia - BE) <wim.henderickx@nokia.com> wrote:
> On 02/08/16 15:52, "Alan Ford" <alan.ford@gmail.com <mailto:alan.ford@gmail.com>> wrote:
> 
>> I’m trying to distinguish the various use cases; can we confirm this is correct?
>> 
>> Transparent Mode
>> - Source address = real source address
> WH> not always since NAT can be in the path
>> - Destination address = real destination address
>> - Transparent proxies create MPTCP functionality in the stream, adding and removing the MPTCP headers, mapping seq numa, etc
>> - Latest proposal is to add an indicator to say “this is proxied” so that a proxy can intercept it
> WH> indeed or not intercept it based on the indication
>> 
>> Plain Mode
>> - Source address = real source
> WH> could also be NATed in some use cases
>> - Destination address = proxy destination address
>> - Signalling protocol inside indicates real destination address
> WH> or SRC address
>> 
>> So - please correct me if this is wrong - but the main difference is that Plain Mode is targeted towards a proxy server whereas the transparent mode does not change src/dst addresses?
> WH> the main difference is mainly DST IP is changed to get explicit routing to the proxy versus being implicit in the transparent case

OK, so my understanding appears correct here.

>> The issue I see with a generic proxy bit is that it does not contain any context about what kind of proxy is being intercepted. You could be sending in good faith expecting it to be picked up by Proxy from Operator A, but in fact is picked up by Operator B.
> WH> the network assisted proxy is mainly targeting single operator/controlled operator use cases to avoid these issues.
>> 
>> As I’ve said before, the plain mode option is not MPTCP-specific and is simple a signal that says “everything that follows is actually targeted for IP address a.b.c.d” - this is entirely transport-agnostic. If the HAG could know where to find a proxy (e.g. a well-known anycast address) then addresses could be rewritten and packets forwarded, with no need for any MPTCP protocol changes.
> WH> you would still need to know the original destination IP@ that the application wanted to go to.

Which is the point of the signalling protocol - the proposed “plain mode option” which is actually carried in the payload. My issue with this is that this is _not MPTCP-specific_. This is simply a signal above the transport layer to inform a proxy what the real destination is.

Regards,
Alan