IETF Logo Mail Archive

Re: [multipathtcp] towards a potential work item on two-ended proxy

Tommy Pauly <tpauly@apple.com> Thu, 04 August 2016 00:10 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D706126D74 for <multipathtcp@ietfa.amsl.com>; Wed, 3 Aug 2016 17:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.378
X-Spam-Level:
X-Spam-Status: No, score=-5.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mhXjAkaP2hSR for <multipathtcp@ietfa.amsl.com>; Wed, 3 Aug 2016 17:10:11 -0700 (PDT)
Received: from mail-in2.apple.com (mail-out2.apple.com [17.151.62.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DF9A12D8E0 for <multipathtcp@ietf.org>; Wed, 3 Aug 2016 17:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1470269409; x=2334183009; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=wN6/ISbbugt9jjlp5BT8th5ASRNFNpPIGiNtXapk594=; b=DsYiJEBbyVFEy9PSf2Mka/BjkdBlgqwLgkq4jZJ2Yyo2f2fD5ePY4hLmKJyInPpB IeJOFzuqrJfWXdfCctefYy4d6OS2ivpPgcblqgrPuuABa3rlGoAdGEvdvA+X/uke MFMSpXdeWR0TrSAjP8Q7HF53uHZY2ErRN33fe6AqZoE8J7kvKt69b4942XN7DJbW 2pOSIgAvF8yUirA32zrSalkgyJyh7uvNKTnaU5v/C0CDTJqs87nixLXsN6KUjmXb W3SOQMnvB61A3SrN8rwlcYYoscUVGGoKd7im8YSRefXuGxXN4f7RN6JYs5VtjUvF 1tOebmfvcaJwytOZdyRJUA==;
Received: from relay2.apple.com (relay2.apple.com [17.128.113.67]) by mail-in2.apple.com (Apple Secure Mail Relay) with SMTP id 63.0F.10360.1E782A75; Wed, 3 Aug 2016 17:10:09 -0700 (PDT)
X-AuditID: 11973e11-f79e76d000002878-ea-57a287e18fc4
Received: from nwk-mmpp-sz12.apple.com (nwk-mmpp-sz12.apple.com [17.128.115.204]) by relay2.apple.com (Apple SCV relay) with SMTP id 50.94.01452.1E782A75; Wed, 3 Aug 2016 17:10:09 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_utUjyEuWq/Q8LulkBIHKwQ)"
Received: from [17.226.23.74] (unknown [17.226.23.74]) by nwk-mmpp-sz12.apple.com (Oracle Communications Messaging Server 8.0.1.1.0 64bit (built Jun 15 2016)) with ESMTPSA id <0OBC008LLZ4WIR30@nwk-mmpp-sz12.apple.com>; Wed, 03 Aug 2016 17:10:09 -0700 (PDT)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Message-id: <4221AE86-54DA-4177-91B5-D1A03C101F71@apple.com>
Date: Wed, 03 Aug 2016 17:10:09 -0700
In-reply-to: <FCC775C9-EA48-4E7D-A48D-3059C255569A@nokia.com>
To: "Henderickx, Wim (Nokia - BE)" <wim.henderickx@nokia.com>
References: <b779dd12f1bb412c96c800eddaaf0247@rew09926dag03b.domain1.systemhost.net> <e2aa6ac517194af4b8c25c07f8e469fb@rew09926dag03b.domain1.systemhost.net> <9cafc779-502e-cc7f-676c-f6659e207c81@uclouvain.be> <3100ff74-0c7d-1815-03a1-aa4cec36d1e4@oracle.com> <3D8D4118-39CA-46A6-BFBD-026376C02058@nokia.com> <811b2c78-0976-6994-d759-8cac5fa58864@oracle.com> <0084773F-53E5-41A4-A244-430DAF12322A@nokia.com> <E0278B51-F3D8-4762-B597-41959E7BCF12@gmail.com> <08A92759-0446-440B-A76E-2E89518E1336@nokia.com> <F9F23B1F-D802-4971-857F-4BF455EDCF5D@gmail.com> <FCC775C9-EA48-4E7D-A48D-3059C255569A@nokia.com>
X-Mailer: Apple Mail (2.3195)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrNLMWRmVeSWpSXmKPExsUi2FDorPuwfVG4wZYefouV51YwW3xefZ3N YtLvTSwOzB47Z91l91iy5CeTx91bl5gCmKO4bFJSczLLUov07RK4MrrO/GAtWL6OsWLHyfOM DYwPpjJ2MXJySAiYSGy+84sZwhaTuHBvPVsXIxeHkMBeRom151tZYYq23uhmhEgcYpS4seYs WDevgKDEj8n3WEBsZoEwie+rJzJBFHUwSZzs3svexcjBISwgIbF5TyJIDZuAisTxbxuYQcK8 AjYS5y8WgYSFBXwkOq5MAxvDIqAqMf36YXYQm1PAVqJ3bQ8TzPgfvefB7hEBin+beArq0I8s Eqe7/0J9Iysx988bsEMlBG6zSax6u5N1AqPwLCS3zkJy6yygO5gF1CWmTMmFCGtLPHl3gRXC VpNY+HsRE7L4Aka2VYxCuYmZObqZeUZ6iQUFOal6yfm5mxhBsTPdTnAH4/FVVocYBTgYlXh4 N0guChdiTSwrrsw9xCjNwaIkzht+akG4kEB6YklqdmpqQWpRfFFpTmrxIUYmDk6pBkYj9ssH AgtY39z4fE9cf9b6iQGnPzVkmy1JvaLfOpfPNfCevcq1Ox/3/Hg0PcNb5Ij4Y3nBrbt60ztD X/q0/JCw7E3kLr5rWve4/8admuizP+XYNj0K5XNafuZcRGVwvJHL79laad93H3Za/eIvz8I4 uXV7+9zftfWL9vzhtF/4RdA+lqnwXKgSS3FGoqEWc1FxIgApzeD9fgIAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrKIsWRmVeSWpSXmKPExsUi2FB8Rvdh+6Jwg0vnOSxWnlvBbPF59XU2 i0m/N7E4MHvsnHWX3WPJkp9MHndvXWIKYI7isklJzcksSy3St0vgyug684O1YPk6xoodJ88z NjA+mMrYxcjJISFgIrH1RjeULSZx4d56ti5GLg4hgUOMEjfWnAVL8AoISvyYfI8FxGYWCJP4 vnoiE0RRB5PEye697F2MHBzCAhISm/ckgtSwCahIHP+2gRkkzCtgI3H+YhFIWFjAR6LjyjSw MSwCqhLTrx9mB7E5BWwletf2MMGM/9F7nhXEFgGKf5t4CuqejywSp7v/Qh0qKzH3zxvGCYwC s5CcNwvJebOAVjMLqEtMmZILEdaWePLuAiuErSax8PciJmTxBYxsqxgFilJzEiuN9BILCnJS 9ZLzczcxgkO90HkH47FlVocYBTgYlXh4N0guChdiTSwrrswFhhEHs5II791WoBBvSmJlVWpR fnxRaU5q8SHGiYxAX05klhJNzgdGYl5JvKGJiYGJsbGZsbG5iTkthZXEeROPzw8XEkhPLEnN Tk0tSC2COYqJg1OqgbFwZuFO2UNhi6dbzNjILX45/WHYpZTpEo8+tTFeF8n6ucC2a3Eew5GQ SSdfLVEpe/LN33+70r4li1oarx4MqPH0+tp8/UMYb+ySg81RGx4asrJGN7yafuDrs6QVzaL2 Hqr9PP1HfynMjP3SEWDVGGd4nFtCtFrzgdFjpf1sj8r8pGwP7v7UMFOJpTgj0VCLuag4EQBG 6wT56AIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/yxz9ygXq0xFVwlFxOinmYELWfvQ>
Cc: "multipathtcp@ietf.org" <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] towards a potential work item on two-ended proxy
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2016 00:10:13 -0000

> On Aug 3, 2016, at 11:58 AM, Henderickx, Wim (Nokia - BE) <wim.henderickx@nokia.com> wrote:
> 
> Alan, in-line
> 
> From: Alan Ford <alan.ford@gmail.com <mailto:alan.ford@gmail.com>>
> Date: Wednesday 3 August 2016 at 09:20
> To: Wim Henderickx <wim.henderickx@nokia.com <mailto:wim.henderickx@nokia.com>>
> Cc: Rao Shoaib <rao.shoaib@oracle.com <mailto:rao.shoaib@oracle.com>>, "multipathtcp@ietf.org <mailto:multipathtcp@ietf.org>" <multipathtcp@ietf.org <mailto:multipathtcp@ietf.org>>
> Subject: Re: [multipathtcp] towards a potential work item on two-ended proxy
> 
> Hi Wim, all,
> 
> Comment inline...
> 
>> On 2 Aug 2016, at 20:11, Henderickx, Wim (Nokia - BE) <wim.henderickx@nokia.com <mailto:wim.henderickx@nokia.com>> wrote:
>> On 02/08/16 15:52, "Alan Ford" <alan.ford@gmail.com <mailto:alan.ford@gmail.com>> wrote:
>> 
>>> I’m trying to distinguish the various use cases; can we confirm this is correct?
>>> 
>>> Transparent Mode
>>> - Source address = real source address
>> WH> not always since NAT can be in the path
>>> - Destination address = real destination address
>>> - Transparent proxies create MPTCP functionality in the stream, adding and removing the MPTCP headers, mapping seq numa, etc
>>> - Latest proposal is to add an indicator to say “this is proxied” so that a proxy can intercept it
>> WH> indeed or not intercept it based on the indication
>>> 
>>> Plain Mode
>>> - Source address = real source
>> WH> could also be NATed in some use cases
>>> - Destination address = proxy destination address
>>> - Signalling protocol inside indicates real destination address
>> WH> or SRC address
>>> 
>>> So - please correct me if this is wrong - but the main difference is that Plain Mode is targeted towards a proxy server whereas the transparent mode does not change src/dst addresses?
>> WH> the main difference is mainly DST IP is changed to get explicit routing to the proxy versus being implicit in the transparent case
> 
> OK, so my understanding appears correct here.
> WH> yes
> 
>>> The issue I see with a generic proxy bit is that it does not contain any context about what kind of proxy is being intercepted. You could be sending in good faith expecting it to be picked up by Proxy from Operator A, but in fact is picked up by Operator B.
>> WH> the network assisted proxy is mainly targeting single operator/controlled operator use cases to avoid these issues.
>>> 
>>> As I’ve said before, the plain mode option is not MPTCP-specific and is simple a signal that says “everything that follows is actually targeted for IP address a.b.c.d” - this is entirely transport-agnostic. If the HAG could know where to find a proxy (e.g. a well-known anycast address) then addresses could be rewritten and packets forwarded, with no need for any MPTCP protocol changes.
>> WH> you would still need to know the original destination IP@ that the application wanted to go to.
> 
> Which is the point of the signalling protocol - the proposed “plain mode option” which is actually carried in the payload. My issue with this is that this is _not MPTCP-specific_. This is simply a signal above the transport layer to inform a proxy what the real destination is.
> 
> WH> I hear, you and I understand but we have an explicit use case for this with MPTCP and so far not in any other protocol. Hence I think it is good to extend MPTCP with this capability and liase with other WG(s) about this.

While you may have a use-case for having proxies work with your MPTCP solution, it does not directly follow that the MPTCP protocol or WG is the best place to specify how the proxy works. This really does seem like a proxy solution that can be made more generic, and at the very least belongs as a protocol that is run within the MPTCP stream. This is what the SOCKS protocol does, and there is no reason you can't run SOCKS over MPTCP, or create a new variant of SOCKS or a similar protocol that you will run on top of MPTCP for your solution. Indeed, it could be seen as a benefit to work on the proxying solution independently from MPTCP, since that way it can be used for other transports. The end result will be the same, and the architecture will be cleaner.

Best,
Tommy Pauly

> 
> Regards,
> Alan
> 
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp

v2.23.0 | Report a Bug | By Email