Re: [multipathtcp] Consensus call on potential MPTCP proxy work

Juliusz Chroboczek <jch@irif.fr> Thu, 20 April 2017 20:02 UTC

Return-Path: <jch@irif.fr>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58000131652 for <multipathtcp@ietfa.amsl.com>; Thu, 20 Apr 2017 13:02:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQ7lJlkCStUT for <multipathtcp@ietfa.amsl.com>; Thu, 20 Apr 2017 13:02:37 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64C1B13162B for <multipathtcp@ietf.org>; Thu, 20 Apr 2017 13:02:37 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/56228) with ESMTP id v3KK2Zej026142 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 20 Apr 2017 22:02:35 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/56228) with ESMTP id v3KK2ZRf001593; Thu, 20 Apr 2017 22:02:35 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 3043AD7952; Thu, 20 Apr 2017 22:02:35 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id JZmnGmaJ9PM4; Thu, 20 Apr 2017 22:02:34 +0200 (CEST)
Received: from trurl.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 7B990D7936; Thu, 20 Apr 2017 22:02:32 +0200 (CEST)
Date: Thu, 20 Apr 2017 22:02:41 +0200
Message-ID: <87fuh2kftq.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: <mohamed.boucadair@orange.com>
Cc: "multipathtcp@ietf.org" <multipathtcp@ietf.org>
In-Reply-To: <787AE7BB302AE849A7480A190F8B933009E515E7@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <8c5ffa879686472594bfd3db2fa06076@rew09926dag03b.domain1.systemhost.net> <02572A11-A7D5-49D2-A31A-61B575613DF3@nasa.gov> <787AE7BB302AE849A7480A190F8B933009E5041F@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <90A6EE89-D089-46C1-980F-9DE5DE2B07B7@nasa.gov> <787AE7BB302AE849A7480A190F8B933009E50F4A@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <7iefwnb2di.wl-jch@irif.fr> <787AE7BB302AE849A7480A190F8B933009E515E7@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Thu, 20 Apr 2017 22:02:35 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Thu, 20 Apr 2017 22:02:35 +0200 (CEST)
X-Miltered: at korolev with ID 58F913DB.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 58F913DB.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 58F913DB.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 58F913DB.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 58F913DB.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 58F913DB.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/z4hCGwGO9ALw7si2qE5UDFsaKZQ>
Subject: Re: [multipathtcp] Consensus call on potential MPTCP proxy work
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 20:02:40 -0000

>>> What I meant by "native MPTCP connections" is that the CPE won't proxy
>>> a SYN that contains MP_CPABALE received from an MPTCP-capable
>>> client. That is, the CPE won't modify the destination IP address to the
>>> one of the network-located proxy. That SYN+MP_CPABALE will be received
>>> and handled directly by the remote server.

>> It will still act as a middlebox, though, with no way for the client to
>> avoid it.

> No. This is not true. 

> Connections that are not eligible to network-assisted MPTCP service
> WON'T involve a proxy.

I've probably missed something, then.  I don't see anything in -10 that
says that non-eligible packets are forwarded statelessly without any
modification, including forwarding unknown IP and TCP options.  All I see
on the subject is Section 4.3 paragraph 2, which I find hardly reassuring.

My gut feeling is that either the proxy is implemented at the upper
layers, in which case it terminates all connections and hence discards any
unknown options, or it is implemented at a lower layer, allowing it to
bypass selected packets, in which case it is no longer a mere upper layer
proxy.  I just don't see how you can have it both ways.

Could you please explain what I'm missing?

-- Juliusz