Re: [tcpm] a question for TCPLS

Maxime Piraux <maxime.piraux@uclouvain.be> Fri, 25 March 2022 10:51 UTC

Return-Path: <maxime.piraux@uclouvain.be>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 941CA3A0D53 for <tcpm@ietfa.amsl.com>; Fri, 25 Mar 2022 03:51:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uclouvain.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcyQY7wwVlAO for <tcpm@ietfa.amsl.com>; Fri, 25 Mar 2022 03:51:19 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20717.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::717]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F573A0CFD for <tcpm@ietf.org>; Fri, 25 Mar 2022 03:51:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f3Bbh57RRIWJjEfe6by+dMwoQIRw5hkNpyNiHodrVpBhi7VBn1NDUphKiyqTyOi5fntVLrdgjAknZnjH//XI2waLNu42H3GGUpJoSHUlG0ckdjlp3zGTXjZ5uUTNxEXjXnw5UIcgiBlXPpTby9vNCM4HPPFEyN6KMI99GXZQGxn2ts3yLslwnZAoOZX7fK6+O6X1VPPpBQrwIDn0OJoxKs0fMJb3jl9jrNlgosAz45uRBbpwXj69PQQDKd0NCm/GQ0np5vwn5OSQXh+aR3Q+kxvpui9A0T1lxQycwzlfUQlFyUY1Ul5nFQhwwgVC2AnG/wkNv3eKyaQy3A6DslgJBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aiJc3XPzOm4tXm+UekyKJVmFnjBAwJu+RcAam8//vsI=; b=OceH6e9U115S8xpA/X6KhHJ/Uz3PlQXJXkXQO/ECGWtOwRsI6kAAlUQjXzu9EItBH1ffhpLpo6tAkUZE3fvQjzSVQxTPMHLdXuDDpbjL3CgIchMlY2OdwxJ1v3rnfhOpzsPtrGBUekomvT6m9LsOJxX1aNizjadClxpBnTm+n03z5uL9aPuJSPDwA5tSine4Cf898rhCyocVCKrlynHRHdLQzpHLq3ZOFOEBfM+03aVi41JWfE0UsBI0yPkni58L3TT4jTGj6QQOaLQ7hNRlBrewZkA8vKyjoHsR3E2dNxhCumonCGt8ZOk6gavLBjrIddqbFuLJ2ICyrpFC3/30oQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uclouvain.be; dmarc=pass action=none header.from=uclouvain.be; dkim=pass header.d=uclouvain.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uclouvain.be; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aiJc3XPzOm4tXm+UekyKJVmFnjBAwJu+RcAam8//vsI=; b=T6s6traR+R4PZ71ZlhvfmeDwy43xheo5ms9Szfkv99YUJxa/vqToZuMgdFeep+s9IFCo3su+F4By6yDeUIihrx1OT9bSIbhv80EyLekpkOcJlEKCbZW7t1HelSNDy4Si6rfXECUqEuzZPKI5Hd4X2DdfOy5y8eRalmJ4Q6ZyBUY=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uclouvain.be;
Received: from AM0PR03MB3667.eurprd03.prod.outlook.com (2603:10a6:208:4d::16) by VI1PR03MB3951.eurprd03.prod.outlook.com (2603:10a6:803:6a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.19; Fri, 25 Mar 2022 10:51:08 +0000
Received: from AM0PR03MB3667.eurprd03.prod.outlook.com ([fe80::21b7:e8e1:1054:6580]) by AM0PR03MB3667.eurprd03.prod.outlook.com ([fe80::21b7:e8e1:1054:6580%4]) with mapi id 15.20.5102.019; Fri, 25 Mar 2022 10:51:08 +0000
Content-Type: multipart/alternative; boundary="------------D2fBH44TLjplP3P9g7eGsqeu"
Message-ID: <72059d4f-bad1-7677-82d2-915e1697d872@uclouvain.be>
Date: Fri, 25 Mar 2022 11:51:07 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0
Content-Language: en-US
To: Yoshifumi Nishida <nsd.ietf@gmail.com>
References: <CAAK044QJ+_Kzk3b7kjuqQu1ReKFUYbPXebi0hRYnuQpm46umQQ@mail.gmail.com>
Cc: tcpm@ietf.org
From: Maxime Piraux <maxime.piraux@uclouvain.be>
In-Reply-To: <CAAK044QJ+_Kzk3b7kjuqQu1ReKFUYbPXebi0hRYnuQpm46umQQ@mail.gmail.com>
X-ClientProxiedBy: PR2PR09CA0001.eurprd09.prod.outlook.com (2603:10a6:101:16::13) To AM0PR03MB3667.eurprd03.prod.outlook.com (2603:10a6:208:4d::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7205e041-f8e5-4e5d-2093-08da0e4d5e51
X-MS-TrafficTypeDiagnostic: VI1PR03MB3951:EE_
X-Microsoft-Antispam-PRVS: <VI1PR03MB39511744BAF9C177957F9CF49F1A9@VI1PR03MB3951.eurprd03.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: F1yTGbo9TjuYr2EGnRAXGBd7n43k5pLnHGI7OVOQR9kaFR2BF3KF44Gw/GhpRVpnX5TBxj/0n14RqXbvhTStsiX95WyDFOIuxFXnJWbiU+yZuB5ntONb1woYOrcpiLrLtV4NfNRaA2bL4iIL1RpLTpmMIE7c9BNdQT5RZW5/wQjHuka1RBQAvU5jUfO6AA2XtujfgNBfbh+or2N8sZgLdi800M/ie+qtDMkQL2OrnHRONDVLTo97KEhI4SHlwVxAttmCOMYlax4T3MPwLT5E7fwlDywXyfomJW4YW4URpnysbhwJLsnVNle2/uc65IfT1GCFKwDlrsjqJ8JDxi/s4cr7JSQJqpOOWIkYUZKuaR3zUd58hI7MHnfLVSdgxvFEXnuM6lc+9VRkV6RyQSp3MXAmFf1k8wTzKe6EgC3gluMYBR+lXsdxeUBtL5WCAkVgE4OMEEISXlK6jgTDFe3xrq2S+BWQXC5lTcBlD9Rx+DL8rkD7U7lVe3Z+bQPAcYGZPAwMWKNwMqKHeZFIHPq0n4UAorS2VH1o8Ngy6QtnPLi3uSEmew5c+GYYoGTouM6QSH8BY/SHLb1Me3fpMFBhD7BlIUMc9LauMzIlc0HjYXPolY51jCw+i8Y1wcQVFE7A551x39yfluOWww5PRnx5To6/q9Zd6lF/nY2g+z9vwpplZOQdnC9mugYVSblkRw/kRk5VZOIl9EB/rtjzxtyu/j7GSe/QnxrWolba22qip/Q=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR03MB3667.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66574015)(6486002)(186003)(52116002)(38100700002)(33964004)(6506007)(5660300002)(36756003)(6512007)(44832011)(8936002)(2616005)(86362001)(508600001)(31686004)(83380400001)(2906002)(66946007)(66476007)(66556008)(8676002)(31696002)(4326008)(6916009)(786003)(316002)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: n/DFxY6u/c3bWineCZZBglVFetbKPD7JEF5DBT8JHtFMDbItd25pHvgA3kbkIeTX8v9G94VO3qCZU9W620ehlYkRPm8j+wuwgVUuVd4UfVgO1zuNNaYBvr9qpx7vyuj56OOOCyecparFOhqvfj3LnQ6GrsNM37e+hFi0Ezi06TIrMm/pSM/S7eB1Dz5MWTNSYihZ1C4gp1DKaUqcJmtRPYWz9qQ7vCAFquTiSx4xVHKbV6tu7Egcg+ypq4yuVxaqPoJyd9XpiPJo0dtWMtdt7iYZ+y4s5R5KVdiUiJKwI7dWbQ6E1zCXwP5h2KD31WVX1oU9mN+/WhRsCeD5i4WS9qVSffpGqQFZLo+HM/gt9mQpZU2hEuy1hjq5OaNcSjmOsAACk692lXUyFmQlQmtJ3e6yRzbZ3wRtSGhL2hziqlPWzOT7Bfi8W1GzTJ10bfBrlnuNKOgzo4rFilc2LBIR9u+Ac9gepLlwCEEA2obHiGBQXh9KQMFXi8X6SZtEJ1O9clvz5KeeaQfuBimIBzOJOMLzDETh3UqRGV3S8h4nVknXr31tBi6oRmzmbLOMJhl0j8E3EvXuMDqGDblehtpuEtcdn6TltMsnGgKB/szbRP7q6b8mBZ0NQjurOPz0HqDnOZwyFEka5zyYe83O57/+G9OstKr+DmhOBV6FKq1700QBUGbuIZhiUzciEXmrnA/pm6uSEqJSIOsTPgzsZFiS5J9lK08WjTV34y9PxsY8KaYf66ti463Pe52EYVYQR76qj0+cf4oHmaeXwDiEmGbciHkLTO87UvA5d0/I8LmPx1CrnHuQP0yIAg1O8pNoSWNM6IYgSw2evYtNyTaKawfTvuQHuR7F6v00ZNKVEjArjxB2TLGWga2FY3mdys0oWcFRUWzTDcm/J/ctDdBvN68tO948jcENJ/a3s4bAekeYW4VRFOU51ANzppKYsDe/gsZjCqacdLYoVslWk/sYb+NLxt8aEjJdcWkDu7PXCyqeiOGPa12cbWqsFeYft8N74RTctaFXfmor/UrTq5KjnnJx3B229xw2fyxQi+klb2zbn7EM3IGxdUk5VgOVTvPD/HmHL3kjFdNO+gCzdyLj1IY6ddnD9Qu0Y6hwNKlKJVz+QhA9VInj8riuoPU0BoN+2ZVIZYIZYSqxfUzvJYy+QOUuDqr/xhoy/49oOXBTA+vchrTY/HlGH7HlVpdJ6pWte3+39EfDTKklpZTym+s3KKlgXkYSJYIyIOjoQOshq8f4Tmv8usjgggtqKsFVJ6CnIWn9uiDPafdJ2Vof4tuF3Y0kDwats6xqp1BMjDL+nHIzNmwfF6AI6wbP83rUXSIDxYUIfO1ZzHQ6kwUUDatEfvPKPonkABAioXX9AW76x8+ZPX4O8LSvWIJPVVp966kUth+qudj3mAOnaF3jHdsjYN89Er08rdtxZqDpHRCA93uwdeF2NaetukR1nwcS2ZtTdkRZmiTjY8YavHb2F8RI/NZJ2GpRYHvkMCMRTU6xWks09y+r1t+nTQ/9zVat8hn9AdyJxPoZN9Y/u1fVPkp2dYW6NTOmeNYzPht+Ulwqtbk7aZoR7h542UG+yt4mWvglgwBoMjqW+CB2DOe8rQc1Ysl19oJsn3MUGpqz3vf6e7OvSlMfBcz+AQ70hq0UqnZmwvjX+/aJTX6g67ynibyJwL8YGHLvijoCG7ZjtCP6y6lUtSz02LnokGk7C18I3ONyHhQBiXNLJpGKmVxZgvpzbj2q9nl4dKP7pioFO+Cf3E6y5/EtKsSmyD88QkR5sSUTguC1/AslvSL3
X-MS-Exchange-AntiSpam-MessageData-1: k2NOP7jbSENpRZaY9KunsR9hPGUwuc3FoQI=
X-OriginatorOrg: uclouvain.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 7205e041-f8e5-4e5d-2093-08da0e4d5e51
X-MS-Exchange-CrossTenant-AuthSource: AM0PR03MB3667.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Mar 2022 10:51:08.5085 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: N+jgox3+zAxHE7X5Rc/xmHAZiFlZ5Zng4RVpUnSVvbpVGHv7TUPr1sC9DAHN7Nhp4Y5dju4d5MeJY52VJ4Jxd2ClHLhJKGoFCSFq6cVOhC4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB3951
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/2q5Qk8vT23dAikMgny8iB2LxyZo>
Subject: Re: [tcpm] a question for TCPLS
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 10:51:25 -0000

Hi Yoshi,

Thank you for this question. It is very interesting as it touches on a 
fundamental choice of TCPLS.

Indeed, TCPLS does not act at the TCP segment level. Instead, TCPLS 
makes decisions at the TLS record level. This decision is driven by 
several factors. First, when TLS is used atop TCP, TCP segments of a TLS 
record become bound together, e.g. the receiver cannot decrypt their 
data before the whole record is received. The loss of one segment, no 
matter if it is in order or not, can block the whole record data from 
being decrypted and processed, remaining in the receiver buffers until 
it becomes complete.

When TLS is used atop MPTCP, this effect can be further amplified by the 
scheduling. Spreading the segments of a single TLS record over two paths 
can create an increase in transmission time, as segments arriving on the 
fast path are of no use before segments sent on the slow path are 
received. In this case, splitting the application data in two 
independent records could make more sense to the application. In 
TLS+MPTCP, one could split this data into two TLS records, but as MPTCP 
maintains a single bytestream, they will be reordered before decryption 
at the receiver. So to effectively benefit from this finer scheduling, 
MPTCP has to be aware of the TLS segmentation happening in the TCP 
bytestream, with the limitation of the receiver reordering sometimes 
going against scheduling decisions.

As far as I'm aware, there is no easy way to implement this currently. 
So far, most MPTCP schedulers have been taking decisions based on inputs 
from the network and not from the application. Conceding this level of 
granularity enables TCPLS to be implemented purely atop TCP, and we 
believe this tradeoff is of value.

Observing packet losses, dupacks, RTOs and RTT variations could still be 
achieved, for instance by using tcp_info metrics. It can then be used to 
drive the TLS record scheduling.

At any point of a TCPLS session, the sender is aware of the TLS records 
that were received, decrypted and processed by the receiver over each 
TCP connection thanks to the ACK frame. These ACKs can be sent on any 
TCP connection of the session. TCPLS can take the decision to reinject 
the content of a TLS record on another TCP connection at any point, but 
it delegates handling TCP segment loss to the TCP connection. The 
decision of reinjecting the content of a TLS record can be made based on 
many inputs, for instance a timer on the receipt of the ACK frame, 
metrics from tcp_info indicating that the connection is performing badly 
and of course a timeout of the TCP connection.

We also defined a Connection Reset frame for the receiver to notify the 
sender that it received a TCP RST on a TCP connection, this can shorten 
the time for TCPLS to detect that a TCP connection was disrupted by a 
middlebox and reinject the lost TLS records. Note that adding these kind 
of control messages in MPTCP would be achieved by adding a TCP Options, 
which is in cleartext and in a much more limited space.

Maxime

Le 24/03/22 à 04:34, Yoshifumi Nishida a écrit :
> Hi,
> I tried to ask a question for TCPLS during the presentation, but gave up
> due to time constraints. So, I just sent it here before my memory expires...
>
> In my understanding, the advantage of MPTCP is it's in the TCP stack so
> that it can have fine-grade packet scheduling and path management.
> But, in case of TCPLS, I'm not sure how it can control multiple TCP
> connections effectively.
>
> For example, I am wondering how TCPLS finds the failure of connections or
> which packets have been considered lost at the TCP layer without delay.
> Can you provide some more info about this point?
>
> Thanks,
> --
> Yoshi
>