IETF Logo Mail Archive

Re: [tcpm] [multipathtcp] Progressing the MPTCP proxy work

Tom Herbert <tom@herbertland.com> Mon, 18 September 2017 02:05 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 539E912EC30 for <tcpm@ietfa.amsl.com>; Sun, 17 Sep 2017 19:05:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5spQwuFV1E2 for <tcpm@ietfa.amsl.com>; Sun, 17 Sep 2017 19:05:19 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5574113219F for <tcpm@ietf.org>; Sun, 17 Sep 2017 19:05:16 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id b23so6078348qkg.1 for <tcpm@ietf.org>; Sun, 17 Sep 2017 19:05:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vPxj2YVDMLdfgEWtS/Ugo2b4QIPlD7eaTPr6/Myu7AE=; b=DSrBV5xdlGgOcb48sgvdwX6y+ff5PnOjU0mkzbbyZU8a+Fv3FbGJbbTk7MsztjQ/by /iQbLz9prSpGDSmSqimkvJZKAYBFjrzYbE4/XP/7ETJ7HsjwIA5rFJHGBZIdso55xO5G x480VK+Iaopv+nh5EzMQtPlyZ4QvwnhXu6IPX5+ka+HwSK85S+8GZo8puCTSw46UDXtL 4csHuX9xrtqCjnDT1xpye80RxBSByJa4NTWmPDK1sFR1ea9gjZSAlqF2sZrxXsTkBNzJ khak+TNd9p3hkMdgGVnjo70bZGfyv/0bBh74RKWiYsARh0GmWNjwAMYYarlPml/P0UTK B4sw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vPxj2YVDMLdfgEWtS/Ugo2b4QIPlD7eaTPr6/Myu7AE=; b=OGhk4ibcWWeKRzI2nMu2WHWfMQqxUF620wXDJFOrtumnF6+afwttRiC+5bZL0yP1nD CCFObJAsn71hDFAlAZ1zSdkvDgZb4DK23WcvzSAjzwKU0qRU8FucP/CKFmO8iBHYgrVX 3IJ6jEmw1VMUaCU6oGlUjjXe3qD42l6QqSbftCMemxFmhaEtIlVWfuLrrTDjNgXQKA6C U3hXO+1katRzT6Slfsu1JzMbG5JA+c0Tf2iDT9sCe7CsjfiVhpH+Wd+aM99ogO6R+Hab Pey5v2vW1b2H+NtqG/beBGB9FRh97PvLK30BHpwXF0JKTqRG5NE7lerv5QUi2Zp53O75 l1sg==
X-Gm-Message-State: AHPjjUhyUIOjV0NW4hg7kh0HVju31WveRgZ6LkVGmMLZ7juE6Xms2nNB PYf2lQV+dM42+1D1pPcyjvEBoeydXTGiFl0FItALrw==
X-Google-Smtp-Source: AOwi7QBrg354BKYKqe2yibMaQztH72stdPVnolk2Bdw4dhSzLqhVS/SqoYatVw3kmVX1QcnaoOfcq/4UODRKmG92KN8=
X-Received: by 10.55.102.73 with SMTP id a70mr17188922qkc.345.1505700315280; Sun, 17 Sep 2017 19:05:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.61.196 with HTTP; Sun, 17 Sep 2017 19:05:14 -0700 (PDT)
In-Reply-To: <9ae40aa4-2780-a3ce-5b31-bafacf983730@uclouvain.be>
References: <2efd30edab0647dda78246734f89a3f1@rew09926dag03b.domain1.systemhost.net> <CALx6S352Ez=ZusXhb71MZYCr_7O6TUiB+P7QKwzX4=7uAEVSrw@mail.gmail.com> <9ae40aa4-2780-a3ce-5b31-bafacf983730@uclouvain.be>
From: Tom Herbert <tom@herbertland.com>
Date: Sun, 17 Sep 2017 19:05:14 -0700
Message-ID: <CALx6S34aOPwRC1gSLrpj6vZOKPkodOXeH+xZUCz1PhWZ3NLXZw@mail.gmail.com>
To: Olivier.Bonaventure@uclouvain.be
Cc: philip.eardley@bt.com, multipathtcp@ietf.org, tcpm@ietf.org, tsv-area@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/yPQuYjUiEysD2WVIjnRkwneb_f4>
Subject: Re: [tcpm] [multipathtcp] Progressing the MPTCP proxy work
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 02:05:20 -0000

On Sun, Sep 17, 2017 at 1:24 PM, Olivier Bonaventure
<Olivier.Bonaventure@uclouvain.be> wrote:
> Tom,
>
> Thanks for your comments.
>
>> For #1 the assumption, the key assertion in the draft is "There are
>> some situations where the transport stack used on clients (resp.
>> servers) can be upgraded at a faster pace than the transport stack
>> running on servers (resp. clients)."-- I think the reality of this is
>> quite debatable. Major content provider providers that make up the
>> bulk Internet traffic, such as Google and Facebook, upgrade their
>> front end web server software at a much faster rate than clients
>> typically do.
>
>
> Major content providers are one part of the Internet, but not the entire
> Internet. Many companies are still using old servers running Linux 2.x
>
>> There a good examples, TFO for instance, where there was
>> support for new TCP features on servers long before clients.
>
>
> Looking at TFO servers for example, a recent paper showed that TFO is
> enabled on only 0.1% of the web sites
>
> https://irtf.org/anrw/2017/anrw17-final16.pdf
>
> and 80% of these sites are part of Google's AS.
>
>> The other
>> part of this is that the solution assumes client support of MPTCP.
>> AFAIK Android (which represents a huge number of clients) does not
>> ship with an MPTCP implementation even though its been part of IOS
>> since 2013. So, the real question that should be asked is why isn't
>> MPTCP being deployed which leads to problem #2.
>
>
> In Korea, Samsung and LG have deployed MPTCP on various types of Android
> smartphones.
>
>> I suspect a major reason that MPTCP is not deployed in Android or
>> servers is that fact that upstream Linux has not adopted the
>> implementation. There was an effort a while back to get it into the
>> stack, however there was pushback because of the invasiveness of the
>> code (it was 1000's of lines of core TCP code change). Unfortunately,
>> the developers didn't followup and continue working on reducing the
>> complexity of implementation. I think with enough persistence in
>> addressing the feedback the code would eventually make it in.
>
>
> I agree, there is engineering effort to bring MPTCP in the mainline Linux
> kernel, but this is outside the scope of IETF.
>
Oliver,

I disagree, discussions about deployment and implementation are in
scope. The primary argument for necessity that this draft makes is
that MPTCP is being deployed too slowly. If we are to consider that
argument then we need to understand _why_ deployment of MPTCP is slow,
so the details about current deployment state and implementation are
pertinent. Also, while there is significant engineering needed to get
MPTCP into Linux or other systems, we cannot ignore the significant
(possibly more) engineering effort to define, standardize, develop and
deploy an interim solution on clients and converters. In the end, if
the problem can be solved without creating a new complex and invasive
protocol that is the better path forward.

Tom

>> Even so,
>> acceptance into Linux is not a requirement for deployment. Google and
>> Facebook could be running MPTCP on their servers, and Android could
>> shipped with MPTCP support. I suspect the reason they're not doing
>> that is motivation. If they were convinced that MPTCP is a great value
>> to users, they can make deployment happen quickly.
>
>
> Apple is using MPTCP on both their clients and their servers. Starting with
> iOS11, all applications will be able to use MPTCP. This is a reasonable
> deployment AFAIK. Korea is another example.
>>
>>
>> For #3, the problems of the interim solution need to be elaborated.
>> TCP is an end to end protocol, and we know that whenever a middlebox
>> attempts to transparently process TCP some things will break. As
>> section 5 states "The Converter protocol was designed to be used in
>> networks that do not contain middleboxes that interfere with TCP." --
>> the irony of this statement is that the converter itself becomes a
>> middlebox that interferes with TCP. The converter has many of the same
>> issues of other middlebox solutions (proxies, firewalls) in the
>> network that are invasive at the transport layer.
>
>
> Agreed, but note that the converter was designed to enable the client to
> detect when the server supports the required extension (e.g. MPTCP) so that
> it can stop using the converter to reach this particular server. This means
> that as a particular extension gets deployed, the utilisation of the
> converter will diminish.
>
>> For instance E2E
>> security (e.g. TCP-AO) is likely broken.
>
>
> If a client requests TCP-AO, then it's clear that this TCP connection should
> not go through a converter.
>
>> Also, I have to wonder about
>> the case where the client and server support an option that is unknown
>> to the converter-- say for instance that an experimental option is
>> being used for a new feature such as we did with TFO. In this case I
>> don't see how the converter can deal with the option, passing it
>> through between MPTCP and non-MPTCP may or may not be correct. So
>> probably the only reasonable behavior is to drop unknown options.
>
>
> The client can detect which options are supported by the converter. If the
> client wants to use an option that is not supported by a specific converter,
> it should not use this particular converter.
>
>> But,
>> then that means the endpoints would be bound to using only TCP options
>> that the converter supports, so ultimately the converter is an
>> obstacle not a facilitator for deploying new options.
>
>
> No because the client can decide to not use the converter.
>
>> Perhaps the
>> biggest irony of this proposal is that the converter is stateful for a
>> connection, so all packets must flow through a single point in the
>> network. Like stateful firewalls, this inevitably becomes a bottleneck
>> and a single point of failure.
>
>
> This is a drawback of using a converter, but one needs to compare this
> drawback with the benefits of using the option on a part of the end-to-end
> path.
>
>> I believe that is nearly the exact
>> opposite of what MPTCP endeavors to provide.
>
>
> It depends where the converter is located. If you consider a smartphone use
> case, a converter placed in an ISP backbone could enable its users to
> combine WiFi and 4G to reach any server with MPTCP. There is a real benefit
> in doing this as shown by the deployments in Korea, Turkey or Thailand.
> Hybrid access networks that combine xDSL and LTE are another example where
> the client benefits from combining different networks with MPTCP.
>
>> A few comments about the text:
>>
>> In several places the term "TCP extensions" is used, I think "TCP
>> options" is the more correct term.
>
>
> Thanks, I will reread the document again to catch those.
>
>> In Section 2.1:
>>
>> The arguments that SOCKS can't be used are not entirely convincing to me.
>>
>> "the converter protocol leverages the TFO option [RFC7413] to place
>> all its control information inside the SYN and SYN+ACK packets."
>>
>> I'm not sure what "control information" means here. Is this referring
>> to TCP options, an inband control protocol, or something else?
>
>
> This relates to the TLV messages of the converter protocol.
>>
>>
>> It seems to me that support for SOCKS to use TFO should be
>> straightforward, in fact the draft even states that has been proposed
>> for SOCKS.
>>
>> "A second difference is that the converter protocol takes the TCP
>> extensions explicitly into account."
>>
>> Per #3 above, the converter can only take into account TCP options
>> that it understands and it can't deal with options like TCP-AO that
>> must be truly end to end. Given these limitations, and the fact that a
>> SOCKS should be running on an modern TCP stack that supports all the
>> common options, I'm not sure how much tangible value there is in this
>> difference.
>
>
> The converter enables the client to detect which options are supported by
> the final server so that the client can bypass the converter if the server
> supports the required options.
>>
>>
>> The third argument may have merit, but I would point out that this
>> difference applies to all proxies and they are ubiquitous in
>> deployment. Also, we are adding kProxy (in kernel proxy) for the Linux
>> stack which actually would allow SYN forwarding in proxies without
>> finishing client side connection establishment to give the same effect
>> of the solution in the draft.
>
>
> Excellent
>
>
> Thanks
>
>
> Olivier
>

v2.23.0 | Report a Bug | By Email