Post on 08-May-2015
description
MultiPath TCPThe path to multipath
Diogo Mónica (@diogomonica)
motivation
User streamingradio
4G BS
WiFI AP
User streamingradio
4G BS
WiFI AP
motivation
UnnecessaryCollision
motivation• Adds Redundancy and Persistence
• Connection stays up when one link fails
• Reduces Congestion
• Ability to steer traffic away from congested links
• Increases Efficiency
• Takes advantage of additional interfaces, parallel paths
what
• Multipath TCP is an evolution of TCP that can effectively use multiple paths within a single transport connection
• RFC6824
• 30 (decimal) in the TCP kind field
features
• Supports unmodified network and applications
• Copes with NATs on the path
• Defensive fall back to normal TCP (strictly better than normal TCP)
how
• Replaces the lower-level socket implementations
• Three independent implementations
• Working linux kernel implementation
• iPhones currently use MPTCP for Siri connections
why not SCTP?
• Does not support middle boxes
• Requires application changes
Connection establishment
• Three-way handshake with MP_CAPABLE options set
Syn
Syn/Ack
Ack
Connection establishment
SynMP_CAPABLE, A's key, flags
Syn/AckMP_CAPABLE, B's key, flags
AckMP_CAPABLE, A's key, B's key, flags
Connection establishment
• Optional TCP checksums
• Crypto algorithm negotiation based on optional flags
• Currently only supports SHA-1
Subflow creation
Socket MTCPConnection SocketMTCP
Connection
Subflow creation
SynMP_JOIN, B's token, A's nonce,
A's Address ID, flags
Syn/AckMP_JOIN, B's HMAC, B's nonce,
B's Address ID, flags
AckMP_JOIN, A's HMAC
Ack
token = H(key || nonce)[:32]
Address ID = Unique (Implementation
specific)
data transfer
• 64-bit data sequence number (DSN) to number all data sent over the MPTCP connection
• Each subflow has its own 32-bit sequence number space
data transfer
• All subflows share the same receive buffer and advertise the same receive window.
• Two level of ACKs, regular ACKs on each subflow and connection-level ACKs for the data sequence space
data transfer
• Initial sequence number is generated from the key (deterministic, but random).
• ISDN-A = H(Key-A)[:64]
• Receiver can ensure no gaps in sequence space at the start of the connection
path priorities
• Hosts can indicate whether they wish a subflow to be used as a regular or backup path
• A backup path is only used if there are no regular paths available.
• Final bit of the MP_JOIN option
security considerations
• Time-Shifted Hijacking Attacks become harder
• Flooding attacks still have a stateless solution
• Possibility of using other crypto algorithms in the future
• Security of MTCP is “no worse” than regular TCP
Conclusion
• MPTCP is strictly better than TCP*
* this claim is totally implementation dependent
References• http://tools.ietf.org/html/rfc6824
• http://tools.ietf.org/html/rfc6181
• http://www.bsdcan.org/2013/schedule/attachments/250_BSDCan2013_MPTCP.pdf
• https://www.usenix.org/conference/nsdi12/how-hard-can-it-be-designing-and-implementing-deployable-multipath-tcp
• http://perso.uclouvain.be/olivier.bonaventure/blog/html/2013/09/18/mptcp.html