One document matched: draft-paasch-mptcp-loadbalancer-00.ps
%!PS-Adobe-3.0
%%BoundingBox: 24 24 571 818
%%Title: Enscript Output
%%For: Christoph Paasch
%%Creator: GNU Enscript 1.6.6
%%CreationDate: Mon Sep 7 20:22:00 2015
%%Orientation: Portrait
%%Pages: (atend)
%%DocumentMedia: A4 595 842 0 () ()
%%DocumentNeededResources: (atend)
%%EndComments
%%BeginProlog
%%BeginResource: procset Enscript-Prolog 1.6 6
%
% Procedures.
%
/_S { % save current state
/_s save def
} def
/_R { % restore from saved state
_s restore
} def
/S { % showpage protecting gstate
gsave
showpage
grestore
} bind def
/MF { % fontname newfontname -> - make a new encoded font
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
% insert only valid encoding vectors
encoding_vector length 256 eq {
newfont /Encoding encoding_vector put
} if
newfontname newfont definefont pop
} def
/MF_PS { % fontname newfontname -> - make a new font preserving its enc
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
newfontname newfont definefont pop
} def
/SF { % fontname width height -> - set a new font
/height exch def
/width exch def
findfont
[width 0 0 height 0 0] makefont setfont
} def
/SUF { % fontname width height -> - set a new user font
/height exch def
/width exch def
/F-gs-user-font MF
/F-gs-user-font width height SF
} def
/SUF_PS { % fontname width height -> - set a new user font preserving its enc
/height exch def
/width exch def
/F-gs-user-font MF_PS
/F-gs-user-font width height SF
} def
/M {moveto} bind def
/s {show} bind def
/Box { % x y w h -> - define box path
/d_h exch def /d_w exch def /d_y exch def /d_x exch def
d_x d_y moveto
d_w 0 rlineto
0 d_h rlineto
d_w neg 0 rlineto
closepath
} def
/bgs { % x y height blskip gray str -> - show string with bg color
/str exch def
/gray exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
gray setgray
fill
grestore
x y M str s
} def
/bgcs { % x y height blskip red green blue str -> - show string with bg color
/str exch def
/blue exch def
/green exch def
/red exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
red green blue setrgbcolor
fill
grestore
x y M str s
} def
% Highlight bars.
/highlight_bars { % nlines lineheight output_y_margin gray -> -
gsave
setgray
/ymarg exch def
/lineheight exch def
/nlines exch def
% This 2 is just a magic number to sync highlight lines to text.
0 d_header_y ymarg sub 2 sub translate
/cw d_output_w cols div def
/nrows d_output_h ymarg 2 mul sub lineheight div cvi def
% for each column
0 1 cols 1 sub {
cw mul /xp exch def
% for each rows
0 1 nrows 1 sub {
/rn exch def
rn lineheight mul neg /yp exch def
rn nlines idiv 2 mod 0 eq {
% Draw highlight bar. 4 is just a magic indentation.
xp 4 add yp cw 8 sub lineheight neg Box fill
} if
} for
} for
grestore
} def
% Line highlight bar.
/line_highlight { % x y width height gray -> -
gsave
/gray exch def
Box gray setgray fill
grestore
} def
% Column separator lines.
/column_lines {
gsave
.1 setlinewidth
0 d_footer_h translate
/cw d_output_w cols div def
1 1 cols 1 sub {
cw mul 0 moveto
0 d_output_h rlineto stroke
} for
grestore
} def
% Column borders.
/column_borders {
gsave
.1 setlinewidth
0 d_footer_h moveto
0 d_output_h rlineto
d_output_w 0 rlineto
0 d_output_h neg rlineto
closepath stroke
grestore
} def
% Do the actual underlay drawing
/draw_underlay {
ul_style 0 eq {
ul_str true charpath stroke
} {
ul_str show
} ifelse
} def
% Underlay
/underlay { % - -> -
gsave
0 d_page_h translate
d_page_h neg d_page_w atan rotate
ul_gray setgray
ul_font setfont
/dw d_page_h dup mul d_page_w dup mul add sqrt def
ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto
draw_underlay
grestore
} def
/user_underlay { % - -> -
gsave
ul_x ul_y translate
ul_angle rotate
ul_gray setgray
ul_font setfont
0 0 ul_h_ptsize 2 div sub moveto
draw_underlay
grestore
} def
% Page prefeed
/page_prefeed { % bool -> -
statusdict /prefeed known {
statusdict exch /prefeed exch put
} {
pop
} ifelse
} def
% Wrapped line markers
/wrapped_line_mark { % x y charwith charheight type -> -
/type exch def
/h exch def
/w exch def
/y exch def
/x exch def
type 2 eq {
% Black boxes (like TeX does)
gsave
0 setlinewidth
x w 4 div add y M
0 h rlineto w 2 div 0 rlineto 0 h neg rlineto
closepath fill
grestore
} {
type 3 eq {
% Small arrows
gsave
.2 setlinewidth
x w 2 div add y h 2 div add M
w 4 div 0 rlineto
x w 4 div add y lineto stroke
x w 4 div add w 8 div add y h 4 div add M
x w 4 div add y lineto
w 4 div h 8 div rlineto stroke
grestore
} {
% do nothing
} ifelse
} ifelse
} def
% EPSF import.
/BeginEPSF {
/b4_Inc_state save def % Save state for cleanup
/dict_count countdictstack def % Count objects on dict stack
/op_count count 1 sub def % Count objects on operand stack
userdict begin
/showpage { } def
0 setgray 0 setlinecap
1 setlinewidth 0 setlinejoin
10 setmiterlimit [ ] 0 setdash newpath
/languagelevel where {
pop languagelevel
1 ne {
false setstrokeadjust false setoverprint
} if
} if
} bind def
/EndEPSF {
count op_count sub { pos } repeat % Clean up stacks
countdictstack dict_count sub { end } repeat
b4_Inc_state restore
} bind def
% Check PostScript language level.
/languagelevel where {
pop /gs_languagelevel languagelevel def
} {
/gs_languagelevel 1 def
} ifelse
%%EndResource
%%BeginResource: procset Enscript-Encoding-88591 1.6 6
/encoding_vector [
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclam /quotedbl /numbersign
/dollar /percent /ampersand /quoteright
/parenleft /parenright /asterisk /plus
/comma /hyphen /period /slash
/zero /one /two /three
/four /five /six /seven
/eight /nine /colon /semicolon
/less /equal /greater /question
/at /A /B /C
/D /E /F /G
/H /I /J /K
/L /M /N /O
/P /Q /R /S
/T /U /V /W
/X /Y /Z /bracketleft
/backslash /bracketright /asciicircum /underscore
/quoteleft /a /b /c
/d /e /f /g
/h /i /j /k
/l /m /n /o
/p /q /r /s
/t /u /v /w
/x /y /z /braceleft
/bar /braceright /tilde /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclamdown /cent /sterling
/currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft
/logicalnot /hyphen /registered /macron
/degree /plusminus /twosuperior /threesuperior
/acute /mu /paragraph /bullet
/cedilla /onesuperior /ordmasculine /guillemotright
/onequarter /onehalf /threequarters /questiondown
/Agrave /Aacute /Acircumflex /Atilde
/Adieresis /Aring /AE /Ccedilla
/Egrave /Eacute /Ecircumflex /Edieresis
/Igrave /Iacute /Icircumflex /Idieresis
/Eth /Ntilde /Ograve /Oacute
/Ocircumflex /Otilde /Odieresis /multiply
/Oslash /Ugrave /Uacute /Ucircumflex
/Udieresis /Yacute /Thorn /germandbls
/agrave /aacute /acircumflex /atilde
/adieresis /aring /ae /ccedilla
/egrave /eacute /ecircumflex /edieresis
/igrave /iacute /icircumflex /idieresis
/eth /ntilde /ograve /oacute
/ocircumflex /otilde /odieresis /divide
/oslash /ugrave /uacute /ucircumflex
/udieresis /yacute /thorn /ydieresis
] def
%%EndResource
%%EndProlog
%%BeginSetup
%%IncludeResource: font Courier-Bold
%%IncludeResource: font Courier
/HFpt_w 10 def
/HFpt_h 10 def
/Courier-Bold /HF-gs-font MF
/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def
/Courier /F-gs-font MF
/F-gs-font 10 10 SF
/#copies 1 def
% Pagedevice definitions:
gs_languagelevel 1 gt {
<<
/PageSize [595 842]
>> setpagedevice
} if
/d_page_w 547 def
/d_page_h 794 def
/d_header_x 0 def
/d_header_y 794 def
/d_header_w 547 def
/d_header_h 0 def
/d_footer_x 0 def
/d_footer_y 0 def
/d_footer_w 547 def
/d_footer_h 0 def
/d_output_w 547 def
/d_output_h 794 def
/cols 1 def
%%EndSetup
%%Page: (1) 1
%%BeginPageSetup
_S
24 24 translate
/pagenum 1 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 737 M
(MPTCP Working Group C. Paasch) s
5 726 M
(Internet-Draft G. Greenway) s
5 715 M
(Intended status: Experimental Apple, Inc.) s
5 704 M
(Expires: March 10, 2016 A. Ford) s
5 693 M
( Pexip) s
5 682 M
( September 7, 2015) s
5 649 M
( Multipath TCP behind Layer-4 loadbalancers) s
5 638 M
( draft-paasch-mptcp-loadbalancer-00) s
5 616 M
(Abstract) s
5 594 M
( Large webserver farms consist of thousands of frontend proxies that) s
5 583 M
( serve as endpoints for the TCP and TLS connection and relay traffic) s
5 572 M
( to the \(sometimes distant\) backend servers. Load-balancing across) s
5 561 M
( those server is done by layer-4 loadbalancers that ensure that a TCP) s
5 550 M
( flow will always reach the same server.) s
5 528 M
( Multipath TCP's use of multiple TCP subflows for the transmission of) s
5 517 M
( the data stream requires those loadbalancers to be aware of MPTCP to) s
5 506 M
( ensure that all subflows belonging to the same MPTCP connection reach) s
5 495 M
( the same frontend proxy. In this document we analyze the challenges) s
5 484 M
( related to this and suggest a simple modification to the generation) s
5 473 M
( of the MPTCP-token to overcome those challenges.) s
5 451 M
(Status of This Memo) s
5 429 M
( This Internet-Draft is submitted in full conformance with the) s
5 418 M
( provisions of BCP 78 and BCP 79.) s
5 396 M
( Internet-Drafts are working documents of the Internet Engineering) s
5 385 M
( Task Force \(IETF\). Note that other groups may also distribute) s
5 374 M
( working documents as Internet-Drafts. The list of current Internet-) s
5 363 M
( Drafts is at http://datatracker.ietf.org/drafts/current/.) s
5 341 M
( Internet-Drafts are draft documents valid for a maximum of six months) s
5 330 M
( and may be updated, replaced, or obsoleted by other documents at any) s
5 319 M
( time. It is inappropriate to use Internet-Drafts as reference) s
5 308 M
( material or to cite them other than as "work in progress.") s
5 286 M
( This Internet-Draft will expire on March 10, 2016.) s
5 264 M
(Copyright Notice) s
5 242 M
( Copyright \(c\) 2015 IETF Trust and the persons identified as the) s
5 231 M
( document authors. All rights reserved.) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 1]) s
_R
S
%%Page: (2) 2
%%BeginPageSetup
_S
24 24 translate
/pagenum 2 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft Multipath TCP loadbalancers September 2015) s
5 737 M
( This document is subject to BCP 78 and the IETF Trust's Legal) s
5 726 M
( Provisions Relating to IETF Documents) s
5 715 M
( \(http://trustee.ietf.org/license-info\) in effect on the date of) s
5 704 M
( publication of this document. Please review these documents) s
5 693 M
( carefully, as they describe your rights and restrictions with respect) s
5 682 M
( to this document. Code Components extracted from this document must) s
5 671 M
( include Simplified BSD License text as described in Section 4.e of) s
5 660 M
( the Trust Legal Provisions and are provided without warranty as) s
5 649 M
( described in the Simplified BSD License.) s
5 627 M
(Table of Contents) s
5 605 M
( 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2) s
5 594 M
( 2. Problem statement . . . . . . . . . . . . . . . . . . . . . . 3) s
5 583 M
( 3. Proposals . . . . . . . . . . . . . . . . . . . . . . . . . . 4) s
5 572 M
( 3.1. Explicitly announcing the token . . . . . . . . . . . . . 4) s
5 561 M
( 3.2. Changing the token generation . . . . . . . . . . . . . . 6) s
5 550 M
( 4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 6) s
5 539 M
( 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7) s
5 528 M
( 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 7) s
5 517 M
( 6.1. Normative References . . . . . . . . . . . . . . . . . . 7) s
5 506 M
( 6.2. Informative References . . . . . . . . . . . . . . . . . 7) s
5 495 M
( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7) s
5 473 M
(1. Introduction) s
5 451 M
( Internet services rely on large server farms to deliver content to) s
5 440 M
( the end-user. In order to cope with the load on those server farms) s
5 429 M
( they rely on a large, distributed load-balancing architecture at) s
5 418 M
( different layers. Backend servers are serving the content from) s
5 407 M
( within the data center to the frontend proxies. These frontend) s
5 396 M
( proxies are the ones terminating the TCP connections from the) s
5 385 M
( clients. A server farm relies on a large number of these frontend) s
5 374 M
( proxies to provide sufficient capacity. In order to balance the load) s
5 363 M
( on those frontend proxies, layer-4 loadbalancers are installed in) s
5 352 M
( front of these. Those loadbalancers ensure that a TCP-flow will) s
5 341 M
( always be routed to the same frontend proxy. For resilience and) s
5 330 M
( capacity reasons the data-center typically deploys multiple of these) s
5 319 M
( loadbalancers [Shuff13] [Patel13].) s
5 297 M
( These layer-4 loadbalancers rely on consistent hashing algorithms to) s
5 286 M
( ensure that a TCP-flow is routed to the appropriate frontend proxy.) s
5 275 M
( The consistent hashing algorithm avoids state-synchronization across) s
5 264 M
( the loadbalancers, making sure that in case a TCP-flow gets routed to) s
5 253 M
( a different loadbalancer \(e.g., due to a change in routing\) the TCP-) s
5 242 M
( flow will still be sent to the appropriate frontend proxy) s
5 231 M
( [Greenberg13].) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 2]) s
_R
S
%%Page: (3) 3
%%BeginPageSetup
_S
24 24 translate
/pagenum 3 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft Multipath TCP loadbalancers September 2015) s
5 737 M
( Multipath TCP uses different TCP flows and spreads the application's) s
5 726 M
( data stream across these [RFC6824]. These TCP subflows use a) s
5 715 M
( different 4-tuple in order to be routed on a different path on the) s
5 704 M
( Internet. However, legacy layer-4 loadbalancers are not aware that) s
5 693 M
( these different TCP flows actually belong to the same MPTCP) s
5 682 M
( connection.) s
5 660 M
( The remainder of this document explains the issues that arise due to) s
5 649 M
( this and suggests a possible change to MPTCP's token-generation) s
5 638 M
( algorithm to overcome these issues.) s
5 616 M
(2. Problem statement) s
5 594 M
( In an architecture with a single layer-4 loadbalancer but multiple) s
5 583 M
( frontend proxies, the layer-4 loadbalancer will have to make sure) s
5 572 M
( that the different TCP subflows that belong to the same MPTCP) s
5 561 M
( connection are routed to the same frontend proxy. In order to) s
5 550 M
( achieve this, the loadbalancer has to be made "MPTCP-aware", tracking) s
5 539 M
( the keys exchanged in the MP_CAPABLE handshake. This state-tracking) s
5 528 M
( allows the loadbalancer to also calculate the token associated with) s
5 517 M
( the MPTCP-connection. The loadbalancer thus creates a mapping) s
5 506 M
( \(token, frontend proxy\), stored in memory for the lifetime of the) s
5 495 M
( MPTCP connection. As new TCP subflows are being created by the) s
5 484 M
( client, the token included in the SYN+MP_JOIN message allows the) s
5 473 M
( loadbalancer to ensure that this subflow is being routed to the) s
5 462 M
( appropriate frontend proxy.) s
5 440 M
( However, as soon as the data center employs multiple of these layer-4) s
5 429 M
( loadbalancers, it may happen that TCP subflows that belong to the) s
5 418 M
( same MPTCP connection are being routed to different loadbalancers.) s
5 407 M
( This implies that the loadbalancer needs to share the mapping-state) s
5 396 M
( it created for all MPTCP connections among all other loadbalancers to) s
5 385 M
( ensure that all loadbalancers route the subflows of an MPTCP) s
5 374 M
( connection to the same frontend proxy. This is substantially more) s
5 363 M
( complicated to implement, and would suffer from latency issues.) s
5 341 M
( Another issue when MPTCP is being used in a large server farm is that) s
5 330 M
( the different frontend proxies may generate the same token for) s
5 319 M
( different MPTCP connections. This may happen because the token is a) s
5 308 M
( truncated hash of the key, and hash collisions may occur. A server) s
5 297 M
( farm handling millions of MPTCP connections has actually a very high) s
5 286 M
( chance of generating those token-collisions. A loadbalancer will) s
5 275 M
( thus no more be able to accurately send the SYN+MP_JOIN to the) s
5 264 M
( correct frontend proxy in case a token-collision happened for this) s
5 253 M
( MPTCP connection.) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 3]) s
_R
S
%%Page: (4) 4
%%BeginPageSetup
_S
24 24 translate
/pagenum 4 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft Multipath TCP loadbalancers September 2015) s
5 737 M
(3. Proposals) s
5 715 M
( The issues described in Section 2 have their origin due to the) s
5 704 M
( undeterministic nature in the token-generation. Indeed, if it) s
5 693 M
( becomes possible for the loadbalancer to infer the frontend proxy to) s
5 682 M
( forward this flow to, MPTCP becomes deployable in such kinds of) s
5 671 M
( environments.) s
5 649 M
( The suggested solutions have their basis in a token from which a) s
5 638 M
( loadbalacer can glean routing information in a stateless manner. To) s
5 627 M
( allow the loadbalancer to infer the proxy based on the token, the) s
5 616 M
( proxies each need to be assigned to a range of unique integers. When) s
5 605 M
( the token falls within a certain range, the loadbalancer knows to) s
5 594 M
( which proxy to forward the sufblow. Using a contiguous range of) s
5 583 M
( integers makes the frontend very vulnerable to attackers. Thus, a) s
5 572 M
( reversible function is needed that makes the token random-looking. A) s
5 561 M
( 32-bit block-cipher \(e.g., RC5\) provides this random-looking) s
5 550 M
( reversible function. Thus, for both proposals we assume that the) s
5 539 M
( frontend proxies and the layer-4 loadbalancer share a local secret Y,) s
5 528 M
( of size 32 bits. This secret is only known to the server-side data) s
5 517 M
( center infrastructure. If X is an integer from within the range) s
5 506 M
( associated to the proxy, the proxy will generate the token by) s
5 495 M
( encypting X with secret Y. The loadbalancer will simply decrypt the) s
5 484 M
( token with the secret Y, which provides it the value of X, allowing) s
5 473 M
( it to forward the TCP flow to the appropriate proxy.) s
5 451 M
( This approach also ensures that the tokens generated by different) s
5 440 M
( servers are unique to each server, eliminating the token-collision) s
5 429 M
( issue outlined in the previous section.) s
5 407 M
( In the following we outline two different approaches to handle the) s
5 396 M
( above described problems, using this approach. The two proposals) s
5 385 M
( provide different ways of communicating the token over to the peer) s
5 374 M
( during the MP_CAPABLE handshake. We would like these proposals to) s
5 363 M
( serve as a discussion basis for the design of the definite solution.) s
5 341 M
(3.1. Explicitly announcing the token) s
5 319 M
( One way of communicating the token to simply announce it in plaintext) s
5 308 M
( within the MP_CAPABLE handshake. In order to allow this, the wire-) s
5 297 M
( format of the MP_CAPABLE handshake needs to change however.) s
5 275 M
( One solution would be to simply increase the size of the MP_CAPABLE) s
5 264 M
( by 4 bytes, giving space for the token to be included in the SYN and) s
5 253 M
( SYN/ACK as well as adding it to the third ACK. However, due to the) s
5 242 M
( scarce TCP-option space this solution would suffer deployment) s
5 231 M
( difficulties.) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 4]) s
_R
S
%%Page: (5) 5
%%BeginPageSetup
_S
24 24 translate
/pagenum 5 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft Multipath TCP loadbalancers September 2015) s
5 737 M
( If the solution proposed in [I-D.paasch-mptcp-syncookies] is being) s
5 726 M
( deployed, the MP_CAPABLE-option in the SYN-segment has been reduced) s
5 715 M
( to 4 bytes. This gives us space within the option-space of the SYN-) s
5 704 M
( segment that can be used. This allows the client to announce its) s
5 693 M
( token within the SYN-segment. To allow the server to announce its) s
5 682 M
( token in the SYN/ACK, without bumping the option-size up to 16 bytes,) s
5 671 M
( we reduce the size of the server's key down to 32 bits, which gives) s
5 660 M
( space for the server's token. To avoid introducing security-risks by) s
5 649 M
( reducing the size of the server's key, we suggest to bump the) s
5 638 M
( client's key up to 96 bits. This provides still a total of 128 bits) s
5 627 M
( of entropy for the HMAC computation. The suggested handshake is) s
5 616 M
( outlined in Figure 1.) s
5 594 M
( SYN + MP_CAPABLE_SYN \(Token_A\)) s
5 583 M
( ------------------------------------->) s
5 572 M
( \(the client announces the 4-byte locally) s
5 561 M
( unique token to the server in the) s
5 550 M
( SYN-segment\).) s
5 517 M
( SYN/ACK + MP_CAPABLE_SYNACK \(Token_B, Key_B\)) s
5 506 M
( <-------------------------------------) s
5 495 M
( \(the server replies with a SYN/ACK announcing) s
5 484 M
( as well a 4-byte locally unique token and a 4-byte key\)) s
5 451 M
( ACK + MP_CAPABLE_ACK \(Key_A, Key_B\)) s
5 440 M
( -------------------------------------->) s
5 429 M
( \(third ack, the client replies with a 12-byte Key_A) s
5 418 M
( and echoes the 4-byte Key_B as well\).) s
5 396 M
( The suggested handshake explicitly announces the token.) s
5 374 M
( Figure 1) s
5 352 M
( Reducing the size of the server's key down to 32 bits might be) s
5 341 M
( considered a security risk. However, one might argue that neither) s
5 330 M
( parties involved in the handshake \(client and server\) have an) s
5 319 M
( interest in compromising the connection. Thus, the server can have) s
5 308 M
( confidence that the client is going to generate a 96 bits key with) s
5 297 M
( sufficient entropy and thus the server can safely reduce its key-size) s
5 286 M
( down to 32 bits.) s
5 264 M
( However, this would require the server to act statefully in the SYN) s
5 253 M
( exhcnage if it wanted to be able to open connections back to the) s
5 242 M
( client, since the token never appears again in the handshake.) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 5]) s
_R
S
%%Page: (6) 6
%%BeginPageSetup
_S
24 24 translate
/pagenum 6 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft Multipath TCP loadbalancers September 2015) s
5 737 M
(3.2. Changing the token generation) s
5 715 M
( Another suggestion is based on a less drastic change to the) s
5 704 M
( MP_CAPABLE handshake. We suggest to infer the token based on the key) s
5 693 M
( provided by the host. However, in contrast to [RFC6824], the token) s
5 682 M
( is not a truncated hash of the keys. The token-generation uses) s
5 671 M
( rather the following scheme: If we define Z as the 32 high-order bits) s
5 660 M
( and K the 32 low-order bits of the MPTCP-key generated by a host, we) s
5 649 M
( suggest to generate the token as the encryption of Z with key K by) s
5 638 M
( using a 32-bit block-cipher \(the block-cipher may for example be RC5) s
5 627 M
( - it remains to be defined by the working-group which is an) s
5 616 M
( appropriate block-cipher to use for this case\). The size of the) s
5 605 M
( MPTCP-key remains unchanged and is actually the concatenation of Z) s
5 594 M
( with K. Both, K and Z are different for each and every connection,) s
5 583 M
( thus the MPTCP-key still provides 64 bits of randomness.) s
5 561 M
( Using this approach, a frontend proxy can make sure that a) s
5 550 M
( loadbalancer can derive the identity of the backend server solely) s
5 539 M
( through the token in the SYN-segment of the MP_JOIN exchange, without) s
5 528 M
( the need to track any MPTCP-related state. To achieve this, the) s
5 517 M
( frontend proxy needs to generate K and Z in a specific way.) s
5 506 M
( Basically, the proxy derives the token through the method described) s
5 495 M
( at the beginning of this Section 3. This gives us the following) s
5 484 M
( relation:) s
5 462 M
( token = block_cipher\(proxy_id, Y\) \(Y is the local secret\)) s
5 440 M
( However, as described above, at the same time we enforce:) s
5 418 M
( token = block_cipher\(Z, K\)) s
5 396 M
( Thus, the proxy simply generates a random number K, and can thus) s
5 385 M
( generate Z by decrypting the token with key K. It is TBD what number) s
5 374 M
( of bits of a token could be used for conveying routing information.) s
5 363 M
( Exlcuding those bits, the token would be random, and the key K is) s
5 352 M
( random as well, so Z will be random as well. An attacker) s
5 341 M
( evesdropping the token cannot infer anything on Z nor on K. However,) s
5 330 M
( prolonged gathering of token data could lead to building up some data) s
5 319 M
( about the key K.) s
5 297 M
(4. Conclusion) s
5 275 M
( In order to be deployable at a large scale, Multipath TCP has to) s
5 264 M
( evolve to accomodate the use-case of distributed layer-4) s
5 253 M
( loadbalancers. In this document we explained the different problems) s
5 242 M
( that arise when one wants to deploy MPTCP in a large server farm. We) s
5 231 M
( followed up with two possible approaches to solve the issues around) s
5 220 M
( the non-deterministic nature of the token. We argue that it is) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 6]) s
_R
S
%%Page: (7) 7
%%BeginPageSetup
_S
24 24 translate
/pagenum 7 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft Multipath TCP loadbalancers September 2015) s
5 737 M
( important that the working group considers this problem and strives) s
5 726 M
( to find a solution.) s
5 704 M
(5. IANA Considerations) s
5 682 M
( No IANA considerations.) s
5 660 M
(6. References) s
5 638 M
(6.1. Normative References) s
5 616 M
( [I-D.paasch-mptcp-syncookies]) s
5 605 M
( Paasch, C., Biswas, A., and D. Haas, "Making Multipath TCP) s
5 594 M
( robust for stateless webservers", draft-paasch-mptcp-) s
5 583 M
( syncookies-00 \(work in progress\), April 2015.) s
5 561 M
( [RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,) s
5 550 M
( "TCP Extensions for Multipath Operation with Multiple) s
5 539 M
( Addresses", RFC 6824, January 2013.) s
5 517 M
(6.2. Informative References) s
5 495 M
( [Greenberg13]) s
5 484 M
( Greenberg, A., Lahiri, P., Maltz, D., Parveen, P., and S.) s
5 473 M
( Sengupta, "Towards a Next Generation Data Center) s
5 462 M
( Architecture: Scalability and Commoditization", 2018,) s
5 451 M
( <http://dl.acm.org/citation.cfm?id=1397732>.) s
5 429 M
( [Patel13] Parveen, P., Bansal, D., Yuan, L., Murthy, A., Maltz, D.,) s
5 418 M
( Kern, R., Kumar, H., Zikos, M., Wu, H., Kim, C., and N.) s
5 407 M
( Karri, "Ananta: Cloud Scale Load Balancing", 2013,) s
5 396 M
( <http://dl.acm.org/citation.cfm?id=2486026>.) s
5 374 M
( [Shuff13] Shuff, P., "Building A Billion User Load Balancer", 2013,) s
5 363 M
( <https://www.youtube.com/watch?v=MKgJeqF1DHw>.) s
5 341 M
(Authors' Addresses) s
5 319 M
( Christoph Paasch) s
5 308 M
( Apple, Inc.) s
5 297 M
( Cupertino) s
5 286 M
( US) s
5 264 M
( Email: cpaasch@apple.com) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 7]) s
_R
S
%%Page: (8) 8
%%BeginPageSetup
_S
24 24 translate
/pagenum 8 def
/fname (draft-paasch-mptcp-loadbalancer.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-loadbalancer.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft Multipath TCP loadbalancers September 2015) s
5 737 M
( Greg Greenway) s
5 726 M
( Apple, Inc.) s
5 715 M
( Cupertino) s
5 704 M
( US) s
5 682 M
( Email: ggreenway@apple.com) s
5 649 M
( Alan Ford) s
5 638 M
( Pexip) s
5 616 M
( Email: alan.ford@gmail.com) s
5 176 M
(Paasch, et al. Expires March 10, 2016 [Page 8]) s
_R
S
%%Trailer
%%Pages: 8
%%DocumentNeededResources: font Courier-Bold Courier
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-24 03:00:19 |