Internet DRAFT - draft-deng-mptcp-proxy
draft-deng-mptcp-proxy
MPTCP Working Group L. Deng
INTERNET-DRAFT D. Liu
Intended Status: Informational T. Sun
Expires: May 25, 2014 China Mobile
M. Boucadair
France Telecom
G. Cauchie
Bouygues Telecom
Oct 24, 2014
Use-cases and Requirements for MPTCP Proxy in ISP Networks
draft-deng-mptcp-proxy-01
Abstract
This document presents the use-cases and identifies requirements for
ISP deployed MPTCP proxies for both Fixed and Mobile networks.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
<Deng, et al.> Expires May 25, 2015 [Page 1]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Use-cases for ISP MPTCP Proxy . . . . . . . . . . . . . . . . . 6
3.1 Boosting MPTCP Utilization for M-UEs and Multi-Interface
CPEs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Resource Pooling from Multiple Networks . . . . . . . . . . 7
3.3 Multiple Connections and Seamless Handover between
Multiple Networks . . . . . . . . . . . . . . . . . . . . . 7
3.4 Assist MTPCP Connection Establishment . . . . . . . . . . . 8
4 Deployment Considerations . . . . . . . . . . . . . . . . . . . 8
4.1 On-path MPTCP Proxy . . . . . . . . . . . . . . . . . . . . 9
4.2 Off-Path Proxy . . . . . . . . . . . . . . . . . . . . . . . 9
5 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . 10
5.1 MPTCP Proxy at the ISP IP Gateway . . . . . . . . . . . . . 10
5.2 On-Path MPTCP Proxy at the ISP Data Center . . . . . . . . . 11
5.3 On-Path MPTCP Proxy at SmallCell Gateway . . . . . . . . . . 11
5.4 MPTCP Proxy at CPE/CGN for Fixed Access Networks . . . . . . 11
6 Requirements for MPTCP Proxy . . . . . . . . . . . . . . . . . 12
6.1 Protocol Proxying between MPTCP and TCP . . . . . . . . . . 12
6.2 Explicit Traffic Steering for Off-Path Proxying . . . . . . 12
6.3 Flexible Resource Policy within a Single ISP . . . . . . . 13
6.4 Protection against third-party traffic . . . . . . . . . . . 13
6.5 MPTCP Proxy Selection from Multiple Candidates . . . . . . . 14
6.6 Load Balancing Algorithm for Multiple Networks . . . . . . . 14
6.7 Misc . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7 Security Considerations . . . . . . . . . . . . . . . . . . . . 16
8 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 16
9 Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . 16
10 References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
10.1 Normative References . . . . . . . . . . . . . . . . . . . 17
10.2 Informative References . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
<Deng, et al.> Expires May 25, 2015 [Page 2]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
1 Introduction
Internet Service Providers (ISPs) are challenged by the data
explosion occurring in their Fixed and/or Mobile networks. This data
explosion is triggered by new usages with the advent for resource-
demanding services. The emergence of these services is facilitated by
the emergence of new access technologies (FTTx in the Fixed or LTE in
the Mobile networks). Typical resource-demanding services are (HD)
video streaming or catchup IP-TV which are boosting more and more
every day the customers appetite for more IP bandwidth.
This pressure on continuous increase of network capacity poses a
challenge on the ISPs to appropriately plan, dimension and
dynamically provision their networks to satisfy customers
expectations. This problem is encountered by both Fixed and Mobile
Providers that have to cope with the scarcity of the radio frequency
resources, the limits of the already widely deployed DSL
infrastructure, or any in-place access technology.
The traditional trend that consist in upgrading the access technology
to a new generation technology may show some limits because of the
required upgrade cycles. Alternate deployment options to satisfy
customers' expectations and react rapidly to competition are of
interest of ISPs. A promising track, discussed in this document, is
to aggregate several connectivity links while eliminating risks to
experience application failures.
Indeed, a direction to answer to this problem is to make use of the
multiple interfaces that one terminal host maintains. For smartphones
or mobile dongles, these interfaces are typically a 3G/4G radio
access and a WLAN access, while for a residential CPE these
interfaces are typically a DSL line and a 3G/4G radio access.
3GPP initiated an effort to aggregate several radio resources for the
sake of increasing bit-rates (denoted as Carrier Aggregation (CA)).
Aggregation is achieved at the radio level by combining the set of
allocated contiguous or non-contiguous component carriers. This
extension requires modification at the radio interface level of the
UE (User Equipment), as well as some tuning on the network side.
Carrier Aggregation is specific to radio-based environments and, as
such, it is not convenient for other deployment cases, such as wired
networks.
Both 3GPP and IETF standard bodies have investigated different
solutions to make the best interface used for one application, with
potential use of multiple interfaces at the same time by
multitasking-enable terminals. As of today, none of them really did
meet a wide deployment and successful adoption.
<Deng, et al.> Expires May 25, 2015 [Page 3]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
The IETF released MPTCP specification [RFC6824], an experimental set
of TCP options allowing the use of parallel TCP connections, each
with different set of IP addresses and/or port numbers, to serve at
least one application. MPTCP is already available on some widely
adopted mobile handsets and on some Linux implementations. However,
MPTCP connections are pretty rare since the servers hosting the
applications are too few to offer MPTCP capability.
Because resources are scarce at the access segment, a solution to
enhance the quality of experience is to enable MPTCP at the access
segment without requiring MPTCP support at the server side (i.e., the
end-to-end MPTCP support is not required). Concretely, this can be
implemented owing to the deployment a dedicated function called MPTCP
Proxy at the ISP network side and/or in the CPE device. Note that
enabling an MPTCP Proxy in the CPE has the advantage to not require
MPTCP stack at the terminal side.
By this mean, an ISP can offer a higher bandwidth to its customers
when possible while not waiting for massive MPTCP adoption by the
Internet ecosystem. Furthermore, this technique would allow the ISP
and the customer to control the parts of the networks where potential
QoE degradation may be experienced and where the traffic can be
handled appropriately by means of traffic engineering tweaking for
instance. Since MPTCP requires a load-sharing algorithm to schedule
the TCP subflow to which the traffic is forwarded, the selection of
the proper algorithm could help for instance to offload the IP
traffic towards the legacy Fixed networks while taking advantage of
the complementary bandwidth only when needed/selected by the
customers, application, or the ISP.
Note that the use of MPTCP at customer side can be of different
natures as defined in MTPCP base specification:
o Native MPTCP: Two MPTCP endpoints establish and make use of all
subflows that correspond to the available addresses/port numbers.
This mode is enabled to optimize data throughput.
o Active/Backup MPTCP: Two MPTCP endpoints enable multiple
subflows, but only a subset of these subflows is actually in use for
data transfer. MPTCP endpoints can use the MP_PRIO signal to change
the priority for each subflow.
o Single subflow MPTCP: Two MPTCP endpoints use one single subflow
and when a failure is observed, an additional subflow is enabled so
that traffic is forwarded along the newly established subflow.
Based on the basic capabilities of an MPTCP-enabled host, various
deployment use cases can be considered by an ISP. Examples of such
<Deng, et al.> Expires May 25, 2015 [Page 4]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
use cases include: traffic handover among multiple WLAN hotspots,
traffic offload from a mobile network to WLAN or vice visa, and
access link aggregation.
In general, two flavors of MPTCP Proxy can be envisaged , see Figure
1:
o A MPTCP Proxy that maps a UE originated TCP connection into an
MPTCP connection. An example would be an MPTCP-enabled CPE, which
makes use of its own multiple local interfaces to maximize the
experience of bandwidth consuming applications for Non-MPTCP UEs.
o A MPTCP Proxy that maps an UE originated MPTCP connection into a
TCP connection. This is the case for most mobile terminals with
multiple interfaces and built-in MPTCP capability.
+----+ +------------+ +------------+ +------+
|Host| <=TCP=>| MPTCP Proxy|<=MPTCP=>| MPTCP Proxy|<=TCP=>|Server|
+----+ +------------+ +------------+ +------+
+----+ +------------+ +------+
|Host|<=MPTCP=>| MPTCP Proxy|<=TCP=>|Server|
+----+ +------------+ +------+
Figure 1: MPTCP Behaviors.
This documents details these use-cases and derived requirements for
MPTCP proxy deployment in ISP networks.
The use cases discussed in this document can also be valid for
Enterprise networks.
2 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
This document makes use of the following terms: (For definitions of
other terms such as "(MPTCP) Connection", "Host" and "Subflow", refer
to [RFC6824].)
M-session: a MPTCP connection between a M-UE and a M-Server.
M-Server: a server with MPTCP capability enabled for the current TCP
<Deng, et al.> Expires May 25, 2015 [Page 5]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
session, or simply a serving MPTCP host. M-Server may be connected
to the network using one or multiple network interfaces.
M-UE: a user equipment with MPTCP capability enabled for the current
TCP session, or simply a requesting MPTCP host. Unless it is
explicated, an M-UE can be a host or a CPE.
N-Server: a server without MPTCP capability enabled for the current
TCP session.
N-UE: a user equipment without MP-TCP capability enabled for the
current TCP session.
MPTCP Proxy: proxy located between a M-UE and a N-Server, which
enables a M-session with the M-UE and maps it into a legacy TCP
connection with the N-Server.
Natural Path: a "natural path" of a subflow is the original path it
would traverse end-to-end if there is no explicit traffic steering
function is enabled for MPTCP Proxy.
Small Cell: generally refers to the cells with less than 1 watt
output power, e.g. picocell, femtocell, etc.
Nanocell: a type of base station integrated with both a small cell
and a WLAN access point.
3 Use-cases for ISP MPTCP Proxy
3.1 Boosting MPTCP Utilization for M-UEs and Multi-Interface CPEs
On the one hand, user equipment (esp. mobile terminals) nowadays have
multiple interfaces and could benefit from these interfaces if they
were using MPTCP.
On the other hand, servers often only support regular TCP and
upgrading them to support MPTCP will take more time than on the
clients.
Therefore, it is expected that an ISP deployed MPTCP Proxy would
benefit the M-UEs with better user-experience for almost all the
legacy applications by exploiting MPTCP capability at least for the
most resource-limited channel on the air, without relying on
pervasive MPTCP deployment at the server side.
The same approach can be followed for CPE-based deployment models.
These models can be refreshed to integrate CPEs that are able to
<Deng, et al.> Expires May 25, 2015 [Page 6]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
mount multiple interfaces.
3.2 Resource Pooling from Multiple Networks
For an ISP providing multiple access networks to its subscribers, a
locally deployed MPTCP Proxy would enable use-cases where the M-
UE/ISP is trying to pool access network resources from multiple
networks concurrently, e.g., among multiple WLAN hotspots, a fixed
and a WLAN connection, a cellular and a WLAN, a cellular and a Fixed
access, etc.
However, the specific pooling strategy can differ for various
scenarios, depending on the type of subscriber and the current status
of different networks, etc.
For example, from the user's perspective, business customers would
have perfect pooling while other users would get the cheaper network
whenever possible.
On the other hand, from the ISP's perspective, it would encourage
more efficient usage of network resource by dynamic charging policy
for rush hours, has a static preference for a specific network over
another one, or even desires traffic offloading to proactively
migrate less sensitive or more demanding traffic between multiple
networks it controls.
Criteria to invoke an MPTCP Proxy in a communication paths will be
the results of these policies (i.e., subscribers, applications, and
ISPs).
3.3 Multiple Connections and Seamless Handover between Multiple Networks
For cellular ISPs, the radio access networks are the dominating part
of their network construction investment. With the rapid development
of cellular technology and the imbalance of subscriber/traffic
distribution geographically, it is common practice to deploy leading-
edge technology in traffic boosting hot spots (e.g., downtown areas
in big cities) first while enabling seamless handover for legacy
cellular/wireless networks to guarantee service continuity for a
moving terminal.
A device can discover multiple networks, including multiple
attachment points to the same ISPs. This is the typical example of a
device that can be serviced with multiple WLAN hotspots. Instead of
selecting only one attachment point, the device can select multiple
ones when more resources are required. Maintaining simultaneous
attachment to these attachment points will also allow for seamless
handover and, therefore, allow for session continuity.
<Deng, et al.> Expires May 25, 2015 [Page 7]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
Implementing this feature may require an explicit signal to the
connecting device to drive its network attachment procedure. It is
out of scope of this document to discuss such signals nor elaborate
on potential impact on battery consumption on mobile devices mounting
multiple interfaces in parallel.
3.4 Assist MTPCP Connection Establishment
The MPTCP Proxy does not know in advance whether a remote server is
MPTCP-enabled. As such, the MPTCP Proxy can be provided with various
policies such as (but not limited to):
o TAKE-OVER Mode: Strip any MPTCP signal systematically in all TCP
messages to a remote server: This mode might be useful for two
scenarios: For the scenario where servers are not widely MPTCP-
enabled, it has the advantage to not suffer from MPTCP fallback delay
when the remote server is not MPTCP-enabled. For the scenario where
the ISP would like to limit the MPTCP traffic to its local network to
avoid unexpected blocking by third-party middle-boxes.
o TRANSPARENT Mode: Allow MPTCP signals to be passed to
systematically to remote servers: This mode has the advantage to
optimize MPTCP Proxy resources and favor direct communications
between an MPTCP-enabled UE and an MTPCP-enabled server without
invoking the MPTCP Proxy when both the server and client are MPTCP-
enabled.
o HYBRID Mode: The combination of the above two modes, according to
the proxy's local policy.
4 Deployment Considerations
For an MPTCP Proxy to correctly manage an M-session with the M-UE, it
is necessary for it to receive each subflow coming from the M-UE and
heading for the N-Server it is acting on behalf of. It is hence
straightforward to consider an on-path deployment strategy, where the
MPTCP Proxy is directly located on the common link of every subflow
from the M-UE.
However, for other cases where a common link is absent within the
local ISP's domain or resource pooling is desired from networks of
different ISP domains, the MPTCP Proxy has to steer off-path subflow
to traverse the selected MPTCP Proxy explicitly. Note that steering
functions should work for both directions over all the subflows, i.e.
including both uplink and downlink traffic from/to the M-UE.
Therefore, two types of MPTCP Proxy are considered in this document:
on-path MPTCP Proxy and off-path MPTCP Proxy.
<Deng, et al.> Expires May 25, 2015 [Page 8]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
4.1 On-path MPTCP Proxy
For different access networks provided by a single ISP, it is fairly
easy to locate a common link and deploy an on-path MPTCP Proxy
accordingly.
As depicted in Figure 2, the on-path MPTCP Proxy is located on each
potential path from a M-UE for both MPTCP traffic and legacy TCP
traffic.
( )
( Access Net #1 )
+--->(e.g. Cellular Network)<--+
+----+ | ....>( )<. | +-------+ +--------+
| |<--+ . ( ) . +->| |<==>| |
| |<..... ......>|On-Path|<..>| |
|M-UE| +----->| MPTCP | |N-Server|
| |<----+ | ....>| Proxy |<..>| |
| |<... | ( ) | . +-------+ +--------+
+----+ . +--->( Access Net #2 )<+ .
....>( e.g. WLAN Network )<.
( )
( )
-----subflow of an M-session
.....legacy TCP flow
=====merged TCP flow for an M-session
Figure 2. The On-Path MPTCP Proxy
4.2 Off-Path Proxy
On the one hand, it is not viable to assume for instance a common
link from a cellular ISP to deploy an on-path proxy on each potential
MPTCP subflow originating from its M-UE via third-party WLAN networks
for instance.
On the other hand, even for resource pooling from a single ISP's own
WLAN networks, it is not always feasible to find such a common link
for on-path MPTCP Proxy before corresponding traffic hitting the
public Internet.
( )
<Deng, et al.> Expires May 25, 2015 [Page 9]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
( Access Net #1 )
+--->(e.g. Cellular Network)<--+
+----+ | ....>( )<. | +--------+ +--------+
| |<--+ . ( ) . +->|off-Path|<==>| |
| |<..... ......>| MPTCP |<..>| |
|M-UE| ******>| Proxy | |N-Server|
| |<***** * +--------+ | |
| |<... * ( ) * ..................>| |
+----+ . *****>( Access Net #2 )<* . +--------+
....>( e.g WLAN Network )<.
( )
( )
-----subflow following its natural path
*****explicitly redirected subflow
.....legacy TCP flow
=====merged TCP flow for a M-session
Figure 3. The Off-Path MPTCP Proxy
As depicted in Figure 3, the off-path MPTCP Proxy is located on the
"natural path" of only a partial subset of potential subflow of a
given M-session, and relies on extra mechanism to explicitly steering
other subflows to deviate from their "natural path" and go through
it.
5 Deployment Scenarios
5.1 MPTCP Proxy at the ISP IP Gateway
For Fixed networks, MPTCP Proxy can be located in various segments
with a network (e.g., co-located with a CGN [RFC6888], a DS-Lite AFTR
[RFC6333], or a NAT64 device [RFC6146] if already present in the
network, co-located with a TCP acceleration and optimizer if any,
etc.).
As the anchoring point for 3GPP mobile UE originated IP traffic
within the cellular network, the IP gateway of 3GPP network (e.g.,
GGSN (Gateway GPRS Support Node) or PDN Gateway (PGW) [RFC7066])
would be a natural spot for MPTCP Proxy deployment. It is also
possible for the gateway to reuse existing interfaces with other 3GPP
network elements for information/policy acquisition. Alternatively,
another location for MPTCP Proxy deployment would be the (s)Gi
Interface(i.e., between the GGSN/PGW and an external PDN (Packet
Domain Network)).
<Deng, et al.> Expires May 25, 2015 [Page 10]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
5.2 On-Path MPTCP Proxy at the ISP Data Center
It is common practice for local ISPs to build up local data center
facilities within its domain for large Internet content providers in
order to feed user's requests locally, resulting in both enhanced
user experience for cut-short end-to-end delay and reduced expenses
for unnecessary cross-ISP peering traffic.
It is believed that by deploying an on-path MPTCP Proxy at the
entrance of the ISP's local data center, it would help various
Internet Content Provider residing within the data center to gain
enhanced user-experience for local subscribers with M-UEs without the
need to upgrade their servers manually.
5.3 On-Path MPTCP Proxy at SmallCell Gateway
Some ISPs are deploying small cells (low-powered radio access nodes)
with both cellular and carrier WLAN access. Small cells is expected
to be a cost-effective and green way for cellular network deployment
for both home and enterprise subscribers. For instance, it can be
integrated with the home gateway for a broadband subscriber.
Figure 4 outlines the Nanocell system architecture.
( )
+--+ +-(Cellular)-+ +--------+ Cellular
| |-+ ( ) +-|Nanocell| +-( Core )---( )
|UE| |(local |-(IP Backhaul)+ (Internet)
| |-+ ( ) +-|Gateway)| +-( WLAN AC )---( )
+--+ +-( WLAN )-+ +--------+
( )
Figure 4. Nanocell System Architecture
As a combined access node for both cellular and WLAN traffic, small
cell Gateway represents a spot for an on-path MPTCP Proxy at the
network edge.
Note that by applying local breakout scheme, where the small cell
doing IP-layer forwarding itself rather than relying on other 3GPP
routing devices, it is expected that no extensions to existing 3GPP
specs are needed for its integration with an MPTCP Proxy.
5.4 MPTCP Proxy at CPE/CGN for Fixed Access Networks
A first deployment model assumes MPTCP Proxy is enabled in a CPE.
This proxy aims to offer MPTCP service to non-MPTCP hosts located
<Deng, et al.> Expires May 25, 2015 [Page 11]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
behind the CPE. This model can be deployed with or without an MPTCP
Proxy at the ISP's network.
In early deployment stages, this model is likely to require an MPTCP
Proxy be also deployed at the ISP's network side. This is mainly to
shorten delays induced by TCP fall back when the remote server is not
MPTCP compliant.
Hosts located behind the CPE are not aware of the activation of the
MPTCP at the CPE side. MPTCP can be used for both bandwidth
aggregation and also ensure session continuity during failure
events.
6 Requirements for MPTCP Proxy
This section identifies requirements derived from the above use-cases
for an ISP MPTCP Proxy.
6.1 Protocol Proxying between MPTCP and TCP
In the on-path MPTCP Proxy use-case, the proxy is assured to be
deployed on the path of each potential subflow of a given MPTCP
session from the M-UE to the N-Server.
To allow a MPCTP-enabled UE to make full use of the multiple
interfaces even if it is interacting with an N-server, the on-path
MPTCP Proxy MUST satisfy the following requirements.
(a) Compatibility: An on-path MPTCP Proxy supports detection of M-
UE/N-server combinations for further proxying while leaving M-UE/M-
server and N-UE/N-server sessions intact.
(b) Transparency: An on-path MPTCP Proxy supports negotiation with
and acting towards the M-UE like a M-server on behalf of N-Server,
while acting towards the N-Server like a N-UE on behalf of the M-UE.
6.2 Explicit Traffic Steering for Off-Path Proxying
As we discussed earlier in the off-path MPTCP Proxy use-case, it is
required that subflows whose "natural path" does not include the
MPTCP Proxy be redirected explicitly to go through the proxy.
(c) Explicit Traffic Steering: an off-path MPTCP Proxy that enables
resource pooling from third-party WLAN networks MUST support explicit
traffic steering, to allow all the subsequent subflow traffic go
through the exactly the same MPTCP Proxy used in the correspondent M-
session establishment for both directions (including uplink and
<Deng, et al.> Expires May 25, 2015 [Page 12]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
downlink traffic from/to the M-UE).
(d) Globally Routable Address: an off-path MPTCP Proxy that enables
resource pooling from the same ISP's networks SHOULD expose a
globally routable address to allow explicit steering of subsequent
subflow traffic after they hit the public Internet.
6.3 Flexible Resource Policy within a Single ISP
Different from the end-to-end MPTCP solution, ISP deployed MPTCP
Proxy is a potential point for centralized cross-network flow control
over service/RAT preference for a given subscriber's M-UEs, which is
considered to be essential for better operation and service provision
in 3GPP networks.
However, to enable such fine-grained resource pooling policy from the
network side, it is essential that the MPTCP proxy knows for each
subflow its specific Network Access Type information.
(e) Network Access Type Information: an MPTCP proxy SHOULD be able to
make use of a reliable information sharing/reporting mechanism to
acquire a subflow's Network Access Type information/update on a real-
time basis.
(f) Resource Policy: an MPTCP Proxy MUST support flexible control to
set limits to both the number of concurrent subflows running in a M-
session and the number of concurrent M-sessions from an M-UE/to an N-
Server, according to the type and/or identity of relevant subscriber
and/or application.
6.4 Protection against third-party traffic
Apart from the traditional private network deployment practice, an
off-path MPTCP proxy exposes itself as publicly accessible from any
third-party traffic, where traditional access authorization or
admission control mechanisms from 3GPP network would not work. It is
therefore envisioned that an off-path MPTCP Proxy open for third-
party WiFi resource pooling MUST support minimal protection/policy
against potentially malicious traffic from third-party network.
(g) Provision Negotiation: an MPTCP Proxy SHOULD support both
subscriber/M-session/subflow level resource reservation negotiation
with a M-UE.
(h) Origin Authentication: an off-path MPTCP Proxy MUST support
subflow authentication for traffic from an unauthorized third-party
WiFi, in order to serve subflows belong to its intended M-sessions
coming from authorized subscribers or NAT, while turning down others
<Deng, et al.> Expires May 25, 2015 [Page 13]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
with least overhead.
(i) Admission Control: an off-path MPTCP Proxy MUST support admission
control to set limits to both the number of concurrent subflows on a
given M-session and the number of concurrent M-sessions for a given
subscriber/application.
6.5 MPTCP Proxy Selection from Multiple Candidates
When multiple MPTCP Proxies exist on an end-to-end path from the M-UE
to the N-Server, a natural question arises that "which MPTCP Proxy
should be chosen and how". There may be different considerations
depending on the location and types of MPTCP Proxy involved in
addition to the expectation of the application.
For example, assume an ISP deploys on-path MPTCP Proxy at smallcell
Gateway as well as an off-path MPTCP Proxy at the IP gateway of its
cellular network. The following considerations may apply.
On one hand, a straightforward policy would be to choose the nearest
MPTCP Proxy to the M-UE, i.e. the on-path MPTCP Proxy at smallcell
gateway which would lead to more efficiency from less traffic
convergence pressure. Another policy would be to prefer the on-path
MPTCP Proxy to the off-path one, which would cause unnecessary
traffic roundabout.
However, on the other hand, if a M-session is established with the
on-path MPTCP Proxy at smallcell gateway and when the M-UE moves out
of the coverage of the cell, the connection will be broken.
Therefore, it is reasonable to choose off-path MPTCP Proxy for
applications with strict service continuity expectations, while favor
on-path MPTCP Proxy for bulk data transfer with application-level re-
connection mechanisms.
In summary, regarding the MPTCP Proxy selection from multiple
candidates, the following requirement apply.
(j) Flexible Selection: when multiple M-Proxies are deployed on the
end-to-end path for a M-session establishment within the domain a
single ISP, it SHOULD be possible for the ISP to enforce flexible
selection policy regarding which MPTCP Proxy to serve which M-
session, based on the MPTCP Proxy's location, the MPTCP Proxy's type
(on-path/off-path) in addition to the application's expectation.
6.6 Load Balancing Algorithm for Multiple Networks
When multiple networks are available to service a subscriber, the
traffic may be balanced among those available paths for the sake of
<Deng, et al.> Expires May 25, 2015 [Page 14]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
QoE. The logic for balancing the traffic among those multiple paths
can be driven by application needs, customer's preferences, and/or
ISP traffic engineering guidelines.
From a traffic engineering perspective, the ISP may enforce policies
that would optimize various parameters such as:
o Network resources usage as a whole.
o Optimized invocation of available MPTCP Proxies (i.e., MPTCP Proxy
selection).
o Optimized MPTCP Proxy local performances (e.g., avoid overload
phenomena).
o Enhanced QoE (including increase both upstream and downstream
throughputs)
In summary, regarding the load balancing algorithm for multiple
networks, the following requirement apply.
(k) The MPTCP Proxy SHOULD be configurable with the load balancing
ratio per each available path.
6.7 Misc
Below are listed some additional requirements:
o Including an MPTCP Proxy in the communication may be seen as a
single point of failure. Means to protect against such failures
should be enabled.
o If TCP flows handled by the MPTCP Proxy are sourced with the
external IP address(es) that belong to the MPTCP Proxy, all hosts
serviced by the same MPTCP Proxy will be seen with the same IP
address(es). Means to mitigate the side effects documented in
[RFC6269] SHOULD be enabled in such deployment case.
o The MPTCP Proxy SHOULD NOT alter non-MPTCP signals included in a
TCP segment.
o The MPTCP Proxy MUST NOT inject MPTCP signals if the TCP option
size is consumed.
o The MPTCP Proxy SHOULD NOT inject MPTCP signals if this leads to
local fragmentation. MTU tuning may be required to avoid
fragmentation. MPTCP Proxy SHOULD be configurable to enable/disable
this feature.
<Deng, et al.> Expires May 25, 2015 [Page 15]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
o The MPTCP Proxy MUST take proper measure to avoid errors caused by
careless MPTCP signal modification to segments with other TCP
options. For instance, TCP-AO (TCP Authentication Option) [RFC5925],
which includes TCP options in the MAC computation, when present, MUST
be the first processed by the MPTCP Proxy.
o The MPTCP Proxy SHOULD be easy to scale to cope with growing
demand.
7 Security Considerations
As an MPTCP Proxy is playing N-UE and M-Server at the same time, the
security considerations that concerns a TCP client and a MPTCP-
enabled server are applicable to a MPTCP Proxy in general [RFC6181].
Forcing the traffic to cross an MPTCP Proxy that would not be
involved if legacy routing and forwarding actions are enforced raises
some security concerns. In particular, inserting an illegitimate
MPTCP Proxy can be used to hijack connections. Traffic inspected by
third party MPTCP Proxy may be used as a vector to reveal privacy-
related information.
These security concerns can be mitigated if the MPTCP Proxy is
managed by the same ISP offering connectivity to a customer.
Otherwise, specific mechanisms to be used are expected to be an
integral part of an MPTCP Proxy design and out of scope of this
document.
8 IANA Considerations
There is no IANA action in this document.
9 Acknowledgement
The authors would like to thank Olivier Bonaventure, Jordan Melzer,
Preethi Natarajan, Marc Portoles, Chunshan Xiong, Alper Yegin, Zhen
Cao and Hui Deng for their valuable comments and input to this
document.
<Deng, et al.> Expires May 25, 2015 [Page 16]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
10 References
10.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,
"TCP Extensions for Multipath Operation with Multiple
Addresses", RFC 6824, January 2013.
10.2 Informative References
[RFC6181] M. Bagnulo, "Threat Analysis for TCP Extensions for
Multipath Operation", RFC 6181, March 2011.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC6333, August 2011.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011.
[RFC6269] Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
Roberts, "Issues with IP Address Sharing", RFC 6269, June
2011.
[RFC6269] Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
Roberts, "Issues with IP Address Sharing", RFC 6269, June
2011.
[RFC7066] Korhonen, J., Arkko, J., Savolainen, T., and S. Krishnan,
"IPv6 for Third Generation Partnership Project (3GPP)
Cellular Hosts", RFC 7066, November 2013.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, June 2010.
<Deng, et al.> Expires May 25, 2015 [Page 17]
�
INTERNET DRAFT <MPTCP Proxy Usecases and Requirements> Oct 24, 2014
Authors' Addresses
Lingli Deng
China Mobile
Email: denglingli@chinamobile.com
Dapeng Liu
China Mobile
Email: liudapeng@chinamobile.com
Tao Sun
China Mobile
Email: suntao@chinamobile.com
Mohamed Boucadair
France Telecom
Email: mohamed.boucadair@orange.com
Gregory Cauchie
Bouygues Telecom
Email: GCAUCHIE@bouyguestelecom.fr
<Deng, et al.> Expires May 25, 2015 [Page 18]
