--- 1/draft-ietf-tcpm-converters-03.txt 2018-10-22 06:13:24.547214307 -0700 +++ 2/draft-ietf-tcpm-converters-04.txt 2018-10-22 06:13:24.631216311 -0700 @@ -1,23 +1,23 @@ TCPM Working Group O. Bonaventure, Ed. Internet-Draft Tessares Intended status: Experimental M. Boucadair, Ed. -Expires: April 21, 2019 Orange +Expires: April 25, 2019 Orange S. Gundavelli Cisco S. Seo Korea Telecom - October 18, 2018 + October 22, 2018 0-RTT TCP Convert Protocol - draft-ietf-tcpm-converters-03 + draft-ietf-tcpm-converters-04 Abstract This document specifies an application proxy, called Transport Converter, to assist the deployment of TCP extensions such as Multipath TCP. This proxy is designed to avoid inducing extra delay when involved in a network-assisted connection (that is, 0-RTT). This specification assumes an explicit model, where the proxy is explicitly configured on hosts. @@ -31,37 +31,37 @@ the Converter Protocol. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- - Drafts is at http://datatracker.ietf.org/drafts/current/. + Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 21, 2019. + This Internet-Draft will expire on April 25, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info) in effect on the date of + (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 @@ -81,47 +81,47 @@ 4.2.3. The Bootstrap TLV . . . . . . . . . . . . . . . . . . 15 4.2.4. Supported TCP Extension Services TLV . . . . . . . . 15 4.2.5. Connect TLV . . . . . . . . . . . . . . . . . . . . . 16 4.2.6. Extended TCP Header TLV . . . . . . . . . . . . . . . 18 4.2.7. Error TLV . . . . . . . . . . . . . . . . . . . . . . 18 5. Compatibility of Specific TCP Options with the Conversion Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.1. Base TCP Options . . . . . . . . . . . . . . . . . . . . 21 5.2. Window Scale (WS) . . . . . . . . . . . . . . . . . . . . 22 5.3. Selective Acknowledgements . . . . . . . . . . . . . . . 22 - 5.4. Timestamp . . . . . . . . . . . . . . . . . . . . . . . . 22 + 5.4. Timestamp . . . . . . . . . . . . . . . . . . . . . . . . 23 5.5. Multipath TCP . . . . . . . . . . . . . . . . . . . . . . 23 5.6. TCP Fast Open . . . . . . . . . . . . . . . . . . . . . . 23 5.7. TCP User Timeout . . . . . . . . . . . . . . . . . . . . 24 5.8. TCP-AO . . . . . . . . . . . . . . . . . . . . . . . . . 24 - 5.9. TCP Experimental Options . . . . . . . . . . . . . . . . 24 - 6. Interactions with Middleboxes . . . . . . . . . . . . . . . . 24 + 5.9. TCP Experimental Options . . . . . . . . . . . . . . . . 25 + 6. Interactions with Middleboxes . . . . . . . . . . . . . . . . 25 7. Security Considerations . . . . . . . . . . . . . . . . . . . 25 7.1. Privacy & Ingress Filtering . . . . . . . . . . . . . . . 25 - 7.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 25 + 7.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 26 7.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 26 - 7.4. Traffic Theft . . . . . . . . . . . . . . . . . . . . . . 26 - 7.5. Multipath TCP-specific Considerations . . . . . . . . . . 26 - 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 - 8.1. Convert Service Port Number . . . . . . . . . . . . . . . 27 - 8.2. The Converter Protocol (Convert) Parameters . . . . . . . 27 - 8.2.1. Convert Versions . . . . . . . . . . . . . . . . . . 27 + 7.4. Traffic Theft . . . . . . . . . . . . . . . . . . . . . . 27 + 7.5. Multipath TCP-specific Considerations . . . . . . . . . . 27 + 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 + 8.1. Convert Service Port Number . . . . . . . . . . . . . . . 28 + 8.2. The Converter Protocol (Convert) Parameters . . . . . . . 28 + 8.2.1. Convert Versions . . . . . . . . . . . . . . . . . . 28 8.2.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . 28 - 8.2.3. Convert Error Messages . . . . . . . . . . . . . . . 28 - 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29 - 9.1. Contributors . . . . . . . . . . . . . . . . . . . . . . 30 - 10. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 31 - 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 - 11.1. Normative References . . . . . . . . . . . . . . . . . . 31 - 11.2. Informative References . . . . . . . . . . . . . . . . . 32 - Appendix A. Differences with SOCKSv5 . . . . . . . . . . . . . . 35 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 + 8.2.3. Convert Error Messages . . . . . . . . . . . . . . . 29 + 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 + 9.1. Contributors . . . . . . . . . . . . . . . . . . . . . . 31 + 10. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 32 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 32 + 11.2. Informative References . . . . . . . . . . . . . . . . . 33 + Appendix A. Differences with SOCKSv5 . . . . . . . . . . . . . . 37 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 1. Introduction Transport protocols like TCP evolve regularly [RFC7414]. TCP has been improved in different ways. Some improvements such as changing the initial window size [RFC6928] or modifying the congestion control scheme can be applied independently on clients and servers. Other improvements such as Selective Acknowledgements [RFC2018] or large windows [RFC7323] require a new TCP option or to change the semantics of some fields in the TCP header. These modifications must be @@ -187,21 +187,21 @@ The main advantage of network-assisted Converters is that they enable new TCP extensions to be used on a subset of the end-to-end path, which encourages the deployment of these extensions. The Transport Converter allows the client and the server to directly negotiate TCP options. The Convert Protocol is a generic mechanism to provide 0-RTT conversion service. As a sample applicability use case, this document specifies how the Convert Protocol applies for Multipath TCP. It is out of scope of this document to provide a comprehensive - list of potential all conversion services; separate documents may be + list of all potential conversion services; separate documents may be edited in the future for other conversion services upon need. This document does not assume that all the traffic is eligible to the network-assisted conversion service. Only a subset of the traffic will be forwarded to a Converter according to a set of policies. Furthermore, it is possible to bypass the Converter to connect to the servers that already support the required TCP extension. This document assumes that a client is configured with one or a list of Converters (e.g., [I-D.boucadair-tcpm-dhc-converter]). @@ -352,20 +352,25 @@ Any user data received by the Transport Converter over the upstream (resp., downstream) connection is relayed over the downstream (resp., upstream) connection. Figure 4 illustrates the establishment of a TCP connection by the Client through a Transport Converter. The information shown between brackets is part of the Converter Protocol described later in this document. + Figure 4 illustrates the establishment of a TCP connection by the + Client through a Transport Converter. The information shown between + brackets is part of the Converter Protocol described later in this + document. + Transport Client Converter Server --------------------> SYN TFO [->Server:port] --------------------> SYN <-------------------- SYN+ACK @@ -589,42 +593,43 @@ 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------------------------------+ | Type | Length | (optional) Value ... | +---------------+---------------+-------------------------------+ | ... (optional) Value | +---------------------------------------------------------------+ Figure 10: Converter Generic TLV Format - A given TLV LUST only appear once on a connection. If two or more - copies of the same TLV are exchanged over a Converter connection, the - associated TCP connections MUST be closed. All fields are encoded - using the network byte order. The length field is the number of 32 - bits words. + A given TLV MUST only appear once on a connection. If two or more + instances of the same TLV are exchanged over a Converter connection, + the associated TCP connections MUST be closed. 4.2.2. Summary of Supported Convert TLVs This document specifies the following Convert TLVs: +------+-----+----------+------------------------------------------+ | Type | Hex | Length | Description | +------+-----+----------+------------------------------------------+ | 1 | 0x1 | 1 | Bootstrap TLV | | 10 | 0xA | Variable| Connect TLV | | 20 | 0x14| Variable| Extended TCP Header TLV | | 21 | 0x15| Variable| Supported TCP Extension Services TLV | | 30 | 0x1E| Variable| Error TLV | +------+-----+----------+------------------------------------------+ Figure 11: The TLVs used by the Converter protocol + Type 0x0 is a reserved valued. Implementations MUST discard messages + with such TLV. + To establish a connection via a Transport Converter, a Client MUST first obtain a valid TFO cookie from that Converter. This is the bootstrap procedure during which the Client opens a connection to the Transport Converter with an empty TFO option. According to [RFC7413], the Transport Converter returns its cookie in the SYN+ACK. Then the Client sends a Bootstrap TLV (Section 4.2.3) to which the Transport Converter replies with the Supported TCP Extension Services TLV described in Section 4.2.4. With the TFO cookie of the Transport Converter, the Client can @@ -713,30 +718,32 @@ connection via a Transport Converter. The 'Remote Peer Port' and 'Remote Peer IP Address' fields contain the destination port number and IP address of the target server for an outgoing connection towards a server located on the Internet. For incoming connections destined to a client serviced via a Converter, these fields convey the source port and IP address. The Remote Peer IP Address MUST be encoded as an IPv6 address. IPv4 addresses MUST be encoded using the IPv4-Mapped IPv6 Address format - defined in [RFC4291]. + defined in [RFC4291]. Further, Remote Peer IP address field MUST NOT + include multicast, broadcast, and host loopback addresses [RFC6890]. The optional 'TCP Options' field is used to specify how specific TCP Options should be advertised by the Transport Converter to the final destination of a connection. If this field is not supplied, the Transport Converter MUST use the default TCP options that correspond to its local policy. The Connect TLV could be designed to be generic to include the DNS name of the remote peer instead of its IP address as in SOCKS + [RFC1928]. However, that design was not adopted because it induces both an extra load and increased delays on the Converter to handle and manage DNS resolution requests. 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------------------------------+ | Type | Length | Remote Peer Port | +---------------+---------------+-------------------------------+ | | @@ -780,25 +787,25 @@ SHALL present those options to the destination peer in addition to the TCP options that it would have used according to its local policies. For the TCP options that are listed without an optional value, the Converter MUST generate its own value. For the TCP options that are included in the 'TCP Options' field with an optional value, it SHALL copy the entire option for use in the connection with the destination peer. This feature is required to support TCP Fast Open. The Converter may discard a Connect TLV request for many reasons - (e.g., bad TFO cookie, authorization failed, out of resources). An - error message indicating the encountered error is returned to the - requesting Client Section 4.2.7. In order to prevent denial-of- - service attacks, error messages sent to a Client SHOULD be rate- - limited. + (e.g., bad TFO cookie, authorization failed, out of resources, + invalid address type). An error message indicating the encountered + error is returned to the requesting Client (Section 4.2.7). In order + to prevent denial-of-service attacks, error messages sent to a Client + SHOULD be rate-limited. 4.2.6. Extended TCP Header TLV The Extended TCP Header TLV (Figure 16) is used by the Transport Converter to send to the Client the extended TCP header that was returned by the Server in the SYN+ACK packet. This TLV is only sent if the Client sent a Connect TLV to request the establishment of a connection. 1 2 3 @@ -870,21 +877,25 @@ Converter. When multiple versions are supported by the Converter, it includes the list of supported version in the value field; each version is encoded in 8 bits. Upon receipt of this error code, the client checks whether it supports one of the versions returned by the Converter. The highest common supported version MUST be used by the client in subsequent exchanges with the Converter. o Malformed Message (1): This error code is sent to indicate that a - message can not be successfully parsed. + message can not be successfully parsed and validated. + + Typically, this error message is sent by the Converter if it + receives a Connect TLV enclosing a multicast, broadcast, or + loopback IP address. To ease troubleshooting, the value field MUST echo the received message. The Converter and the Client MUST send a RST containing this error upon reception of a malformed message. o Unsupported Message (2): This error code is sent to indicate that a message type is not supported by the Converter. To ease troubleshooting, the value field MUST echo the received message. The Converter and the Client MUST send a RST containing @@ -1060,20 +1071,32 @@ (Kind=34) in the Bootstrap TLV. If a Transport Converter has advertised the support for TCP Fast Open in its Bootstrap TLV, it needs to be able to process two types of Connect TLV. If such a Transport Converter receives a Connect TLV with the TCP Fast Open cookie option that does not contain a cookie, it MUST add an empty TCP Fast Open cookie option in the SYN sent to the remote server. If such a Transport Converter receives a Connect TLV with the TCP Fast Open cookie option that contains a cookie, it MUST copy the TCP Fast Open cookie option in the SYN sent to the remote server. + The Converter may behave in address preservation or address sharing + modes as discussed in Section 5.4 of + [I-D.nam-mptcp-deployment-considerations]. Which behavior to use by + a Converter is deployment-specific. If address sharing mode is + enabled, the Converter MUST adhere to REQ-2 of [RFC6888] which + implies a default "IP address pooling" behavior of "Paired" (as + defined in Section 4.1 of [RFC4787]) must be supported. This + behavior is meant to avoid breaking applications that depend on the + external address remaining constant. Also, maintaining the same + external IP address for a client is meant to preserve the validity of + the TFO cookie. + 5.7. TCP User Timeout The TCP User Timeout option is defined in [RFC5482]. The associated TCP option (Kind=28) does not appear to be widely deployed. Editor's Note: Feedback requested for the utilisation of this option by deployed TCP stacks. 5.8. TCP-AO @@ -1220,21 +1243,21 @@ o A device that embeds the Converter may also host a RADIUS client that will solicit an AAA server to check whether connections received from a given source IP address are authorized or not [I-D.boucadair-radext-tcpm-converter]. A first safeguard against the misuse of Converter resources by illegitimate users (e.g., users with access networks that are not managed by the same provider that operates the Converter) is the Converter to reject Multipath TCP connections received on its - Internet-facing interfaces. Only Multipath PTCP connections received + Internet-facing interfaces. Only Multipath TCP connections received on the customer-facing interfaces of a Converter will be accepted. 8. IANA Considerations 8.1. Convert Service Port Number IANA is requested to assign a TCP port number (TBA) for the Converter Protocol from the "Service Name and Transport Protocol Port Number Registry" available at https://www.iana.org/assignments/service- names-port-numbers/service-names-port-numbers.xhtml. @@ -1416,59 +1440,66 @@ o 00 to -01 : added section Section 5 describing the support of different standard tracks TCP options by Transport Converters, clarification of the IANA section, moved the SOCKS comparison to the appendix and various minor modifications o 01 to -02 : Minor modifications o 02 to -03 : Minor modifications + o 03 to -04 : Minor modifications + 11. References 11.1. Normative References [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, - DOI 10.17487/RFC2119, March 1997, . + DOI 10.17487/RFC2119, March 1997, + . [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, . [RFC4727] Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers", RFC 4727, - DOI 10.17487/RFC4727, November 2006, . + DOI 10.17487/RFC4727, November 2006, + . [RFC4987] Eddy, W., "TCP SYN Flooding Attacks and Common Mitigations", RFC 4987, DOI 10.17487/RFC4987, August 2007, . [RFC5482] Eggert, L. and F. Gont, "TCP User Timeout Option", RFC 5482, DOI 10.17487/RFC5482, March 2009, . [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, June 2010, . [RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure, "TCP Extensions for Multipath Operation with Multiple Addresses", RFC 6824, DOI 10.17487/RFC6824, January 2013, . + [RFC6890] Cotton, M., Vegoda, L., Bonica, R., Ed., and B. Haberman, + "Special-Purpose IP Address Registries", BCP 153, + RFC 6890, DOI 10.17487/RFC6890, April 2013, + . + [RFC7413] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP Fast Open", RFC 7413, DOI 10.17487/RFC7413, December 2014, . [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC @@ -1503,39 +1534,46 @@ Boucadair, M., Jacquenet, C., Bonaventure, O., Behaghel, D., stefano.secci@lip6.fr, s., Henderickx, W., Skog, R., Vinapamula, S., Seo, S., Cloetens, W., Meyer, U., Contreras, L., and B. Peirens, "Extensions for Network- Assisted MPTCP Deployment Models", draft-boucadair-mptcp- plain-mode-10 (work in progress), March 2017. [I-D.boucadair-radext-tcpm-converter] Boucadair, M. and C. Jacquenet, "RADIUS Extensions for 0-RTT TCP Converters", draft-boucadair-radext-tcpm- - converter-00 (work in progress), April 2018. + converter-01 (work in progress), October 2018. [I-D.boucadair-tcpm-dhc-converter] Boucadair, M., Jacquenet, C., and R. K, "DHCP Options for 0-RTT TCP Converters", draft-boucadair-tcpm-dhc- - converter-00 (work in progress), April 2018. + converter-01 (work in progress), October 2018. [I-D.ietf-mptcp-rfc6824bis] Ford, A., Raiciu, C., Handley, M., Bonaventure, O., and C. Paasch, "TCP Extensions for Multipath Operation with Multiple Addresses", draft-ietf-mptcp-rfc6824bis-12 (work in progress), October 2018. [I-D.ietf-tcpinc-tcpcrypt] Bittau, A., Giffin, D., Handley, M., Mazieres, D., Slack, Q., and E. Smith, "Cryptographic protection of TCP Streams (tcpcrypt)", draft-ietf-tcpinc-tcpcrypt-13 (work in progress), September 2018. + [I-D.nam-mptcp-deployment-considerations] + Boucadair, M., Jacquenet, C., Bonaventure, O., Henderickx, + W., and R. Skog, "Network-Assisted MPTCP: Use Cases, + Deployment Scenarios and Operational Considerations", + draft-nam-mptcp-deployment-considerations-01 (work in + progress), December 2016. + [I-D.olteanu-intarea-socks-6] Olteanu, V. and D. Niculescu, "SOCKS Protocol Version 6", draft-olteanu-intarea-socks-6-04 (work in progress), August 2018. [I-D.peirens-mptcp-transparent] Peirens, B., Detal, G., Barre, S., and O. Bonaventure, "Link bonding with transparent Multipath TCP", draft- peirens-mptcp-transparent-00 (work in progress), July 2016. @@ -1555,84 +1593,94 @@ [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", RFC 1812, DOI 10.17487/RFC1812, June 1995, . [RFC1919] Chatel, M., "Classical versus Transparent IP Proxies", RFC 1919, DOI 10.17487/RFC1919, March 1996, . [RFC1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and L. Jones, "SOCKS Protocol Version 5", RFC 1928, - DOI 10.17487/RFC1928, March 1996, . + DOI 10.17487/RFC1928, March 1996, + . [RFC2018] Mathis, M., Mahdavi, J., Floyd, S., and A. Romanow, "TCP Selective Acknowledgment Options", RFC 2018, - DOI 10.17487/RFC2018, October 1996, . + DOI 10.17487/RFC2018, October 1996, + . [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, May 2000, . [RFC3135] Border, J., Kojo, M., Griner, J., Montenegro, G., and Z. Shelby, "Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations", RFC 3135, - DOI 10.17487/RFC3135, June 2001, . + DOI 10.17487/RFC3135, June 2001, + . + + [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address + Translation (NAT) Behavioral Requirements for Unicast + UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January + 2007, . [RFC6181] Bagnulo, M., "Threat Analysis for TCP Extensions for Multipath Operation with Multiple Addresses", RFC 6181, - DOI 10.17487/RFC6181, March 2011, . - - [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with - Dual-Stack Hosts", RFC 6555, DOI 10.17487/RFC6555, April - 2012, . + DOI 10.17487/RFC6181, March 2011, + . [RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, - DOI 10.17487/RFC6887, April 2013, . + DOI 10.17487/RFC6887, April 2013, + . + + [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, + A., and H. Ashida, "Common Requirements for Carrier-Grade + NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, + April 2013, . [RFC6928] Chu, J., Dukkipati, N., Cheng, Y., and M. Mathis, "Increasing TCP's Initial Window", RFC 6928, - DOI 10.17487/RFC6928, April 2013, . + DOI 10.17487/RFC6928, April 2013, + . [RFC6978] Touch, J., "A TCP Authentication Option Extension for NAT Traversal", RFC 6978, DOI 10.17487/RFC6978, July 2013, . [RFC7323] Borman, D., Braden, B., Jacobson, V., and R. Scheffenegger, Ed., "TCP Extensions for High Performance", RFC 7323, DOI 10.17487/RFC7323, September 2014, . [RFC7414] Duke, M., Braden, R., Eddy, W., Blanton, E., and A. Zimmermann, "A Roadmap for Transmission Control Protocol (TCP) Specification Documents", RFC 7414, - DOI 10.17487/RFC7414, February 2015, . + DOI 10.17487/RFC7414, February 2015, + . + + [RFC8305] Schinazi, D. and T. Pauly, "Happy Eyeballs Version 2: + Better Connectivity Using Concurrency", RFC 8305, + DOI 10.17487/RFC8305, December 2017, + . Appendix A. Differences with SOCKSv5 - The description above is a simplified description of the Converter - protocol. At a first glance, the proposed solution could seem - similar to the SOCKS v5 protocol [RFC1928]. This protocol is used to - proxy TCP connections. The Client creates a connection to a SOCKS - proxy, exchanges authentication information and indicates the - destination address and port of the final server. At this point, the - SOCKS proxy creates a connection towards the final server and relays - all data between the two proxied connections. The operation of an - implementation based on SOCKSv5 is illustrated in Figure 20. + At a first glance, the Convert solution could seem similar to the + SOCKS v5 protocol [RFC1928] which is used to proxy TCP connections. + The Client creates a connection to a SOCKS proxy, exchanges + authentication information and indicates the destination address and + port of the final server. At this point, the SOCKS proxy creates a + connection towards the final server and relays all data between the + two proxied connections. The operation of an implementation based on + SOCKSv5 is illustrated in Figure 20. Client SOCKS Proxy Server --------------------> SYN <-------------------- SYN+ACK --------------------> ACK --------------------> @@ -1687,21 +1735,21 @@ extension. Neither SOCKS v5 [RFC1928] nor the proposed SOCKS v6 [I-D.olteanu-intarea-socks-6] provide such a feature. A third difference is that a Transport Converter will only accept the connection initiated by the Client provided that the downstream connection is accepted by the Server. If the Server refuses the connection establishment attempt from the Transport Converter, then the upstream connection from the Client is rejected as well. This feature is important for applications that check the availability of a Server or use the time to connect as a hint on the selection of a - Server [RFC6555]. + Server [RFC8305]. Authors' Addresses Olivier Bonaventure (editor) Tessares Email: Olivier.Bonaventure@tessares.net Mohamed Boucadair (editor) Orange