draft-ietf-tcpm-converters-08.txt   draft-ietf-tcpm-converters-09.txt 
TCPM Working Group O. Bonaventure, Ed. TCPM Working Group O. Bonaventure, Ed.
Internet-Draft Tessares Internet-Draft Tessares
Intended status: Experimental M. Boucadair, Ed. Intended status: Experimental M. Boucadair, Ed.
Expires: December 20, 2019 Orange Expires: January 23, 2020 Orange
S. Gundavelli S. Gundavelli
Cisco Cisco
S. Seo S. Seo
Korea Telecom Korea Telecom
B. Hesmans B. Hesmans
Tessares Tessares
June 18, 2019 July 22, 2019
0-RTT TCP Convert Protocol 0-RTT TCP Convert Protocol
draft-ietf-tcpm-converters-08 draft-ietf-tcpm-converters-09
Abstract Abstract
This document specifies an application proxy, called Transport This document specifies an application proxy, called Transport
Converter, to assist the deployment of TCP extensions such as Converter, to assist the deployment of TCP extensions such as
Multipath TCP. This proxy is designed to avoid inducing extra delay Multipath TCP. This proxy is designed to avoid inducing extra delay
when involved in a network-assisted connection (that is, 0-RTT). when involved in a network-assisted connection (that is, 0-RTT).
This specification assumes an explicit model, where the proxy is This specification assumes an explicit model, where the proxy is
explicitly configured on hosts. explicitly configured on hosts.
-- Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
Please update these statements with the RFC number to be assigned to Please update these statements with the RFC number to be assigned to
this document: [This-RFC] this document: [This-RFC]
Please update TBA statements with the port number to be assigned to Please update TBA statements with the port number to be assigned to
the 0-RTT TCP Convert Protocol. the 0-RTT TCP Convert Protocol.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 20, 2019. This Internet-Draft will expire on January 23, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. The Problem . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Network-Assisted Connections: The Rationale . . . . . . . 4
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 6
3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Functional Elements . . . . . . . . . . . . . . . . . . . 6 3.1. Functional Elements . . . . . . . . . . . . . . . . . . . 6
3.2. Theory of Operation . . . . . . . . . . . . . . . . . . . 8 3.2. Theory of Operation . . . . . . . . . . . . . . . . . . . 8
3.3. Sample Examples of Outgoing Converter-Assisted Multipath 3.3. Sample Examples of Outgoing Converter-Assisted Multipath
TCP Connections . . . . . . . . . . . . . . . . . . . . . 11 TCP Connections . . . . . . . . . . . . . . . . . . . . . 12
3.4. Sample Example of Incoming Converter-Assisted Multipath 3.4. Sample Example of Incoming Converter-Assisted Multipath
TCP Connection . . . . . . . . . . . . . . . . . . . . . 13 TCP Connection . . . . . . . . . . . . . . . . . . . . . 13
4. The Convert Protocol (Convert) . . . . . . . . . . . . . . . 14 4. The Convert Protocol (Convert) . . . . . . . . . . . . . . . 14
4.1. The Convert Fixed Header . . . . . . . . . . . . . . . . 14 4.1. The Convert Fixed Header . . . . . . . . . . . . . . . . 15
4.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . . . 15 4.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . . . 16
4.2.1. Generic Convert TLV Format . . . . . . . . . . . . . 15 4.2.1. Generic Convert TLV Format . . . . . . . . . . . . . 16
4.2.2. Summary of Supported Convert TLVs . . . . . . . . . . 16 4.2.2. Summary of Supported Convert TLVs . . . . . . . . . . 16
4.2.3. The Info TLV . . . . . . . . . . . . . . . . . . . . 17 4.2.3. The Info TLV . . . . . . . . . . . . . . . . . . . . 17
4.2.4. Supported TCP Extensions TLV . . . . . . . . . . . . 17 4.2.4. Supported TCP Extensions TLV . . . . . . . . . . . . 17
4.2.5. Connect TLV . . . . . . . . . . . . . . . . . . . . . 18 4.2.5. Connect TLV . . . . . . . . . . . . . . . . . . . . . 18
4.2.6. Extended TCP Header TLV . . . . . . . . . . . . . . . 20 4.2.6. Extended TCP Header TLV . . . . . . . . . . . . . . . 20
4.2.7. The Cookie TLV . . . . . . . . . . . . . . . . . . . 20 4.2.7. The Cookie TLV . . . . . . . . . . . . . . . . . . . 21
4.2.8. Error TLV . . . . . . . . . . . . . . . . . . . . . . 21 4.2.8. Error TLV . . . . . . . . . . . . . . . . . . . . . . 21
5. Compatibility of Specific TCP Options with the Conversion 5. Compatibility of Specific TCP Options with the Conversion
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.1. Base TCP Options . . . . . . . . . . . . . . . . . . . . 24 5.1. Base TCP Options . . . . . . . . . . . . . . . . . . . . 25
5.2. Window Scale (WS) . . . . . . . . . . . . . . . . . . . . 25 5.2. Window Scale (WS) . . . . . . . . . . . . . . . . . . . . 26
5.3. Selective Acknowledgements . . . . . . . . . . . . . . . 25 5.3. Selective Acknowledgements . . . . . . . . . . . . . . . 26
5.4. Timestamp . . . . . . . . . . . . . . . . . . . . . . . . 26 5.4. Timestamp . . . . . . . . . . . . . . . . . . . . . . . . 26
5.5. Multipath TCP . . . . . . . . . . . . . . . . . . . . . . 26 5.5. Multipath TCP . . . . . . . . . . . . . . . . . . . . . . 27
5.6. TCP Fast Open . . . . . . . . . . . . . . . . . . . . . . 26 5.6. TCP Fast Open . . . . . . . . . . . . . . . . . . . . . . 27
5.7. TCP User Timeout . . . . . . . . . . . . . . . . . . . . 27 5.7. TCP User Timeout . . . . . . . . . . . . . . . . . . . . 28
5.8. TCP-AO . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.8. TCP-AO . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.9. TCP Experimental Options . . . . . . . . . . . . . . . . 27 5.9. TCP Experimental Options . . . . . . . . . . . . . . . . 28
6. Interactions with Middleboxes . . . . . . . . . . . . . . . . 27 6. Interactions with Middleboxes . . . . . . . . . . . . . . . . 28
7. Security Considerations . . . . . . . . . . . . . . . . . . . 28 7. Security Considerations . . . . . . . . . . . . . . . . . . . 29
7.1. Privacy & Ingress Filtering . . . . . . . . . . . . . . . 28 7.1. Privacy & Ingress Filtering . . . . . . . . . . . . . . . 29
7.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 29 7.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 30
7.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 30 7.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 31
7.4. Traffic Theft . . . . . . . . . . . . . . . . . . . . . . 30 7.4. Traffic Theft . . . . . . . . . . . . . . . . . . . . . . 31
7.5. Multipath TCP-specific Considerations . . . . . . . . . . 30 7.5. Multipath TCP-specific Considerations . . . . . . . . . . 31
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
8.1. Convert Service Port Number . . . . . . . . . . . . . . . 31 8.1. Convert Service Port Number . . . . . . . . . . . . . . . 32
8.2. The Convert Protocol (Convert) Parameters . . . . . . . . 31 8.2. The Convert Protocol (Convert) Parameters . . . . . . . . 32
8.2.1. Convert Versions . . . . . . . . . . . . . . . . . . 31 8.2.1. Convert Versions . . . . . . . . . . . . . . . . . . 32
8.2.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . 32 8.2.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . 33
8.2.3. Convert Error Messages . . . . . . . . . . . . . . . 32 8.2.3. Convert Error Messages . . . . . . . . . . . . . . . 33
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
9.1. Contributors . . . . . . . . . . . . . . . . . . . . . . 34 9.1. Normative References . . . . . . . . . . . . . . . . . . 34
10. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 35 9.2. Informative References . . . . . . . . . . . . . . . . . 36
11. Example Socket API Changes to Support the 0-RTT Convert Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 39
Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Appendix B. Example Socket API Changes to Support the 0-RTT
11.1. Active Open (Client Side) . . . . . . . . . . . . . . . 36 Convert Protocol . . . . . . . . . . . . . . . . . . 41
11.2. Passive Open (Converter Side) . . . . . . . . . . . . . 37 B.1. Active Open (Client Side) . . . . . . . . . . . . . . . . 41
12. Differences with SOCKSv5 . . . . . . . . . . . . . . . . . . 38 B.2. Passive Open (Converter Side) . . . . . . . . . . . . . . 42
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 40 Appendix C. Differences with SOCKSv5 . . . . . . . . . . . . . . 43
13.1. Normative References . . . . . . . . . . . . . . . . . . 40 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 44
13.2. Informative References . . . . . . . . . . . . . . . . . 42 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 45 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction 1. Introduction
1.1. The Problem
Transport protocols like TCP evolve regularly [RFC7414]. TCP has Transport protocols like TCP evolve regularly [RFC7414]. TCP has
been improved in different ways. Some improvements such as changing been improved in different ways. Some improvements such as changing
the initial window size [RFC6928] or modifying the congestion control the initial window size [RFC6928] or modifying the congestion control
scheme can be applied independently on clients and servers. Other scheme can be applied independently on clients and servers. Other
improvements such as Selective Acknowledgements [RFC2018] or large improvements such as Selective Acknowledgements [RFC2018] or large
windows [RFC7323] require a new TCP option or to change the semantics windows [RFC7323] require a new TCP option or to change the semantics
of some fields in the TCP header. These modifications must be of some fields in the TCP header. These modifications must be
deployed on both clients and servers to be actually used on the deployed on both clients and servers to be actually used on the
Internet. Experience with the latter TCP extensions reveals that Internet. Experience with the latter TCP extensions reveals that
their deployment can require many years. Fukuda reports in their deployment can require many years. Fukuda reports in
[Fukuda2011] results of a decade of measurements showing the [Fukuda2011] results of a decade of measurements showing the
deployment of Selective Acknowledgements, Window Scale and TCP deployment of Selective Acknowledgements, Window Scale and TCP
Timestamps. [ANRW17] describes measurements showing that TCP Fast Timestamps. [ANRW17] describes measurements showing that TCP Fast
Open (TFO) [RFC7413] is still not widely deployed. Open (TFO) [RFC7413] is still not widely deployed.
There are some situations where the transport stack used on clients There are some situations where the transport stack used on clients
(or servers) can be upgraded at a faster pace than the transport (or servers) can be upgraded at a faster pace than the transport
stack running on servers (or clients). In those situations, clients stack running on servers (or clients). In those situations, clients
would typically want to benefit from the features of an improved would typically want to benefit from the features of an improved
transport protocol even if the servers have not yet been upgraded and transport protocol even if the servers have not yet been upgraded and
conversely. Performance Enhancing Proxies [RFC3135], and other conversely. Some assistance from the network to make use of these
service functions have been deployed as solutions to improve TCP features is valuable. For example, Performance Enhancing Proxies
performance over links with specific characteristics. [RFC3135], and other service functions have been deployed as
solutions to improve TCP performance over links with specific
characteristics.
Recent examples of TCP extensions include Multipath TCP [RFC6824] or Recent examples of TCP extensions include Multipath TCP [RFC6824] or
TCPINC [RFC8548]. Those extensions provide features that are TCPINC [RFC8548]. Those extensions provide features that are
interesting for clients such as wireless devices. With Multipath interesting for clients such as wireless devices. With Multipath
TCP, those devices could seamlessly use WLAN (Wireless Local Area TCP, those devices could seamlessly use WLAN (Wireless Local Area
Network) and cellular networks, for bonding purposes, faster Network) and cellular networks, for bonding purposes, faster hand-
handovers, or better resiliency. Unfortunately, deploying those overs, or better resiliency. Unfortunately, deploying those
extensions on both a wide range of clients and servers remains extensions on both a wide range of clients and servers remains
difficult. difficult.
More recently, experimentation of 5G bonding, which has very scarce More recently, 5G bonding experimentation has been conducted into
coverage, has been conducted into global range of the incumbent 4G global range of the incumbent 4G (LTE) connectivity using newly
(LTE) connectivity in newly devised clients using Multipath TCP devised clients and a Multipath TCP proxy. Even if the 5G and the 4G
proxy. Even if the 5G and the 4G bonding by using Multipath TCP bonding relying upon Multipath TCP increases the bandwidth, it is as
increases the bandwidth, it is as well crucial to minimize latency well crucial to minimize latency for all the way between endhosts
for all the way between endhosts regardless of whether intermediate regardless of whether intermediate nodes are inside or outside of the
nodes are inside or outside of the mobile core. In order to handle mobile core. In order to handle URLLC (Ultra Reliable Low Latency
URLLC (Ultra Reliable Low Latency Communication) for the next Communication) for the next generation mobile network, Multipath TCP
generation mobile network, Multipath TCP and its proxy mechanism such and its proxy mechanism such as the one used to provide Access
as the one used to provide Access Traffic Steering, Switching, and Traffic Steering, Switching, and Splitting (ATSSS) must be optimized
Splitting (ATSSS) must be optimised to reduce latency [TS23501]. to reduce latency [TS23501].
1.2. Network-Assisted Connections: The Rationale
This document specifies an application proxy, called Transport This document specifies an application proxy, called Transport
Converter. A Transport Converter is a function that is installed by Converter. A Transport Converter is a function that is installed by
a network operator to aid the deployment of TCP extensions and to a network operator to aid the deployment of TCP extensions and to
provide the benefits of such extensions to clients. A Transport provide the benefits of such extensions to clients. A Transport
Converter may provide conversion service for one or more TCP Converter may provide conversion service for one or more TCP
extensions. Which TCP extensions are eligible to the conversion extensions. Which TCP extensions are eligible to the conversion
service is deployment-specific. The conversion service is provided service is deployment-specific. The conversion service is provided
by means of the 0-RTT TCP Convert Protocol (Convert), that is an by means of the 0-RTT TCP Convert Protocol (Convert), that is an
application-layer protocol which uses TCP port number TBA application-layer protocol which uses TCP port number TBA
(Section 8). (Section 8).
The Convert Protocol provides 0-RTT (Zero Round-Trip Time) conversion
service since no extra delay is induced by the protocol compared to
connections that are not proxied. Particularly, the Convert Protocol
does not require extra signaling setup delays before making use of
the conversion service. The Convert Protocol does not require any
encapsulation (no tunnels, whatsoever).
The Transport Converter adheres to the main principles drawn in The Transport Converter adheres to the main principles drawn in
[RFC1919]. In particular, a Transport Converter achieves the [RFC1919]. In particular, a Transport Converter achieves the
following: following:
o Listen for client sessions; o Listen for client sessions;
o Receive from a client the address of the final target server; o Receive from a client the address of the final target server;
o Setup a session to the final server; o Setup a session to the final server;
o Relay control messages and data between the client and the server; o Relay control messages and data between the client and the server;
o Perform access controls according to local policies. o Perform access controls according to local policies.
The main advantage of network-assisted conversion services is that The main advantage of network-assisted conversion services is that
they enable new TCP extensions to be used on a subset of the path they enable new TCP extensions to be used on a subset of the path
between endpoints, which encourages the deployment of these between endpoints, which encourages the deployment of these
extensions. Furthermore, the Transport Converter allows the client extensions. Furthermore, the Transport Converter allows the client
and the server to directly negotiate TCP options for the sake of and the server to directly negotiate TCP extensions for the sake of
native support along the full path. native support along the full path.
The Convert Protocol is a generic mechanism to provide 0-RTT The Convert Protocol is a generic mechanism to provide 0-RTT
conversion service. As a sample applicability use case, this conversion service. As a sample applicability use case, this
document specifies how the Convert Protocol applies for Multipath document specifies how the Convert Protocol applies for Multipath
TCP. It is out of scope of this document to provide a comprehensive TCP. It is out of scope of this document to provide a comprehensive
list of all potential conversion services. Applicability documents list of all potential conversion services. Applicability documents
may be defined in the future. may be defined in the future.
This document does not assume that all the traffic is eligible to the This document does not assume that all the traffic is eligible to the
skipping to change at page 5, line 35 skipping to change at page 5, line 49
policies. These policies, and how they are communicated to policies. These policies, and how they are communicated to
endpoints, are out of scope. Furthermore, it is possible to bypass endpoints, are out of scope. Furthermore, it is possible to bypass
the Transport Converter to connect directly to the servers that the Transport Converter to connect directly to the servers that
already support the required TCP extension(s). already support the required TCP extension(s).
This document assumes an explicit model in which a client is This document assumes an explicit model in which a client is
configured with one or a list of Transport Converters (statically or configured with one or a list of Transport Converters (statically or
through protocols such as [I-D.boucadair-tcpm-dhc-converter]). through protocols such as [I-D.boucadair-tcpm-dhc-converter]).
Configuration means are outside the scope of this document. Configuration means are outside the scope of this document.
This document is organized as follows. We first provide a brief This document is organized as follows. First, Section 3 provides a
explanation of the operation of Transport Converters in Section 3. brief explanation of the operation of Transport Converters. Then,
We describe the Convert Protocol in Section 4. We discuss in Section 4 describes the Convert Protocol. Section 5 discusses how
Section 5 how Transport Converters can be used to support different Transport Converters can be used to support different TCP extensions.
TCP extensions. We then discuss the interactions with middleboxes Section 6 then discusses the interactions with middleboxes, while
(Section 6) and the security considerations (Section 7). Section 7 focuses on the security considerations.
Appendix A discusses how a TCP stack would need to support the Appendix B describes how a TCP stack would need to support the
protocol described in this document. Appendix B provides a protocol described in this document. Appendix C provides a
comparison with SOCKS proxies that are already used to deploy comparison with SOCKS proxies that are already used to deploy
Multipath TCP in some cellular networks (Section 2.2 of [RFC8041]). Multipath TCP in some cellular networks (Section 2.2 of [RFC8041]).
2. Requirements 2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119][RFC8174] when, and only when, they appear in all
capitals, as shown here.
[RFC2119] [RFC8174] when, and only when, they appear in all capitals, The information shown between brackets in the figures refers to
as shown here. Convert Protocol messages described in Section 4.
3. Architecture 3. Architecture
3.1. Functional Elements 3.1. Functional Elements
The Convert Protocol considers three functional elements: The Convert Protocol considers three functional elements:
o Clients; o Clients;
o Transport Converters; o Transport Converters;
o Servers. o Servers.
A Transport Converter is a network function that relays all data A Transport Converter is a network function that relays all data
exchanged over one upstream connection to one downstream connection exchanged over one upstream connection to one downstream connection
and vice versa (Figure 1). The Transport Converter, thus, maintains and vice versa (Figure 1). The Transport Converter, thus, maintains
state that associates one upstream connection to a corresponding state that associates one upstream connection to a corresponding
downstream connection. downstream connection.
A connection can be initiated from both sides of the Transport A connection can be initiated from both sides of the Transport
Converter (Internet-facing interface, client-facing interface). Converter (Internet-facing interface, customer-facing interface).
"Client" refers to a software instance embedded on a host that can
reach a Transport Converter via its customer-facing interface. The
"Client" can initiate connections via a Transport Converter (referred
to as outgoing connections). Also, the "Client" can accept incoming
connections via a Transport Converter (referred to as incoming
connections). Nevertheless, and unless this is explicitly stated,
the description assumes outgoing connections as default.
| |
: :
| |
+------------+ +------------+
client <- upstream ->| Transport |<- downstream ->server client <- upstream ->| Transport |<- downstream ->server
| Converter | | Converter |
+------------+ +------------+
| |
client-facing interface : Internet-facing interface customer-facing interface : Internet-facing interface
| |
Figure 1: A Transport Converter Relays Data between Pairs of TCP Figure 1: A Transport Converter Relays Data between Pairs of TCP
Connections Connections
Transport Converters can be operated by network operators or third Transport Converters can be operated by network operators or third
parties. Nevertheless, this document focuses on the single parties. Nevertheless, this document focuses on the single
administrative deployment case where the entity offering the administrative deployment case where the entity offering the
connectivity service to a client is also the entity which owns and connectivity service to a client is also the entity which owns and
operates the Transport Converter. operates the Transport Converter.
skipping to change at page 7, line 17 skipping to change at page 7, line 41
+-+ +-+ +-+ +-+ +-+ +-+
| |
+-+ +-+
|R| |R|
+-+ +-+
| |
+---------+ +---------+
|Transport| |Transport|
|Converter| |Converter|
+---------+ +---------+
R: Router
Figure 2: A Transport Converter Can Be Installed Anywhere in the Figure 2: A Transport Converter Can Be Installed Anywhere in the
Network Network
The architecture assumes that new software will be installed on the The architecture assumes that new software will be installed on the
Client hosts to interact with one or more Transport Converters. Client hosts to interact with one or more Transport Converters.
Further, the architecture allows for making use of new TCP extensions Furthermore, the architecture allows for making use of new TCP
even if those are not supported by a given server. extensions even if those are not supported by a given server.
The Client is configured, through means that are outside the scope of A Client is configured, through means that are outside the scope of
this document, with the names and/or the addresses of one or more this document, with the names and/or the addresses of one or more
Transport Converters and the TCP extensions that they support. The Transport Converters and the TCP extensions that they support. The
procedure for selecting a Transport Converter among a list of procedure for selecting a Transport Converter among a list of
configured Transport Converters is outside the scope of this configured Transport Converters is outside the scope of this
document. document.
One of the benefits of this design is that different transport One of the benefits of this design is that different transport
protocol extensions can be used on the upstream and the downstream protocol extensions can be used on the upstream and the downstream
connections. This encourages the deployment of new TCP extensions connections. This encourages the deployment of new TCP extensions
until they are widely supported by servers, in particular. until they are widely supported by servers, in particular.
The architecture does not mandate anything on the server side. The architecture does not mandate anything on the Server side.
Similar to address sharing mechanisms, the architecture does not Similar to address sharing mechanisms, the architecture does not
interfere with end-to-end TLS connections [RFC8446] between the interfere with end-to-end TLS connections [RFC8446] between the
Client and the Server (Figure 3). In other words, end-to-end TLS is Client and the Server (Figure 3). In other words, end-to-end TLS is
supported in the presence of a Converter. supported in the presence of a Converter.
Client Transport Server Client Transport Server
| Converter | | Converter |
| | | | | |
/==========================================\ /==========================================\
| End-to-end TLS | | End-to-end TLS |
\==========================================/ \==========================================/
* TLS messages exhanged between the Client * TLS messages exchanged between the Client
and the Server are not shown. and the Server are not shown.
Figure 3: End-to-end TLS via a Transport Converter Figure 3: End-to-end TLS via a Transport Converter
It is out of scope of this document to elaborate on specific It is out of scope of this document to elaborate on specific
considerations related to the use of TLS in the Client-Converter considerations related to the use of TLS in the Client-Converter
connection leg to exchange Convert TLVs (in addition to the end-to- connection leg to exchange Convert messages (in addition to the end-
end TLS connection). to-end TLS connection).
3.2. Theory of Operation 3.2. Theory of Operation
At a high level, the objective of the Transport Converter is to allow At a high level, the objective of the Transport Converter is to allow
the use a specific extension, e.g., Multipath TCP, on a subset of the the use a specific extension, e.g., Multipath TCP, on a subset of the
path even if the peer does not support this extension. This is path even if the peer does not support this extension. This is
illustrated in Figure 4 where the Client initiates a Multipath TCP illustrated in Figure 4 where the Client initiates a Multipath TCP
connection with the Transport Converter (packets belonging to the connection with the Transport Converter (packets belonging to the
Multipath TCP connection are shown with "===") while the Transport Multipath TCP connection are shown with "===") while the Transport
Converter uses a regular TCP connection with the Server. Converter uses a regular TCP connection with the Server.
Client Transport Server Client Transport Server
| Converter | | Converter |
| | | | | |
|==================>|--------------------->| |==================>|--------------------->|
| | | | | |
|<==================|<---------------------| |<==================|<---------------------|
| | | | | |
Multipath TCP packets Regular TCP packets Multipath TCP packets Regular TCP packets
Figure 4: An Example of 0-RTT Network-Assisted MPTCP Connection Figure 4: An Example of 0-RTT Network-Assisted Outgoing MPTCP
Connection
The packets belonging to the pair of connections between the Client The packets belonging to the pair of connections between the Client
and Server passing through a Transport Converter may follow a and Server passing through a Transport Converter may follow a
different path than the packets directly exchanged between the Client different path than the packets directly exchanged between the Client
and the Server. Deployments should minimize the possible additional and the Server. Deployments should minimize the possible additional
delay by carefully selecting the location of the Transport Converter delay by carefully selecting the location of the Transport Converter
used to reach a given destination. used to reach a given destination.
When establishing a connection, the Client can, depending on local When establishing a connection, the Client can, depending on local
policies, either contact the Server directly (e.g., by sending a TCP policies, either contact the Server directly (e.g., by sending a TCP
SYN towards the Server) or create the connection via a Transport SYN towards the Server) or create the connection via a Transport
Converter. In the latter case (that is, the conversion service is Converter. In the latter case (that is, the conversion service is
used), the Client initiates a connection towards the Transport used), the Client initiates a connection towards the Transport
Converter and indicates the IP address and port number of the Server Converter and indicates the IP address and port number of the Server
within the connection establishment packet. Doing so enables the within the connection establishment packet. Doing so enables the
Transport Converter to immediately initiate a connection towards that Transport Converter to immediately initiate a connection towards that
Server, without experiencing an extra delay. The Transport Converter Server, without experiencing an extra delay. The Transport Converter
waits until the receipt of the confirmation that the Server agrees to waits until the receipt of the confirmation that the Server agrees to
establish the connection before confirming it to the Client. establish the connection before confirming it to the Client.
The client places the destination address and port number of the The Client places the destination address and port number of the
Server in the payload of the SYN sent to the Transport Converter to Server in the payload of the SYN sent to the Transport Converter to
minimize connection establishment delays. In accordance with minimize connection establishment delays. In accordance with
[RFC1919], the Transport Converter maintains two connections that are [RFC1919], the Transport Converter maintains two connections that are
combined together: combined together:
o the upstream connection is the one between the Client and the o the upstream connection is the one between the Client and the
Transport Converter. Transport Converter.
o the downstream connection is between the Transport Converter and o the downstream connection is between the Transport Converter and
the Server. the Server.
Any user data received by the Transport Converter over the upstream Any user data received by the Transport Converter over the upstream
(or downstream) connection is relayed over the downstream (or (or downstream) connection is relayed over the downstream (or
upstream) connection. In particular, if the initial SYN message upstream) connection. In particular, if the initial SYN message
contains data in its payload (e.g., [RFC7413]), that data MUST be contains data in its payload (e.g., [RFC7413]), that data MUST be
placed right after the Convert TLVs when generating the relayed SYN. placed right after the Convert TLVs when generating the relayed SYN.
The Converter associates a lifetime with state entries used to bind The Converter associates a lifetime with state entries used to bind
an upstream connection with its downstream connection. an upstream connection with its downstream connection.
Figure 5 illustrates the establishment of an outbound TCP connection Figure 5 illustrates the establishment of an outgoing TCP connection
by a Client through a Transport Converter. The information shown by a Client through a Transport Converter.
between brackets denotes Convert Protocol messages described in
Section 4.
Transport Transport
Client Converter Server Client Converter Server
| | | | | |
|SYN [->Server:port]| SYN | |SYN [->Server:port]| SYN |
|------------------>|--------------------->| |------------------>|--------------------->|
|<------------------|<---------------------| |<------------------|<---------------------|
| SYN+ACK [ ] | SYN+ACK | | SYN+ACK [ ] | SYN+ACK |
| | | | | |
Figure 5: Establishment of a TCP Connection Through a Transport Figure 5: Establishment of an Outgoing TCP Connection Through a
Converter (1) Transport Converter (1)
The Client sends a SYN destined to the Transport Converter. The The Client sends a SYN destined to the Transport Converter. The
payload of this SYN contains the address and port number of the payload of this SYN contains the address and port number of the
Server. The Transport Converter does not reply immediately to this Server. The Transport Converter does not reply immediately to this
SYN. It first tries to create a TCP connection towards the target SYN. It first tries to create a TCP connection towards the target
Server. If this upstream connection succeeds, the Transport Server. If this upstream connection succeeds, the Transport
Converter confirms the establishment of the connection to the Client Converter confirms the establishment of the connection to the Client
by returning a SYN+ACK and the first bytes of the bytestream contain by returning a SYN+ACK and the first bytes of the bytestream contain
information about the TCP options that were negotiated with the information about the TCP options that were negotiated with the
Server. This information is sent at the beginning of the bytestream, Server. This information is sent at the beginning of the bytestream,
either directly in the SYN+ACK or in a subsequent packet. For either directly in the SYN+ACK or in a subsequent packet. For
graphical reasons, the figures in this section show that the graphical reasons, the figures in this section show that the
Transport Converter returns this information in the SYN+ACK packet. Transport Converter returns this information in the SYN+ACK packet.
An implementation could also place this information in a packet that An implementation could also place this information in a packet that
it sent shortly after the SYN+ACK. it sent shortly after the SYN+ACK.
The connection can also be established from the Internet towards a The connection can also be established from the Internet towards a
Client via a Transport Converter. This is typically the case when an Client via a Transport Converter (Figure 6). This is typically the
application on the Client listens to a specific port (the Client case when an application on the Client listens to a specific port
hosts a server, typically). (the Client hosts an application server, typically). When the
Converter receives an incoming SYN from a remote host, it checks if
it can provide the conversion service for the destination IP address
and destination port number of that SYN. If the check is successful,
the Converter inserts the source IP address and source port number in
the SYN packet, rewrites the source IP address to one of its IP
addresses and, eventually, the destination IP address and port number
in accordance with any information stored locally. That SYN is then
forwarded to the next hop. SYN-ACK and ACK will be then exchanged
between the Client, the Converter, and remote host to confirm the
establishment of the connection.
Transport Remote
Client Converter Host (RH)
| | |
|SYN [<-RH IP@:port]| SYN |
|<------------------|<---------------------|
|------------------>|--------------------->|
| SYN+ACK [ ] | SYN+ACK |
| ... | ... |
Figure 6: Establishment of an Incoming TCP Connection Through a
Transport Converter
A Transport Converter MAY operate in address preservation or address A Transport Converter MAY operate in address preservation or address
sharing modes as discussed in Section 5.4 of sharing modes as discussed in Section 5.4 of
[I-D.nam-mptcp-deployment-considerations]. Which behavior to use by [I-D.nam-mptcp-deployment-considerations]. Which behavior to use by
a Transport Converter is deployment-specific. If address sharing a Transport Converter is deployment-specific. If address sharing
mode is enabled, the Transport Converter MUST adhere to REQ-2 of mode is enabled, the Transport Converter MUST adhere to REQ-2 of
[RFC6888] which implies a default "IP address pooling" behavior of [RFC6888] which implies a default "IP address pooling" behavior of
"Paired" (as defined in Section 4.1 of [RFC4787]) must be supported. "Paired" (as defined in Section 4.1 of [RFC4787]) must be supported.
This behavior is meant to avoid breaking applications that depend on This behavior is meant to avoid breaking applications that depend on
the external address remaining constant. the source address remaining constant.
Standard TCP ([RFC0793], Section 3.4) allows a SYN packet to carry Standard TCP ([RFC0793], Section 3.4) allows a SYN packet to carry
data inside its payload but forbids the receiver from delivering it data inside its payload but forbids the receiver from delivering it
to the application until completion of the three-way-handshake. To to the application until completion of the three-way-handshake. To
enable applications to exchange data in a TCP handshake, this enable applications to exchange data in a TCP handshake, this
specification follows an approach similar to TCP Fast Open [RFC7413] specification follows an approach similar to TCP Fast Open [RFC7413]
and thus removes the constraint by allowing data in SYN packets to be and thus removes the constraint by allowing data in SYN packets to be
delivered to the Transport Converter application. delivered to the Transport Converter application.
As discussed in [RFC7413], such change to TCP semantic raises two As discussed in [RFC7413], such change to TCP semantic raises two
skipping to change at page 11, line 35 skipping to change at page 12, line 27
Connections Connections
As an example, let us consider how the Convert protocol can help the As an example, let us consider how the Convert protocol can help the
deployment of Multipath TCP. We assume that both the Client and the deployment of Multipath TCP. We assume that both the Client and the
Transport Converter support Multipath TCP, but consider two different Transport Converter support Multipath TCP, but consider two different
cases depending on whether the Server supports Multipath TCP or not. cases depending on whether the Server supports Multipath TCP or not.
As a reminder, a Multipath TCP connection is created by placing the As a reminder, a Multipath TCP connection is created by placing the
MP_CAPABLE (MPC) option in the SYN sent by the Client. MP_CAPABLE (MPC) option in the SYN sent by the Client.
Figure 6 describes the operation of the Transport Converter if the Figure 7 describes the operation of the Transport Converter if the
Server does not support Multipath TCP. Server does not support Multipath TCP.
Transport Transport
Client Converter Server Client Converter Server
|SYN, | | |SYN, | |
|MPC [->Server:port]| | |MPC [->Server:port]| SYN, MPC |
|------------------>| SYN, MPC | |------------------>|--------------------->|
| |--------------------->| |<------------------|<---------------------|
| |<---------------------| | SYN+ACK,MPC [.] | SYN+ACK |
|<------------------| SYN+ACK | |------------------>|--------------------->|
| SYN+ACK,MPC [.] | | | ACK, MPC | ACK |
| | | | | |
|------------------>| |
| ACK, MPC |--------------------->|
| | ACK |
Figure 6: Establishment of a Multipath TCP Connection Through a Figure 7: Establishment of a Multipath TCP Connection Through a
Transport Converter towards a Server that Does Not Support Multipath Transport Converter towards a Server that Does Not Support Multipath
TCP TCP
The Client tries to initiate a Multipath TCP connection by sending a The Client tries to initiate a Multipath TCP connection by sending a
SYN with the MP_CAPABLE option (MPC in Figure 6). The SYN includes SYN with the MP_CAPABLE option (MPC in Figure 7). The SYN includes
the address and port number of the target Server, that are extracted the address and port number of the target Server, that are extracted
and used by the Transport Converter to initiate a Multipath TCP and used by the Transport Converter to initiate a Multipath TCP
connection towards this Server. Since the Server does not support connection towards this Server. Since the Server does not support
Multipath TCP, it replies with a SYN+ACK that does not contain the Multipath TCP, it replies with a SYN+ACK that does not contain the
MP_CAPABLE option. The Transport Converter notes that the connection MP_CAPABLE option. The Transport Converter notes that the connection
with the Server does not support Multipath TCP and returns the with the Server does not support Multipath TCP and returns the
extended TCP header received from the Server to the Client. extended TCP header received from the Server to the Client.
Note that, if the TCP connection fails for some reason, the Converter Note that, if the TCP connection fails for some reason, the Converter
tears down the Multipath TCP connection by transmitting a tears down the Multipath TCP connection by transmitting a
MP_FASTCLOSE. Likewise, if the Multipath TCP connection ends with MP_FASTCLOSE. Likewise, if the Multipath TCP connection ends with
the transmission of DATA_FINs, the Converter terminates the TCP the transmission of DATA_FINs, the Converter terminates the TCP
connection by using FIN segments. connection by using FIN segments.
Figure 7 considers a Server that supports Multipath TCP. In this Figure 8 considers a Server that supports Multipath TCP. In this
case, it replies to the SYN sent by the Transport Converter with the case, it replies to the SYN sent by the Transport Converter with the
MP_CAPABLE option. Upon reception of this SYN+ACK, the Transport MP_CAPABLE option. Upon reception of this SYN+ACK, the Transport
Converter confirms the establishment of the connection to the Client Converter confirms the establishment of the connection to the Client
and indicates to the Client that the Server supports Multipath TCP. and indicates to the Client that the Server supports Multipath TCP.
With this information, the Client has discovered that the Server With this information, the Client has discovered that the Server
supports Multipath TCP natively. This will enable the Client to supports Multipath TCP natively. This will enable the Client to
bypass the Transport Converter for the subsequent Multipath TCP bypass the Transport Converter for the subsequent Multipath TCP
connections that it will initiate towards this Server. connections that it will initiate towards this Server.
Transport Transport
Client Converter Server Client Converter Server
|SYN, | | |SYN, | |
|MPC [->Server:port]| | |MPC [->Server:port]| SYN, MPC |
|------------------>| SYN, MPC | |------------------>|--------------------->|
| |--------------------->| |<------------------|<---------------------|
| |<---------------------| |SYN+ACK, | SYN+ACK, MPC |
|<------------------| SYN+ACK, MPC |
|SYN+ACK, | |
|MPC [MPC supported]| | |MPC [MPC supported]| |
|------------------>| | |------------------>|--------------------->|
| ACK, MPC |--------------------->| | ACK, MPC | ACK, MPC |
| | ACK, MPC | | | |
Figure 7: Establishment of a Multipath TCP Connection Through a Figure 8: Establishment of a Multipath TCP Connection Through a
Converter Towards an MPTCP-capable Server Converter Towards an MPTCP-capable Server
3.4. Sample Example of Incoming Converter-Assisted Multipath TCP 3.4. Sample Example of Incoming Converter-Assisted Multipath TCP
Connection Connection
An example of an incoming Converter-assisted Multipath TCP connection An example of an incoming Converter-assisted Multipath TCP connection
is depicted in Figure 8. In order to support incoming connections is depicted in Figure 9. In order to support incoming connections
from remote hosts, the Client may use PCP [RFC6887] to instruct the from remote hosts, the Client may use PCP [RFC6887] to instruct the
Transport Converter to create dynamic mappings. Those mappings will Transport Converter to create dynamic mappings. Those mappings will
be used by the Transport Converter to intercept an incoming TCP be used by the Transport Converter to intercept an incoming TCP
connection destined to the Client and convert it into a Multipath TCP connection destined to the Client and convert it into a Multipath TCP
connection. connection.
Typically, the Client sends a PCP request to the Converter asking to Typically, the Client sends a PCP request to the Converter asking to
create an explicit TCP mapping for (internal IP address, internal create an explicit TCP mapping for (internal IP address, internal
port number). The Converter accepts the request by creating a TCP port number). The Converter accepts the request by creating a TCP
mapping (internal IP address, internal port number, external IP mapping (internal IP address, internal port number, external IP
skipping to change at page 14, line 7 skipping to change at page 14, line 23
mapping table to verify if there is an active mapping matching the mapping table to verify if there is an active mapping matching the
destination IP address and destination port of that SYN. If an entry destination IP address and destination port of that SYN. If an entry
is found, the Converter inserts an MP_CAPABLE option and Connect TLV is found, the Converter inserts an MP_CAPABLE option and Connect TLV
in the SYN packet, rewrites the source IP address to one of its IP in the SYN packet, rewrites the source IP address to one of its IP
addresses and, eventually, the destination IP address and port number addresses and, eventually, the destination IP address and port number
in accordance with the information stored in the mapping. SYN-ACK in accordance with the information stored in the mapping. SYN-ACK
and ACK will be then exchanged between the Client and the Converter and ACK will be then exchanged between the Client and the Converter
to confirm the establishment of the initial subflow. The Client can to confirm the establishment of the initial subflow. The Client can
add new subflows following normal Multipath TCP procedures. add new subflows following normal Multipath TCP procedures.
Transport Transport Remote
Client Converter Server Client Converter Host
| | | | | |
| |<-------------------| |<--------------------|<-------------------|
|<--------------------| SYN | |SYN, | SYN |
|SYN, | |
|MPC[Remote Host:port]| | |MPC[Remote Host:port]| |
|-------------------->| | |-------------------->|------------------->|
| SYN+ACK, MPC |------------------->| | SYN+ACK, MPC | SYN+ACK |
| | SYN+ACK | |<--------------------|<-------------------|
| |<-------------------| | ACK, MPC | ACK |
|<--------------------| ACK |
| ACK, MPC | |
| | | | | |
Figure 8: Establishment of an Incoming TCP Connection through a Figure 9: Establishment of an Incoming Multipath TCP Connection
Transport Converter through a Transport Converter
It is out of scope of this document to define specific Convert TLVs It is out of scope of this document to define specific Convert TLVs
to manage incoming connections. These TLVs can be defined in a to manage incoming connections. These TLVs can be defined in a
separate document. separate document.
4. The Convert Protocol (Convert) 4. The Convert Protocol (Convert)
This section describes the messages that are exchanged between a This section describes the messages that are exchanged between a
Client and a Transport Converter. The Convert Protocol (Convert, for Client and a Transport Converter.
short) uses a 32 bits long fixed header that is sent by both the
Client and the Transport Converter over each established connection. By default, the Transport Converter listens on TCP port number TBA
This header indicates both the version of the protocol used and the for Convert protocol (Convert, for short) messages from Clients.
length of the Convert message.
Clients send packets that are eligible to the conversion service to
the provisioned Transport Converter using TBA as destination port
number. Additional information is supplied by Clients to the
Transport Converter by means of Convert messages as detailed in the
following sub-sections.
Convert messages may appear only in a SYN, SYN+ACK, or ACK.
Convert messages MUST be included as the first bytes of the
bytestream. A Convert message starts with a 32 bits long fixed
header (Section 4.1) followed by one or more Convert TLVs (Type,
Length, Value) (Section 4.2).
4.1. The Convert Fixed Header 4.1. The Convert Fixed Header
The Fixed Header is used to convey information about the version and The Convert Protocol uses a 32 bits long fixed header that is sent by
length of the messages exchanged between the Client and the Transport both the Client and the Transport Converter over each established
Converter. connection. This header indicates both the version of the protocol
used and the length of the Convert message.
The Client and the Transport Converter MUST send the fixed-sized The Client and the Transport Converter MUST send the fixed-sized
header, shown in Figure 9, as the first four bytes of the bytestream. header, shown in Figure 10, as the first four bytes of the
bytestream.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Version | Total Length | Unassigned | | Version | Total Length | Unassigned |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
Figure 9: The Fixed-Sized Header of the Convert Protocol Figure 10: The Fixed-Sized Header of the Convert Protocol
The Version is encoded as an 8 bits unsigned integer value. This The Version is encoded as an 8 bits unsigned integer value. This
document specifies version 1. Version 0 is reserved by this document document specifies version 1. Version 0 is reserved by this document
and MUST NOT be used. and MUST NOT be used.
The Total Length is the number of 32 bits word, including the header, The Total Length is the number of 32 bits word, including the header,
of the bytestream that are consumed by the Convert messages. Since of the bytestream that are consumed by the Convert messages. Since
Total Length is also an 8 bits unsigned integer, those messages Total Length is also an 8 bits unsigned integer, those messages
cannot consume more than 1020 bytes of data. This limits the number cannot consume more than 1020 bytes of data. This limits the number
of bytes that a Transport Converter needs to process. A Total Length of bytes that a Transport Converter needs to process. A Total Length
of zero is invalid and the connection MUST be reset upon reception of of zero is invalid and the connection MUST be reset upon reception of
a header with such total length. a header with such total length.
The Unassigned field MUST be set to zero in this version of the The Unassigned field MUST be set to zero in this version of the
protocol. These bits are available for future use [RFC8126]. protocol. These bits are available for future use [RFC8126].
Data added by the Convert protocol to the TCP bytestream in the Data added by the Convert protocol to the TCP bytestream is
upstream connection is unambiguously distinguished from payload data unambiguously distinguished from payload data by the Total Length
in the downstream connection by the Total Length field in the Convert field in the Convert messages.
messages.
4.2. Convert TLVs 4.2. Convert TLVs
4.2.1. Generic Convert TLV Format 4.2.1. Generic Convert TLV Format
The Convert protocol uses variable length messages that are encoded The Convert protocol uses variable length messages that are encoded
using the generic TLV (Type, Length, Value) format depicted in using the generic TLV format depicted in Figure 11.
Figure 10.
The length of all TLVs used by the Convert protocol is always a The length of all TLVs used by the Convert protocol is always a
multiple of four bytes. All TLVs are aligned on 32 bits boundaries. multiple of four bytes. All TLVs are aligned on 32 bits boundaries.
All TLV fields are encoded using the network byte order. All TLV fields are encoded using the network byte order.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Type | Length | (optional) Value ... | | Type | Length | (optional) Value ... |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| ... (optional) Value | | ... Value |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 10: Convert Generic TLV Format Figure 11: Convert Generic TLV Format
The Length field is expressed in units of 32 bits words. In general The Length field is expressed in units of 32 bits words. If
zero padding MUST be added if the value's length in bytes can not be necessary, Value MUST be padded with zeroes so that the length of the
expressed as 2+(4 * n). TLV is a multiple of 32 bits.
A given TLV MUST only appear once on a connection. If two or more A given TLV MUST only appear once on a connection. If two or more
instances of the same TLV are exchanged over a Convert connection, instances of the same TLV are exchanged over a Convert connection,
the associated TCP connections MUST be closed. the associated TCP connections MUST be closed.
4.2.2. Summary of Supported Convert TLVs 4.2.2. Summary of Supported Convert TLVs
This document specifies the following Convert TLVs: This document specifies the following Convert TLVs:
+------+-----+----------+------------------------------------------+ +------+-----+----------+------------------------------------------+
| Type | Hex | Length | Description | | Type | Hex | Length | Description |
+------+-----+----------+------------------------------------------+ +------+-----+----------+------------------------------------------+
| 1 | 0x1 | 1 | Info TLV | | 1 | 0x1 | 1 | Info TLV |
| 10 | 0xA | Variable | Connect TLV | | 10 | 0xA | Variable | Connect TLV |
| 20 | 0x14| Variable | Extended TCP Header TLV | | 20 | 0x14| Variable | Extended TCP Header TLV |
| 21 | 0x15| Variable | Supported TCP Extensions TLV | | 21 | 0x15| Variable | Supported TCP Extensions TLV |
| 22 | 0x16| Variable | Cookie TLV | | 22 | 0x16| Variable | Cookie TLV |
| 30 | 0x1E| Variable | Error TLV | | 30 | 0x1E| Variable | Error TLV |
+------+-----+----------+------------------------------------------+ +------+-----+----------+------------------------------------------+
Figure 11: The TLVs used by the Convert Protocol Figure 12: The TLVs used by the Convert Protocol
Type 0x0 is a reserved valued. Implementations MUST discard messages Type 0x0 is a reserved valued. Implementations MUST discard messages
with such TLV. with such TLV.
The Client typically sends in the first connection it established
with a Transport Converter the Info TLV (Section 4.2.3) to learn its
capabilities. Assuming the Client is authorized to invoke the
Transport Converter, the latter replies with the Supported TCP
Extensions TLV (Section 4.2.4).
The Client can request the establishment of connections to servers by The Client can request the establishment of connections to servers by
using the Connect TLV (Section 4.2.5). If the connection can be using the Connect TLV (Section 4.2.5). If the connection can be
established with the final server, the Transport Converter replies established with the final server, the Transport Converter replies
with the Extended TCP Header TLV (Section 4.2.4). If not, the with the Extended TCP Header TLV (Section 4.2.6). If not, the
Transport Converter returns an Error TLV (Section 4.2.8) and then Transport Converter returns an Error TLV (Section 4.2.8) and then
closes the connection. closes the connection.
As a general rule, when an error is encountered an Error TLV with the When an error is encountered an Error TLV with the appropriate error
appropriate error code MUST be returned by the Transport Converter. code MUST be returned by the Transport Converter.
4.2.3. The Info TLV 4.2.3. The Info TLV
The Info TLV (Figure 12) is an optional TLV which can be sent by a The Info TLV (Figure 13) is an optional TLV which can be sent by a
Client to request the TCP extensions that are supported by a Client to request the TCP extensions that are supported by a
Transport Converter. It is typically sent on the first connection Transport Converter. It is typically sent on the first connection
that a Client establishes with a Transport Converter to learn its that a Client establishes with a Transport Converter to learn its
capabilities. Assuming a Client is entitled to invoke the Transport capabilities. Assuming a Client is entitled to invoke the Transport
Converter, the latter replies with the Supported TCP Extensions TLV Converter, the latter replies with the Supported TCP Extensions TLV
described in Section 4.2.4. described in Section 4.2.4.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Type=0x1 | Length | Zero | | Type=0x1 | Length | Zero |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
Figure 12: The Info TLV Figure 13: The Info TLV
4.2.4. Supported TCP Extensions TLV 4.2.4. Supported TCP Extensions TLV
The Supported TCP Extensions TLV (Figure 13) is used by a Transport The Supported TCP Extensions TLV (Figure 14) is used by a Transport
Converter to announce the TCP options for which it provides a Converter to announce the TCP options for which it provides a
conversion service. A Transport Converter SHOULD include in this conversion service. A Transport Converter SHOULD include in this
list the TCP options that it accepts from Clients and that it list the TCP options that it accepts from Clients; these options are
includes the SYN packets that it sends to initiate connections. included by the Transport Converter in the SYN packets that it sends
to initiate connections.
Each supported TCP option is encoded with its TCP option Kind listed Each supported TCP option is encoded with its TCP option Kind listed
in the "TCP Parameters" registry maintained by IANA. in the "TCP Parameters" registry maintained by IANA.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Type=0x15 | Length | Unassigned | | Type=0x15 | Length | Unassigned |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Kind #1 | Kind #2 | ... | | Kind #1 | Kind #2 | ... |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
/ ... / / ... /
/ / / /
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 13: The Supported TCP Extensions TLV Figure 14: The Supported TCP Extensions TLV
TCP option Kinds 0, 1, and 2 defined in [RFC0793] are supported by TCP option Kinds 0, 1, and 2 defined in [RFC0793] are supported by
all TCP implementations and thus MUST NOT appear in this list. all TCP implementations and thus MUST NOT appear in this list.
The list of Supported TCP Extension is padded with 0 to end on a 32 The list of Supported TCP Extensions is padded with 0 to end on a 32
bits boundary. bits boundary.
For example, if the Transport Converter supports Multipath TCP, For example, if the Transport Converter supports Multipath TCP,
Kind=30 will be present in the Supported TCP Extensions TLV that it Kind=30 will be present in the Supported TCP Extensions TLV that it
returns in response to Info TLV. returns in response to Info TLV.
4.2.5. Connect TLV 4.2.5. Connect TLV
The Connect TLV (Figure 14) is used to request the establishment of a The Connect TLV (Figure 15) is used to request the establishment of a
connection via a Transport Converter. This connection can be from or connection via a Transport Converter. This connection can be from or
to a client. to a Client.
The 'Remote Peer Port' and 'Remote Peer IP Address' fields contain The 'Remote Peer Port' and 'Remote Peer IP Address' fields contain
the destination port number and IP address of the Server, for the destination port number and IP address of the Server, for
outgoing connections. For incoming connections destined to a Client outgoing connections. For incoming connections destined to a Client
serviced via a Transport Converter, these fields convey the source serviced via a Transport Converter, these fields convey the source
port number and IP address. port number and IP address.
The Remote Peer IP Address MUST be encoded as an IPv6 address. IPv4 The Remote Peer IP Address MUST be encoded as an IPv6 address. IPv4
addresses MUST be encoded using the IPv4-Mapped IPv6 Address format addresses MUST be encoded using the IPv4-Mapped IPv6 Address format
defined in [RFC4291]. Further, Remote Peer IP address field MUST NOT defined in [RFC4291]. Further, Remote Peer IP address field MUST NOT
skipping to change at page 18, line 49 skipping to change at page 19, line 19
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| | | |
| Remote Peer IP Address (128 bits) | | Remote Peer IP Address (128 bits) |
| | | |
| | | |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
| TCP Options (Variable) | | TCP Options (Variable) |
| ... | | ... |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 14: The Connect TLV Figure 15: The Connect TLV
The 'TCP Options' field is a variable length field that carries a The 'TCP Options' field is a variable length field that carries a
list of TCP option fields (Figure 15). Each TCP option field is list of TCP option fields (Figure 16). Each TCP option field is
encoded as a block of 2+n bytes where the first byte is the TCP encoded as a block of 2+n bytes where the first byte is the TCP
option Kind and the second byte is the length of the TCP option as option Kind and the second byte is the length of the TCP option as
specified in [RFC0793]. The minimum value for the TCP option Length specified in [RFC0793]. The minimum value for the TCP option Length
is 2. The TCP options that do not include a length subfield, i.e., is 2. The TCP options that do not include a length subfield, i.e.,
option types 0 (EOL) and 1 (NOP) defined in [RFC0793] MUST NOT be option types 0 (EOL) and 1 (NOP) defined in [RFC0793] MUST NOT be
placed inside the TCP options field of the Connect TLV. The optional placed inside the TCP options field of the Connect TLV. The optional
Value field contains the variable-length part of the TCP option. A Value field contains the variable-length part of the TCP option. A
length of two indicates the absence of the Value field. The TCP length of two indicates the absence of the Value field. The TCP
options field always ends on a 32 bits boundary after being padded options field always ends on a 32 bits boundary after being padded
with zeros. with zeros.
skipping to change at page 19, line 25 skipping to change at page 19, line 44
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| TCPOpt kind | TCPOpt Length | Value (opt) | .... | | TCPOpt kind | TCPOpt Length | Value (opt) | .... |
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| .... | | .... |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
| ... | | ... |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 15: The TCP Options Field Figure 16: The TCP Options Field
Upon reception of a Connect TLV, and absent any policy (e.g., rate- Upon reception of a Connect TLV, and absent any policy (e.g., rate-
limit) or resource exhaustion conditions, a Transport Converter limit) or resource exhaustion conditions, a Transport Converter
attempts to establish a connection to the address and port that it attempts to establish a connection to the address and port that it
contains. The Transport Converter MUST use by default the TCP contains. The Transport Converter MUST use by default the TCP
options that correspond to its local policy to establish this options that correspond to its local policy to establish this
connection. These are the options that it advertises in the connection. These are the options that it advertises in the
Supported TCP Extensions TLV. Supported TCP Extensions TLV.
Upon reception of an extended Connect TLV, and absent any rate limit Upon reception of an extended Connect TLV, and absent any rate limit
skipping to change at page 20, line 9 skipping to change at page 20, line 26
The Transport Converter may discard a Connect TLV request for various The Transport Converter may discard a Connect TLV request for various
reasons (e.g., authorization failed, out of resources, invalid reasons (e.g., authorization failed, out of resources, invalid
address type). An error message indicating the encountered error is address type). An error message indicating the encountered error is
returned to the requesting Client (Section 4.2.8). In order to returned to the requesting Client (Section 4.2.8). In order to
prevent denial-of-service attacks, error messages sent to a Client prevent denial-of-service attacks, error messages sent to a Client
SHOULD be rate-limited. SHOULD be rate-limited.
4.2.6. Extended TCP Header TLV 4.2.6. Extended TCP Header TLV
The Extended TCP Header TLV (Figure 16) is used by the Transport The Extended TCP Header TLV (Figure 17) is used by the Transport
Converter to send to the Client the extended TCP header that was Converter to send to the Client the extended TCP header that was
returned by the Server in the SYN+ACK packet. This TLV is only sent returned by the Server in the SYN+ACK packet. This TLV is only sent
if the Client sent a Connect TLV to request the establishment of a if the Client sent a Connect TLV to request the establishment of a
connection. connection.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Type=0x14 | Length | Unassigned | | Type=0x14 | Length | Unassigned |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Returned Extended TCP header | | Returned Extended TCP header |
| ... | | ... |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 16: The Extended TCP Header TLV Figure 17: The Extended TCP Header TLV
The Returned Extended TCP header field is a copy of the extended The Returned Extended TCP header field is a copy of the extended
header that was received in the SYN+ACK by the Transport Converter. header that was received in the SYN+ACK by the Transport Converter.
The Unassigned field MUST be set to zero by the transmitter and The Unassigned field MUST be set to zero by the transmitter and
ignored by the receiver. These bits are available for future use ignored by the receiver. These bits are available for future use
[RFC8126]. [RFC8126].
4.2.7. The Cookie TLV 4.2.7. The Cookie TLV
The Cookie TLV (Figure 17 is an optional TLV which use is similar to The Cookie TLV (Figure 18 is an optional TLV which use is similar to
the TCP Fast Open Cookie [RFC7413]. A Transport Converter may want the TCP Fast Open Cookie [RFC7413]. A Transport Converter may want
to verify that its Clients can receive the packets that it sends to to verify that a Client can receive the packets that it sends to
prevent attacks from spoofed addresses. This verification can be prevent attacks from spoofed addresses. This verification can be
done by using a Cookie that is bound to, for example, the IP done by using a Cookie that is bound to, for example, the IP
address(es) of the Client. This Cookie can be configured on the address(es) of the Client. This Cookie can be configured on the
Client by means that are outside of this document or provided by the Client by means that are outside of this document or provided by the
Transport Converter as follows. Transport Converter as follows.
A Transport Converter that has been configured to use the optional A Transport Converter that has been configured to use the optional
Cookie TLV MUST verify the presence of this TLV in the payload of the Cookie TLV MUST verify the presence of this TLV in the payload of the
received SYN. If this TLV is present, the Transport Converter MUST received SYN. If this TLV is present, the Transport Converter MUST
validate the Cookie by means similar to those in Section 4.1.2 of validate the Cookie by means similar to those in Section 4.1.2 of
skipping to change at page 21, line 12 skipping to change at page 21, line 32
Transport Converter MUST return an Error TLV set to "Not Authorized" Transport Converter MUST return an Error TLV set to "Not Authorized"
and close the connection. and close the connection.
If the received SYN did not contain a Cookie TLV, and cookie If the received SYN did not contain a Cookie TLV, and cookie
validation is required, the Transport Converter should compute a validation is required, the Transport Converter should compute a
Cookie bound to this Client address and return a Convert message Cookie bound to this Client address and return a Convert message
containing the fixed header, an Error TLV set to "Missing Cookie" and containing the fixed header, an Error TLV set to "Missing Cookie" and
the computed Cookie and close the connection. The Client will react the computed Cookie and close the connection. The Client will react
to this error by storing the received Cookie in its cache and attempt to this error by storing the received Cookie in its cache and attempt
to reestablish a new connection to the Transport Converter that to reestablish a new connection to the Transport Converter that
includes the Cookie. includes the Cookie TLV.
The format of the Cookie TLV is shown in the below figure. The format of the Cookie TLV is shown in Figure 18.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Type=0x16 | Length | Zero | | Type=0x16 | Length | Zero |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Opaque Cookie | | Opaque Cookie |
| ... | | ... |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 17: The Cookie TLV Figure 18: The Cookie TLV
4.2.8. Error TLV 4.2.8. Error TLV
The Error TLV (Figure 18) is used by the Transport Converter to The Error TLV (Figure 19) is meant to provide information about some
provide information about some errors that occurred during the errors that occurred during the processing of a Convert message.
processing of Convert message. This TLV has a variable length. It This TLV has a variable length. It appears after the Convert fixed-
appears after the Convert fixed-header in the bytestream returned by header in the bytestream returned by the Transport Converter. Upon
the Transport Converter. Upon reception of an Error TLV, a Client reception of an Error TLV, a Client MUST close the associated
MUST close the associated connection. connection.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+----------------+--------------+ +---------------+---------------+----------------+--------------+
| Type=0x1E | Length | Error code | Value | | Type=0x1E | Length | Error Code | Value |
+---------------+---------------+----------------+--------------+ +---------------+---------------+----------------+--------------+
Figure 18: The Error TLV Figure 19: The Error TLV
Different types of errors can occur while processing Convert Different types of errors can occur while processing Convert
messages. Each error is identified by an Error code represented as messages. Each error is identified by an Error Code represented as
an unsigned integer. Four classes of Error codes are defined: an unsigned integer. Four classes of error codes are defined:
o Message validation and processing errors (0-31 range): returned o Message validation and processing errors (0-31 range): returned
upon reception of an invalid message (including valid messages but upon reception of an invalid message (including valid messages but
with invalid or unknown TLVs). with invalid or unknown TLVs).
o Client-side errors (32-63 range): the Client sent a request that o Client-side errors (32-63 range): the Client sent a request that
could not be accepted by the Transport Converter (e.g., could not be accepted by the Transport Converter (e.g.,
unsupported operation). unsupported operation).
o Converter-side errors (64-95 range): problems encountered on the o Converter-side errors (64-95 range): problems encountered on the
skipping to change at page 22, line 21 skipping to change at page 22, line 39
from fulfilling the Client's request. from fulfilling the Client's request.
o Errors caused by the destination server (96-127 range): the final o Errors caused by the destination server (96-127 range): the final
destination could not be reached or it replied with a reset. destination could not be reached or it replied with a reset.
The following error codes are defined in this document: The following error codes are defined in this document:
o Unsupported Version (0): The version number indicated in the fixed o Unsupported Version (0): The version number indicated in the fixed
header of a message received from a peer is not supported. header of a message received from a peer is not supported.
This error code MUST be generated by a Transport Converter when it This error code MUST be generated by a Transport Converter (or
receives a request having a version number that it does not Client) when it receives a request having a version number that it
support. does not support.
The value field MUST be set to the version supported by the The value field MUST be set to the version supported by the
Transport Converter. When multiple versions are supported by the Transport Converter (or Client). When multiple versions are
Transport Converter, it includes the list of supported version in supported by the Transport Converter (or Client), it includes the
the value field; each version is encoded in 8 bits. The list of list of supported version in the value field; each version is
supported versions should be padded with zeros to end on a 32 bits encoded in 8 bits. The list of supported versions should be
boundary. padded with zeros to end on a 32 bits boundary.
Upon receipt of this error code, the client checks whether it Upon receipt of this error code, the Client (or Transport
supports one of the versions returned by the Transport Converter. Converter) checks whether it supports one of the versions returned
The highest common supported version MUST be used by the client in by the Transport Converter (or Client). The highest common
subsequent exchanges with the Transport Converter. supported version MUST be used by the Client (or Transport
Converter) in subsequent exchanges with the Transport Converter
(or Client).
o Malformed Message (1): This error code is sent to indicate that a o Malformed Message (1): This error code is sent to indicate that a
message can not be successfully parsed and validated. message received from a peer is can not be successfully parsed and
validated.
Typically, this error code is sent by the Transport Converter if Typically, this error code is sent by the Transport Converter if
it receives a Connect TLV enclosing a multicast, broadcast, or it receives a Connect TLV enclosing a multicast, broadcast, or
loopback IP address. loopback IP address.
To ease troubleshooting, the value field MUST echo the received To ease troubleshooting, the value field MUST echo the received
message shifted by one byte to keep to original alignment of the message shifted by one byte to keep to original alignment of the
message. message.
o Unsupported Message (2): This error code is sent to indicate that o Unsupported Message (2): This error code is sent to indicate that
a message type is not supported by the Transport Converter. a message type received from a peer is not supported.
To ease troubleshooting, the value field MUST echo the received To ease troubleshooting, the value field MUST echo the received
message shifted by one byte to keep to original alignment of the message shifted by one byte to keep to original alignment of the
message. message.
o Missing Cookie (3): If a Transport Converter requires the o Missing Cookie (3): If a Transport Converter requires the
utilization of Cookies to prevent spoofing attacks and a Cookie utilization of Cookies to prevent spoofing attacks and a Cookie
TLV was not included in the Convert message, the Transport TLV was not included in the Convert message, the Transport
Converter MUST return this error to the requesting client. The Converter MUST return this error to the requesting client. The
first byte of the value field MUST be set to zero and the first byte of the value field MUST be set to zero and the
skipping to change at page 24, line 13 skipping to change at page 24, line 32
Converter is experiencing a network failure to relay the request. Converter is experiencing a network failure to relay the request.
The Transport Converter MUST send this error code when it The Transport Converter MUST send this error code when it
experiences forwarding issues to relay a connection. The experiences forwarding issues to relay a connection. The
Transport Converter may indicate in the Value field the suggested Transport Converter may indicate in the Value field the suggested
delay (in seconds) that the Client SHOULD wait before soliciting delay (in seconds) that the Client SHOULD wait before soliciting
the Transport Converter for a new proxied connection. A Value of the Transport Converter for a new proxied connection. A Value of
zero corresponds to a default delay of at least 30 seconds. zero corresponds to a default delay of at least 30 seconds.
o Connection Reset (96): This error indicates that the final o Connection Reset (96): This error indicates that the final
destination responded with a RST packet. The Value field MUST be destination responded with an RST packet. The Value field MUST be
set to zero. set to zero.
o Destination Unreachable (97): This error indicates that an ICMP o Destination Unreachable (97): This error indicates that an ICMP
destination unreachable, port unreachable, or network unreachable destination unreachable, port unreachable, or network unreachable
was received by the Transport Converter. The Value field MUST was received by the Transport Converter. The Value field MUST
echo the Code field of the received ICMP message. echo the Code field of the received ICMP message.
Figure 19 summarizes the different error codes. Figure 20 summarizes the different error codes.
+-------+------+-----------------------------------------------+ +-------+------+-----------------------------------------------+
| Error | Hex | Description | | Error | Hex | Description |
+-------+------+-----------------------------------------------+ +-------+------+-----------------------------------------------+
| 0 | 0x00 | Unsupported Version | | 0 | 0x00 | Unsupported Version |
| 1 | 0x01 | Malformed Message | | 1 | 0x01 | Malformed Message |
| 2 | 0x02 | Unsupported Message | | 2 | 0x02 | Unsupported Message |
| 3 | 0x03 | Missing Cookie | | 3 | 0x03 | Missing Cookie |
| 32 | 0x20 | Not Authorized | | 32 | 0x20 | Not Authorized |
| 33 | 0x21 | Unsupported TCP Option | | 33 | 0x21 | Unsupported TCP Option |
| 64 | 0x40 | Resource Exceeded | | 64 | 0x40 | Resource Exceeded |
| 65 | 0x41 | Network Failure | | 65 | 0x41 | Network Failure |
| 96 | 0x60 | Connection Reset | | 96 | 0x60 | Connection Reset |
| 97 | 0x61 | Destination Unreachable | | 97 | 0x61 | Destination Unreachable |
+-------+------+-----------------------------------------------+ +-------+------+-----------------------------------------------+
Figure 19: Convert Error Values Figure 20: Convert Error Values
5. Compatibility of Specific TCP Options with the Conversion Service 5. Compatibility of Specific TCP Options with the Conversion Service
In this section, we discuss how several standard track TCP options In this section, we discuss how several standard track TCP options
can be supported through the Convert protocol. The non-standard can be supported through the Convert protocol. The non-standard
track options and the experimental options will be discussed in other track options and the experimental options will be discussed in other
documents. documents.
5.1. Base TCP Options 5.1. Base TCP Options
skipping to change at page 25, line 20 skipping to change at page 26, line 7
TCP connection. There is no reason for a Client to request a TCP connection. There is no reason for a Client to request a
Transport Converter to advertise a specific MSS value to a remote Transport Converter to advertise a specific MSS value to a remote
server. server.
A Transport Converter MUST ignore options with Kind=0, 1 or 2 if they A Transport Converter MUST ignore options with Kind=0, 1 or 2 if they
appear in a Connect TLV. It MUST NOT announce them in a Supported appear in a Connect TLV. It MUST NOT announce them in a Supported
TCP Extensions TLV. TCP Extensions TLV.
5.2. Window Scale (WS) 5.2. Window Scale (WS)
The Window Scale option (Kind=3) is defined in [RFC7323]. As for the The Window Scale (WS) option (Kind=3) is defined in [RFC7323]. As
MSS option, the window scale factor that is used for a connection for the MSS option, the window scale factor that is used for a
strongly depends on the TCP stack that handles the connection. When connection strongly depends on the TCP stack that handles the
a Transport Converter opens a TCP connection towards a remote server connection. When a Transport Converter opens a TCP connection
on behalf of a Client, it SHOULD use a WS option with a scaling towards a remote server on behalf of a Client, it SHOULD use a WS
factor that corresponds to the configuration of its stack. A local option with a scaling factor that corresponds to the configuration of
configuration MAY allow for WS option in the proxied message to be its stack. A local configuration MAY allow for WS option in the
function of the scaling factor of the incoming connection. proxied message to be function of the scaling factor of the incoming
connection.
There is no benefit from a deployment viewpoint in enabling a Client There is no benefit from a deployment viewpoint in enabling a Client
of a Transport Converter to specifically request the utilisation of of a Transport Converter to specifically request the utilization of
the WS option (Kind=3) with a specific scaling factor towards a the WS option (Kind=3) with a specific scaling factor towards a
remote Server. For this reason, a Transport Converter MUST ignore remote Server. For this reason, a Transport Converter MUST ignore
option Kind=3 if it appears in a Connect TLV. It MUST NOT announce option Kind=3 if it appears in a Connect TLV. It MUST NOT announce
it in a Supported TCP Extensions TLV. it in a Supported TCP Extensions TLV.
5.3. Selective Acknowledgements 5.3. Selective Acknowledgements
Two distinct TCP options were defined to support selective Two distinct TCP options were defined to support selective
acknowledgements in [RFC2018]. This first one, SACK Permitted acknowledgements in [RFC2018]. This first one, SACK Permitted
(Kind=4), is used to negotiate the utilisation of selective (Kind=4), is used to negotiate the utilization of selective
acknowledgements during the three-way handshake. The second one, acknowledgements during the three-way handshake. The second one,
SACK (Kind=5), carries the selective acknowledgements inside regular SACK (Kind=5), carries the selective acknowledgements inside regular
segments. segments.
The SACK Permitted option (Kind=4) MAY be advertised by a Transport The SACK Permitted option (Kind=4) MAY be advertised by a Transport
Converter in the Supported TCP Extensions TLV. Clients connected to Converter in the Supported TCP Extensions TLV. Clients connected to
this Transport Converter MAY include the SACK Permitted option in the this Transport Converter MAY include the SACK Permitted option in the
Connect TLV. Connect TLV.
The SACK option (Kind=5) cannot be used during the three-way The SACK option (Kind=5) cannot be used during the three-way
skipping to change at page 28, line 22 skipping to change at page 29, line 11
the deployment of TCP extensions. In this section, we only discuss the deployment of TCP extensions. In this section, we only discuss
the middleboxes that modify SYN and SYN+ACK packets since the Convert the middleboxes that modify SYN and SYN+ACK packets since the Convert
Protocol places its messages in such packets. Protocol places its messages in such packets.
Consider a middlebox that removes the SYN payload. The Client can Consider a middlebox that removes the SYN payload. The Client can
detect this problem by looking at the acknowledgement number field of detect this problem by looking at the acknowledgement number field of
the SYN+ACK returned by the Transport Converter. The Client MUST the SYN+ACK returned by the Transport Converter. The Client MUST
stop to use this Transport Converter given the middlebox stop to use this Transport Converter given the middlebox
interference. interference.
Consider now a middlebox that drops SYN/ACKs with a payload. The
Client won't be able to establish a connection via the Transport
Converter.
The case of a middlebox that removes the payload of SYN+ACKs (but the
payload of SYN) can be detected by a Client. This is hinted by the
absence of an Error or Extended TCP Header TLV in a response. If an
Error was returned by the Transport Converter, a message to close the
connection would normally follow from the Converter. If no such
message is received, the Client may continue to use this Converter.
As explained in [RFC7413], some CGNs (Carrier Grade NATs) can affect As explained in [RFC7413], some CGNs (Carrier Grade NATs) can affect
the operation of TFO if they assign different IP addresses to the the operation of TFO if they assign different IP addresses to the
same end host. Such CGNs could affect the operation of the TFO same end host. Such CGNs could affect the operation of the cookie
Option used by the Convert Protocol. As a reminder CGNs, enabled on validation used by the Convert Protocol. As a reminder CGNs, enabled
the path between a Client and a Transport Converter, must adhere to on the path between a Client and a Transport Converter, must adhere
the address preservation defined in [RFC6888]. See also the to the address preservation defined in [RFC6888]. See also the
discussion in Section 7.1 of [RFC7413]. discussion in Section 7.1 of [RFC7413].
7. Security Considerations 7. Security Considerations
7.1. Privacy & Ingress Filtering 7.1. Privacy & Ingress Filtering
The Transport Converter may have access to privacy-related The Transport Converter may have access to privacy-related
information (e.g., subscriber credentials). The Transport Converter information (e.g., subscriber credentials). The Transport Converter
is designed to not leak such sensitive information outside a local is designed to not leak such sensitive information outside a local
domain. domain.
skipping to change at page 29, line 27 skipping to change at page 30, line 27
If the authentication succeeds, the Converter returns a cookie to the If the authentication succeeds, the Converter returns a cookie to the
Client. Subsequent Connect messages will be authorized as a function Client. Subsequent Connect messages will be authorized as a function
of the content of the Cookie TLV. of the content of the Cookie TLV.
In deployments where network-assisted connections are not allowed In deployments where network-assisted connections are not allowed
between hosts of a domain (i.e., hairpinning), the Converter may be between hosts of a domain (i.e., hairpinning), the Converter may be
instructed to discard such connections. Hairpinned connections are instructed to discard such connections. Hairpinned connections are
thus rejected by the Transport Converter by returning an Error TLV thus rejected by the Transport Converter by returning an Error TLV
set to "Not Authorized". Absent explicit configuration otherwise, set to "Not Authorized". Absent explicit configuration otherwise,
hairpinning is enabled by the Converter (see Figure 20. hairpinning is enabled by the Converter (see Figure 21.
<===Network Provider===> <===Network Provider===>
+----+ from X1:x1 to X2':x2' +-----+ X1':x1' +----+ from X1:x1 to X2':x2' +-----+ X1':x1'
| C1 |>>>>>>>>>>>>>>>>>>>>>>>>>>>>>--+--- | C1 |>>>>>>>>>>>>>>>>>>>>>>>>>>>>>--+---
+----+ | v | +----+ | v |
| v | | v |
| v | | v |
| v | | v |
+----+ from X1':x1' to X2:x2 | v | X2':x2' +----+ from X1':x1' to X2:x2 | v | X2':x2'
| C2 |<<<<<<<<<<<<<<<<<<<<<<<<<<<<<--+--- | C2 |<<<<<<<<<<<<<<<<<<<<<<<<<<<<<--+---
+----+ +-----+ +----+ +-----+
Converter Converter
Note: X2':x2' may be equal to Note: X2':x2' may be equal to
X2:x2 X2:x2
Figure 20: Hairpinning Example Figure 21: Hairpinning Example
See below for authorization considerations that are specific for See below for authorization considerations that are specific for
Multipath TCP. Multipath TCP.
7.3. Denial of Service 7.3. Denial of Service
Another possible risk is the amplification attacks since a Transport Another possible risk is the amplification attacks since a Transport
Converter sends a SYN towards a remote Server upon reception of a SYN Converter sends a SYN towards a remote Server upon reception of a SYN
from a Client. This could lead to amplification attacks if the SYN from a Client. This could lead to amplification attacks if the SYN
sent by the Transport Converter were larger than the SYN received sent by the Transport Converter were larger than the SYN received
skipping to change at page 30, line 41 skipping to change at page 31, line 41
[RFC6824]. [RFC6824].
The operator that manages the various network attachments (including The operator that manages the various network attachments (including
the Transport Converters) can enforce authentication and the Transport Converters) can enforce authentication and
authorization policies using appropriate mechanisms. For example, a authorization policies using appropriate mechanisms. For example, a
non-exhaustive list of methods to achieve authorization is provided non-exhaustive list of methods to achieve authorization is provided
hereafter: hereafter:
o The network provider may enforce a policy based on the o The network provider may enforce a policy based on the
International Mobile Subscriber Identity (IMSI) to verify that a International Mobile Subscriber Identity (IMSI) to verify that a
user is allowed to benefit from the aggregation service. If that user is allowed to benefit from the Multipath TCP converter
authorization fails, the Packet Data Protocol (PDP) context/bearer service. If that authorization fails, the Packet Data Protocol
will not be mounted. This method does not require any interaction (PDP) context/bearer will not be mounted. This method does not
with the Transport Converter. require any interaction with the Transport Converter for
authorization matters.
o The network provider may enforce a policy based upon Access o The network provider may enforce a policy based upon Access
Control Lists (ACLs), e.g., at a Broadband Network Gateway (BNG) Control Lists (ACLs), e.g., at a Broadband Network Gateway (BNG)
to control the hosts that are authorized to communicate with a to control the hosts that are authorized to communicate with a
Transport Converter. These ACLs may be installed as a result of Transport Converter. These ACLs may be installed as a result of
RADIUS exchanges, e.g., [I-D.boucadair-radext-tcpm-converter]. RADIUS exchanges, e.g., [I-D.boucadair-radext-tcpm-converter].
This method does not require any interaction with the Transport This method does not require any interaction with the Transport
Converter. Converter for authorization matters.
o A device that embeds a Transport Converter may also host a RADIUS o A device that embeds a Transport Converter may also host a RADIUS
client that will solicit an AAA server to check whether client that will solicit an AAA server to check whether
connections received from a given source IP address are authorized connections received from a given source IP address are authorized
or not [I-D.boucadair-radext-tcpm-converter]. or not [I-D.boucadair-radext-tcpm-converter].
A first safeguard against the misuse of Transport Converter resources A first safeguard against the misuse of Transport Converter resources
by illegitimate users (e.g., users with access networks that are not by illegitimate users (e.g., users with access networks that are not
managed by the same provider that operates the Transport Converter) managed by the same provider that operates the Transport Converter)
is the Transport Converter to reject Multipath TCP connections is the Transport Converter to reject Multipath TCP connections
skipping to change at page 31, line 27 skipping to change at page 32, line 30
8. IANA Considerations 8. IANA Considerations
8.1. Convert Service Port Number 8.1. Convert Service Port Number
IANA is requested to assign a TCP port number (TBA) for the Convert IANA is requested to assign a TCP port number (TBA) for the Convert
Protocol from the "Service Name and Transport Protocol Port Number Protocol from the "Service Name and Transport Protocol Port Number
Registry" available at https://www.iana.org/assignments/service- Registry" available at https://www.iana.org/assignments/service-
names-port-numbers/service-names-port-numbers.xhtml. names-port-numbers/service-names-port-numbers.xhtml.
Service Name: convert
Port Number: TBD
Transport Protocol(s): TCP
Description: 0-RTT TCP Convert Protocol
Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org>
Reference: RFC XXXX
8.2. The Convert Protocol (Convert) Parameters 8.2. The Convert Protocol (Convert) Parameters
IANA is requested to create a new "The Convert Protocol (Convert) IANA is requested to create a new "The Convert Protocol (Convert)
Parameters" registry. Parameters" registry.
The following subsections detail new registries within "The Convert The following subsections detail new registries within "The Convert
Protocol (Convert) Parameters" registry. Protocol (Convert) Parameters" registry.
8.2.1. Convert Versions 8.2.1. Convert Versions
skipping to change at page 32, line 46 skipping to change at page 34, line 4
types are defined; the following ranges are reserved for each of types are defined; the following ranges are reserved for each of
these types: these types:
o Message validation and processing errors: 0-31 o Message validation and processing errors: 0-31
o Client-side errors: 32-63 o Client-side errors: 32-63
o Transport Converter-side errors: 64-95 o Transport Converter-side errors: 64-95
o Errors caused by destination server: 96-127 o Errors caused by destination server: 96-127
The procedure for assigning values from this sub-registry is as The procedure for assigning values from this sub-registry is as
follows: follows:
o 0-191: Values in this range are assigned via IETF Review. o 0-127: Values in this range are assigned via IETF Review.
o 192-255: Values in this range are assigned via Specification o 128-191: Values in this range are assigned via Specification
Required. Required.
o 192-255: Values in this range are assigned for Private Use.
The initial values to be assigned at the creation of the registry are The initial values to be assigned at the creation of the registry are
as follows: as follows:
+-------+------+-----------------------------------+-----------+ +-------+------+-----------------------------------+-----------+
| Error | Hex | Description | Reference | | Error | Hex | Description | Reference |
+-------+------+-----------------------------------+-----------+ +-------+------+-----------------------------------+-----------+
| 0 | 0x00 | Unsupported Version | [This-RFC]| | 0 | 0x00 | Unsupported Version | [This-RFC]|
| 1 | 0x01 | Malformed Message | [This-RFC]| | 1 | 0x01 | Malformed Message | [This-RFC]|
| 2 | 0x02 | Unsupported Message | [This-RFC]| | 2 | 0x02 | Unsupported Message | [This-RFC]|
| 3 | 0x03 | Missing Cookie | [This-RFC]| | 3 | 0x03 | Missing Cookie | [This-RFC]|
| 32 | 0x20 | Not Authorized | [This-RFC]| | 32 | 0x20 | Not Authorized | [This-RFC]|
| 33 | 0x21 | Unsupported TCP Option | [This-RFC]| | 33 | 0x21 | Unsupported TCP Option | [This-RFC]|
| 64 | 0x40 | Resource Exceeded | [This-RFC]| | 64 | 0x40 | Resource Exceeded | [This-RFC]|
| 65 | 0x41 | Network Failure | [This-RFC]| | 65 | 0x41 | Network Failure | [This-RFC]|
| 96 | 0x60 | Connection Reset | [This-RFC]| | 96 | 0x60 | Connection Reset | [This-RFC]|
| 97 | 0x61 | Destination Unreachable | [This-RFC]| | 97 | 0x61 | Destination Unreachable | [This-RFC]|
+-------+------+-----------------------------------+-----------+ +-------+------+-----------------------------------+-----------+
Figure 21: The Convert Error Codes Figure 22: The Convert Error Codes
9. Acknowledgements 9. References
Although they could disagree with the contents of the document, we 9.1. Normative References
would like to thank Joe Touch and Juliusz Chroboczek whose comments
on the MPTCP mailing list have forced us to reconsider the design of
the solution several times.
We would like to thank Raphael Bauduin, Stefano Secci, Anandatirtha [RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
Nandugudi and Gregory Vander Schueren for their help in preparing RFC 793, DOI 10.17487/RFC0793, September 1981,
this document. Nandini Ganesh provided valuable feedback about the <https://www.rfc-editor.org/info/rfc793>.
handling of TFO and the error codes. Thanks to them.
Thanks to Yuchung Cheng and Praveen Balasubramanian for the [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
discussion on supplying data in SYNs. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
This document builds upon earlier documents that proposed various [RFC4279] Eronen, P., Ed. and H. Tschofenig, Ed., "Pre-Shared Key
forms of Multipath TCP proxies [I-D.boucadair-mptcp-plain-mode], Ciphersuites for Transport Layer Security (TLS)",
[I-D.peirens-mptcp-transparent] and [HotMiddlebox13b]. RFC 4279, DOI 10.17487/RFC4279, December 2005,
<https://www.rfc-editor.org/info/rfc4279>.
From [I-D.boucadair-mptcp-plain-mode]: [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
Many thanks to Chi Dung Phung, Mingui Zhang, Rao Shoaib, Yoshifumi [RFC4727] Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4,
Nishida, and Christoph Paasch for their valuable comments. ICMPv6, UDP, and TCP Headers", RFC 4727,
DOI 10.17487/RFC4727, November 2006,
<https://www.rfc-editor.org/info/rfc4727>.
Thanks to Ian Farrer, Mikael Abrahamsson, Alan Ford, Dan Wing, and [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address
Sri Gundavelli for the fruitful discussions in IETF#95 (Buenos Translation (NAT) Behavioral Requirements for Unicast
Aires). UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January
2007, <https://www.rfc-editor.org/info/rfc4787>.
Special thanks to Pierrick Seite, Yannick Le Goff, Fred Klamm, and [RFC4987] Eddy, W., "TCP SYN Flooding Attacks and Common
Xavier Grall for their inputs. Mitigations", RFC 4987, DOI 10.17487/RFC4987, August 2007,
<https://www.rfc-editor.org/info/rfc4987>.
Thanks also to Olaf Schleusing, Martin Gysi, Thomas Zasowski, Andreas [RFC5482] Eggert, L. and F. Gont, "TCP User Timeout Option",
Burkhard, Silka Simmen, Sandro Berger, Michael Melloul, Jean-Yves RFC 5482, DOI 10.17487/RFC5482, March 2009,
Flahaut, Adrien Desportes, Gregory Detal, Benjamin David, Arun <https://www.rfc-editor.org/info/rfc5482>.
Srinivasan, and Raghavendra Mallya for the discussion.
9.1. Contributors [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
June 2010, <https://www.rfc-editor.org/info/rfc5925>.
Bart Peirens contributed to an early version of the document. [RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,
"TCP Extensions for Multipath Operation with Multiple
Addresses", RFC 6824, DOI 10.17487/RFC6824, January 2013,
<https://www.rfc-editor.org/info/rfc6824>.
As noted above, this document builds on two previous documents. [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <https://www.rfc-editor.org/info/rfc6888>.
The authors of [I-D.boucadair-mptcp-plain-mode] were: [RFC6890] Cotton, M., Vegoda, L., Bonica, R., Ed., and B. Haberman,
"Special-Purpose IP Address Registries", BCP 153,
RFC 6890, DOI 10.17487/RFC6890, April 2013,
<https://www.rfc-editor.org/info/rfc6890>.
o Mohamed Boucadair [RFC7250] Wouters, P., Ed., Tschofenig, H., Ed., Gilmore, J.,
Weiler, S., and T. Kivinen, "Using Raw Public Keys in
Transport Layer Security (TLS) and Datagram Transport
Layer Security (DTLS)", RFC 7250, DOI 10.17487/RFC7250,
June 2014, <https://www.rfc-editor.org/info/rfc7250>.
o Christian Jacquenet [RFC7413] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP
Fast Open", RFC 7413, DOI 10.17487/RFC7413, December 2014,
<https://www.rfc-editor.org/info/rfc7413>.
o Olivier Bonaventure [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
o Denis Behaghel [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
o Stefano Secci 9.2. Informative References
o Wim Henderickx [ANRW17] Trammell, B., Kuhlewind, M., De Vaere, P., Learmonth, I.,
and G. Fairhurst, "Tracking transport-layer evolution with
PATHspider", Applied Networking Research Workshop 2017
(ANRW17) , July 2017.
o Robert Skog [Fukuda2011]
Fukuda, K., "An Analysis of Longitudinal TCP Passive
Measurements (Short Paper)", Traffic Monitoring and
Analysis. TMA 2011. Lecture Notes in Computer Science, vol
6613. , 2011.
o Suresh Vinapamula [HotMiddlebox13b]
Detal, G., Paasch, C., and O. Bonaventure, "Multipath in
the Middle(Box)", HotMiddlebox'13 , December 2013,
<http://inl.info.ucl.ac.be/publications/
multipath-middlebox>.
o SungHoon Seo [I-D.arkko-arch-low-latency]
Arkko, J. and J. Tantsura, "Low Latency Applications and
the Internet Architecture", draft-arkko-arch-low-
latency-02 (work in progress), October 2017.
o Wouter Cloetens [I-D.boucadair-mptcp-plain-mode]
Boucadair, M., Jacquenet, C., Bonaventure, O., Behaghel,
D., stefano.secci@lip6.fr, s., Henderickx, W., Skog, R.,
Vinapamula, S., Seo, S., Cloetens, W., Meyer, U.,
Contreras, L., and B. Peirens, "Extensions for Network-
Assisted MPTCP Deployment Models", draft-boucadair-mptcp-
plain-mode-10 (work in progress), March 2017.
o Ullrich Meyer [I-D.boucadair-radext-tcpm-converter]
Boucadair, M. and C. Jacquenet, "RADIUS Extensions for
0-RTT TCP Converters", draft-boucadair-radext-tcpm-
converter-02 (work in progress), April 2019.
o Luis M. Contreras [I-D.boucadair-tcpm-dhc-converter]
Boucadair, M., Jacquenet, C., and R. K, "DHCP Options for
0-RTT TCP Converters", draft-boucadair-tcpm-dhc-
converter-02 (work in progress), April 2019.
o Bart Peirens [I-D.nam-mptcp-deployment-considerations]
Boucadair, M., Jacquenet, C., Bonaventure, O., Henderickx,
W., and R. Skog, "Network-Assisted MPTCP: Use Cases,
Deployment Scenarios and Operational Considerations",
draft-nam-mptcp-deployment-considerations-01 (work in
progress), December 2016.
The authors of [I-D.peirens-mptcp-transparent] were: [I-D.olteanu-intarea-socks-6]
Olteanu, V. and D. Niculescu, "SOCKS Protocol Version 6",
draft-olteanu-intarea-socks-6-07 (work in progress), July
2019.
o Bart Peirens [I-D.peirens-mptcp-transparent]
Peirens, B., Detal, G., Barre, S., and O. Bonaventure,
"Link bonding with transparent Multipath TCP", draft-
peirens-mptcp-transparent-00 (work in progress), July
2016.
o Gregory Detal [IETFJ16] Bonaventure, O. and S. Seo, "Multipath TCP Deployment",
IETF Journal, Fall 2016 , n.d..
o Sebastien Barre [IMC11] Honda, K., Nishida, Y., Raiciu, C., Greenhalgh, A.,
Handley, M., and T. Hideyuki, "Is it still possible to
extend TCP?", Proceedings of the 2011 ACM SIGCOMM
conference on Internet measurement conference , 2011.
o Olivier Bonaventure [RFC1323] Jacobson, V., Braden, R., and D. Borman, "TCP Extensions
for High Performance", RFC 1323, DOI 10.17487/RFC1323, May
1992, <https://www.rfc-editor.org/info/rfc1323>.
10. Change Log [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers",
RFC 1812, DOI 10.17487/RFC1812, June 1995,
<https://www.rfc-editor.org/info/rfc1812>.
[RFC1919] Chatel, M., "Classical versus Transparent IP Proxies",
RFC 1919, DOI 10.17487/RFC1919, March 1996,
<https://www.rfc-editor.org/info/rfc1919>.
[RFC1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and
L. Jones, "SOCKS Protocol Version 5", RFC 1928,
DOI 10.17487/RFC1928, March 1996,
<https://www.rfc-editor.org/info/rfc1928>.
[RFC2018] Mathis, M., Mahdavi, J., Floyd, S., and A. Romanow, "TCP
Selective Acknowledgment Options", RFC 2018,
DOI 10.17487/RFC2018, October 1996,
<https://www.rfc-editor.org/info/rfc2018>.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827,
May 2000, <https://www.rfc-editor.org/info/rfc2827>.
[RFC3135] Border, J., Kojo, M., Griner, J., Montenegro, G., and Z.
Shelby, "Performance Enhancing Proxies Intended to
Mitigate Link-Related Degradations", RFC 3135,
DOI 10.17487/RFC3135, June 2001,
<https://www.rfc-editor.org/info/rfc3135>.
[RFC6181] Bagnulo, M., "Threat Analysis for TCP Extensions for
Multipath Operation with Multiple Addresses", RFC 6181,
DOI 10.17487/RFC6181, March 2011,
<https://www.rfc-editor.org/info/rfc6181>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and
P. Selkirk, "Port Control Protocol (PCP)", RFC 6887,
DOI 10.17487/RFC6887, April 2013,
<https://www.rfc-editor.org/info/rfc6887>.
[RFC6928] Chu, J., Dukkipati, N., Cheng, Y., and M. Mathis,
"Increasing TCP's Initial Window", RFC 6928,
DOI 10.17487/RFC6928, April 2013,
<https://www.rfc-editor.org/info/rfc6928>.
[RFC6978] Touch, J., "A TCP Authentication Option Extension for NAT
Traversal", RFC 6978, DOI 10.17487/RFC6978, July 2013,
<https://www.rfc-editor.org/info/rfc6978>.
[RFC7323] Borman, D., Braden, B., Jacobson, V., and R.
Scheffenegger, Ed., "TCP Extensions for High Performance",
RFC 7323, DOI 10.17487/RFC7323, September 2014,
<https://www.rfc-editor.org/info/rfc7323>.
[RFC7414] Duke, M., Braden, R., Eddy, W., Blanton, E., and A.
Zimmermann, "A Roadmap for Transmission Control Protocol
(TCP) Specification Documents", RFC 7414,
DOI 10.17487/RFC7414, February 2015,
<https://www.rfc-editor.org/info/rfc7414>.
[RFC8041] Bonaventure, O., Paasch, C., and G. Detal, "Use Cases and
Operational Experience with Multipath TCP", RFC 8041,
DOI 10.17487/RFC8041, January 2017,
<https://www.rfc-editor.org/info/rfc8041>.
[RFC8305] Schinazi, D. and T. Pauly, "Happy Eyeballs Version 2:
Better Connectivity Using Concurrency", RFC 8305,
DOI 10.17487/RFC8305, December 2017,
<https://www.rfc-editor.org/info/rfc8305>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8548] Bittau, A., Giffin, D., Handley, M., Mazieres, D., Slack,
Q., and E. Smith, "Cryptographic Protection of TCP Streams
(tcpcrypt)", RFC 8548, DOI 10.17487/RFC8548, May 2019,
<https://www.rfc-editor.org/info/rfc8548>.
[TS23501] 3GPP (3rd Generation Partnership Project), ., "Technical
Specification Group Services and System Aspects; System
Architecture for the 5G System; Stage 2 (Release 16)",
2019, <https://www.3gpp.org/ftp/Specs/
archive/23_series/23.501/>.
Appendix A. Change Log
This section to be removed before publication. This section to be removed before publication.
o 00 : initial version, designed to support Multipath TCP and TFO o 00 : initial version, designed to support Multipath TCP and TFO
only only
o 00 to -01 : added section Section 5 describing the support of o 00 to -01 : added section Section 5 describing the support of
different standard tracks TCP options by Transport Converters, different standard tracks TCP options by Transport Converters,
clarification of the IANA section, moved the SOCKS comparison to clarification of the IANA section, moved the SOCKS comparison to
the appendix and various minor modifications the appendix and various minor modifications
skipping to change at page 35, line 42 skipping to change at page 40, line 15
worked on client and server side implementations. The main worked on client and server side implementations. The main
modifications are the following : modifications are the following :
* TCP Fast Open is not strictly required anymore. Several * TCP Fast Open is not strictly required anymore. Several
implementors expressed concerns about this requirement. The implementors expressed concerns about this requirement. The
TFO Cookie protects from some attack scenarios that affect open TFO Cookie protects from some attack scenarios that affect open
servers like web servers. The Convert protocol is different servers like web servers. The Convert protocol is different
and as discussed in RFC7413, there are different ways to and as discussed in RFC7413, there are different ways to
protect from such attacks. Instead of using a TFO cookie protect from such attacks. Instead of using a TFO cookie
inside the TCP options, which consumes precious space in the inside the TCP options, which consumes precious space in the
extended TCP header, this version supports the utilisation of a extended TCP header, this version supports the utilization of a
Cookie that is placed in the SYN payload. This provides the Cookie that is placed in the SYN payload. This provides the
same level of protection as a TFO Cookie in environments were same level of protection as a TFO Cookie in environments were
such protection is required. such protection is required.
* the Boostrap procedure has been simplified based on feedback * the Bootstrap procedure has been simplified based on feedback
from implementers from implementers
* Error messages are not included in RST segments anymore but * Error messages are not included in RST segments anymore but
sent in the bytestream. Implementors have indicated that sent in the bytestream. Implementors have indicated that
processing such segments on clients was difficult on some processing such segments on clients was difficult on some
platforms. This change simplifies client implementations. platforms. This change simplifies client implementations.
* Many minor editorial changes to clarify the text based on * Many minor editorial changes to clarify the text based on
implementors feedback. implementors feedback.
o 05 to -06: Many clarifications to integrate the comments from the o 05 to -06: Many clarifications to integrate the comments from the
chairs in preparation to the WGLC: chairs in preparation to the WGLC:
* Updated IANA policy to require "IETF Review" instead of * Updated IANA policy to require "IETF Review" instead of
"Standard Action" "Standard Action"
* Call out explicilty that data in SYNs are relayed by the * Call out explicitly that data in SYNs are relayed by the
Converter Converter
* Reiterate the scope * Reiterate the scope
* Hairpinning behavior can be disabled (policy-based) * Hairpinning behavior can be disabled (policy-based)
* Fix nits * Fix nits
o 07: o 07:
* Update the text about supplying data in SYNs to make it clear * Update the text about supplying data in SYNs to make it clear
that a constraint defined in RFC793 is relaxed folloiwng the that a constraint defined in RFC793 is relaxed following the
same rationale as in RFC7413. same rationale as in RFC7413.
* Nits * Nits
* Added Appendix A on example Socket API changes * Added Appendix A on example Socket API changes
o 08: o 08:
* Added short discusion on the termination of connections * Added short discussion on the termination of connections
11. Example Socket API Changes to Support the 0-RTT Convert Protocol o 09:
11.1. Active Open (Client Side) * Various to comments received during last call
Appendix B. Example Socket API Changes to Support the 0-RTT Convert
Protocol
B.1. Active Open (Client Side)
On the client side, the support of the 0-RTT Converter protocol does On the client side, the support of the 0-RTT Converter protocol does
not require any other changes than those identified in Appendix A of not require any other changes than those identified in Appendix A of
[RFC7413]. Those modifications are already supported by multiple TCP [RFC7413]. Those modifications are already supported by multiple TCP
stacks. stacks.
As an example, on Linux, a client can send the 0-RTT Convert message As an example, on Linux, a client can send the 0-RTT Convert message
inside a SYN by using sendto with the MSG_FASTOPEN flag as shown in inside a SYN by using sendto with the MSG_FASTOPEN flag as shown in
the example below: the example below:
skipping to change at page 37, line 24 skipping to change at page 42, line 5
o 0x1: (client) enables sending data in the opening SYN on the o 0x1: (client) enables sending data in the opening SYN on the
client. client.
o 0x4: (client) send data in the opening SYN regardless of cookie o 0x4: (client) send data in the opening SYN regardless of cookie
availability and without a cookie option. availability and without a cookie option.
By setting this configuration variable to 0x5, a Linux client using By setting this configuration variable to 0x5, a Linux client using
the above code would send data inside the SYN without using a TFO the above code would send data inside the SYN without using a TFO
option. option.
11.2. Passive Open (Converter Side) B.2. Passive Open (Converter Side)
The Converter needs to enable the reception of data inside the SYN The Converter needs to enable the reception of data inside the SYN
independently of the utilisation of the TFO option. This implies independently of the utilization of the TFO option. This implies
that the Transport Converter application cannot rely on the TFO that the Transport Converter application cannot rely on the TFO
cookies to validate the reachability of the IP address that sent the cookies to validate the reachability of the IP address that sent the
SYN. It must rely on other techniques, such as the Cookie TLV SYN. It must rely on other techniques, such as the Cookie TLV
described in this document, to verify this reachability. described in this document, to verify this reachability.
[RFC7413] suggested the utilisation of a TCP_FASTOPEN socket option [RFC7413] suggested the utilization of a TCP_FASTOPEN socket option
the enable the reception of SYNs containing data. Later, Appendix A the enable the reception of SYNs containing data. Later, Appendix A
of [RFC7413], mentionned: of [RFC7413], mentioned:
Traditionally, accept() returns only after a socket is connected. Traditionally, accept() returns only after a socket is connected.
But, for a Fast Open connection, accept() returns upon receiving But, for a Fast Open connection, accept() returns upon receiving
SYN with a valid Fast Open cookie and data, and the data is available SYN with a valid Fast Open cookie and data, and the data is available
to be read through, e.g., recvmsg(), read(). to be read through, e.g., recvmsg(), read().
To support the 0-RTT Convert protocol, this behaviour should be To support the 0-RTT Convert protocol, this behavior should be
modified as follows: modified as follows:
Traditionally, accept() returns only after a socket is connected. Traditionally, accept() returns only after a socket is connected.
But, for a Fast Open connection, accept() returns upon receiving a But, for a Fast Open connection, accept() returns upon receiving a
SYN with data, and the data is available to be read through, e.g., SYN with data, and the data is available to be read through, e.g.,
recvmsg(), read(). The application that receives such SYNs with data recvmsg(), read(). The application that receives such SYNs with data
must be able to validate the reachability of the source of the SYN must be able to validate the reachability of the source of the SYN
and also deal with replayed SYNs. and also deal with replayed SYNs.
The Linux server side can be configured with the following sysctls: The Linux server side can be configured with the following sysctls:
skipping to change at page 38, line 16 skipping to change at page 42, line 46
SYN packet to be accepted and passed to the application before SYN packet to be accepted and passed to the application before
3-way handshake finishes. 3-way handshake finishes.
o 0x200: (server) accept data-in-SYN w/o any cookie option present. o 0x200: (server) accept data-in-SYN w/o any cookie option present.
However, this configuration is system-wide. This is convenient for However, this configuration is system-wide. This is convenient for
typical Transport Converter deployments where no other applications typical Transport Converter deployments where no other applications
relying on TFO are collocated on the same device. relying on TFO are collocated on the same device.
Recently, the TCP_FASTOPEN_NO_COOKIE socket option has been added to Recently, the TCP_FASTOPEN_NO_COOKIE socket option has been added to
provide the same behaviour on a per socket basis. This enables a provide the same behavior on a per socket basis. This enables a
single host to support both servers that require the TFO cookie and single host to support both servers that require the TFO cookie and
servers that do not use it. servers that do not use it.
12. Differences with SOCKSv5 Appendix C. Differences with SOCKSv5
At a first glance, the solution proposed in this document could seem At a first glance, the solution proposed in this document could seem
similar to the SOCKS v5 protocol [RFC1928] which is used to proxy TCP similar to the SOCKS v5 protocol [RFC1928] which is used to proxy TCP
connections. The Client creates a connection to a SOCKS proxy, connections. The Client creates a connection to a SOCKS proxy,
exchanges authentication information and indicates the destination exchanges authentication information and indicates the destination
address and port of the final server. At this point, the SOCKS proxy address and port of the final server. At this point, the SOCKS proxy
creates a connection towards the final server and relays all data creates a connection towards the final server and relays all data
between the two proxied connections. The operation of an between the two proxied connections. The operation of an
implementation based on SOCKSv5 is illustrated in Figure 22. implementation based on SOCKSv5 is illustrated in Figure 23.
Client SOCKS Proxy Server Client SOCKS Proxy Server
--------------------> -------------------->
SYN SYN
<-------------------- <--------------------
SYN+ACK SYN+ACK
--------------------> -------------------->
ACK ACK
--------------------> -------------------->
skipping to change at page 39, line 40 skipping to change at page 43, line 51
--------------------> -------------------->
Data1 Data1
--------------------> -------------------->
Data1 Data1
<-------------------- <--------------------
Data2 Data2
<-------------------- <--------------------
Data2 Data2
Figure 22: Establishment of a TCP connection through a SOCKS proxy Figure 23: Establishment of a TCP connection through a SOCKS proxy
without authentication without authentication
The Convert protocol also relays data between an upstream and a The Convert protocol also relays data between an upstream and a
downstream connection, but there are important differences with downstream connection, but there are important differences with
SOCKSv5. SOCKSv5.
A first difference is that the Convert protocol exchanges all control A first difference is that the Convert protocol exchanges all control
information during the three-way handshake. This reduces the information during the three-way handshake. This reduces the
connection establishment delay compared to SOCKS that requires two or connection establishment delay compared to SOCKS that requires two or
more round-trip-times before the establishment of the downstream more round-trip-times before the establishment of the downstream
connection towards the final destination. In today's Internet, connection towards the final destination. In today's Internet,
latency is a important metric and various protocols have been tuned latency is a important metric and various protocols have been tuned
to reduce their latency [I-D.arkko-arch-low-latency]. A recently to reduce their latency [I-D.arkko-arch-low-latency]. A recently
proposed extension to SOCKS also leverages the TFO option proposed extension to SOCKS leverages the TFO option
[I-D.olteanu-intarea-socks-6]. [I-D.olteanu-intarea-socks-6].
A second difference is that the Convert protocol explicitly takes the A second difference is that the Convert protocol explicitly takes the
TCP extensions into account. By using the Convert protocol, the TCP extensions into account. By using the Convert protocol, the
Client can learn whether a given TCP extension is supported by the Client can learn whether a given TCP extension is supported by the
destination Server. This enables the Client to bypass the Transport destination Server. This enables the Client to bypass the Transport
Converter when the destination supports the required TCP extension. Converter when the destination supports the required TCP extension.
Neither SOCKS v5 [RFC1928] nor the proposed SOCKS v6 Neither SOCKS v5 [RFC1928] nor the proposed SOCKS v6
[I-D.olteanu-intarea-socks-6] provide such a feature. [I-D.olteanu-intarea-socks-6] provide such a feature.
skipping to change at page 40, line 33 skipping to change at page 44, line 44
Server [RFC8305]. Server [RFC8305].
A fourth difference is that the Convert protocol only allows the A fourth difference is that the Convert protocol only allows the
client to specify the address/port of the destination server and not client to specify the address/port of the destination server and not
a DNS name. We evaluated an alternate design for the Connect TLV a DNS name. We evaluated an alternate design for the Connect TLV
that included the DNS name of the remote peer instead of its IP that included the DNS name of the remote peer instead of its IP
address as in SOCKS [RFC1928]. However, that design was not adopted address as in SOCKS [RFC1928]. However, that design was not adopted
because it induces both an extra load and increased delays on the because it induces both an extra load and increased delays on the
Transport Converter to handle and manage DNS resolution requests. Transport Converter to handle and manage DNS resolution requests.
13. References Acknowledgements
13.1. Normative References
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, DOI 10.17487/RFC0793, September 1981,
<https://www.rfc-editor.org/info/rfc793>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4279] Eronen, P., Ed. and H. Tschofenig, Ed., "Pre-Shared Key
Ciphersuites for Transport Layer Security (TLS)",
RFC 4279, DOI 10.17487/RFC4279, December 2005,
<https://www.rfc-editor.org/info/rfc4279>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC4727] Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4,
ICMPv6, UDP, and TCP Headers", RFC 4727,
DOI 10.17487/RFC4727, November 2006,
<https://www.rfc-editor.org/info/rfc4727>.
[RFC4787] Audet, F., Ed. and C. Jennings, "Network Address
Translation (NAT) Behavioral Requirements for Unicast
UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January
2007, <https://www.rfc-editor.org/info/rfc4787>.
[RFC4987] Eddy, W., "TCP SYN Flooding Attacks and Common
Mitigations", RFC 4987, DOI 10.17487/RFC4987, August 2007,
<https://www.rfc-editor.org/info/rfc4987>.
[RFC5482] Eggert, L. and F. Gont, "TCP User Timeout Option",
RFC 5482, DOI 10.17487/RFC5482, March 2009,
<https://www.rfc-editor.org/info/rfc5482>.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
June 2010, <https://www.rfc-editor.org/info/rfc5925>.
[RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,
"TCP Extensions for Multipath Operation with Multiple
Addresses", RFC 6824, DOI 10.17487/RFC6824, January 2013,
<https://www.rfc-editor.org/info/rfc6824>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <https://www.rfc-editor.org/info/rfc6888>.
[RFC6890] Cotton, M., Vegoda, L., Bonica, R., Ed., and B. Haberman,
"Special-Purpose IP Address Registries", BCP 153,
RFC 6890, DOI 10.17487/RFC6890, April 2013,
<https://www.rfc-editor.org/info/rfc6890>.
[RFC7250] Wouters, P., Ed., Tschofenig, H., Ed., Gilmore, J.,
Weiler, S., and T. Kivinen, "Using Raw Public Keys in
Transport Layer Security (TLS) and Datagram Transport
Layer Security (DTLS)", RFC 7250, DOI 10.17487/RFC7250,
June 2014, <https://www.rfc-editor.org/info/rfc7250>.
[RFC7413] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP
Fast Open", RFC 7413, DOI 10.17487/RFC7413, December 2014,
<https://www.rfc-editor.org/info/rfc7413>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
13.2. Informative References
[ANRW17] Trammell, B., Kuhlewind, M., De Vaere, P., Learmonth, I.,
and G. Fairhurst, "Tracking transport-layer evolution with
PATHspider", Applied Networking Research Workshop 2017
(ANRW17) , July 2017.
[Fukuda2011] Although they could disagree with the contents of the document, we
Fukuda, K., "An Analysis of Longitudinal TCP Passive would like to thank Joe Touch and Juliusz Chroboczek whose comments
Measurements (Short Paper)", Traffic Monitoring and on the MPTCP mailing list have forced us to reconsider the design of
Analysis. TMA 2011. Lecture Notes in Computer Science, vol the solution several times.
6613. , 2011.
[HotMiddlebox13b] We would like to thank Raphael Bauduin, Stefano Secci, Anandatirtha
Detal, G., Paasch, C., and O. Bonaventure, "Multipath in Nandugudi and Gregory Vander Schueren for their help in preparing
the Middle(Box)", HotMiddlebox'13 , December 2013, this document. Nandini Ganesh provided valuable feedback about the
<http://inl.info.ucl.ac.be/publications/ handling of TFO and the error codes. Yuchung Cheng and Praveen
multipath-middlebox>. Balasubramanian helped to clarify the discussion on supplying data in
SYNs. Phil Eardley and Michael Scharf's helped to clarify different
parts of the text.
[I-D.arkko-arch-low-latency] This document builds upon earlier documents that proposed various
Arkko, J. and J. Tantsura, "Low Latency Applications and forms of Multipath TCP proxies [I-D.boucadair-mptcp-plain-mode],
the Internet Architecture", draft-arkko-arch-low- [I-D.peirens-mptcp-transparent] and [HotMiddlebox13b].
latency-02 (work in progress), October 2017.
[I-D.boucadair-mptcp-plain-mode] From [I-D.boucadair-mptcp-plain-mode]:
Boucadair, M., Jacquenet, C., Bonaventure, O., Behaghel,
D., stefano.secci@lip6.fr, s., Henderickx, W., Skog, R.,
Vinapamula, S., Seo, S., Cloetens, W., Meyer, U.,
Contreras, L., and B. Peirens, "Extensions for Network-
Assisted MPTCP Deployment Models", draft-boucadair-mptcp-
plain-mode-10 (work in progress), March 2017.
[I-D.boucadair-radext-tcpm-converter] Many thanks to Chi Dung Phung, Mingui Zhang, Rao Shoaib, Yoshifumi
Boucadair, M. and C. Jacquenet, "RADIUS Extensions for Nishida, and Christoph Paasch for their valuable comments.
0-RTT TCP Converters", draft-boucadair-radext-tcpm-
converter-02 (work in progress), April 2019.
[I-D.boucadair-tcpm-dhc-converter] Thanks to Ian Farrer, Mikael Abrahamsson, Alan Ford, Dan Wing, and
Boucadair, M., Jacquenet, C., and R. K, "DHCP Options for Sri Gundavelli for the fruitful discussions in IETF#95 (Buenos
0-RTT TCP Converters", draft-boucadair-tcpm-dhc- Aires).
converter-02 (work in progress), April 2019.
[I-D.nam-mptcp-deployment-considerations] Special thanks to Pierrick Seite, Yannick Le Goff, Fred Klamm, and
Boucadair, M., Jacquenet, C., Bonaventure, O., Henderickx, Xavier Grall for their inputs.
W., and R. Skog, "Network-Assisted MPTCP: Use Cases,
Deployment Scenarios and Operational Considerations",
draft-nam-mptcp-deployment-considerations-01 (work in
progress), December 2016.
[I-D.olteanu-intarea-socks-6] Thanks also to Olaf Schleusing, Martin Gysi, Thomas Zasowski, Andreas
Olteanu, V. and D. Niculescu, "SOCKS Protocol Version 6", Burkhard, Silka Simmen, Sandro Berger, Michael Melloul, Jean-Yves
draft-olteanu-intarea-socks-6-06 (work in progress), March Flahaut, Adrien Desportes, Gregory Detal, Benjamin David, Arun
2019. Srinivasan, and Raghavendra Mallya for the discussion.
[I-D.peirens-mptcp-transparent] Contributors
Peirens, B., Detal, G., Barre, S., and O. Bonaventure,
"Link bonding with transparent Multipath TCP", draft-
peirens-mptcp-transparent-00 (work in progress), July
2016.
[IETFJ16] Bonaventure, O. and S. Seo, "Multipath TCP Deployment", Bart Peirens contributed to an early version of the document.
IETF Journal, Fall 2016 , n.d..
[IMC11] Honda, K., Nishida, Y., Raiciu, C., Greenhalgh, A., As noted above, this document builds on two previous documents.
Handley, M., and T. Hideyuki, "Is it still possible to
extend TCP?", Proceedings of the 2011 ACM SIGCOMM
conference on Internet measurement conference , 2011.
[RFC1323] Jacobson, V., Braden, R., and D. Borman, "TCP Extensions The authors of [I-D.boucadair-mptcp-plain-mode] were:
for High Performance", RFC 1323, DOI 10.17487/RFC1323, May
1992, <https://www.rfc-editor.org/info/rfc1323>.
[RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", o Mohamed Boucadair
RFC 1812, DOI 10.17487/RFC1812, June 1995,
<https://www.rfc-editor.org/info/rfc1812>.
[RFC1919] Chatel, M., "Classical versus Transparent IP Proxies", o Christian Jacquenet
RFC 1919, DOI 10.17487/RFC1919, March 1996,
<https://www.rfc-editor.org/info/rfc1919>.
[RFC1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and o Olivier Bonaventure
L. Jones, "SOCKS Protocol Version 5", RFC 1928,
DOI 10.17487/RFC1928, March 1996,
<https://www.rfc-editor.org/info/rfc1928>.
[RFC2018] Mathis, M., Mahdavi, J., Floyd, S., and A. Romanow, "TCP o Denis Behaghel
Selective Acknowledgment Options", RFC 2018,
DOI 10.17487/RFC2018, October 1996,
<https://www.rfc-editor.org/info/rfc2018>.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: o Stefano Secci
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827,
May 2000, <https://www.rfc-editor.org/info/rfc2827>.
[RFC3135] Border, J., Kojo, M., Griner, J., Montenegro, G., and Z. o Wim Henderickx
Shelby, "Performance Enhancing Proxies Intended to
Mitigate Link-Related Degradations", RFC 3135,
DOI 10.17487/RFC3135, June 2001,
<https://www.rfc-editor.org/info/rfc3135>.
[RFC6181] Bagnulo, M., "Threat Analysis for TCP Extensions for o Robert Skog
Multipath Operation with Multiple Addresses", RFC 6181, o Suresh Vinapamula
DOI 10.17487/RFC6181, March 2011,
<https://www.rfc-editor.org/info/rfc6181>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and o SungHoon Seo
P. Selkirk, "Port Control Protocol (PCP)", RFC 6887,
DOI 10.17487/RFC6887, April 2013,
<https://www.rfc-editor.org/info/rfc6887>.
[RFC6928] Chu, J., Dukkipati, N., Cheng, Y., and M. Mathis, o Wouter Cloetens
"Increasing TCP's Initial Window", RFC 6928,
DOI 10.17487/RFC6928, April 2013,
<https://www.rfc-editor.org/info/rfc6928>.
[RFC6978] Touch, J., "A TCP Authentication Option Extension for NAT o Ullrich Meyer
Traversal", RFC 6978, DOI 10.17487/RFC6978, July 2013,
<https://www.rfc-editor.org/info/rfc6978>.
[RFC7323] Borman, D., Braden, B., Jacobson, V., and R. o Luis M. Contreras
Scheffenegger, Ed., "TCP Extensions for High Performance",
RFC 7323, DOI 10.17487/RFC7323, September 2014,
<https://www.rfc-editor.org/info/rfc7323>.
[RFC7414] Duke, M., Braden, R., Eddy, W., Blanton, E., and A. o Bart Peirens
Zimmermann, "A Roadmap for Transmission Control Protocol
(TCP) Specification Documents", RFC 7414,
DOI 10.17487/RFC7414, February 2015,
<https://www.rfc-editor.org/info/rfc7414>.
[RFC8041] Bonaventure, O., Paasch, C., and G. Detal, "Use Cases and The authors of [I-D.peirens-mptcp-transparent] were:
Operational Experience with Multipath TCP", RFC 8041,
DOI 10.17487/RFC8041, January 2017,
<https://www.rfc-editor.org/info/rfc8041>.
[RFC8305] Schinazi, D. and T. Pauly, "Happy Eyeballs Version 2: o Bart Peirens
Better Connectivity Using Concurrency", RFC 8305,
DOI 10.17487/RFC8305, December 2017,
<https://www.rfc-editor.org/info/rfc8305>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol o Gregory Detal
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8548] Bittau, A., Giffin, D., Handley, M., Mazieres, D., Slack, o Sebastien Barre
Q., and E. Smith, "Cryptographic Protection of TCP Streams
(tcpcrypt)", RFC 8548, DOI 10.17487/RFC8548, May 2019,
<https://www.rfc-editor.org/info/rfc8548>.
[TS23501] 3GPP (3rd Generation Partnership Project), ., "Technical o Olivier Bonaventure
Specification Group Services and System Aspects; System
Architecture for the 5G System; Stage 2 (Release 16)",
2019, <https://www.3gpp.org/ftp/Specs/
archive/23_series/23.501/>.
Authors' Addresses Authors' Addresses
Olivier Bonaventure (editor) Olivier Bonaventure (editor)
Tessares Tessares
Email: Olivier.Bonaventure@tessares.net Email: Olivier.Bonaventure@tessares.net
Mohamed Boucadair (editor) Mohamed Boucadair (editor)
Orange Orange
Rennes 35000
France
Email: mohamed.boucadair@orange.com Email: mohamed.boucadair@orange.com
Sri Gundavelli Sri Gundavelli
Cisco Cisco
Email: sgundave@cisco.com Email: sgundave@cisco.com
SungHoon Seo SungHoon Seo
Korea Telecom Korea Telecom
Email: sh.seo@kt.com Email: sh.seo@kt.com
Benjamin Hesmans Benjamin Hesmans
Tessares Tessares
Email: Benjamin.Hesmans@tessares.net Email: Benjamin.Hesmans@tessares.net
 End of changes. 193 change blocks. 
499 lines changed or deleted 590 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/