Weekly Edition
Return to the Kernel page
| |||||||||||||
Multipath TCP: an overview
The world was a simpler place when the TCP/IP network protocol suite was
first designed. The net was slow and primitive and it was often a triumph
to get a connection to a far-away host at all. The machines at either end
of a TCP session normally did not have to concern themselves with how that
connection was made; such details were left to routers. As a result, TCP
is built around the notion of a (single) connection between two hosts. The
Multipath TCP (MPTCP) project looks
to change that view of networking by adding support for multiple transport
paths to the endpoints; it offers a lot of benefits, but designing a
deployable protocol for today's Internet is surprisingly hard.
Things have gotten rather more complicated in the years since TCP was first deployed. Connections to multiple networks, once the province of large server systems, are now ubiquitous; a smartphone, for example, can have separate, simultaneous interfaces to a cellular network, a WiFi network, and, possibly, other networks via Bluetooth or USB ports. Each of those networks provides a possible way to reach a remote host, but any given TCP session will use only one of them. That leads to obvious policy considerations (which interface should be used when) and operational difficulties: most handset users are familiar with how a WiFi-based TCP session will be broken if the device moves out of range of the access point, for example. What if a TCP session could make use of all of the available paths between the two endpoints at any given time? There would be performance improvements, since each of the paths could carry data in parallel, and congested paths could be avoided in favor of faster paths at any given time. Sessions could also be more robust. Imagine a video stream that is established over both WiFi and cellular networks; if the watcher leaves the house (one hopes somebody else is driving), the stream would shift transparently to the cellular connection without interruption. Data centers, where multiple paths between systems and variable congestion are both common, could also make use of a multipath-capable transport protocol. The problem is that TCP does not work that way. Enter MPTCP, which is designed to work that way.
How it worksA TCP session is normally set up by way of a three-way handshake. The initiating host sends a packet with the SYN flag set, the receiving host, if it is amenable to the connection, responds with a packet containing both the SYN and ACK flags. The final ACK packet sent by the initiator puts the connection into the "established" state; after that, data can be transferred in either direction. An MPTCP session starts in the same way, with one change: the initiator adds the new MP_CAPABLE option to the SYN packet. If the receiving host supports MPTCP, it will add that option to its SYN-ACK reply; the two hosts will also include cryptographic keys in these packets for later use. The final ACK (which must also carry the MP_CAPABLE option) establishes a multipath session, albeit a session using a single path just like traditional TCP. When MPTCP is in use, both sides recognize a distinction between the session itself and any specific "subflow" used by that session. So, at any point, either party to the session can initiate another TCP connection to the other side, with the proviso that the address and/or port at one end or the other of the connection must differ. So, if a smartphone has initiated an MPTCP connection to a server using its WiFi interface:
It can add another subflow at any time by connecting to the same server by way of its cellular interface:
That subflow is added by sending a SYN packet with the MP_JOIN option; it also includes information on which MPTCP session is to be joined. Needless to say, the protocol designers are concerned that a hostile party might try to join somebody else's session; the previously-exchanged cryptographic keys are used to prevent such attacks from succeeding. If the receiving server is amenable to adding the subflow, it will allow the establishment of the new TCP connection and add it to the MPTCP session. Once a session has more than one subflow, it is up to the systems on each end to decide how to split traffic between them (though it is possible to mark a specific subflow for use only when any others no longer work). A single receive window applies to the session as a whole. Each subflow looks like a normal TCP connection, with its own sequence numbers, but the session as a whole has a separate sequence number; there is another TCP option (DSS, or "Data Sequence Signal") which is used to inform the other end how data on each subflow fits into the overall stream. Subflows can come and go over the life of an MPTCP connection. They can be explicitly closed by either end, or they can simply vanish if one of the paths becomes unavailable. If the underlying machinery is working well, applications should not even notice these changes. Just like IP can hide routing changes, MPTCP can hide the details of which paths it is using at any given time. It should, from an application's point of view, just work. Needless to say, there are vast numbers of details that have been glossed over here. Making a protocol extension like this work requires thinking about issues like congestion control, how to manage retransmissions over a different path, how one party can tell the other about additional addresses (paths) it could use, how to decide when setting up multiple subflows is worth the expense, and so on. The MPTCP designers have done much of that thinking; see RFC 6824 for the details.
The dreaded middleboxOne set of details merits a closer look, though. The designers of MPTCP are not interested in going through an idle academic exercise; they want to create a solution to real problems that will be deployed on the existing Internet. And that means designing something that will function with the net as it exists now. At one level, that means making things work transparently for TCP-based applications. But there is an entire section in the RFC that is concerned with "middleboxes" and how they can sabotage any attempt to introduce a new protocol. Middleboxes are routers that impose some sort of constraint or transformation on network traffic passing through them. Network address translation (NAT) boxes are one example: they hide an entire network behind a translation layer that will change the address and port of a connection on its way through. NAT boxes can also insert data into a stream — adding commands to make FTP work, for example. Some boxes will acknowledge data on its way through, well before it arrives at the real destination, in an attempt to increase pipelining. Some routers will drop packets with unknown options; that behavior made the rollout of the selective acknowledgment (SACK) feature much harder than it needed to be. Firewalls will kill connections with holes in the sequence number stream; they will also, sometimes, transform sequence numbers on the way through. Splitting and coalescing of segments can cause options to be dropped or duplicated. And so on; the list of potential problems is impressive. On top of that, anybody trying to introduce an entirely new transport-layer is likely to discover that it will not make it across the Internet at all. Much of the routing infrastructure on the net assumes that TCP and UDP are all there is; anything else has a poor chance of making it through. Working around these issues drove the design of MPTCP at all levels. TCP was never designed for multiple subflows; rather than bolting that idea onto the protocol, it might well have been better to start over. One could have incorporated the lessons learned from TCP in all ways — including doing things entirely differently where it made sense. But the resulting protocol would not work on today's Internet, so the designers had no choice but to create a protocol that, to almost every middlebox out there, looks like plain old TCP. So every subflow is an independent TCP connection in every respect. Since holes in sequence numbers can cause problems, each subflow has its own sequence and a mapping layer must be added on top. That mapping layer uses relative sequence numbers because some middlebox may have changed those numbers as they passed through. The two sides assign "address identifiers" to the IP addresses of their interfaces and use those identifiers to communicate about those interfaces, since the addresses themselves may be changed by a NAT box in the middle. When one side tells the other about an available interface, it adds an "address identifier" to be used in future messages because a NAT box might change the visible address of that interface. Special checks exist for subflows that corrupt data, insert preemptive acknowledgments, or strip unknown options; such subflows will not be used. And the whole thing is designed to fall back gracefully to ordinary TCP if the interference is too strong to overcome. It is all a clever bit of design on the part of the MPTCP developers, but it also highlights an area of concern: the "dumb" Internet with end-to-end transparent routing of data is a thing of the distant past. What we have now is inflexible and somewhat hostile to the deployment of new technologies. The MPTCP developers have been able to work around these limitations, but the effort required was considerable. In the future, we may find that the net is broken in fundamental ways and it simply cannot be fixed; some might say that the difficulties in moving to IPv6 show that this has already happened.
Future directionsThe current MPTCP code can be found at the MPTCP github repository; it adds a good 10,000 lines to the mainline kernel's networking subtree. While it has apparently been the subject of discussions with various networking developers, it has not, yet, been posted for public review or inclusion into the mainline. It does, however, seem to work: the MPTCP developers claim to have implemented the fastest TCP connection ever by transmitting at a rate of 51.8Gb/s over six 10Gb links. MPTCP is still relatively young, so there is almost certainly quite a bit of work yet to be done before it is ready for mainline merging or production use. There is also some thinking to be done on the application side; it may be possible for MPTCP-aware applications to make better use of the available paths. Projects like this are arguably never finished (we are still refining TCP, after all), but MPTCP does seem to have reached the point where more users may want to start experimenting with it. Anybody wanting to play with this code can grab the project's kernel repository and build a custom kernel. For those who are not up to that level of effort, the project offers a number of other options, including a Debian repository, instructions for running MPTCP on Amazon's EC2, and kernels for a handful of Android-based handsets. Needless to say, the developers are highly interested in hearing bug reports or other testing results. (Log in to post comments)
Multipath TCP: an overview Posted Mar 26, 2013 23:17 UTC (Tue) by marcH (subscriber, #57642) [Link]
Looks like SCTP but done in a backward compatible way. Not just in term of middle boxes but also in the term of the socket programming API (so good bye message boundaries)
Other differences?
Multipath TCP: an overview Posted Mar 27, 2013 0:09 UTC (Wed) by nhorman (subscriber, #31658) [Link]
I'm not sure backward compatible is really accurate. Multipath joins still would require the application establishing two connections, ostensibly specifying the second connection as a join rather than a separate connection. Its certainly a neat idea, but it will certainly require some application modification, like sctp.
I wonder if there would be value in a user library that remapped tcp streams on toof multihomed sctp streams? Not universally useful of course, but perhaps a nice alternate solution in some situations
Multipath TCP: an overview Posted Mar 27, 2013 3:50 UTC (Wed) by ebiederm (subscriber, #35028) [Link]
Some API augmentation will doubtless be needed for refined control.
But you can establish a MP-TCP connection using the existing socket APIs. As part of that connect establishment the MP-TCP stack can share all of your routable IP addresses and see which IPs on either side can connect to each other.
With those additional connections MP-TCP can with proper congestion control load-balance your traffic across those flows.
Additionally MP-TCP can add and drop subflows as your device meanders around and connects and disconnects from different networks.
API augmentation is only needed for the times when the defaults aren't optimal for some configuration.
Multipath TCP: an overview Posted Apr 4, 2013 4:04 UTC (Thu) by kevinm (guest, #69913) [Link]
What do the getsockname() and getpeername() APIs do on a MPTCP connection?
Multipath TCP: an overview Posted Apr 4, 2013 6:24 UTC (Thu) by christophpaasch (subscriber, #54567) [Link]
It returns the info from the initial TCP subflow.
So, even if the host has moved away (e.g., moved away from its WiFi access-point and MPTCP switched to 3G), the syscalls still return the old address of the WiFi interface.
Multipath TCP: an overview Posted Mar 27, 2013 4:02 UTC (Wed) by corbet (editor, #1) [Link] The whole idea behind MPTCP is that applications don't need to be changed. It just looks like another TCP connection; the establishment of multiple subflows happens transparently.
Multipath TCP: an overview Posted Mar 27, 2013 13:58 UTC (Wed) by nhorman (subscriber, #31658) [Link]
Except that that really doesn't seem to be the case, at least not completely, and especially if you want application level control over stream selection policy. in the simplest case, consider hosts A and B each with ip addresses A1,A2,B1,B2. If an application on A makes two TCP connections from A1 to B1 and A2 to B2 on the same port, at minimum, the application will need to specify if the second connection is an independent connection (which would be the default without the existance of MP-TCP), or if its meant to join in the prior connection (i.e. flag the second connect with the MP_JOIN flag).
Note, I'm not implying that this is a knock against the notion of MP-TCP, just pointing out that its not completely transparent. Nor should it necessecarily be so. I'm sure that applications will want some level of policy control over which path they take (i.e. phones connected to celular and wifi networks will want to prioritize the wifi as its likely a faster connection).
Multipath TCP: an overview Posted Mar 27, 2013 14:07 UTC (Wed) by corbet (editor, #1) [Link] It seems to me that you are saying that an application doing explicit multipathing now will continue to need to be explicit about it in the future. And yes, when the ability to control MPTCP at the application level becomes available, such an application may well want to avail itself of those controls. But such applications are relatively rare. The vast majority of applications just make "a TCP connection" to somewhere; they will be able to benefit from multiple subflows (if their traffic is of the type that benefits, of course) without any changes at all.
Multipath TCP: an overview Posted Mar 28, 2013 17:13 UTC (Thu) by kov (subscriber, #7423) [Link]
Doing that transparently by default may be a problem for most mobile use cases. Consider a smartphone with a metered cellular connection and a WiFi connection. Most applications would probably not want to download big chunks of data from the cellular connection, even though it could be used to speed things up. That could be controlled at a system level, I imagine, but you'd either need a way of distinguishing at the system-level which applications should be allowed to use multi-path and which not. Or (what I think would be more likely) you'd disable it by default and have applications which really want to use it request it explicitly.
Multipath TCP: an overview Posted Mar 30, 2013 21:12 UTC (Sat) by roblucid (subscriber, #48964) [Link]
True, but wouldn't it be simpler and cleaner to have this policy as part of a virtual router in the device which actually kept the application IP/port the same?
Why should applications, worry & account for multi-homing an so on? You still end up adminstering firewalls to set a policy at a more feasible level.
Multipath TCP: an overview Posted Mar 30, 2013 22:02 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
remember that the server application/port can remain the same if the client has multiple connections. It's only in the case where the server has multiple connections that the it needs multiple IP addresses, and in that case I don't see any way around the issue.
I also don't expect servers to expose multiple connections very frequently, they don't need to and if they are serving substantial numbers of clients, they probably don't want to have any one client be able to use a substantial amount of bandwidth.
I see two categories where multipath TCP makes lots of sense
1. multi-homed clients (wifi + cell, DSL + cable + cell backup, etc)
Here, only the client has multiple IP addresses
2. huge file transfers within one organization on specially setup paths
Here both the client and server may have multiple IP addresses, and even with just a single IP at both ends, they may want to use many subconnections to be more resistant to the effects of packet loss.
Multipath TCP: an overview Posted Mar 31, 2013 7:43 UTC (Sun) by paulj (subscriber, #341) [Link]
There are a lot of trade-offs in multi-homing, because the different available connections may have different properties, e.g. in terms of cost, latency, throughput. The appropriate choice of trade-offs may well differ at different times, and/or for different users, and/or for different applications.
Trying to make the network handle choosing these trade-offs would require either building lots of complex logic into it, to try dynamically second-guess the needs of each user, and/or lots of signalling, to allow the user to instruct the network what it wants (with attendant state overheads in the network).
Pushing these problems out to the edges of the network - ideally to the end-stations - avoids the need for complex, fragile networks. Complex networks also tend to have an ossifying effect on development of new applications. Have a read of "The rise of the stupid network", mirrored at, e.g,: http://www.rageboy.com/stupidnet.html .
Basically, the network should be as simple as it needs to be, but no simpler. ;)
Multipath TCP: an overview Posted Apr 1, 2013 13:24 UTC (Mon) by intgr (subscriber, #39733) [Link]
> Pushing these problems out to the edges of the network - ideally to the end-stations - avoids the need for complex, fragile networks
Sorry to hijack this thread, but I wanted to stress this point. This is exactly what's wrong with NAT: it builds too much smarts into devices whose real purpose is just juggling packets around.
And you see the pains every time someone wants to add an extension to TCP (like MPTCP, ECN and others) or introduce a new transport protocol (SCTP, DCCP). In fact, even application developers suffer and have to come up with clever workarounds (STUN, TURN) or less clever (UPnP). People have to spend heroic amounts of time to work through all the potential issues these "smart" middleboxes introduce, with every vendor bringing their own quirks and bugs on the table.
In the end, innovation suffers and robustness of networks in general suffers due to all the workarounds that have to be employed.
It drives me nuts when people deploy IPv6 and still don't get it, "we're an enterprise, we need NAT". No you don't, you need a firewall.
</rant>
Multipath TCP: an overview Posted Apr 1, 2013 13:44 UTC (Mon) by paulj (subscriber, #341) [Link]
Note though "the network should be as simple as it needs to be, but no simpler." - to paraphrase someone.
While complexity generally should be pushed to the end-stations and kept out of the network, as much as possible, that does not mean *all* complexity should be kept out of the network. There are certain basic functions that *should* be kept in the network, along with whatever complexity is required to support those functions.
E.g. the original designers of TCPIP believed it was very important for the network to abstract away differences in MTUs. They argued that otherwise it would be difficult for end-stations to reliably work-around differences in MTU, so that it would become difficult for the network to make use of larger MTUs. This would block the use of techniques such encapsulation, extra-addressing, etc., by end-stations to solve problems such as mobility, etc. For this reason they made TCPIP support fragmentation at the network level.
Sadly, later implementors and stewards of IP concluded differently. They moved to deprecate fragmentation from IPv4, and excluded it completely from IPv6. Instead, it was left to the end-stations to negotiate the correct MTU. Unfortunately however the original designers of IP have been proven correct. End-station MTU discovery has been proven to be fragile, and often does not work, due to stupid intermediate nodes blocking the required signalling (which is out of band). At the best of times it probably adds more latency than network level fragmentation.
As a result, the Internet is crippled with a 1500 MTU. :( The success of IPv6 would likely set this in stone.
See my blog: http://pjakma.wordpress.com/2011/06/28/cerf-and-kahn-on-w...
Multipath TCP: an overview Posted Apr 1, 2013 15:46 UTC (Mon) by intgr (subscriber, #39733) [Link]
> End-station MTU discovery has been proven to be fragile, and often does not work, due to stupid intermediate nodes blocking the required signalling
Sounds like PMTU discovery has the same enemies: "smart" middleboxes (NAT) and enterprise admins (firewalls).
While I agree that protocol designers should have seen it coming, I still think the larger part of the blame lies with device vendors not implementing existing protocols to the specification and not releasing updates even when those problems are pointed out to them -- basically holding the whole industry hostage because the cost is externalized.
Which brings me to a crazy idea -- perhaps we need an "Acid test of consumer routers" -- following the model of acidtests.org, which pressured several browser vendors to improve on their standards conformance, because every savvy user could easily see how broken their choice was. Has anyone attempted something like this already?
Multipath TCP: an overview Posted Mar 27, 2013 14:47 UTC (Wed) by christophpaasch (subscriber, #54567) [Link]
An MPTCP-api is standardized in [1].
Yes, it could be useful for some applications to have better control on the paths being used. But, this assumes that applications actually know what they want... ;)
Right now, the implementation automatically creates a full mesh among the availabe IP-addresses on the client and the server.
Concerning your use-case where one wants to push more traffic on WiFi than 3G:
[1] https://datatracker.ietf.org/doc/draft-ietf-mptcp-api/
Multipath TCP: an overview Posted Apr 1, 2013 20:55 UTC (Mon) by cesarb (subscriber, #6266) [Link]
It is not "more traffic on wifi". If your 3G is metered and you are connected to wifi, _all_ traffic should be on wifi.
Multipath TCP: an overview Posted Apr 1, 2013 21:08 UTC (Mon) by christophpaasch (subscriber, #54567) [Link]
The protocol allows to not use 3G for data-traffic with the "backup-flag" (MP_PRIO-option in RFC 6824).
Or, it is also possible to simply not open up a subflow across 3G and only create it after the phone lost the WiFi connection. MPTCP supports break-before-make scenarios.
It is simply a question of instructing the kernel to do one or the other through some kind of configuration interface (may it be sockopts, sysctl,...)
Multipath TCP: an overview Posted Apr 1, 2013 22:11 UTC (Mon) by marcH (subscriber, #57642) [Link]
Just FYI: my home Wifi is routed to... a 3G, metered connection.
Far from ideal, but less and less unusual:
https://www.google.ie/search?q=3g+hotspot
Multipath TCP: an overview Posted Mar 27, 2013 0:09 UTC (Wed) by butlerm (subscriber, #13312) [Link]
SCTP is not designed for concurrent multipath transfer, although there are folks working to adapt it for that. Message boundaries, ordered and unordered message delivery, and logically independent message streams are the big differences.
The SCTP socket API is simple enough unless you want to communicate with multiple peers on the same socket or use multiple streams. Then it gets complicated.
Multipath TCP: an overview Posted Mar 27, 2013 3:30 UTC (Wed) by tterribe (✭ supporter ✭, #66972) [Link]
> Message boundaries, ordered and unordered message delivery, and logically
> independent message streams are the big differences.
Those can be done on top of TCP, too. See Minion: http://arxiv.org/abs/1103.0463
Multipath TCP: an overview Posted Mar 27, 2013 8:32 UTC (Wed) by butlerm (subscriber, #13312) [Link]
Minion looks like a great idea, and I hope they are successful.
Multipath TCP: an overview Posted Apr 4, 2013 7:45 UTC (Thu) by eternaleye (guest, #67051) [Link]
I thought it might be worthwhile to point out the main page of the Tng group, who created Minion: http://dedis.cs.yale.edu/2009/tng/
They also have a 'cross-layer negotiation' design, allowing the decision of *which* minion is used to be made on a per-connection basis.
Their general concept of splitting the Transport layer up is (in my view) a very useful one. Even though the IETF passed on codifying it into the literature, it's a very useful pattern in designing protocols - layer an endpoint layer, a congestion layer, an isolation layer, and a semantic layer.
By using UDP as the endpoint layer, you can (potentially) avoid some of the problems MPTCP had to engage in heroics to deal with.
By using (say) a portless variant of DCCP on top of that as congestion control, you have something that could still be within the kernel (after all, there are various protocols implemented in the kernel that go on top of UDP or TCP) but because of the benefits of using UDP as the endpoint layer you don't have the horrific barriers to deployment DCCP proper ran aground on. Plus, this makes per-link congestion control feasible without breaking end-to-end reliability - which has been a significant problem due to the absolutely atrocious interaction of TCP, wireless LAN, and multiple layers of retransmission latency.
Layering the isolation layer here (rather than on top of the semantics) is genius. Aside from that it means you only need a design for datagrams, and not streams (so you can use DTLS regardless of the application-level semantics), it also means that the (intelligent in braindead ways) middleboxes only know information that they might have a valid reason to touch. Beyond that, they basically get told to push off.
Finally, you can build just about any semantics you like on top, by using the resulting building block of secure, point-to-point, CC-friendly unreliable datagram channels.
Multipath TCP: an overview Posted Mar 26, 2013 23:54 UTC (Tue) by dankamongmen (subscriber, #35141) [Link]
This looks a great deal like SCTP.
Multipath TCP: an overview Posted Mar 26, 2013 23:55 UTC (Tue) by dankamongmen (subscriber, #35141) [Link]
...as I see the commenter above me has already pointed out, hah. Sorry!
Multipath TCP: an overview Posted Mar 27, 2013 5:20 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]
This definitely sound interesting. As I see it the issue is going to boil down to how the subflows are managed.
It is also going to matter a lot on how the subflows are handled at each end (both ends have to work well)
If every application ends up having to implement this logic themselves, I don't think it has a chance of working outside of niche cases.
The question is if this logic belongs in a common library or in the kernel.
For now we are at the experimental stage where it should be done in userspace to allow for more experimentation. It will be interesting to see how the experiments settle out, especially in terms of catastrophic interactions between different strategies on the two ends.
Multipath TCP: an overview Posted Mar 27, 2013 9:07 UTC (Wed) by Lennie (subscriber, #49641) [Link]
That part is all mostly done.
It is just the standard existing socket API, if the other side supports it, it will automatically use multiple TCP-connections (subflows).
It also just looks like standard TCP-connections (with some extra option fields filled in) and it automaticalled falls back to regular TCP if something does not work. That means it also works when it encounters NAT.
There is no need to create any userspace code. It can even automatically use IPv6 when you already have connected to an IPv4 address.
It can also handle loss of the first connection.
It's working code, other than that this is a out of tree kernel patch you can run it in a production environment right now (I'm not a developer on this project, just an observer, so don't take my word from it). The RFC is done, the code was developed in parallel to writing the RFC.
As I see it most of work now is trying to shape the patch in such a way that it is ready for mainline. Yes, it can still use some tweaking, but there was already years of evaluating solution and performance testing done.
I really doubt there will be any large changes other then lots and lots of refactoring to get it into mainline.
One thing 'missing' might be an API extension for an application to ask for which IP-addresses/port-numbers it is using right now. Currently you can only use the existing API, which reports the original IP-address/port-numbers that were involved to create the connection.
And it looks like the developers are trying to make it easier to setup the needed routing (when you want to use 2 Internet connections, you'll need two network connections, so: 2 sets of IP-addresses and 2 default gateways).
Here are the demos:
Multipath TCP: an overview Posted Mar 27, 2013 7:04 UTC (Wed) by dilinger (subscriber, #2867) [Link]
Oh, Jon.
Some of us leave the house without driving, you know. :)
Multipath TCP: an overview Posted Mar 27, 2013 8:48 UTC (Wed) by marcH (subscriber, #57642) [Link]
As a matter of fact I read this comment in the train :-)
Multipath TCP: an overview Posted Apr 2, 2013 14:09 UTC (Tue) by wookey (subscriber, #5501) [Link]
That did grate rather.
But one has to make allowances for Americans, even ones as well-adjusted as our esteemed editor.
Personal transit options: US Posted Apr 6, 2013 10:37 UTC (Sat) by Duncan (guest, #6647) [Link]
Of course some USians (for that is what I assume you meant, I'd guess "Americans" in general are far more used to non-personal-automobile transit than the average USian) took pause at that parenthetical as well... While public transit isn't as widespread or as commonly used and therefore generally assumed useful in the US as it tends to be in many other nations, it's certainly there in the larger cities, and many people do depend on it, to the extent of no longer having a personal automobile, finding renting more cost effective for that rare occasion, or even no longer having a(n unexpired) driver's license.
Multipath TCP: an overview Posted Mar 27, 2013 7:23 UTC (Wed) by gylle (subscriber, #15057) [Link]
Combining multiple paths for increased performance (link aggregation) works very well for identical paths, like the port trunking done between two Ethernet switches. Trying to do the same over very different paths as in the Wi-Fi and cellular example in the article is more difficult. Ordinary TCP suffers from out-of-order delivery. If the same TCP session is naively load balanced over Wi-Fi and cellular you often get performance that is a bit worse than the slower of the links alone. How does MPTCP deal with this?
Multipath TCP: an overview Posted Mar 27, 2013 9:03 UTC (Wed) by christophpaasch (subscriber, #54567) [Link]
If the paths have different delays (e.g., WiFi vs. 3G), the Head-of-line blocking is "fixed" by reinjecting the blocking segment on the faster subflow.
You can have a look at the scientific paper, which describes this mechanism:
(Section 4.2)
Multipath TCP: an overview Posted Mar 27, 2013 11:46 UTC (Wed) by gylle (subscriber, #15057) [Link]
Thanks! That was what I was looking for. Quite a costly fix though.
Multipath TCP: an overview Posted Mar 27, 2013 12:43 UTC (Wed) by christophpaasch (subscriber, #54567) [Link]
Costly, in terms of what?
Because we reinject the data on another subflow and thus use its bandwidth?
Multipath TCP: an overview Posted Mar 27, 2013 12:45 UTC (Wed) by christophpaasch (subscriber, #54567) [Link]
Actually, I agree that the stack should reinject as few packets as possible to prevent wasting bandwidth.
But there won't ever be more than one reinjection per RTT of the fast subflow.
Multipath TCP: an overview Posted Mar 27, 2013 8:31 UTC (Wed) by jezuch (subscriber, #52988) [Link]
My naive, outdated understanding of the Internet would suggest that things like this (multipath transmission) would be done on the level of IP, not TCP. But it looks like it's just a sad fantasy at this point. The route across the Internet is paved with good intentions, as they say ;)
Multipath TCP: an overview Posted Mar 27, 2013 8:35 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]
They address this with the comment about how much of the Internet allows TCP and UDP but not any other protocols.
I'm actually a bit surprised that they didn't layer it on top of UDP.
Multipath TCP: an overview Posted Mar 27, 2013 8:54 UTC (Wed) by marcH (subscriber, #57642) [Link]
> I'm actually a bit surprised that they didn't layer it on top of UDP.
I guess this saves them re-implementing congestion control, which is insanely complicated http://lwn.net/Articles/128681/
Multipath TCP is not really "layered" in the usual sense since it needs one native TCP connection for every stream. It looks a bit like... a "plugin" :-)
Multipath TCP: an overview Posted Mar 28, 2013 2:30 UTC (Thu) by martinfick (subscriber, #4455) [Link]
But then it wouldn't just work where TCP already works. In other words middle boxes might let through TCP but not UDP, such paths could not use UDP for MPTCP. Of course, I suppose MPTCP could be extended to use any other transport including UDP at some point.
Multipath TCP: an overview Posted Apr 1, 2013 21:57 UTC (Mon) by marcH (subscriber, #57642) [Link]
To be honest most "middle boxes" I've seen rejecting UDP were just... web proxies and thus not letting *anything* go through.
Of course any intermediate kind of network crippling is possible in theory.
Multipath TCP: an overview Posted Apr 1, 2013 23:31 UTC (Mon) by martinfick (subscriber, #4455) [Link]
Are you sure? I suspect most firewalls, load-balancers, and other middle boxes which do port forwarding or filtering are filtering by protocol, so they will filter out UDP if only the TCP port is open/forwarded.
Multipath TCP: an overview Posted Apr 20, 2013 0:32 UTC (Sat) by vr000m (guest, #90483) [Link]
YMMV, from what I have encountered during our work on WebRTC this amounts to about 10-20% of the cases. Only very special NATs (typically those deployed in enterprises) are very restrictive and for them one would have to tunnel everything over TCP. For the rest of the cases ICE's NAT traversal works fine (i.e., STUN and TURN).
Multipath TCP: an overview Posted Apr 20, 2013 0:27 UTC (Sat) by vr000m (guest, #90483) [Link]
There is Multipath RTP, which solves the same problem for transporting multimedia over multiple paths. We mainly focus on multimedia but RTP can carry (timed text, audio, video).
See:
Multipath TCP: an overview Posted Mar 27, 2013 17:23 UTC (Wed) by robert_s (subscriber, #42402) [Link]
I agree with you.
But I think I understand the reasons why this is not so simple, even if we're assuming widespread IPv6 adoption. Namely it would probably require widespread use of dynamic mesh routing protocols.
If you start with the assumption that the IP layer would need a consistent way of "addressing" a single node moving across connections - a single "IP Address" if you will, you've then got to remember that traditional internet routing works through the majority of IP address structure being hierarchical with respect to routing. This allows most nodes to keep their routing tables fairly small and static.
Essentially, you'd need a routing protocol that could deal with what was your broadband provider's IP suddenly coming under the hierarchy of your mobile provider's network. And the currently used routing protocols simply can't deal with that.
Fundamentally modifications to TCP are necessary Posted Mar 28, 2013 9:54 UTC (Thu) by ebiederm (subscriber, #35028) [Link]
There is a lot you can do at the IP layer to deal with multiple paths, and picking the best path for your packets.
Most of the multipath work in IP is limited by the data structures used to represent routes, and so solutions like ILNP[1] and LISP[2] have been played with to solve the data structure problems, and in similar thinking IPv6 was built with the concept of interfaces having multiple addresses.
However if you want to use more than one of your available paths at once TCP must be changed. From a 10,000 foot view it looks like MP-TCP is making those deep changes to TCP that are needed to do a good job using multiple paths across the network at once.
[1] http://ilnp.cs.st-andrews.ac.uk/
Fundamentally modifications to TCP are necessary Posted Mar 28, 2013 16:33 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
LISP looks more and more hopeless. They are still keeping their head in a very dark place - lots of WG members are still thinking about LISP as a replacement for BGP for stub networks.
Fundamentally modifications to TCP are necessary Posted Mar 29, 2013 20:22 UTC (Fri) by giraffedata (subscriber, #1954) [Link] However if you want to use more than one of your available paths at once TCP must be changed. I believe that is the question that some of us have. Why does TCP have to change? The IP I learned long ago has multipath routing built in and the TCP driver couldn't stop it if it wanted to. If TCP has to be involved in routing, then is part of MPTCP giving the layer above IP the ability to constrain how IP routes the packets? I don't know anything about route advertisement protocols, but assuming there isn't one today that lets the handset merely tell the server that it can reach 1.2.3.4 via 4.3.2.1 (two of the handset's IP addresses), would it be harder to add that than to add the ability for the server to recognize two TCP destinations as the same place (MPTCP)?
Fundamentally modifications to TCP are necessary Posted Mar 30, 2013 10:26 UTC (Sat) by paulj (subscriber, #341) [Link]
At the IP level, nodes are identified by IP addresses and the IP network routes between addresses. This may mean that different packets take different routes, even though they travel from the same source to the same destination IP address. TCP, indeed, generally knows nothing about this.
However, some hosts have multiple network connections. E.g., a common case today is having both a 3G and a wifi connection, each to a completely different network.
There is no way in IP to treat multiple IP addresses as one logical IP, and have IP handle the routing between them. Well, there are some ways (Mobile IP). Unfortunately these solutions rely on tunnelling packets, and the lack of foresight of IP designers and network operators in crippling the Internet to a fixed MTU means tunnelling is not generally practical with the Internet today. (And, sadly, IPv6 makes things worse in this regard :( ).
So, if you want to make use of multiple, disparate, network attachments, you need to do this above IP. Either you must modify TCP, or you must insert another protocol between IP and TCP (e.g. a shim, see shim6). Unfortunately, again down to lack of foresight and (most of all) stupidity of network operators, new IP protocols are not generally practical with the Internet today - too many idiotic middle-boxes will filter it out. So at the TCP level it has to be.
(There's a recurring theme here. If IPv6 fails - and it might - the next generation IP protocol will have to have a fixed preamble that looks exactly like the beginning of an IPv4 + TCP + HTTP packet. Sigh).
Fundamentally modifications to TCP are necessary Posted Mar 30, 2013 20:25 UTC (Sat) by giraffedata (subscriber, #1954) [Link] There is no way in IP to treat multiple IP addresses as one logical IP [address] The MPTCP alternative I'm thinking about wouldn't do that. The client would use one IP address and the overall IP network would route via either the 3G or wifi network based on its own policies. For example, the handset has IP address 1.2.3.4 on the wifi network and 4.3.2.1 on the 3G network. All outgoing packets from the handset bear source IP address 1.2.3.4. All packets the server sends to the handset bear destination IP address 1.2.3.4. The server's routing table (or the routing table in its default router) shows that in addition to the normal routes, 4.3.2.1 is a route to 1.2.3.4. Does that work?
Fundamentally modifications to TCP are necessary Posted Mar 30, 2013 20:39 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
The problem is that when the other side needs to reply to you, it sends packets out with a destination of your 1.2.3.4 IP address
every router along the way will have one best path to get to 1.2.3.4, and so all the traffic will go down that path.
It's this best path priority routing that lets the Internet work as well as it does, but it means that if you have two completely different connections, and you want to use them both, you have to split the traffic between two different IP addresses, one for each connection, so that the traffic to you will get split between those connections.
The nice thing with multipath TCP is that it can do this under the covers (in a library or in the kernel).
With multipath TCP widely available, you could even have this implemented in a router. The router would have multiple connections, and proxy the TCP connection into multipath TCP, utilizing the multiple connections that it has completely transparently to the endpoint machine.
Fundamentally modifications to TCP are necessary Posted Mar 30, 2013 20:42 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
Clarifying one point that I skipped
Routing on the Internet is done one hop at a time.
your default routers don't talk directly to the server, they talk to other routers that talk to other routers.... that talk to the server.
It's common to have 10-20 routers in the path for some connections (do a traceroute to the server to see the routers that your traffic to the server goes through, and keep in mind that the traffic from the server back to you may go through a different series of routers)
Fundamentally modifications to TCP are necessary Posted Mar 31, 2013 1:01 UTC (Sun) by giraffedata (subscriber, #1954) [Link] Thanks; that explains it. I forgot that every router along the way would be independently choosing a route to the destination.
Fundamentally modifications to TCP are necessary Posted Mar 30, 2013 22:30 UTC (Sat) by paulj (subscriber, #341) [Link]
So does the intermediary node with the "4.3.2.1 is also a destination for 1.2.3.4" routing entry also send copies of the packet to 4.3.2.1? Or just to 1? If copies, what happens if the copies also go through intermediaries that create copies?
Is this more efficient than just letting the end-stations create additional flows between any additional IP addresses? If yes, how?
Fundamentally modifications to TCP are necessary Posted Apr 1, 2013 22:41 UTC (Mon) by marcH (subscriber, #57642) [Link]
> So, if you want to make use of multiple, disparate, network attachments, you need to do this above IP. Either you must modify TCP, or you must insert another protocol between IP and TCP (e.g. a shim, see shim6).
The original sin is actually quite simple: it's the lack of layering in TCP/IP. TCP should not "steal" and rely on IP addresses directly. Just like every other layer, the TCP layer should have a its own "host address" and some indirection logic to resolve it to IP layer address(es). This indirection logic would be the most natural place to implement mobility and all the other features Multipath TCP is offering. I'm sure there are a few good research papers explaining this.
Now of course it's way too late for such a dramatic change but keeping in mind the core shortcoming and the very theoretical but "correct" design helps understand all the numerous and more complex workarounds that keep being offered. I find.
Fundamentally modifications to TCP are necessary Posted Apr 1, 2013 23:14 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]
In theory you could propagate routes for every host to the entire Internet and all hosts could move dynamically.
In practice it just doesn't scale, the overhead of letting the routing tables get that large just doesn't work at acceptable speeds.
Someday this may change.
It has changed for phones. It used to be that the area code and first three digits of the number routed you to specific buildings and then the last digits routed you out from that. so while there are still large chunks of landlines that mostly follow this model, phone number portability and cell phones make it so that any phone number can appear anywhere on the network.
now, the phone system only needs to find this to setup the conversation, not for each packet. This is the "smart network vs dumb network" discussion from above.
Given that the "smart network" of the phone system now tends to run on top of the "dumb network" of the Internet, I think it's pretty clear that the Internet has shows itself to be far superior
If you think about it, the Internet already has the layer of indirection you are talking about, DNS. The problem is that looking things up in DNS is far too slow and updates far too infrequently for it to be used in routing decisions for every packet.
Fundamentally modifications to TCP are necessary Posted Apr 2, 2013 2:44 UTC (Tue) by giraffedata (subscriber, #1954) [Link] Layering doesn't require TCP to have endpoint addressing that doesn't involve IP addresses, because it isn't that kind of layer. Now if TCP were a network topology layer, then it would need its own addressing and could easily do the kind of routing we're talking about. But I would not expect anyone to have designed TCP that way, because it would be redundant. The basic architecture of the Internet says routing packets to whatever ephemeral link happens to be up now is what the IP layer is for. A TCP driver is supposed to be blissfully ignorant of paths and concentrate on turning a blizzard of packets into an ordered, ungranular, reliable stream. The problem as I see it is just that IP hasn't evolved in a way that its routing protocols are sufficent for the needs of millions of handsets hopping from one wireless network to another. Considering that the original routing protocols were hardcoded files on each node, that's not surprising.
Fundamentally modifications to TCP are necessary Posted Apr 2, 2013 7:25 UTC (Tue) by marcH (subscriber, #57642) [Link]
An IP address conflates two things that should be separate: location (where) and identity (who). The latter should be in layer 4.
You don't ask the entire Post office to update ZIP codes when you move house.
It's not me saying it but the whole research community. Look at M-TCP, HIP, GTP (GPRS tunnelling), dynamic load balancing,... they are all try to somehow retrofit this separation in a backward, half-compatible way. Because it's too late it tends not to be pretty.
"As simple as possible, but not simpler" - too simple this time.
Fundamentally modifications to TCP are necessary Posted Apr 2, 2013 12:17 UTC (Tue) by paulj (subscriber, #341) [Link]
I don't think IP conflates these. It just wasn't an issue on the horizon in the design of IP. That said, the original designers of IP did envision that further addressing schemes (e.g the "associative addressing" Cerf & Kahn referred to in their '74 paper) might be layered over TCP.
Sadly, the designers and implementors that followed chose to prioritise short-term performance concerns over the long-term flexibility of IP. It became effectively impossible to insert new protocols between IP and TCP (in the sense of it having an IP protocol number != TCP).
It might still be possible to insert an identity layer. The lower 64 bits of the IPv6 address could be used for this. Unfortunately though:
a) There's no guarantee IPv6 will succeed
b) Even if it does, there are (as usual) short-sighted people out there pushing to abolish the split in IPv6 addresses between network and host ID portions ("Why should we limit the hierarchical network space to 64 bits? Why do we need 64 bits for a host?").
So we shall see if this is possible. Otherwise, it has to be done in TCP.
Identity is a very complex issue. It can mean different things to different people/processes at different times. Think about the identity for an email address, or an SSL cert, or a web page - you can surely think of many different scenarios and distinct issues for each. At the network layer, it is very hard to come up with a universal meaning of identity other than "the location in the network". Identity is an issue that really can't be solved at the network layer, other than equating it with location. Even a shim protocol between TCP and IP can't really say more than "these 2 network locations appear to be controlled by the same entity, around this time".
Anyway... :)
Fundamentally modifications to TCP are necessary Posted Apr 2, 2013 16:15 UTC (Tue) by giraffedata (subscriber, #1954) [Link] An IP address conflates two things that should be separate: location (where) and identity (who). The latter should be in layer 4. I'm with you on there being a need to separate location and identity, and to do it by layers, but it looks like all part of layer 3 (network layer) to me. One should be able to direct any IP packet to an identity, not just a TCP stream. That's just speaking of ideals, of course. I'm not saying that's the direction we should be going now. There is a layering issue between TCP and IP in that the TCP port address shouldn't be in the IP packet header. I wouldn't want to confuse that with this.
Multipath TCP: an overview Posted Mar 30, 2013 8:28 UTC (Sat) by gdt (subscriber, #6284) [Link]
That wouldn't be a good idea. Almost all IP-using protocols maintain an estimate of the "path round-trip time". Using multiple paths at the IP layer would lead to high variability in the estimate of the round trip time. Thus those protocols wouldn't be able to optimise throughput, flow control or buffer usage.
Multipath TCP: an overview Posted Mar 27, 2013 9:27 UTC (Wed) by osma (subscriber, #6912) [Link] This is a bit similar (but obviously much more generic) to what mosh does today with ssh connections, though mosh uses UDP. I've been a happy user of mosh on my smartphone (Nokia N9) since I discovered it, as it makes shell sessions much more bearable even with intermittent WiFi and 3G connectivity.
Multipath TCP: an overview Posted Mar 28, 2013 17:31 UTC (Thu) by jnareb (subscriber, #46500) [Link] But mosh requires that you have mosh-server installed on remote server, isn't it?MPTCP is to be completely transparent.
Multipath TCP: an overview Posted Mar 31, 2013 16:35 UTC (Sun) by martinfick (subscriber, #4455) [Link]
Well it isn't completely transparent, you still need MPTCP support on the server.
Multipath TCP: an overview Posted Mar 31, 2013 21:20 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
But the server support could be completely in the OS, transparent to the application couldn't it?
Multipath TCP: an overview Posted Mar 27, 2013 9:45 UTC (Wed) by marcH (subscriber, #57642) [Link]
> It is all a clever bit of design on the part of the MPTCP developers, but it also highlights an area of concern: the "dumb" Internet with end-to-end transparent routing of data is a thing of the distant past. What we have now is inflexible and somewhat hostile to the deployment of new technologies. The MPTCP developers have been able to work around these limitations, but the effort required was considerable. In the future, we may find that the net is broken in fundamental ways and it simply cannot be fixed; some might say that the difficulties in moving to IPv6 show that this has already happened.
The only problem is the lack of error reporting. For almost every other IT problem you can google error messages, extract log files,... on the other hand, the network is a complete black hole. The only way to fix this is a new name-and-shame technique or tool (let's call it "libMTR++").
The end-to-end principle cannot fight back in the dark, it has to KNOW where to hit in the first place.
Examples:
- My Linux laptop had poor battery life. I ran PowerTOP. I reported "power bugs" and stopped using the wrong applications. Problem solved.
- My connection was bufferbloated (I could not video conference on it). I used MTR which pointed the problem at my mobile ISP. I switched to a different ISP. problem solved. (This is a *real story*!)
In the future:
- Gnutello5 (the new piece of software I want to use) depends on SCTP for some reason. Gnutello5 is not just using SCTP but also linked to "libMTR++". When connections time out the software does NOT just throw a generic and very poor "connection failed" message like it is doing now. Instead it offers the option to ask libMTR++ to perform a quick network trace/scan. Half of the time libMTR++ is able to return an informative error message pointing at *which subnet drops the packets*. Gnutello5 forums are flooded with messages saying "don't use this ISP". All Gnutello5 users switch ISP and other ISPs have to get their act together. Problem solved.
In the next few years IPv6 will be a great opportunity to test this "name-and-shame" approach. libMTR++ will not even be required for IPv6, "whatismyaddress.com" will be enough.
http://www.google.com/ipv6/statistics.html#tab=per-countr...
Multipath TCP: an overview Posted Mar 27, 2013 11:50 UTC (Wed) by paulj (subscriber, #341) [Link]
This libMTR++ sounds excellent. Was terribly disappointed when, after googling, I realised you were wishing for it and it doesn't exist yet. ;)
Multipath TCP: an overview Posted Apr 1, 2013 22:03 UTC (Mon) by marcH (subscriber, #57642) [Link]
> ... and it doesn't exist yet. ;)
I know at least Skype and AnyConnect which already have _some_ of the abilities of my fictional libMTR++.
However they are only designed for internal use, i.e.: working around network limitations and barely reporting them.
Multipath TCP: an overview Posted Mar 28, 2013 16:53 UTC (Thu) by raven667 (subscriber, #5198) [Link]
I don't have the background to comment on this intelligently but I showed this to someone with more experience and they pointed out that they had seen many such research projects in the '80s but that they always failed because they were unable to account for all the complex interactions between the multiple streams and balancing data across them. Essentially they get bogged down in new and impressive corner cases where traffic stops or where it causes extreme congestion. This may be something that is only useful on a local managed network and not across the open Internet.
Multipath TCP: an overview Posted Mar 28, 2013 17:44 UTC (Thu) by christophpaasch (subscriber, #54567) [Link]
Does your friend you are mentioning may share the references of his claims?
MPTCP has no issues with head-of-line blocking, because the receive-window is not on a per-subflow level but rather on the data-level [1].
I don't see, how MPTCP could cause extreme congestion, because the coupled congestion control makes sure that MPTCP is fair to other flows across shared bottlenecks [2].
Cheers,
[1] https://datatracker.ietf.org/doc/rfc6824/
Multipath TCP: an overview Posted Mar 29, 2013 13:51 UTC (Fri) by paulj (subscriber, #341) [Link]
I don't quite remember the details, but I sat through a presentation by someone involved with MP-TCP. They were a mathematician who'd been brought on to work on the congestion control side and formulate a mechanism that would work and be fair to both MP-TCP and plain TCP flows.
Not vouching for their success in this, but they do appear to have thought about congestion control.
Multipath TCP: an overview Posted Mar 30, 2013 8:37 UTC (Sat) by gdt (subscriber, #6284) [Link]
There are no end of those protocols. I work in academic networking and I've experienced my fair share of them. Usually they are to compensate for poor single-flow performance, a problem Linux generally doesn't have if you simply give enough memory to the autotuned TCP buffers.
MPTCP is the idea implemented well. That's a good thing, as it gives us a place to point users who think they might do better implementing this idea themselves.
|
|||||||||||||
![[Cheesy diagram]](/images/2013/mptcp1.png)
![[Cheesy diagram]](/images/2013/mptcp2.png)