Network-Assisted MPTCP: Use Cases, Deployment Scenarios and Operational Considerations

The overall quality of connectivity services can be enhanced by combining several access network links for various purposes - resource optimization, better resiliency, etc. Some transport protocols, such as Multipath TCP, can help achieve such better quality, but failed to be massively deployed so far. The support of multipath transport capabilities by communicating hosts remains a privileged target design so that such hosts can directly use the available resources provided by a variety of access networks they can connect to. Nevertheless, network operators do not control end hosts while the support of MPTCP by content servers remains close to zero. Network-Assisted MPTCP deployment models are designed to facilitate the adoption of MPTCP for the establishment of multi-path communications without making any assumption about the support of MPTCP capabilities by communicating peers. Network-Assisted MPTCP deployment models rely upon MPTCP Conversion Points (MCPs) that act on behalf of hosts so that they can take advantage of establishing communications over multiple paths. Such MCPs can be deployed in CPEs (Customer Premises Equipment), as well in the network side. MCPs are responsible for establishing multi-path communications on behalf of endpoints. This document describes Network-Assisted MPTCP uses cases (), deployment scenarios (), and operational considerations ().

The reader should be familiar with the terminology defined in . This document makes use of the following terms: Client: an endhost that initiates transport flows forwarded along a single path. Such endhost is not assumed to support multipath transport capabilities. Server: an endhost that communicates with a client. Such endhost is not assumed to support multipath transport capabilities. Multipath Client: a Client that supports multipath transport capabilities. Multipath Server: a Server that supports multipath transport capabilities. Both the client and the server can be single-homed or multi-homed. However, for the use cases discussed in this document, the number of interfaces on the endhosts is not relevant. Transport flow: a sequence of packets that belong to a unidirectional transport flow and which share at least one common characteristic (e.g., the same destination address). TCP and SCTP flows are composed of packets that have the same source and destination addresses, the same protocol number and the same source and destination ports. Multipath Conversion Point (MCP): a function that terminates a transport flow and relays all data received over it over another transport flow. MCP is a function provided by the network operator that converts a multipath transport flow and relays it over a single path transport flow and vice versa.

The first use case is a Multipath Client that interacts with a Server. To benefit from the capabilities of its multipath transport protocol, the Multipath Client will interact with a Multipath Conversion Point (MCP) located in the network as illustrated in .

MCP <------------> S +<============>+ Legend: <===>: MPTCP leg ]]> A similar approach consists of a Multipath Server that leverages its multipath capabilities when interacting with a Client as shown in .

MCP <===========> S +<=============>+]]> The third use case is when a Client interacts with a Server and the corresponding communication is deemed eligible to multi-path forwarding. In this case, two Multipath Conversion Points are used. The upstream MCP converts the (single path) transport flow initiated by the Client into a multipath transport flow towards a downstream MCP (called, network-located MCP). This downstream MCP converts the multipath transport flow received from the upstream MCP in a single path transport flow forwarded to the destination Server. The end-to-end transport flow between the Client and the Server is thus decomposed into three flows as shown in : A (single path) transport flow between the Client and the upstream MCP, a multipath transport flow between the upstream and the downstream MCPs, and a single path transport flow between the downstream MCP and the Server.

MCP <===========> MCP <------------> S +<=============>+]]>

This section discusses some deployment scenarios related to Network-Assisted MPTCP designs.

This deployment scenario is considered by mobile operators so that they can propose their customers to aggregate LTE resources with WLAN resources. As depicted in , the mobile terminal (UE, User Equipment) is MPTCP-capable. The MCP function is enabled in the network to terminate MPTCP connections (e.g., in the PDN Gateway, a dedicated service function located at the (S)Gi interface, co-located with a TCP proxy, etc.). This deployment scenario is an implementation of the use case depicted in .

Internet | | || (MCP) || | | |+--------------+| | | IP Network #2 | | | | _--------_ | | | | ( ) | | | +=======+ WLAN +==+ | | | (_ _) | | +------------+ (_______) +----------------+ ]]>

One of the promising deployment scenarios for Multipath TCP is to enable a CPE that is connected to multiple access networks (e.g., DSL, LTE, WLAN) to optimize the usage of such resources. This deployment scenario, called Hybrid Access, relies upon MCPs located in both the CPE and the network (). The latter plays the role of an MPTCP concentrator. Such concentrator terminates the MPTCP sessions established from CPEs, before redirecting traffic into legacy TCP sessions. This deployment scenario is an implementation of the use case depicted in .

Internet | | || (MCP) || | | |+--------------+| | | IP Network #2 | | | | _--------_ | | | | ( DSL ) | | | +=======+ +==+ | | | (_ _) | | +-----+------+ (_______) +----------------+ | ---- LAN ---- | end-nodes ]]> For mobile operators that provide CPE-based mobile broadband services, LTE and WLAN resources can be aggregated by means of MPTCP. In such deployment scenario, the MCP function is enabled in the CPE and in the network.

The location of MCPs is deployment-specific. Network Providers may choose to adopt centralized or distributed designs. Nevertheless, in order to take advantage of MPTCP, the location of an MCP should not jeopardize packet forwarding performance overall.

Two deployment scenarios can be considered for involving an MCP in the communication path. These scenarios are described below.

This scenario assumes that the IP reachability information of an MCP is explicitly configured on a device, e.g., by means of a specific DHCP option . A device can be a CPE or a host. MPTCP connections are established explicitly using the address(es) of the MCP (). In order to forward packets to their ultimate destination, the MCP is provided during the connection establishment with the destination IP address (and optionally destination port numbers). Typically, this is achieved thanks to the use of the MP_CONVERT option defined in .

|<---TCP -->| | | | | Legend: H1: A host serviced by an MCP. RM: A remote machine. ]]> This scenario aims to avoid any adherence of the Network-Assisted MPTCP procedure and the underlying routing and forwarding policies. Furthermore, this scenario allows for more flexibility in terms of mounting MPTCP subflows as it does not require any specific order in the establishment of subflows among available interfaces. Because the MCP's reachability information is explicitly configured on the device, means to guarantee successful inbound MPTCP connections can be enabled in the device to instruct the MCP to maintain active bindings so that incoming packets can be successfully redirected towards the appropriate device.

Unlike the explicit mode, the implicit mode assumes that the MCP is located on a default forwarding path (primary path). As such, the first subflow must always be placed over that primary path so that the MCP can intercept MPTCP flows. Once intercepted, the MCP advertises its reachability information by means of MPTCP signals (MP_JOIN or ADD_ADDR).

|<---TCP -->| | | ... | | | |src:h2@ dst:mcp@| dst:rm@| | |<=========Secondary MPTCP subflow=======>|<---TCP -->| | | ... | | ]]> Subsequent subflows are then sent directly to the MCP (). The handling of these subsequent subflows is identical to the one of the explicit mode; only the establishment of the initial subflow differs. Concretely, in reference to , once the upstream MCP intercepts an initial subflow, it adds itself to the MPTCP connection by sending ADD_ADDR on the primary subflow. Then, MP_JOIN is sent to the IP address conveyed in ADD_ADDR to create the secondary subflow.

| | | |<============SYN/ACK(MPJOIN)=============| | | |============ACK(MP_JOIN)================>| | | | ... | |]]>

If no MP_CONVERT option () is included in the initial SYN message, the MCP cannot distinguish "native" MPTCP connections from "proxied" ones. The subsequent risk is that native MPTCP communications will be reverted to TCP connections. Such risk should be mitigated by enabling the MP_CONVERT option to be included in the SYN message to create the initial subflow.

The Network Provider that manages the various network attachments (including the MCPs) may enforce authentication and authorization policies using appropriate mechanisms. For example, a non-exhaustive list of methods to achieve authorization is provided hereafter: The network provider may enforce a policy based on the International Mobile Subscriber Identity (IMSI) to verify that a user is allowed to benefit from the aggregation service. If that authorization fails, the Packet Data Protocol (PDP) context /bearer will not be mounted. This method does not require any interaction with the MCP. The network provider may enforce a policy based upon Access Control Lists (ACLs), e.g., at a Broadband Network Gateway (BNG) to control the CPEs that are authorized to communicate with an MCP. These ACLs may be installed as a result of RADIUS exchanges, for instance (). This method does not require any interaction with the MCP. The MCP may implement an Ident interface to retrieve an identifier that will be used to assess whether that client is entitled to make use of the aggregation service. Ident exchanges will take place only when receiving the first subflow from a given source IP address. The device that embeds the MCP may also host a RADIUS client that will solicit an AAA server to check whether connections received from a given source IP address are authorized or not (). A first safeguard against the misuse of MCP resources by illegitimate users (e.g., users with access networks that are not managed by the same service provider that operates the MCP) is to reject MPTCP connections received on the Internet-facing interfaces. Only MPTCP connections received on the customer-facing interfaces of an MCP will be accepted. Because only the CPE is entitled to establish MPTCP connections with an MCP, ACLs may be installed on the CPE to avoid that internal terminals issue MPTCP connections towards one of the MCPs.

The MCP MUST be provided with instructions about the behavior to adopt with regards to the processing of source addresses. The following sub-sections elaborate on various schemes.

Transparent Network-Assisted MPTCP deployment is a deployment where the visible source address of a packet forwarded by an MCP to a remote machine located in the Internet is the IP address of the endhost, not an address that is provisioned to the MCP. In order to intercept incoming traffic, specific IPv4/IPv6 routes are injected so that traffic is redirected towards the MCP. No dedicated IP address pool is required to the MCP for the Network-Assisted MPTCP service.

The MCP can be tweaked to behave in the IPv4 address preservation mode. This is the IPv4 address assigned to the endhost (typically, within a mobile deployment context as discussed in ) or a WAN address of the CPE for the wired case ().

Some IPv6 deployments may require the preservation of the source IPv6 prefix (). This model requires the MCP to support ALGs to accommodate applications with IPv6 address referrals.

||------------------------------------>|---------->| | Dst:IP@d|| | dst:IP@d| | || | | |<--SYN/ACK-||<---------------SYN/ACK--------------|<-SYN/ACK--| |---ACK---->||----------------ACK----------------->|---ACK---->| | || | | Legend: mcf: MCP Customer-facing Interface ]]>

Some IPv6 deployments may require the preservation of the source IPv6 address (). This model avoids the need for the MCP to support ALGs to accommodate applications with IPv6 address referrals.

Unlike the transport mode, this section focuses on deployments where a dedicated IP address pool is provisioned to the MCP for the Network-Assisted MPTCP service.

Because of global IPv4 address depletion, optimization of the IPv4 address usage is mandatory. This obviously includes the IPv4 addresses that are assigned by the MCP at its Internet-facing interfaces ( and ). A pool of global IPv4 addresses is provisioned to the MCP along with possible instructions about the address sharing ratio to apply (see Appendix B of ). Adequate forwarding policies are enforced so that traffic destined to an address of such pool is intercepted by the appropriate MCP.

|---SYN---->| || | dst:IP@d| || | | ||<--------------------SYN/ACK--------------------|<-SYN/ACK--| ||-----------------------ACK--------------------->|---ACK---->| || | | Legend: mcf: MCP Customer-facing Interface mif: MCP Internet-facing Interface ]]>

||----------------SYN----------------->|---SYN---->| | dst:IP@d|| dst:IP@mcf| dst:IP@d| | || | | |<--SYN/ACK-||<---------------SYN/ACK--------------|<-SYN/ACK--| |---ACK---->||----------------ACK----------------->|---ACK---->| | || | | ]]>

For networks that do not face global IPv4 address depletion yet, the MCP can be configured so that source IPv4 addresses of the CPE are replaced with other (public) IPv4 addresses. A pool of global IPv4 addresses is then provisioned to the MCP for this purpose. Rewriting source IPv4 addresses may be used as a means to redirect incoming traffic towards the appropriate MCP.

Rewriting the source IPv6 prefix () may be needed to redirect incoming traffic towards the appropriate MCP. A pool of IPv6 prefixes is then provisioned to the MCP for this purpose.

Subflows of a given MPTCP connection can be associated to the same address family or may be established with different address families. Also, the Network-Assisted MPTCP using MP_CONVERT option, regardless of the addressing scheme enforced by each CPE network attachment. In particular, the plain transport mode indifferently accommodates the following combinations. LAN Leg MPTCP Legs TCP Leg towards RM IPv4 IPv4 IPv4 IPv4 IPv6 IPv4 IPv4 IPv6 & IPv4 IPv4 IPv6 IPv6 IPv6 IPv6 IPv4 IPv6 IPv6 IPv6 & IPv4 IPv6

The logic of traffic distribution over multiple paths is deployment-specific. This document does not require nor preclude any particular traffic distribution scheme. Nevertheless, MCPs MUST be configurable with a parameter to indicate which traffic distribution scheme to enable. Indeed, policies can be enforced by an MCP instance operated by the Network Provider to manage both upstream and downstream traffic. These policies may be subscriber-specific, connection-specific, system-wise, or else.

The Multipath Client and MCPs may be provided with a set of classification policies to help electing flows for the MPTCP service. These policies may be provisioned either statically and dynamically (or a combination thereof). Also, multiple MCPs may serve a given end-user, as a function of the nature of the service or the traffic to be forwarded over MPTCP connections. For example, an MCP may be used by a service provider to proceed with CPE-targeted maintenance operations, whereas another MCP may be configured to service multi-path communications initiated by a set of end-users.

Methods to avoid TCP fragmentation, such as rewriting the TCP Maximum Segment Size (MSS) option, must be supported by MCPs.

The MCP MAY be configured to preserve the same DSCP marking or enforce DSCP re-marking policies. DSCP preservation MUST be enabled by default.

The MCP supports TCP by design. Additional transport protocols SHOULD be supported. A configuration parameter MUST be supported by the MCP to indicate which transport protocols can be relayed into an MPTCP connection.

If the MCP is used in global IPv4 address sharing environments, the logging recommendations discussed in Section 4 of need to be considered. Security-related issues encountered in address sharing environments are documented in Section 13 of . A configuration parameter should be supported to enable/disable the logging function.

This document does not request any action from IANA.

MPTCP-related security threats are discussed in and . Additional considerations are discussed in the following sub-sections.

The MCP may have access to privacy-related information (e.g., IMSI, link identifier, subscriber credentials, etc.). The MCP MUST NOT leak such sensitive information outside a local domain.

Means to protect the MCP against Denial-of-Service (DoS) attacks MUST be enabled. Such means include the enforcement of ingress filtering policies at the network boundaries . In order to prevent the exhaustion of MCP's resources by establishing a large number of simultaneous subflows for each MPTCP connection, the MCP administrator SHOULD limit the number of allowed subflows per CPE for a given connection. Means to protect against SYN flooding attacks MUST also be enabled (). Attacks that originate outside of the domain can be prevented if ingress filtering policies are enforced. Nevertheless, attacks from within the network between a host and an MCP instance are yet another actual threat. Means to ensure that illegitimate nodes cannot connect to a network should be implemented.

Traffic theft is a risk if an illegitimate MCP is inserted in the path. Indeed, inserting an illegitimate MCP in the forwarding path allows traffic intercept and can therefore provide access to sensitive data issued by or destined to a host. To mitigate this threat, secure means to discover an MCP should be enabled.

The MCP may perform packet reassembly. Some security-related issues are discussed in .

Many thanks to Chi Dung Phung, Mingui Zhang, Rao Shoaib, Yoshifumi Nishida, and Christoph Paasch for the comments. Thanks to Ian Farrer, Mikael Abrahamsson, Alan Ford, Dan Wing, and Sri Gundavelli for the fruitful discussions held during the IETF#95 meeting. Special thanks to Pierrick Seite, Yannick Le Goff, Fred Klamm, and Xavier Grall for their valuable comments. Thanks also to Olaf Schleusing, Martin Gysi, Thomas Zasowski, Andreas Burkhard, Silka Simmen, Sandro Berger, Michael Melloul, Jean-Yves Flahaut, Adrien Desportes, Gregory Detal, Benjamin David, Arun Srinivasan, and Raghavendra Mallya for the discussion.