MultiPath TCPThe path to multipath

Diogo Mónica (@diogomonica)

motivation

User streamingradio

4G BS

WiFI AP

User streamingradio

4G BS

WiFI AP

motivation

UnnecessaryCollision

motivation• Adds Redundancy and Persistence

• Connection stays up when one link fails

• Reduces Congestion

• Ability to steer traffic away from congested links

• Increases Efficiency

• Takes advantage of additional interfaces, parallel paths

what

• Multipath TCP is an evolution of TCP that can effectively use multiple paths within a single transport connection

• RFC6824

• 30 (decimal) in the TCP kind field

features

• Supports unmodified network and applications

• Copes with NATs on the path

• Defensive fall back to normal TCP (strictly better than normal TCP)

how

• Replaces the lower-level socket implementations

• Three independent implementations

• Working linux kernel implementation

• iPhones currently use MPTCP for Siri connections

why not SCTP?

• Does not support middle boxes

• Requires application changes

Connection establishment

• Three-way handshake with MP_CAPABLE options set

Syn

Syn/Ack

Ack

Connection establishment

SynMP_CAPABLE, A's key, flags

Syn/AckMP_CAPABLE, B's key, flags

AckMP_CAPABLE, A's key, B's key, flags

Connection establishment

• Optional TCP checksums

• Crypto algorithm negotiation based on optional flags

• Currently only supports SHA-1

Subflow creation

Socket MTCPConnection SocketMTCP

Connection

Subflow creation

SynMP_JOIN, B's token, A's nonce,

A's Address ID, flags

Syn/AckMP_JOIN, B's HMAC, B's nonce,

B's Address ID, flags

AckMP_JOIN, A's HMAC

Ack

token = H(key || nonce)[:32]

Address ID = Unique (Implementation

specific)

data transfer

• 64-bit data sequence number (DSN) to number all data sent over the MPTCP connection

• Each subflow has its own 32-bit sequence number space

data transfer

• All subflows share the same receive buffer and advertise the same receive window.

• Two level of ACKs, regular ACKs on each subflow and connection-level ACKs for the data sequence space

data transfer

• Initial sequence number is generated from the key (deterministic, but random).

• ISDN-A = H(Key-A)[:64]

• Receiver can ensure no gaps in sequence space at the start of the connection

path priorities

• Hosts can indicate whether they wish a subflow to be used as a regular or backup path

• A backup path is only used if there are no regular paths available.

• Final bit of the MP_JOIN option

security considerations

• Time-Shifted Hijacking Attacks become harder

• Flooding attacks still have a stateless solution

• Possibility of using other crypto algorithms in the future

• Security of MTCP is “no worse” than regular TCP

Conclusion

• MPTCP is strictly better than TCP*

* this claim is totally implementation dependent

References• http://tools.ietf.org/html/rfc6824

• http://tools.ietf.org/html/rfc6181

• http://www.bsdcan.org/2013/schedule/attachments/250_BSDCan2013_MPTCP.pdf

• https://www.usenix.org/conference/nsdi12/how-hard-can-it-be-designing-and-implementing-deployable-multipath-tcp

• http://perso.uclouvain.be/olivier.bonaventure/blog/html/2013/09/18/mptcp.html