[Q] Should the traffic be MPTCP-enabled among hops whenever possible?

[lenormf]

Hi,

Please consider the following simple configuration:

[system `A`] → [system `B`] → [system `C`]

Systems A & B are MPTCP capable and configured properly.

When A tries to reach C, e.g. curl http://C/index.html, and A's next-hop is B, should we observe MPTCP traffic between A and B with the current implementation of linux-mptcp (say v0.94)? I.e. should B passively accelerate all traffic going through it, when the packets are destined to reach a non-MPTCP capable system?

If not, could you please explain why (technical reason? other?), and if it's something that you would consider to have work?

Thanks!

[cpaasch]

In the case you are describing, B is simply acting as a router.

However, MPTCP is only happening between TCP-endpoints (A and C in this case).

[lenormf]

I don't understand your reply, should multiple interfaces be used between A and B, when reaching C from A in the case I described?

C isn't MPTCP capable, so should I expect MPTCP to be working between systems that do have it enabled?

[matttbe]

@lenormf : the endpoints needs to support MPTCP. In you case, let's say that A is the client, C is the server and B is a router:

• A and C needs to support MPTCP
• B needs to support TCP forwarding (basic feature for a router)
• if A and/or C doesn't support MPTCP, then you don't have MPTCP at all.
• if only A and B support MPTCP, you can only have MPTCP if A establishes a connection to B (or the opposite). In this case, A and B are the endpoint, e.g. A is the client, B is the server, not the router.

In other words, if you want to use MPTCP between A and B and TCP between B and C, B needs to intercept the connections from A and proxy the data to C... B is then a proxy server (A is a proxy client)

[lenormf]

Thanks a lot @matttbe, that clears it up.

But that leads us to my final question, in the original post: is that scenario something that could be made to work (to have transparent MPTCP acceleration without using proxy services on the router), somehow? It might not be covered by the protocol, or maybe it's not possible for technical reasons?

[matttbe]

to have transparent MPTCP acceleration without using proxy services on the router

@lenormf : Without using a proxy, no. Your router (B) needs to end connections. But you can also have a transparent proxy: A wants to establish connections with C but B, on the way, transparently intercepts the connections → it acts as a transparent proxy.

Yes it is possible, that's what they are doing at Tessares ;-) https://www.tessares.net/solutions/hybrid-access-solution/

[lenormf]

Interesting, but isn't using a proxy a major performance hit?

Say you have two physical interfaces on the client, two on the router, and the client tries to reach a non-MPTCP target through the router… You'd use a TPROXY rule to redirect traffic (on the router) to the proxy, and that alone is going to cut your performance significantly?

I assume using something like haproxy or squid could make things work.

[matttbe]

That has a cost, it can be minimal and even negative is the bottleneck is between A and B. But if C doesn't support MPTCP, that's the only way.

I assume using something like haproxy or squid could make things work.

I never tried that on a router with limited resources but that's the idea. You need a transparent proxy.