Michio Honda
Yoshifumi Nishida
Hideyuki Tokuda
ABSTRACT
We've known for a while that the Internet has ossified as a result of the race to optimize existing applications or enhance security. NATs, performance-enhancing-proxies,firewalls and traffic normalizers are only a few of the middleboxes that are deployed in the network and look beyond the IP header to do their job. IP itself can't be extended because "IP options are not an option". Is the same true for TCP?
In this paper we develop a measurement methodology for evaluating middlebox behavior relating to TCP extensions and present the results of measurements conducted from multiple vantage points. The short answer is that we can still extend TCP, but extensions' design is very constrained as it needs to take into account prevalent middlebox behaviors. For instance, absolute sequence numbers cannot be embedded in options, as middleboxes can rewrite ISN and preserve undefined options. Sequence numbering also must be consistent for a TCP connection, because many middleboxes only allow through contiguous flows.
We used these findings to analyze three proposed extensions to TCP. We find that MPTCP is likely to work correctly in the Internet or fallback to regular TCP. TcpCrypt seems ready to be deployed, however it is fragile if resegmentation does happen---for instance with hardware offload. Finally, TCP extended options in its current form is not safe to deploy.
- M. Allman. On the Performance of Middleboxes. ACM IMC, 35(2):307--312, 2003. Google Scholar
Digital Library
- A. Bakre and B. Badrinath. I-TCP: Indirect TCP for Mobile Hosts. In Proc. IEEE ICDCS, pages 136--143, 1995. Google ScholarDigital Library
- H. Balakrishnan, S. Seshan, E. Amir, and R. Katz. Improving TCP/IP Performance over Wireless Networks. In Proc. ACM MOBICOM, pages 2--11, 1995. Google ScholarDigital Library
- A. Bittau, D. Boneh, M. Hamburg, M. Handley, D. Mazieres, and Q. Slack. Cryptographic protection of TCP Streams (tcpcrypt). draft-bittau-tcp-crypt-00.txt, July 2010.Google Scholar
- A. Bittau, M. Hamburg, M. Handley, D. Mazieres, and D. Boneh. The case for ubiquitous transport-level encryption. In Proc. USENIX Security Symposium, Aug 2010. Google ScholarDigital Library
- B. Carpenter and S. Brim. Middleboxes: Taxonomy and Issues. RFC 3234, Feb. 2002. Google ScholarDigital Library
- R. Chakravorty, S. Katti, J. Crowcroft, and I. Pratt. Flow Aggregation for Enhanced TCP over Wide-Area Wireless. In Proc. IEEE INFOCOM, pages 1754--1764, 2003.Google ScholarCross Ref
- Dataset for Middlebox Measurement. URL http://web.sfc.wide.ad.jp/ micchie/mbox-dataset.html.Google Scholar
- W. Eddy and A. Langley. Extending the Space Available for TCP Options. Internet Draft, Jul. 2008.Google Scholar
- R. Fonseca, G. Porter, R. Katz, S. Shenker, and I. Stoica. IP options are not an option. Tech. Rep. UCB/EECS- 2005--24, 2005.Google Scholar
- A. Ford, C. Raiciu, M. Handley, S. Barre, and J. Iyengar. Architectural guidelines for multipath TCP development. RFC 6182, Mar. 2011.Google Scholar
- A. Ford, C. Raiciu, M. Handley, and O. Bonaventure. TCP Extensions for Multipath Operation with Multiple Addresses. Internet Draft, July. 2011.Google Scholar
- B. Ford, P. Srisuresh, and D. Kegel. Peer-to-Peer Communication Across Network Address Translators. USENIX ATC, 2005. Google ScholarDigital Library
- F. Gont and A. Yourtchenko. On the Implementation of the TCP Urgent Mechanism. RFC 6093, Jan. 2011.Google Scholar
- M. Handley, V. Paxson, and C. Kreibich. Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics. In Proc. USENIX Security Symposium, 2001. Google ScholarDigital Library
- S. Hätõnen, A. Nyrhinen, L. Eggert, S. Strowes, P. Sarolahti, and M. Kojo. An Experimental Study of Home Gateway. ACM IMC, pages 260--266, 2010. Google ScholarDigital Library
- V. Jacobson, R. Braden, and D. Borman. TCP Extensions for High Performance. RFC 1323, May. 1992. Google ScholarDigital Library
- J.Border, M. Kojo, J. Griner, G. Montenegro, and Z. Shelby. Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations. RFC 3135, Jun. 2001. Google ScholarDigital Library
- Re: {tcpm} Extending the TCP option space - yet another approach. http://www.ietf.org/mail-archive/web/tcpm/current/msg06481.html.Google Scholar
- M. Mathis, J. Mahdavi, S. Floyd, and A. Romanow. TCP Selective Acknowledgment Options. RFC 2018, Oct. 1996. Google ScholarDigital Library
- A. Medina, M. Allman, and S. Floyd. Measuring the Evolution of Transport Protocols in the Internet. ACM CCR, 35(2):37--52, 2005. Google ScholarDigital Library
- P. Srisuresh and M. Holdrege. IP Network Address Translator (NAT) Terminology and Considerations. RFC 2663, Aug. 1999. Google ScholarDigital Library
- J. Padhye and S. Floyd. On Inferring TCP Behavior. In ACM SIGCOMM, pages 287--298, Oct. 2001. Google ScholarDigital Library
- V. Paxson. End-to-End Internet Packet Dynamics. In Proc. ACM SIGCOMM, pages 139--152, 1997. Google ScholarDigital Library
- L. Popa, A. Ghodsi, and I. Stoica. HTTP as the Narrow Waist of the Future Internet. In Proc. ACM Hotnets, 2010. Google ScholarDigital Library
- S. Savage. Sting: a TCP-based Network Measurement Tool. In USENIX USITS, 1999. Google ScholarDigital Library
- S. Savage, N. Cardwell, D. Wetherall, and T. Anderson. TCP Congestion Control with a Misbehaving Receiver. ACM CCR, 29(5):71--78, 1999. Google ScholarDigital Library
- R. Stewart, M. Ramalho, and et al. Stream Control Transmission Protocol (SCTP) Partial Reliability Extension. RFC 3758, May. 2004. Google ScholarDigital Library
- D. Watson, M. Smart, G. R. Malan, and F. Jahanian. Protocol Scrubbing: Network Security Through Transparent Flow Modification. IEEE/ACM ToN, 12(2):261--273, 2004. Google ScholarDigital Library
- D. Wischik, C. Raiciu, A. Greenhalgh, and M. Handley. Design, implementation and evaluation of congestion control for multipath TCP. In Proc. USENIX NSDI, 2011. Google ScholarDigital Library
Index Terms
- Is it still possible to extend TCP?
Recommendations
How to say that you're special: Can we use bits in the IPv4 header?
ANRW '16: Proceedings of the 2016 Applied Networking Research WorkshopThe IP header should be the ideal part of a packet that an end system could use to ask the network for special treatment. Recently, there has been renewed interest in using bits of this header -- e.g. the ECN and the DSCP fields. But can we really use ...
The incremental deployability of RTT-based congestion avoidance for high speed TCP Internet connections
SIGMETRICS '00: Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systemsOur research focuses on end-to-end congestion avoidance algorithms that use round trip time (RTT) fluctuations as an indicator of the level of network congestion. The algorithms are referred to as delay-based congestion avoidance or DCA. Due to the ...
The incremental deployability of RTT-based congestion avoidance for high speed TCP Internet connections
Special issue on proceedings of ACM SIGMETRICS 2000Our research focuses on end-to-end congestion avoidance algorithms that use round trip time (RTT) fluctuations as an indicator of the level of network congestion. The algorithms are referred to as delay-based congestion avoidance or DCA. Due to the ...
Comments