Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available

To: Melinda Shore <shore at arsc.edu>
Subject: Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
From: Caitlin Bestler <cait at asomi.com>
Date: Thu, 24 Sep 2009 13:11:20 -0700
Cc: tcpm at ietf.org
Delivered-to: tcpm at core3.amsl.com
In-reply-to: <9134DEC2-1457-4E6A-922C-4FEBA755D0C2 at arsc.edu>
List-archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-help: <mailto:tcpm-request@ietf.org?subject=help>
List-id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-post: <mailto:tcpm@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
References: <4ABAD595.7050303 at bluecoat.com> <BA44DAAB-DCFB-412A-A8CB-B6FAA7975D85 at asomi.com> <9134DEC2-1457-4E6A-922C-4FEBA755D0C2 at arsc.edu>

On Sep 24, 2009, at 12:07 PM, Melinda Shore wrote:


this is not that much like tunnel endpoint discovery.

I like the idea of having some sort of in-band
discovery mechanism but I'm not sure about tying
it to TCP (although there's an implied requirement
for a response, which you can't guarantee with, say,
UDP or some other transports) and I'm really not
sure about v4.

Melinda



Doing the discovery in a TCP packet is the only way to
ensure that the packet will be routed/forwarded on the
same path as the actual TCP traffic.

Consider that A is sending a connection request into
cloud B for IP X, TCP Port Y.

Now suppose there is a middle-box guarding cloud B
which will divert connection requests for IP X:Port Y
to IP Z. Even without knowing of this special discovery
option, the B-entry middle-box will still divert the SYN
packet to IP Z. If either the endpoint or a later middle-box
understands the option there will be a Response.

But if you tried doing a non-TCP probe then the packet
will just continue on to the probably non-existent IP X,
or perhaps be diverted to a different catchall internal box.

This is actually true for *each* transport that wants to do
middle-box discovery, since the set of middle-boxes can
be different for each transport. Of course TCP middle-boxes
are far more worthy of discovery because historically they
tend to do more mischief/provide more services. By contrast,
if middle-boxes do anything with SCTP packets it is typically
to drop them or forward all of them to a default DMZ machine.


I think the key issue here is whether a mechanism can be
defined that will allow for discovery of any and all middle-boxes
that have support for the newly defined probe, even if there
are other forwarding nodes along the way that do not understand
the new option.

The OUI approach seems optimized for individual middle-box
vendors to do custom probing for their boxes. I do not think that
is a suitable strategy to be adopted as an RFC.



--
Caitlin Bestler
cait at asomi.com
http://www.asomi.com/CaitlinBestlerResume.html

References:
- [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
  - From: Andrew Knutsen
- Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
  - From: Caitlin Bestler
- Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
  - From: Melinda Shore

Prev by Date: Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
Next by Date: Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
Previous by thread: Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
Next by thread: Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available
Index(es):
- Date
- Thread

Re: [tcpm] New version of TCP Option for Transparent Middlebox Discovery available

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.