Abstract / Description of output
We've known for a while that the Internet has ossified as a result of the race to optimize existing applications or enhance security. NATs, performance-enhancing-proxies, firewalls and traffic normalizers are only a few of the middleboxes that are deployed in the network and look beyond the IP header to do their job. IP itself can't be extended because "IP options are not an option". Is the same true for TCP?
In this paper we develop a measurement methodology for evaluating middlebox behavior relating to TCP extensions and present the results of measurements conducted from multiple vantage points. The short answer is that we can still extend TCP, but extensions' design is very constrained as it needs to take into account prevalent middlebox behaviors. For instance, absolute sequence numbers cannot be embedded in options, as middleboxes can rewrite ISN and preserve undefined options. Sequence numbering also must be consistent for a TCP connection, because many middleboxes only allow through contiguous flows.
We used these findings to analyze three proposed extensions to TCP. We find that MPTCP is likely to work correctly in the Internet or fallback to regular TCP. TcpCrypt seems ready to be deployed, however it is fragile if resegmentation does happen---for instance with hardware offload. Finally, TCP extended options in its current form is not safe to deploy.
In this paper we develop a measurement methodology for evaluating middlebox behavior relating to TCP extensions and present the results of measurements conducted from multiple vantage points. The short answer is that we can still extend TCP, but extensions' design is very constrained as it needs to take into account prevalent middlebox behaviors. For instance, absolute sequence numbers cannot be embedded in options, as middleboxes can rewrite ISN and preserve undefined options. Sequence numbering also must be consistent for a TCP connection, because many middleboxes only allow through contiguous flows.
We used these findings to analyze three proposed extensions to TCP. We find that MPTCP is likely to work correctly in the Internet or fallback to regular TCP. TcpCrypt seems ready to be deployed, however it is fragile if resegmentation does happen---for instance with hardware offload. Finally, TCP extended options in its current form is not safe to deploy.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference |
Place of Publication | New York, NY, USA |
Publisher | ACM Association for Computing Machinery |
Pages | 181–194 |
Number of pages | 14 |
ISBN (Print) | 9781450310130 |
DOIs | |
Publication status | Published - 2 Nov 2011 |
Event | 2011 ACM SIGCOMM conference on Internet measurement conference - https://conferences.sigcomm.org/imc/2011/cfnews.htm, Berlin, Germany Duration: 2 Nov 2011 → 4 Nov 2011 |
Conference
Conference | 2011 ACM SIGCOMM conference on Internet measurement conference |
---|---|
Abbreviated title | IMC 2011 |
Country/Territory | Germany |
City | Berlin |
Period | 2/11/11 → 4/11/11 |
Keywords / Materials (for Non-textual outputs)
- TCP
- protocol design
- middleboxes
- measurements