[182924] in North American Network Operators' Group
Re: multipath tcp now in production use for linux based mobile devices
daemon@ATHENA.MIT.EDU (Geoffrey Keating)
Tue Aug 4 17:16:29 2015
X-Original-To: nanog@nanog.org
To: "Darden, Patrick" <Patrick.Darden@p66.com>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: 04 Aug 2015 14:16:26 -0700
In-Reply-To: <fc77f4f6f21f4e5391d258d9caf0e611@BRTEXMB02.phillips66.net>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
"Darden, Patrick" <Patrick.Darden@p66.com> writes:
> So, obviously, MPTCP can cause problems with Stateful Firewalls (as
> in asymmetric routing, out of state packets, etc.). Cisco's take on
> how to deal with MPTCP is just as interesting as MPTCP itself is.
...
It's not so much the statefulness of the firewall that's the problem,
it's that if the firewall wants to work at higher layers than TCP, in
particular at the TLS layer, it can't because it doesn't have all the
data.
Operators should probably consider that if they block or disable
MPTCP, the device using it might decide that network is broken or not
currently available to it for that service, and prefer its other
interface bypassing the firewall entirely.
