Internet-Draft | Multipath DCCP | February 2021 |
Amend, et al. | Expires 26 August 2021 | [Page] |
DCCP communication is currently restricted to a single path per connection, yet multiple paths often exist between peers. The simultaneous use of these multiple paths for a DCCP session could improve resource usage within the network and, thus, improve user experience through higher throughput and improved resilience to network failures.¶
This document presents a set of extensions to traditional DCCP to support multipath operation. Multipath DCCP provides the ability to simultaneously use multiple paths between peers. The protocol offers the same type of service to applications as DCCP and it provides the components necessary to establish and use multiple DCCP flows across potentially disjoint paths.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 26 August 2021.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
Multipath DCCP (MP-DCCP) is a set of extensions to regular DCCP [RFC4340], i.e. the Datagram Congestion Control Protocol denoting a transport protocol that provides bidirectional unicast connections of congestion-controlled unreliable datagrams. A multipath extension to DCCP enables the transport of user data across multiple paths simultaneously, which is beneficial to applications that transfer fairly large amounts of data due to the potential to aggregate capacity of those diverse paths. In addition, it enables to tradeoff timeliness and reliability, which is important for low latency applications that do not require guaranteed delivery services such as Audio/Video streaming. DCCP multipath operations is suggested in the context of ongoing 3GPP work on 5G multi-access solutions [I-D.amend-tsvwg-multipath-framework-mpdccp] and for hybrid access networks [I-D.lhwxz-hybrid-access-network-architecture][I-D.muley-network-based-bonding-hybrid-access]. It can be applied for load-balancing, seamless session handover, and aggregation purposes (referred to as ATSSS; Access steering, switching, and splitting in 3GPP terminology [TS23.501]).¶
This document presents the protocol changes required to add multipath capability to DCCP; specifically, those for signaling and setting up multiple paths ("subflows"), managing these subflows, reassembly of data, and termination of sessions. DCCP, as stated in [RFC4340] does not provide reliable and ordered delivery. Consequently, multiple application subflows may be multiplexed over a single DCCP connection with no inherent performance penalty for flows that do not require in-ordered delivery. DCCP does not provide built-in support for those multiple application subflows.¶
In the following, use of the term subflow will refer to physical separate DCCP subflows transmitted via different paths, but not to application subflows. Application subflows are differing content-wise by source and destination application as e.g. enabled by Service Codes introduced to DCCP in [RFC5595] and could be multiplexed over a single DCCP connection. For sake of consistency we assume that only a single application is served by a DCCP connection here as shown in Figure 1 while use of that feature should not impact DCCP operation on each single path as noted in ([RFC5595], sect. 2.4).¶
MP-DCCP operates at the transport layer and aims to be transparent to both higher and lower layers. It is a set of additional features on top of standard DCCP; Figure 1 illustrates this layering. MP-DCCP is designed to be used by applications in the same way as DCCP with no changes to the application itself.¶
Throughout this document we make use of terms that are either specific for multipath transport or are defined in the context of MP-DCCP, similar to [RFC8684], as follows:¶
Path: A sequence of links between a sender and a receiver, defined in this context by a 4-tuple of source and destination address/ port pairs.¶
Subflow: A flow of DCCP segments operating over an individual path, which forms part of a larger MP-DCCP connection. A subflow is started and terminated similar to a regular (single-path) DCCP connection.¶
(MP-DCCP) Connection: A set of one or more subflows, over which an application can communicate between two hosts. There is a one-to-one mapping between a connection and an application socket.¶
Token: A locally unique identifier given to a multipath connection by a host. May also be referred to as a "Connection ID".¶
Host: An end host operating an MP-DCCP implementation, and either initiating or accepting an MP-DCCP connection. In addition to these terms, within framework of MP-DCCP the interpretation of, and effect on, regular single-path DCCP semantics is discussed in Section 3.¶
Multipath DCCP is similar to Multipath TCP [RFC6824], in that it extends the related basic DCCP transport protocol [RFC4340] with multipath capabilities in the same way as Multipath TCP extends TCP [RFC0793]. However, mainly dominated by the basic protocols TCP and DCCP, the transport characteristics are different.¶
Table 1 compares the protocol characteristics of TCP and DCCP, which are by nature inherited by their respective multipath extensions. A major difference lies in the delivery of payload, which is for TCP an exact copy of the generated byte-stream. DCCP behaves contrary and does not guarantee to deliver any payload nor the order of delivery. Since this is mainly affecting the receiving endpoint of a TCP or DCCP communication, many similarities on sender side can be stated. Both transport protocols share the 3-way initiation of a communication and both employ congestion control to adapt the sending rate to the path characteristics.¶
Feature | TCP | DCCP |
---|---|---|
Full-Duplex | yes | yes |
Connection- Oriented | yes | yes |
Header option space | 40 bytes | < 1008 bytes or PMTU |
Data transfer | reliable | unreliable |
Packet-loss handling | re- transmission | report only |
Ordered data delivery | yes | no |
Sequence numbers | one per byte | one per PDU |
Flow control | yes | no |
Congestion control | yes | yes |
ECN support | yes | yes |
Selective ACK | yes | depends on congestion control |
Fix message boundaries | no | yes |
Path MTU discovery | yes | yes |
Fragmentation | yes | no |
SYN flood protection | yes | no |
Half-open connections | yes | no |
Consequently, the multipath features, shown in Table 2, are the same, supporting volatile paths having varying capacity and latency, session handover and path aggregation capabilities. All of them profit by the existence of congestion control.¶
Feature | MP-TCP | MP-DCCP |
---|---|---|
Volatile paths | yes | yes |
Session handover | yes | yes |
Path aggregation | yes | yes |
Robust session establishment | no | yes |
Data reassembly | yes | optional / modular |
Expandability | limited by TCP header | flexible |
Therefore, the sender logic is not much different between MP-DCCP and MP-TCP, even if the multipath session initiation differs. MP-DCCP inherits a robust session establishment feature, which guarantees communication establishment if at least one functional path is available. MP-TCP relies on an initial path, which has to work; otherwise no communication can be established.¶
The receiver side for MP-DCCP has to deal with the unreliable transport character of DCCP and a possible re-assembly of the data stream while not advocating it. As many unreliable application have built-in application support for reordering (such as adaptive audio and video buffers), those applications might not need support for re-assembly. However, for applications that benefit from partial or full support of reordering, MP-DCCP can provide flexible support for re-assembly, even if for DCCP the order of delivery is unreliable by nature. Such optional re-assembly mechanisms may account for the fact that packet loss may occur for any of the DCCP subflows. Another issue may occur as packet reordering may happen when the different DCCP subflows are routed across paths with disjoint latencies. In theory, applications using DCCP are aware that packet reordering might happen, since DCCP has no mechanisms to prevent it.¶
The receiving process for MP-TCP is on the other hand a rigid "just wait" approach, since TCP guarantees reliable delivery.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
RFC 4340 states that some applications might want to share congestion control state among multiple DCCP flows between same source and destination addresses. This functionality could be provided by the Congestion Manager (CM) [RFC3124], a generic multiplexing facility. However, the CM would not fully support MP-DCCP without change; it does not gracefully handle multiple congestion control mechanisms, for example.¶
The operation of MP-DCCP for data transfer takes one input data stream from an application, and splits it into one or more subflows, with sufficient control information to allow received data to be reassembled and delivered in order to the recipient application. The following subsections define this behavior in detail.¶
The Multipath Capability for MP-DCCP can be negotiated with a new DCCP feature, as described in Section 3. Once negotiated, all subsequent MP-DCCP operations are signalled with a variable length multipath-related option, as described in Section 3.1.¶
The DCCP protocol feature list ([RFC4340] section 6.4) will be enhanced by a new Multipath related feature with Feature number 10, as shown in Table 3.¶
Number | Meaning | Rule | Rec'n Value | Initial Req'd |
---|---|---|---|---|
0 | Reserved | |||
1 | Congestion Control ID (CCID) | SP | 2 | Y |
2 | Allow Short Seqnos | SP | 0 | Y |
3 | Sequence Window | NN | 100 | Y |
4 | ECN Incapable | SP | 0 | N |
5 | Ack Ratio | NN | 2 | N |
6 | Send Ack Vector | SP | 0 | N |
7 | Send NDP Count | SP | 0 | N |
8 | Minimum Checksum Coverage | SP | 0 | N |
9 | Check Data Checksum | SP | 0 | N |
10 | Multipath Capable | SP | 0 | N |
11-127 | Reserved | |||
128-255 | CCID-specific features |
The DCCP protocol options ([RFC4340] section 5.8) will be enhanced by a new Multipath related variable-length option with option type 45, as shown in Table 4.¶
Type | Option Length | Meaning | DCCP-Data? |
---|---|---|---|
0 | 1 | Padding | Y |
1 | 1 | Mandatory | N |
2 | 1 | Slow Receiver | Y |
3-31 | 1 | Reserved | |
32 | variable | Change L | N |
33 | variable | Confirm L | N |
34 | variable | Change R | N |
35 | variable | Confirm R | N |
36 | variable | Init Cookie | N |
37 | 3-8 | NDP Count | Y |
38 | variable | Ack Vector [Nonce 0] | N |
39 | variable | Ack Vector [Nonce 1] | N |
40 | variable | Data Dropped | N |
41 | 6 | Timestamp | Y |
42 | 6/8/10 | Timestamp Echo | Y |
43 | 4/6 | Elapsed Time | N |
44 | 6 | Data Checksum | Y |
45 | variable | Multipath | Y |
46-127 | variable | Reserved | |
128-255 | variable | CCID-specific options | - |
[Tbd/tbv] In addition to the multipath option, MP-DCCP requires particular considerations for:¶
DCCP endpoints are multipath-disabled by default and multipath capability can be negotiated with the Multipath Capable Feature.¶
Multipath Capable has feature number 10 and is server-priority. It takes one-byte values. The first four bits are used to specify compatible versions of the MP-DCCP implementation. The following four bits are reserved for further use.¶
+--------+--------+--------+--------+-------- |00101101| Length | MP_OPT | Value(s) ... +--------+--------+--------+--------+-------- Type=45¶
Type | Option Length | MP_OPT | Meaning |
---|---|---|---|
45 | var | 0 =MP_CONFIRM | Confirm reception and processing of an MP_OPT option |
45 | 11 | 1 =MP_JOIN | Join path to an existing MP-DCCP flow |
45 | 3 | 2 =MP_FAST_CLOSE | Close MP-DCCP flow |
45 | var | 3 =MP_KEY | Exchange key material for MP_HMAC |
45 | 7 | 4 =MP_SEQ | Multipath Sequence Number |
45 | 23 | 5 =MP_HMAC | HMA Code for authentication |
45 | 12 | 6 =MP_RTT | Transmit RTT values |
45 | var | 7 =MP_ADDADDR | Advertise additional Address |
45 | var | 8 =MP_REMOVEADDR | Remove Address |
45 | 4 | 9 =MP_PRIO | Change Subflow Priority |
+--------+--------+--------+--------+--------+--------+--------+ |00101101| Length |00000000| List of options ... +--------+--------+--------+--------+--------+--------+--------+ Type=45 MP_OPT=0¶
MP_CONFIRM can be used to send confirmation of received and processed options. Confirmed options are copied verbatim and appended as List of options. The length varies dependent on the amount of options.¶
[Tbd] Encoding "list of options"¶
+--------+--------+--------+--------+--------+--------+--------+ |00101101|00001011|00000001| Path Token | +--------+--------+--------+--------+--------+--------+--------+ | Nonce | +--------+--------+--------+--------+ Type=45 Length=11 MP_OPT=1¶
The MP_JOIN option is used to add a new path to an existing MP-DCCP flow. The Path Token is the SHA-1 HASH of the derived key (d-key), which was previously exchanged with the MP_KEY option. MP_HMAC MUST be set when using MP_JOIN to provide authentication (See MP_HMAC for details). Also MP_KEY MUST be set to provide key material for authentication purposes.¶
+--------+--------+--------+ |00101101|00000011|00000010| +--------+--------+--------+ Type=45 Length=3 MP_OPT=2¶
MP_FAST_CLOSE terminates the MP-DCCP flow and all corresponding subflows.¶
+--------+--------+--------+--------+--------+--------+--------+ |00101101| Length |00000011|Key Type| Key Data ... +--------+--------+--------+--------+--------+--------+--------+ Type=45 MP_OPT=3¶
The MP_KEY suboption is used to exchange key material between hosts. The Length varies between 5 and 8 Bytes. The Key Type field is used to specify the key type. Key types are shown in Table 6.¶
Key Type | Key Length | Meaning |
---|---|---|
0 =Plain Text | 8 | Plain Text Key |
1 =ECDHE-C25519-SHA256 | 32 | ECDHE with SHA256 and Curve25519 |
2 =ECDHE-C25519-SHA512 | 32 | ECDHE with SHA512 and Curve25519 |
3-255 | Reserved |
+--------+--------+--------+--------+--------+--------+--------+ |00101101|00000111|00000100| Multipath Sequence Number | +--------+--------+--------+--------+--------+--------+--------+ Type=45 Length=7 MP_OPT=4¶
The MP_SEQ option is used for end-to-end datagram-based sequence numbers of an MP-DCCP connection. The initial data sequence number (IDSN) SHOULD be set randomly. The MP_SEQ number space is different from path individual sequence number space.¶
+--------+--------+--------+--------+--------+--------+ |00101101|00000111|00000101| HMAC-SHA1 (20 bytes) ... +--------+--------+--------+--------+--------+--------+ Type=45 Length=23 MP_OPT=5¶
The MP_HMAC option is used to provide authentication for the MP_JOIN option. The HMAC is built using the derived key (d-key) calculated previously from the handshake key material exchanged with the MP_KEY option. The Message for the HMAC is the header of the MP_JOIN for which authentication shall be performed. By including a nonce in these datagrams, possible replay-attacks are remedied.¶
+--------+--------+--------+--------+--------+--------+--------+ |00101101|00000111|00000110|RTT Type| RTT +--------+--------+--------+--------+--------+--------+--------+ | | Age | +--------+--------+--------+--------+--------+ Type=45 Length=12 MP_OPT=6¶
The MP_RTT option is used to transmit RTT values in milliseconds and MUST belong to the path over which this information is transmitted. Additionally, the age of the measurement is specified in milliseconds.¶
The MP_ADDADDR option announces additional addresses (and, optionally, ports) on which a host can be reached. This option can be used at any time during an existing DCCP connection, when the sender wishes to enable multiple paths and/or when additional paths become available. Length is variable depending on IPv4 or IPv6 and whether port number is used and is in range between 28 and 42 Bytes.¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------+-------+---------------+ | Kind | Length |Subtype| IPVer | Address ID | +---------------+---------------+-------+-------+---------------+ | Address (IPv4 - 4 bytes / IPv6 - 16 bytes) | +-------------------------------+-------------------------------+ | Port (2 bytes, optional) | | +-------------------------------+ | | HMAC (20 Bytes) | | | | | | | | | | +-------------------------------+ | | +-------------------------------+¶
Every address has an Address ID that can be used for uniquely identifying the address within a connection for address removal. The Address ID is also used to identify MP_JOIN options (see Section 3.2.2) relating to the same address, even when address translators are in use. The Address ID MUST uniquely identify the address for the sender of the option (within the scope of the connection); the mechanism for allocating such IDs is implementation specific.¶
All Address IDs learned via either MP_JOIN or ADD_ADDR SHOULD be stored by the receiver in a data structure that gathers all the Address-ID-to-address mappings for a connection (identified by a token pair). In this way, there is a stored mapping between the Address ID, observed source address, and token pair for future processing of control information for a connection.¶
Ideally, ADD_ADDR and REMOVE_ADDR options would be sent reliably, and in order, to the other end. This would ensure that this address management does not unnecessarily cause an outage in the connection when remove/add addresses are processed in reverse order, and also to ensure that all possible paths are used. Note, however, that losing reliability and ordering will not break the multipath connections, it will just reduce the opportunity to open new paths and to survive different patterns of path failures.¶
Therefore, implementing reliability signals for these DCCP options is not necessary. In order to minimize the impact of the loss of these options, however, it is RECOMMENDED that a sender should send these options on all available subflows. If these options need to be received in order, an implementation SHOULD only send one ADD_ADDR/REMOVE_ADDR option per RTT, to minimize the risk of misordering. A host that receives an ADD_ADDR but finds a connection set up to that IP address and port number is unsuccessful SHOULD NOT perform further connection attempts to this address/port combination for this connection. A sender that wants to trigger a new incoming connection attempt on a previously advertised address/port combination can therefore refresh ADD_ADDR information by sending the option again.¶
[TBD/TBV]¶
If, during the lifetime of an MP-DCCP connection, a previously announced address becomes invalid (e.g., if the interface disappears), the affected host SHOULD announce this so that the peer can remove subflows related to this address.¶
This is achieved through the Remove Address (REMOVE_ADDR) option which will remove a previously added address (or list of addresses) from a connection and terminate any subflows currently using that address.¶
For security purposes, if a host receives a REMOVE_ADDR option, it must ensure the affected path(s) are no longer in use before it instigates closure. Typical DCCP validity tests on the subflow (e.g., packet type specific sequence and acknowledgement number check) MUST also be undertaken. An implementation can use indications of these test failures as part of intrusion detection or error logging.¶
The sending and receipt of this message SHOULD trigger the sending of DCCP-Close and DCCP-Reset by client and server, respectively on the affected subflow(s) (if possible), as a courtesy to cleaning up middlebox state, before cleaning up any local state.¶
Address removal is undertaken by ID, so as to permit the use of NATs and other middleboxes that rewrite source addresses. If there is no address at the requested ID, the receiver will silently ignore the request.¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------+-------+---------------+ | Kind | Length = 3+n |Subtype|(resvd)| Address ID |... +---------------+---------------+-------+-------+---------------+ (followed by n-1 Address IDs, if required)¶
Minimum length of this option is 4 bytes (for one address to remove).¶
[TBD/TBV]¶
In the event that a single specific path out of the set of available paths shall be treated with higher priority compared to the others, a host may wish to signal such change in priority of subflows to the peer. Therefore, the MP_PRIO option, shown below, can be used to set a priority flag for the subflow on which it is sent.¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------+-------+--------------+ | Kind | Length |Subtype| Prio | AddrID (opt) | +---------------+---------------+-------+-------+--------------+¶
Whether more than two values for priority (e.g., B for backup and P for prioritized path) are defined in case of more than two parallel paths is for further consideration.¶
[TBD/TBV]¶
The basic initial handshake for the first flow is as follows:¶
The handshake for subsequent flows based on a successful initial handshake is as follows:¶
Similar to DCCP, MP-DCCP does not provide cryptographic security guarantees inherently. Thus, if applications need cryptographic security (integrity, authentication, confidentiality, access control, and anti-replay protection) the use of IPsec or some other kind of end-to-end security is recommended; Secure Real-time Transport Protocol (SRTP) [RFC3711] is one candidate protocol for authentication. Together with Encryption of Header Extensions in SRTP, as provided by [RFC6904], also integrity would be provided.¶
As described in [RFC4340], DCCP provides protection against hijacking and limits the potential impact of some denial-of-service attacks, but DCCP provides no inherent protection against attackers' snooping on data packets. Regarding the security of MP-DCCP no additional risks should be introduced compared to regular DCCP of today. Thereof derived are the following key security requirements to be fulfilled by MP-DCCP:¶
In order to achieve these goals, MP-DCCP includes a hash-based handshake algorithm documented in Sections Section 3.2.4 and Section 3.3. The security of the MP-DCCP connection depends on the use of keys that are shared once at the start of the first subflow and are never sent again over the network. To ease demultiplexing while not giving away any cryptographic material, future subflows use a truncated cryptographic hash of this key as the connection identification "token". The keys are concatenated and used as keys for creating Hash-based Message Authentication Codes (HMACs) used on subflow setup, in order to verify that the parties in the handshake are the same as in the original connection setup. It also provides verification that the peer can receive traffic at this new address. Replay attacks would still be possible when only keys are used; therefore, the handshakes use single-use random numbers (nonces) at both ends - this ensures that the HMAC will never be the same on two handshakes. Guidance on generating random numbers suitable for use as keys is given in [RFC4086]. During normal operation, regular DCCP protection mechanisms (such as header checksum to protect DCCP headers against corruption) will provide the same level of protection against attacks on individual DCCP subflows as exists for regular DCCP today.¶
Issues from interaction with on-path middleboxes such as NATs, firewalls, proxies, intrusion detection systems (IDSs), and others have to be considered for all extensions to standard protocols since otherwise unexpected reactions of middleboxes may hinder its deployment. DCCP already provides means to mitigate the potential impact of middleboxes, also in comparison to TCP (see [RFC4043], sect. 16). In case, however, both hosts are located behind a NAT or firewall entity, specific measures have to be applied such as the [RFC5596]-specified simultaneous-open technique that update the (traditionally asymmetric) connection-establishment procedures for DCCP. Further standardized technologies addressing NAT type middleboxes are covered by [RFC5597].¶
[RFC6773] specifies UDP Encapsulation for NAT Traversal of DCCP sessions, similar to other UDP encapsulations such as for SCTP [RFC6951]. The alternative U-DCCP approach proposed in [I-D.amend-tsvwg-dccp-udp-header-conversion] would reduce tunneling overhead. The handshaking procedure for DCCP-UDP header conversion or use of a DCCP-UDP negotiation procedure to signal support for DCCP-UDP header conversion would require encapsulation during the handshakes and use of two additional port numbers out of the UDP port number space, but would require zero overhead afterwards.¶
This document is inspired by Multipath TCP [RFC6824]/[RFC8684] and some text passages for the -00 version of the draft are copied almost unmodified.¶
[Tbd], must include options for:¶
should include options carrying:¶