[Bro] Multipath TCP and bro

Olivier Bonaventure Olivier.Bonaventure at uclouvain.be
Fri Apr 19 13:57:42 PDT 2013


Hello,

Multipath TCP is a recent extension to TCP (RFC6824) that allows the 
utilisation of multiple paths for a single TCP connection. This TCP 
extension has several use cases including smartphones that could use 
WiFi at 3G for the same TCP connection, dual-stack hosts that would use 
IPv6 and IPv4 packets for the same TCP connection, ...

These benefits could also impact the middleboxes, such as those running 
bro, that usually expect to receive all packets from a given TCP 
bytestream inside a single TCP connection identified by the classical 
four-tuple. This is not necessarily always the case anymore with 
Multipath TCP. The utilisation of Multipath TCP could have an impact on 
the algorithms used by bro but also on bro deployments.

An implementation of Multipath TCP exists in the Linux kernel, but it is 
not yet part of the official kernel. To enable middlebox developpers and 
users to test the interoperability between Multipath TCP and their 
middlebox, we have developped a special test suite. This test suite is 
implemented as a set of scritps running on a virtualbox image containing 
a modified Multipath TCP kernel. This image interact with Multipath TCP 
capable servers and uses applications like http, ftp, scp on top of 
Multipath TCP. To ease the debugging of possible problems, all packets 
sent and received by the test suite are collected and the trace is 
available at the end of the test. Usually, the test runs in about 15 
minutes.

You can download it from

http://multipath-tcp.org/pmwiki.php?n=Users.AboutMeasures

It currently runs on Linux and Mac.



Best regards,



Olivier Bonaventure

-- 
INL, ICTEAM, UCLouvain, Belgium, http://inl.info.ucl.ac.be



More information about the Bro mailing list