[Bro] Multipath TCP and bro
Olivier Bonaventure
Olivier.Bonaventure at uclouvain.be
Fri Apr 19 13:57:42 PDT 2013
Hello,
Multipath TCP is a recent extension to TCP (RFC6824) that allows the
utilisation of multiple paths for a single TCP connection. This TCP
extension has several use cases including smartphones that could use
WiFi at 3G for the same TCP connection, dual-stack hosts that would use
IPv6 and IPv4 packets for the same TCP connection, ...
These benefits could also impact the middleboxes, such as those running
bro, that usually expect to receive all packets from a given TCP
bytestream inside a single TCP connection identified by the classical
four-tuple. This is not necessarily always the case anymore with
Multipath TCP. The utilisation of Multipath TCP could have an impact on
the algorithms used by bro but also on bro deployments.
An implementation of Multipath TCP exists in the Linux kernel, but it is
not yet part of the official kernel. To enable middlebox developpers and
users to test the interoperability between Multipath TCP and their
middlebox, we have developped a special test suite. This test suite is
implemented as a set of scritps running on a virtualbox image containing
a modified Multipath TCP kernel. This image interact with Multipath TCP
capable servers and uses applications like http, ftp, scp on top of
Multipath TCP. To ease the debugging of possible problems, all packets
sent and received by the test suite are collected and the trace is
available at the end of the test. Usually, the test runs in about 15
minutes.
You can download it from
http://multipath-tcp.org/pmwiki.php?n=Users.AboutMeasures
It currently runs on Linux and Mac.
Best regards,
Olivier Bonaventure
--
INL, ICTEAM, UCLouvain, Belgium, http://inl.info.ucl.ac.be
More information about the Bro
mailing list