Removing T/TCP and replacing it with something simpler

Karim Fodil-Lemelin kfl at xiphos.ca
Fri Nov 5 13:46:06 PST 2004 

Ok here is an example, just to make sure I understand:

CLI1 : SERVER1      (first connection, option negociated, tuple hash 
created)
CLI1 : SERVER1      (second connection, sending payload in first packet, 
using previously negotiated cookie)
    ...
CLI1 : SERVER1      ( nth connection, sending payload in first packet, 
using previously negotiated cookie )

CLI1 : SERVER2      (first connection, option negociated, tuple created)
CLI1 : SERVER2      (second connection, sending payload in first packet, 
using previously negotiated cookie)
...
CLI1 : SERVER2     ( nth connection, sending payload in first packet, 
using previously negotiated cookie )
...
CLIX : SERVERY     ( if first connection create cookie, store tuple. if 
tuple exists send payload in first packet)

So, each time CL1 goes to a different server it pay the 3WSH tax only 
once. This is very alike how T/TCP works right now (beside the cookie 
thing).

What I am wondering is how can we avoid as much as possible the 
"learning" of the different servers since I know that CLIs will have to 
go through two gateways running transparent proxies that support the 
option (T/TCP). But since they are transparent (using forward rules) the 
gateway don't talk to each other but to the SERVERs (from an IP standpoint).

For example, if the cookie was per machine and not tuples, you could 
have something like this:

step 1:
CLI1 : SERVER1      (first connection, option negociated, cookie negotiated)
CLI1 : SERVER1      (second connection, sending payload in first packet, 
using previously negotiated cookie)
...
step2:
CLI1 : SERVER2      (first connection, option negociated, get the same 
machine cookie from "SERVER1" (found a transparent proxy))

(From now on CL1 assumes its going through a transparent proxy that can 
do T/TCP)

CLI1 : SERVER3      (first connection, sending payload in first packet, 
using previously negotiated machine cookie, validating transparent proxy)

(If the cookie returned by SERVER3 does not match the"machine cookie it 
found in SERVER1" then go back to step 1)

This way the protocol would use knowledge that there is a transparent 
proxy (found at step2) that is doing T/TCP on behalf of the SERVERs.

What do you think?

Regards,

Andre Oppermann wrote:

>Karim Fodil-Lemelin wrote:
>  
>
>>    In the case where all connections go through the SATLINK and are
>>splitted by proxies, it make sense to use this knowledge and not
>>renegotiate cookies for every connections since we know there is only
>>one path to the internet and that all SATLINK connections will support
>>(T/TCP or whatever name it will have). Do you have any plan to include
>>that knowledge in your design or is it too much of a special case to
>>really care?
>>    
>>
>
>It does not renegotiate cookies for every connection.  Only the first
>connection will do that.  Re-seeding of the cookies will happen trans-
>parently.  You pay the 3WSH tax only once for the first connection, or
>the first connection after a longer idle time when the cookie expired.
>
>  
>

-- 
Karim Fodil-Lemelin
Lead Programmer

Xiphos Technologies Inc.
(514) 848-9640 x223
(514) 848-9644 fax
www.xiplink.com

--------------------------------------------------------------
The information transmitted is intended only for the
person or entity to which it is addressed and may contain
confidential and/or privileged material.  If you have
received this in error, please contact the sender and delete
this communication and any copy immediately. Thank you.

More information about the freebsd-net mailing list