On 09/01/2018 06:09, Michael Richardson wrote: > > Mirja Kuehlewind (IETF) <i...@kuehlewind.net> wrote: > >> Am 05.01.2018 um 23:30 schrieb Michael Richardson > <mcr+i...@sandelman.ca>: > >> > >> > >> Mirja Kühlewind <i...@kuehlewind.net> wrote: > >>> "DNS naming is set up to provide the ACP IPv6 address of network > >>> devices. Unbeknownst to the application, MPTCP is used. MPTCP > >>> mutually discovers between the NOC and network device the data-plane > >>> address and caries all traffic across it when that MPTCP subflow > >>> across the data-plane can be built." > >> > >> Section 2.1.5 is discussion, it discusses ways in which the > >> anticipated low performance (compared to what the box might do with its > >> hardware accelerated forwarding). > >> > >> If we have an application that needs the bandwidth of the native > hardware, > >> the connection can be initated over the ACP (that's what would be in > DNS). > >> One presumes that an MPTCP layer could then enumerate the available > IPs at > >> each end and then start off additional flows on the other destinations. > > > MPTCP adda an additional TCP flow but for the application that still > > looks like one flow. As I said I’m not sure if that is what you want. > > I think that this might be exactly what the application might want. > As stable-connectivity doesn't detail the requirements of the application, > the point of this section is to point out that the bandwidth limitations of > the ACP need not be a constraint when the network is healthy.
But that ducks the security issue. I don't think that's OK. Since the ACP secures connections *below* TCP and MPTCP allows paths that bypass the ACP, this is a security hole you can drive a large truck through. Brian > > If you feel that 2.1.5 doesn't explain this well, then please say so. > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | network architect [ > ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails > [ > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima > _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima