Multipath TCP (MPTCP) support in OpenSSH

Matthieu Baerts matttbe at kernel.org
Wed May 8 21:20:00 AEST 2024


Hello,

First, thank you so much for developing and maintaining this very useful
project!

I'm currently involved in a project around Multipath TCP (MPTCP) [1].
MPTCP, standardized in RFC8684 [2], is a TCP extension that enables a
TCP connection to use different paths. Multipath TCP has been used for
several use cases. On smartphones, MPTCP enables seamless handovers
between cellular and Wi-Fi networks while preserving established
connections. This use-case is what pushed Apple to use MPTCP since 2013
in multiple applications [3]. On dual-stack hosts, Multipath TCP enables
the TCP connection to automatically use the best performing path, either
IPv4 or IPv6. If one path fails, MPTCP automatically uses the other path.

A long requested feature we got, is to have a native MPTCP support in
OpenSSH. It is very useful when SSH is being used in a mobility use-case
as demonstrated in [4]. I'm here to see if such native support could be
possible.

On Linux, apps can be forced to use MPTCP instead of TCP with different
techniques (LD_PRELOAD, eBPF, SystemTAP, etc.) [5], but that's more a
workaround, and some system administrators don't accept them.

I'm aware of a previous pull-request [6] that has not been accepted
because MPTCP was not widely supported. It is true that MPTCP is
currently only officially supported on macOS and Linux (since 2020). It
is also supported in load balancers and in userspace implementations,
but that's for specific use-cases [7]. There was an ongoing
implementation on FreeBSD, from people from the Swinburne University of
Technology in Melbourne, but it looks like the development has stopped
[8]. MPTCP can also be used on Windows, via their WSL2 environment [9].

If such native support cannot be done in OpenSSH, I guess it means we
should ask GNU/Linux distributions to add this support. That's what
Apple already did apparently [10] -- they already patched OpenSSH before
to support their Network framework.

Following the xz-utils backdoor, I don't know if GNU/Linux distributions
will continue to accept such modifications. Before asking them, and also
to avoid having different implementations per distributor, is it still
not OK to add (native) MPTCP support in the upstream project?

[1] https://www.mptcp.dev
[2] https://www.rfc-editor.org/rfc/rfc8684.html
[3] https://www.tessares.net/apples-mptcp-story-so-far/
[4] http://blog.multipath-tcp.org/blog/html/index.html#real-life-testing
[5] https://www.mptcp.dev/setup.html#force-applications-to-use-mptcp
[6] https://github.com/openssh/openssh-portable/pull/335
[7]
http://blog.multipath-tcp.org/blog/html/2018/12/15/apple_and_multipath_tcp.html
[8] http://www-cs-students.stanford.edu/~sjac/freebsd_mptcp_info.html
[9] https://perso.uclouvain.be/tom.barbette/mptcp-on-windows-with-wsl2/
[10]
https://github.com/apple-oss-distributions/OpenSSH/blob/main/openssh/sshconnect.c#L487

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.
--
PS: sorry for the repost, the OpenSSH dev ML info page mentioned [11]
the list was open for non-subscribers to post to, but it looks like it
is no longer the case :)
[11] https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list