Tweet
Tweet

Slide 1

Slide 1 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 5$1OFYU தౡതܟ!OVOOVO IUUQXXXXPSH1FPQMF)JSP !1

Slide 2

Slide 2 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ࣗݾ঺հ !2 w ͳ͔͡·ͻΖ͔ͨ w ܚጯٛक़େֶ੓ࡦɾϝσΟΞݚڀՊ
 ಛ೚ॿڭɾޙظത࢜՝ఔ
 8PSME8JEF8FC$POTPSUJVN 4ZTUFNT5FBN %FW0QT "TJB  w IUUQTHJUIVCDPNOVOOVO!OVOOVO w ݚڀτϐοΫ w ϞόΠϧΠϯλʔωοτ w .15$1 4$51 26*$ )551 8FC4PDLFU 8FC35$ w ΨδΣοτ

Slide 3

Slide 3 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ͓͞Β͍ !3 w ஗Ԇ͕ߴ͍؀ڥʹ͓͚Δ)551ͷύϑΥʔϚϯε w ߴ355Լʹ͓͚Δಉ࣌઀ଓ਺໰୊ w $444QSJUF*NBHFͱ͔΋͏΍ΊΑ͏ w 41%: w ෳ਺ϦΫΤετΛଟॏԽˠಉ࣌઀ଓ਺໰୊͸ղܾ w 5$1-POH'BU1JQF )FBEPG-JOF#MPDLJOH w )551 w )1"$,

Slide 4

Slide 4 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF !4

Slide 5

Slide 5 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 5$1 !5 w 5$1ͷόΠτετϦʔϜϞσϧ ! ! ! w <ൃ৴ݩ*1ΞυϨε>ϙʔτ <Ѽઌ*1ΞυϨε>ϙʔτ
 ͷ૊Έ߹ΘͤͰ5$1ετϦʔϜΛߏ੒͢Δ × 192.0.2.23 203.0.133.24 GET /index.html -> <- HTTP/1.1 200 OK

Slide 6

Slide 6 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ࠓ೔ͷΠϯλʔωοτ !6 w ϞόΠϧσόΠεʹ͸ෳ਺ͷແઢΠϯλϑΣΠε w (8J'JؒͰ੾ΓସΘΔ৔߹*1ΞυϨε͸มߋ w 5$1͸શ෦࠶઀ଓʂʂ w XBZIBOETIBLF΍Γͳ͓͠ɺεϩʔελʔτ࠶ͼʂ Mobile ISP WiFi Mobile Network Internet Destination R1 R2 Cellular Line WiFi Fixed Line Wireless Nodes rmnet0 192.0.2.23 wlan0 203.0.133.24 Home ISP

Slide 7

Slide 7 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 5$1"MUFSOBUJWF ZBZ !7 48,& 4XLFN8'3,QWHUQHW&RQQHFWLRQV 0XOWLSOH[HG6WUHDP7UDQVSRUW RYHU8'3 3UHVHQWDWLRQE\ -LP5RVNLQGMDU#! *RRJOH&RUS ,(7)769$UHD3UHVHQWDWLRQ 

Slide 8

Slide 8 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 5$1"MUFSOBUJWFͨͪ !8 w 4$51
 5$1ʹΑ͘ࣅ͍ͯΔ͕ɺϚϧνϗʔϛϯά (ͱ8J'J྆ํ"DUJWF ʹରԠ͠ɺෳ਺ετϦʔ ϜΛ༻͍ͯ)P-౳Λճආ͢Δɻ
 ࠷ۙ8FC35$Ͱ࢖ΘΕ͍ͯ·͢ɻ 4$51PWFS%5-4PWFS6%1XJUI*$&  w .PCJMF*1 .PCJMF*1W
 ઀ଓ͕੾ΓସΘͬͯ΋ݩͷ*1ΞυϨεΛ࢖͍ଓ͚Δ͜ͱͰ5$1ͳͲ͕੾Εͳ͍Α͏ʹ͢Δ w 5$1'BTU0QFO
 ઀ଓͨ͜͠ͱ͋ΔϗετؒͰ$PPLJFΛ༻͍Δ͜ͱͰɺXBZIBOETIBLFΛ؆ུԽͯ͠ 4:/ύέοτͱڞʹ%BUBΛૹ෇͢Δ w 26*$
 6%1্ʹ৴པͰ͖ΔετϦʔϜ΍᫔᫓੍ޚɺϞόΠϧ౷߹ͳͲΛೖΕɺ41%:΍)551 ʹ࠷దԽ͞Εͨϓϩτίϧ

Slide 9

Slide 9 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ڭՊॻతΠϯλʔωοτ !9 Switch Router Application Transport Network Datalink Physical Datalink Physical Network Datalink Physical Application Transport Network Datalink Physical TCP HTTP

Slide 10

Slide 10 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ݱ࣮ !10 1 10 100 1000 10000 100000 All Middleboxes L3 Routers L2 Switches IP Firewalls App. Firewalls Wan Opt. Proxies App. Gateways VPNs Load Balancers IDS/IPS Very Large Large Medium Small Figure 1: Box plot of middlebox deployments for small (fewer than 1k hosts), medium (1k-10k hosts), large (10k-100k hosts), and very large (more than 100k hosts) enterprise networks. Y-axis is in log scale. 2.2 Complexity in Management Figure 1 also shows that middleboxes deployments are diverse. Of the eight middlebox categories we present in Figure 1, the me- dian very large network deployed seven categories of middleboxes, and the median small network deployed middleboxes from four. Our categories are coarse-grained (e.g. Application Gateways in- clude smartphone proxies and VoIP gateways), so these figures rep- resent a lower bound on the number of distinct device types in the network. Managing many heterogeneous devices requires broad expertise and consequently a large management team. Figure 3 correlates the number of middleboxes against the number of networking person- nel. Even small networks with only tens of middleboxes typically required a management team of 6-25 personnel. Thus, middlebox deployments incur substantial operational expenses in addition to hardware costs. Understanding the administrative tasks involved further illumi- nates why large administrative staffs are needed. We break down the management tasks related to middleboxes below. Upgrades and Vendor Interaction. Deploying new features in the network entails deploying new hardware infrastructure. From our Misconfig. Overload Physical/Electric Firewalls 67.3% 16.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.5% 11.4% 34% Table 1: Fraction of network administrators who estimated misconfiguration, overload, or physical/electrical failure as the most common cause of middlebox failure. icy goals (e.g. a HTTP application filter may block social network sites). Cloud-based deployments obviate the need for enterprise administrators to focus on the low-level mechanisms for appliance configuration and focus only on policy configuration. Training. New appliances require new training for administrators to manage them. One administrator even stated that existing train- ing and expertise was a key question in purchasing decisions: Do we have the expertise necessary to use the product, or would we have to invest significant resources to use it? Another administrator reports that a lack of training limits the ben- efits from use of middleboxes: The average very large network in our data set hosts 2850 L3 routers, and 1946 total middleboxes; the average small network in our data set hosts 7.3 L3 routers and 10.2 total middleboxes.
 w ϧʔλͱಉ͙͡Β͍ͷ਺.JEEMFCPY͕ల։͞Ε͍ͯΔ w εϞʔϧωοτϫʔΫͰ͸ϧʔλΑΓ΋.JEEMFCPYͷํ͕ଟ͍ 4IFSSZ +VTUJOF FUBM.BLJOHNJEEMFCPYFTTPNFPOFFMTFTQSPCMFNOFUXPSLQSPDFTTJOH BTBDMPVETFSWJDF1SPDFFEJOHTPGUIF"$.4*($0..DPOGFSFODF"$. 

Slide 11

Slide 11 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ڭՊॻతΠϯλʔωοτ !11 Switch Router Application Transport Network Datalink Physical Datalink Physical Network Datalink Physical Application Transport Network Datalink Physical TCP HTTP Middlebox Application Transport Network Datalink Physical

Slide 12

Slide 12 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ྫϧʔλ !12 Version IHL Flags Offset Reserved Payload Acknowledgment Number Flags Window Checksum Urgent Pointer Options Source Address Destination Address Source Port Destination Port Sequence Number Type of Service Identification Time to Live Protocol Total Length Fragment Offset Header Checksum

Slide 13

Slide 13 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ྫ/"5 !13 Version IHL Flags Offset Reserved Payload Acknowledgment Number Flags Window Checksum Urgent Pointer Options Source Address Destination Address Source Port Destination Port Sequence Number Type of Service Identification Time to Live Protocol Total Length Fragment Offset Header Checksum Version IHL Flags Offset Reserved Payload Acknowledgment Number Flags Window Checksum Urgent Pointer Options Source Address Destination Address Source Port Destination Port Sequence Number Type of Service Identification Time to Live Protocol Total Length Fragment Offset Header Checksum

Slide 14

Slide 14 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 5$1"MUFSOBUJWFͨͪ !14 w 4$51 w .PCJMF*1 .PCJMF*1W w 26*$ ! w ಈ͘Ͱ͠ΐ͏͔

Slide 15

Slide 15 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF .15$1 !15 w .VMUJQBUI5$1͸5$1ͷ֦ுɾਐԽͱͯ͠σβΠϯ w ෳ਺ͷϑϩʔΛ༻͍ͯҰͭͷ5$1ετϦʔϜΛసૹ͢Δ w ΞϓϦέʔγϣϯͷมߋΛཁ͞ͳ͍ɻ
 .15$1BXBSFͳΞϓϦέʔγϣϯ͸ΑΓࡉ੍͔͍ޚ͕Մೳɻ w ࠓ೔ͷΠϯλʔωοτ -JWJOH Ͱಈ͘ w 5$1͕ಈ͘؀ڥͰ͋Ε͹ඞͣಈ͘ w ઌʹڍ͛ͨ.JEEMFCPYӨڹԼʹ͓͍ͯ΋ਖ਼͘͠ಈ࡞͢Δ͜ͱ͕࠷ ΋ॏཁͳϙΠϯτ

Slide 16

Slide 16 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ͭ΂͜΂ݴΘͣσϞ !16 w /FYVTͰϑΝΠϧΛμ΢ϯϩʔυ͢Δ
 ͦͷࡍ.15$1Λ༗ޮʹͨ͠৔߹ͱແޮʹͨ͠৔߹Ͱ ൺֱ

Slide 17

Slide 17 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ωΰγΤʔγϣϯ !17 w 5$1ΦϓγϣϯΛ༻͍ͯωΰγΤʔγϣϯΛߦ͏
 .1@$"1"#-&ͱ͍͏Φϓγϣϯ w ௨৴Λ։࢝͢Δଆ͕4:/ .1@$"1"#-&Λૹ৴ w ૬ख΋.15$1ʹରԠ͢Δ৔߹ɺ4:/ "$, .1@$"1"#-& Λૹ৴͢Δ͜ͱͰ૬ޓʹ.15$1ʹରԠ͍ͯ͠Δ͜ͱΛ֬ೝ ͢Δ w .15$1ಛ༗ͷΦϓγϣϯ͸"$, .1@$"1"#-&͓Αͼɺ 4:/ "$, .1@$"1"#-&ʹΑΓަ׵͢Δ

Slide 18

Slide 18 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ωΰγΤʔγϣϯ !18 SYN+MP_CAPABLE SYN+ACK, MP_CAPABLE ACK, MP_CAPABLE

Slide 19

Slide 19 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 5$1TVCqPX !19 w ύέοτΛ྆ํͷΠϯλϑΣΠε͔Βग़͚ͨͩ͠Ͱ͸ɺ .JEEMFCPYʹΑΓϒϩοΫ͞Εͯ͠·͏ w TVCqPX w TVCqPX͸௨ৗ5$1ετϦʔϜͱͯ͠ೝࣝ͞ΕΔ w .15$1ଆͰTVCqPXΛ૊ΈཱͯͭͷετϦʔϜʹ͢Δ w <ൃ৴ݩ*1ΞυϨε>ϙʔτ <Ѽઌ*1ΞυϨε>ϙʔτ
 ͍ͣΕ͔͕ҟͳΔ૊Έ߹ΘͤͰ͋Ε͹ผͷTVCqPXͱ͠ ͯѻ͏

Slide 20

Slide 20 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF .15$1 !20 SYN+Option SYN+ACK+Option ACK seq=100, “abc” seq=100, “def”

Slide 21

Slide 21 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 4FRVFODF !21 seq=100, “a” ack=101 seq=101, “b” ack=102 seq=104, “d” ack=105 seq=102, “c” ack=103

Slide 22

Slide 22 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF /"5͕͍ͨΒʁ !22 SYN+Option SYN+ACK+Option ACK seq=100, “abc” seq=100, “def” SYN, ACK͞Εͯͳ͍ͷͰɺ
 ਖ਼͍͠TCPετϦʔϜͰແ͍ͨΊϒϩοΫ͞ΕΔ

Slide 23

Slide 23 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 4FRVFODF XJUI.JEEMFCPY !23 seq=100, “a” ack=101 seq=101, “b” ack=102 ack=103 seq=104, “d” ack=105 BDLͷޙ͸ී௨TFR ͳͷͰTFR͸ϒϩοΫ͞ΕΔ ͜͜Ͱ%1* × seq=102, “c”

Slide 24

Slide 24 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 4VCqPXͰͷTFR !24 w ετϦʔϜͷ4FRΛͭ༻ҙͯ͠؅ཧ w .15$1ͷετϦʔϜͱͯ͠ͷ4FR %BUB4FR  w ֤4VCqPXͷTFR ී௨ͷ5$1ετϦʔϜͱͯ͠ͷ TFR  w ΞϓϦέʔγϣϯ͔Β͸
 %BUB4FR͕4FRͱͯ͠ݟ͑Δ

Slide 25

Slide 25 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF .15$14FRVFODF XJUI.JEEMFCPY !25 Dseq=0, seq=100, “a” Dack=1, ack=101 Dseq=1, seq=200, “b” Dack=1, ack=201 Dack=3,ack=102 Dseq=4, seq=202, “d” Dack=5,ack=203 ͜͜Ͱ%1* Dseq=2, seq=101, “c”

Slide 26

Slide 26 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ΞυϨε؅ཧ !26 w .15$1Ͱ͸ෳ਺ͷ*1ΞυϨεΛ
 ετϦʔϜͷऴ୺ϙΠϯτͱͯ͠ར༻Ͱ͖Δɻ w Ͳ͏΍ͬͯ൪໨Ҏ߱ͷΞυϨεΛ఻͑Δ͔ʁ w ΞυϨε͕มߋʹͳͬͨ৔߹Ͳ͏͢Δͷ͔ʁ w "%%@"%%3ͱ3&.07&@"%%3Λ༻͍ͯΞυϨεΛ఻ୡ w ΞυϨεΛΩʔʹ͢Δ͚ͩͰ͸/"5ʹରԠ͠ͳ͍ͷͰɺ JEͰ؅ཧ͢Δ

Slide 27

Slide 27 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ΞυϨεͷ௥Ճͱ࡟আ !27 SYN, MP_CAPABLE SYN+ACK, MP_CAPABLE ACK, MP_CAPABLE WiFi IP=192.0.2.23
 3G IP=2001:DB8:3::1/64 ADD_ADDR[2001:DB8:3::1, id=1] IP=198.51.100.12 IPv6=2001:DB8:12::1/64 SYN, MP_CAPABLE SYN+ACK, MP_CAPABLE ACK, MP_CAPABLE REMOVE_ADDR[id=0] 8J'J੾அ

Slide 28

Slide 28 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF .15$1ϑϩʔ੍ޚ !28 w ͦΕͧΕͷTVCqPXຖʹXJOEPXΛ࣋ͭͱEFBEMPDL ͷՄೳੑ w ྫTFR͸TVCqPX"͔Β͸#͔Βɻ"͸౸ୡ ੑ͕ແ͍ܦ࿏Ͱ#ͷड৴XJOEPX͕͍ͬͺ͍ͩͬ ͨ৔߹Λ࠶ૹͰ͖ͣPVU w ͦ͜Ͱ5$1TVCqPX͢΂ͯͰڞ༗͢ΔXJOEPXΛ࢖ ͏͜ͱͰEFBEMPDLΛ๷͙

Slide 29

Slide 29 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF Ϣʔεέʔεσʔληϯλʔ !29 w αʔόؒͷଳҬΛ֦ு͢Δํ๏ w -/*$ΛΞοϓάϨʔυ͢Δྫ (ˠ( w --"$1 BE &UIFS$IBOOFM w -7331 ৑௕Խ༻్  w -"$1ͳͲ͸."$ *1 5$1QPSUͰϋογϡͯ͠෼ࢄ
 ˠͭ·Γ5$1ηογϣϯ͸ͭͷΠϯλϑΣΠε

Slide 30

Slide 30 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF Ϣʔεέʔεσʔληϯλʔ !30 w .15$1ͷ৔߹ w ෳ਺ͷΠϯλϑΣΠεʹผʑͷωοτϫʔΫΞυ Ϩε w ࣗಈతʹTVCqPX͕௥Ճ͞Εɺߴ଎Խ͞ΕΔ

Slide 31

Slide 31 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF Ϣʔεέʔεσʔληϯλʔ !31 IUUQNVMUJQBUIUDQPSHQNXJLJQIQ O.BJO(CQT w ୆ͷαʔόΛຊͷ(CQTϦϯΫͰ઀ଓ w .15$1Λ༗ޮʹͯ͠OFUQFSGΛ࢖ͬͯଳҬଌఆ

Slide 32

Slide 32 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF Ϣʔεέʔεσʔληϯλʔ !32 IUUQNVMUJQBUIUDQPSHQNXJLJQIQ O.BJO(CQT w 5$1ετϦʔϜͰ(CJUTΛୡ੒ w IUUQXXXZPVUVCFDPNXBUDI W7.E1*$pL

Slide 33

Slide 33 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF Ϣʔεέʔε( 8J'J !33 w (ɾ8J'JΛ྆ํ౥ࡌͨ͠εϚʔτϑΥϯ w ྆ํͷωοτϫʔΫΛ׆༻͢Δ͜ͱͰ΋ͬͱշదʹ w 8J'J (ͷϋϯυΦʔόʔͰ΋5$1ηογϣϯ͕੾Ε ͳ͍ w ෳ਺ͷ(ճઢΛଋͶΔ͜ͱͰߴ଎ͳ5$1ηογϣϯ

Slide 34

Slide 34 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF (8J'JϕϯνϚʔΫ !34 $3BJDJV FUBM)PXIBSEDBOJUCF EFTJHOJOHBOEJNQMFNFOUJOHBEFQMPZBCMFNVMUJQBUI 5$1 ʡ/4%*1SPDFFEJOHTPGUIFUI64&/*9DPOGFSFODFPO/FUXPSLFE4ZTUFNT%FTJHO BOE*NQMFNFOUBUJPO  MPTCP&over&WiFi/3G& 8Mbps,&20ms& 2Mbps,&150ms&

Slide 35

Slide 35 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF (8J'JϕϯνϚʔΫ !35 $3BJDJV FUBM)PXIBSEDBOJUCF EFTJHOJOHBOEJNQMFNFOUJOHBEFQMPZBCMFNVMUJQBUI 5$1 ʡ/4%*1SPDFFEJOHTPGUIFUI64&/*9DPOGFSFODFPO/FUXPSLFE4ZTUFNT%FTJHO BOE*NQMFNFOUBUJPO  MPTCP&over&WiFi/3G&

Slide 36

Slide 36 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF (8J'JϕϯνϚʔΫ !36 $3BJDJV FUBM)PXIBSEDBOJUCF EFTJHOJOHBOEJNQMFNFOUJOHBEFQMPZBCMFNVMUJQBUI 5$1 ʡ/4%*1SPDFFEJOHTPGUIFUI64&/*9DPOGFSFODFPO/FUXPSLFE4ZTUFNT%FTJHO BOE*NQMFNFOUBUJPO  MPTCP&over&WiFi/3G&

Slide 37

Slide 37 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 4JSJ !37 w J04͔Β.15$1͕αϙʔτ͞Εͨ w 4JSJͰ.15$1͕࢖ΘΕ͍ͯΔ͜ͱ͕֬ೝ͞Εͨ<> w σϑΥϧτ5$1ΦϓγϣϯͰ͸༗ޮʹ͞Ε͍ͯͳ͍ w 8J'J0Oͳͷʹউखʹ(ʹύέοτ͕ɾɾɾ
 ͱ͍͏ࣄଶ͸ى͜Βͳ͍ w 8JSFTIBSL͔ͭͬͯ$BQUVSF <>IUUQQFSTPVDMPVWBJOCFPMJWJFSCPOBWFOUVSFCMPHIUNMNQUDQIUNM

Slide 38

Slide 38 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 4JSJ !38 w J1IPOFTͰ4JSJʹఱؾ΍8JLJQFEJBݕࡧͳͲΛͤ͞Δ w ·ͣ.15$1͕༗ޮʹͳ͍ͬͯΔ͔֬ೝ w ͦͷ࠷தʹ8J'JΛ0O0GG͢Δ͜ͱͰ.15$1ʹΑΓ5$1 ετϦʔϜ͕੾அ͞ΕΔ͜ͱ͕ແ͍͜ͱΛ֬ೝ͢Δ w 8JSFTIBSLͰ͸UDQPQUJPOTNQUDQqBHTͰ.15$1ͷ ύέοτΛpMUFSग़དྷΔ

Slide 39

Slide 39 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 4JSJ !39 w UDQPQUJPOTNQUDQqBHT w ϋϯυΦʔόʔ w 8J'Jˠ(   w (ˠ8J'J  

Slide 40

Slide 40 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF ͔ͭͬͯΈΑ͏ !40 w -JOVYͱ'SFF#4%༻ʹΧʔωϧ࣮૷͕͋Γ·͢ w "OESPJEಈ͍ͯ·͢ w J04ʹؔͯ͠͸)JEEFO"1*Λݟ͚ͭΕ͹࢖͑Δͱࢥ͍·͢ ͕ɺ·ͩࢼͯ͠·ͤΜ w *&5'ͷ$IBJS͸೔ຊਓʂ w ·ͩ·͓ͩ༡ͼஈ֊͚ͩͲ
 طʹϩʔϧΞ΢τͯ͠ΔϓϩτίϧͳͷͰɺΈΜͳͰ༡ͼ· ͠ΐ͏

Slide 41

Slide 41 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF .15$1ʹ͍ͭͯ΋ͬͱৄ͘͠ !41 w ϓϩτίϧ
 IUUQQUPPMTJFUGPSHXHNQUDQ w ࣮૷ w -JOVYIUUQXXXNVMUJQBUIUDQPSH w 'SFF#4%IUUQDBJBTXJOFEVBVVSQOFXUDQNQUDQ w .JEEMFCPY w )PX)BSE$BO*U#F %FTJHOJOHBOE*NQMFNFOUJOHB%FQMPZBCMF.VMUJQBUI5$1 $PTUJO3BJDJV $ISJTUPQI 1BBTDI 4FCBTUJFO#BSSF "MBO'PSE .JDIJP)POEB 'BCJFO%VDIFOF 0MJWJFS#POBWFOUVSFBOE.BSL )BOEMFZ 64&/*9/FUXPSLFE4ZTUFNT%FTJHOBOE*NQMFNFOUBUJPO /4%* "QSJM 4BO+PTF 64" w *TJU4UJMM1PTTJCMFUP&YUFOE5$1  .JDIJP)POEB :PTIJGVNJ/JTIJEB $PTUJO3BJDJV "EBN(SFFOIBMHI .BSL )BOEMFZBOE)JEFZVLJ5PLVEB "$.*OUFSOFU.FBTVSFNFOU$POGFSFODF *.$ /PWFNCFS QQ  #FSMJO (FSNBOZ w Ϣʔεέʔε w $PTUJO3BJDJV 4FCBTUJFO#BSSF $ISJTUPQIFS1MVOULF "EBN(SFFOIBMHI %BNPO8JTDIJL BOE.BSL)BOEMFZ *NQSPWJOHEBUBDFOUFSQFSGPSNBODFBOESPCVTUOFTTXJUINVMUJQBUI5$1*O1SPDFFEJOHTPGUIF"$.4*($0.. DPOGFSFODF 4*($0..ʟ  w $ISJTUPQI1BBTDI (SFHPSZ%FUBM 'BCJFO%VDIFOF $PTUJO3BJDJV BOE0MJWJFS#POBWFOUVSF&YQMPSJOH NPCJMF8J'JIBOEPWFSXJUINVMUJQBUI5$1*O1SPDFFEJOHTPGUIF"$.4*($0..XPSLTIPQPO$FMMVMBS OFUXPSLTPQFSBUJPOT DIBMMFOHFT BOEGVUVSFEFTJHO $FMM/FU 

Slide 42

Slide 42 text

5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF 2VFTUJPO $PNNFOUT 0CKFDUJPOT  IJSP!XPSH IUUQXXXXPSH1FPQMF)JSP !OVOOVO !42