| RFC 9897 | Multipath DCCP | January 2026 |
| Amend, et al. | Standards Track | [Page] |
Datagram Congestion Control Protocol (DCCP) communications, as defined in RFC 4340, are inherently restricted to a single path per connection, despite the availability of multiple network paths between peers. The ability to utilize multiple paths simultaneously for a DCCP session can enhance network resource utilization, improve throughput, and increase resilience to network failures, ultimately enhancing the user experience.¶
Use cases for Multipath DCCP (MP-DCCP) include mobile devices (e.g., handsets and vehicles) and residential home gateways that maintain simultaneous connections to distinct network types such as cellular and Wireless Local Area Networks (WLANs) or cellular and fixed access networks. Compared to existing multipath transport protocols, such as Multipath TCP (MPTCP), MP-DCCP is particularly suited for latency-sensitive applications with varying requirements for reliability and in-order delivery.¶
This document specifies a set of protocol extensions to DCCP that enable multipath operations. These extensions maintain the same service model as DCCP while introducing mechanisms to establish and utilize multiple concurrent DCCP flows across different network paths.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttps://www.rfc-editor.org/info/rfc9897.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Datagram Congestion Control Protocol (DCCP)[RFC4340] is a transport protocol that provides bidirectional unicast connections of congestion-controlled unreliable datagrams. DCCP communications are restricted to one single path. Other fundamentals of the DCCP protocol are summarized inSection 1 of [RFC4340] such as the reliable handshake process inSection 4.7 of [RFC4340] and the reliable negotiation of features inSection 4.5 of [RFC4340]. These are an important basis for this document. These fundamentals also apply to the DCCP sequencing scheme, which is packet-based (Section 4.2 of [RFC4340]), and the principles for loss and retransmission of features as described in more detail inSection 6.6.3 of [RFC4340]. This document specifies a set of protocol changes that add multipath support to DCCP, specifically support for signaling and setting up multiple paths (a.k.a., "subflows"), managing these subflows, the reordering of data, and the termination of sessions.¶
Multipath DCCP (MP-DCCP) enables a DCCP connection to simultaneously establish a flow across multiple paths. This can be beneficial to applications that transferlarge amounts of data, by utilizing the capacity/connectivity offered by multiple paths. In addition, the multipath extensions enable the trade-off of timeliness and reliability, which is important for low-latency applications that do not require guaranteed delivery services such as Audio/Video streaming.¶
In addition to the integration into DCCP services, implementers or future specifications could choose MP-DCCP for other use cases such as3GPP 5G multi-access solutions (e.g., Access Traffic Steering, Switching, and Splitting (ATSSS) specified in[TS23.501]) or hybrid access networks. ATSSS combines 3GPP and non-3GPP access between the user equipment and an operator network, while hybrid access combines fixed and cellular access between a residential gateway and an operator network. MP-DCCP can be used in these scenarios for load balancing, seamless session handover, and bandwidth aggregation when non-DCCP traffic such as IP, UDP, or TCP is encapsulated into MP-DCCP. More details on potential use cases for MP-DCCP are provided in[MP-DCCP.Site],[IETF105.Slides], and[MP-DCCP.Paper].All of these use cases profit from an Open Source Linux reference implementation provided under[MP-DCCP.Site].¶
The encapsulation of non-DCCP traffic (e.g., UDP or IP) in MP-DCCP to enable the above-mentioned use cases is not considered in this specification.Also out of scope is the encapsulation of DCCP traffic in UDP to pass middleboxes (e.g., NATs, firewalls, proxies, intrusion detection systems (IDSs), etc.) that do not support DCCP. However, a possible method is defined in[RFC6773] and considered in[U-DCCP] to achieve the same with less overhead.¶
MP-DCCP is based exclusively on the lean concept of DCCP. For traffic that is already encrypted or does not need encryption, MP-DCCP is an efficient choice as it does not apply its own encryption mechanisms. Also, the procedures defined by MP-DCCP, which allow subsequent reordering of traffic and efficient traffic scheduling, improve performance, as shown in[MP-DCCP.Paper], and take into account the interaction of the protocol with the further elements required for multipath transport.¶
MP-DCCP provides a set of features to DCCP;Figure 1 illustrates this layering. MP-DCCP isdesigned to be used by applications in the same way as DCCP with nochanges to the application itself.¶
+-------------------------------+ | Application |+---------------+ +-------------------------------+| Application | | MP-DCCP |+---------------+ + - - - - - - - + - - - - - - - +| DCCP | |Subflow (DCCP) |Subflow (DCCP) |+---------------+ +-------------------------------+| IP | | IP | IP |+---------------+ +-------------------------------+
A command-line interface (CLI) at the endpoint (or another method) could be used to configure and manage the DCCP connections. This could be extended to also support MP-DCCP, but this specification does not define it.¶
This document uses terms that are either specific for multipath transport as defined in[RFC8684] or defined in the context of MP-DCCP, as follows:¶
A sequence of links between a sender and a receiver, defined in this context by a 4-tuple of the source and destination address and the source and destination ports. This definition follows[RFC8684] and is illustrated in the following two examples for IPv6 and IPv4, which each show a pair of sender IP-address:port and a pair of receiver IP-address:port, which together form the 4-tuple:¶
In addition to these terms, within the framework of MP-DCCP, the interpretation of, and effect on, regular single-path DCCP semantics is discussed inSection 3.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14[RFC2119][RFC8174] when, and only when, they appear in all capitals, as shown here.¶
DCCP transmits congestion-controlled unreliable datagrams over a single path.Various congestion control mechanisms have been specified to optimizeDCCP performance for specific traffic types in terms of profiles denotedby a Congestion Control IDentifier (CCID).However, DCCP does not provide built-insupport for managing multiple subflows within one DCCP connection. Theextension of DCCP for Multipath DCCP (MP-DCCP) is described in detailinSection 3.¶
At a high level of MP-DCCP operation, the datastream from a DCCP application is splitby the MP-DCCP operation into one or more subflows that can betransmitted via different paths, for example, using paths via different links.The corresponding control information allows the receiver to optionallyreassemble and deliver the received data in the originally transmitted order to therecipient application. This may be necessary because DCCP does not guarantee in-order delivery.The details of the transmission scheduling mechanism andoptional reordering mechanism are up to the sender and receiver, respectively,and are outside the scope of this document.¶
An MP-DCCP connection provides a bidirectional connection of datagramsbetween two hosts exchanging data using DCCP. It does not requireany change to the applications. MP-DCCP enables thehosts to use multiple paths with different 4-tuples to transportthe packets of an MP-DCCP connection. MP-DCCP manages the request,set-up, authentication, prioritization, modification, and removal ofthe DCCP subflows on different paths as well as the exchange of performance parameters.¶
The number of DCCP subflows can vary during the lifetime of an MP-DCCP connection. The details of the path management decisions forwhen to add or remove subflows are outside the scope of this document.¶
The multipath capability for MP-DCCP is negotiated with a new DCCP feature, as specified inSection 3.1. Once negotiated, all subsequent MP-DCCP operations for that connection are signaled with a variable length multipath-related option, as described inSection 3.All MP-DCCP operations are signaled by Multipath Options described inSection 3.2. Options that require confirmation from the remote peer are retransmitted by the sender until confirmed or until confirmation is no longer considered relevant.¶
The sections that follow define MP-DCCP behavior in detail.¶
Figure 2 provides a general overview of the MP-DCCP working mode, whose main characteristics are summarized in this section.¶
Host A Host B------------------------ ------------------------Address A1 Address A2 Address B1 Address B2---------- ---------- ---------- ---------- | | | | | (DCCP subflow setup) | | |----------------------------------->| | |<-----------------------------------| | | | | | | | (DCCP subflow setup)| | | |--------------------->| | | |<---------------------| | | merge individual DCCP subflows to one MP-DCCP connection | | | |
An MP-DCCP connection begins with a 4-way handshake between two hosts. InFigure 2,an MP-DCCP connection is established between addresses A1 and B1 on HostsA and B. In the handshake, a Multipath Capable Feature is used to negotiate multipath support for the connection. Host-specific keys are also exchanged between Host A and Host B during the handshake. The details of the MP-DCCP handshake procedure is described inSection 3.3. MP-DCCP does not require both peers to have more than one address.¶
When additional paths and corresponding addresses/ports are available, additional DCCP subflows can be created on these paths and attached to the existing MP-DCCP connection. An MP_JOIN option is used to connect a new DCCP subflow to an existing MP-DCCP connection. It contains a Connection Identifier (CI) during the setup of the initial subflow and is exchanged in the 4-way handshake for the subflow together with the Multipath Capable Feature. The example inFigure 2 illustrates the creation of an additional DCCP subflow between Address A2 on Host A and Address B1 on Host B. The two subflowscontinue to provide a single connection to the applications at bothendpoints.¶
MP-DCCP identifies multiple paths by the presence of multipleaddresses/ports at hosts. Combinations of these multiple addresses/portsindicate the additional paths. In the example, other potentialpaths that could be set up are A1<->B2 and A2<->B2. Although theadditional subflow in the example is shown as being initiated from A2, an additional subflow couldalternatively have been initiated from B1 or B2.¶
The discovery and setup of additional subflows is achievedthrough a path management method including the logic and details of the procedures for adding/removing subflows.This document describes the procedures that enable a host to initiate new subflows or to signal available IP addresses between peers. However, the definition of a path management method, in which sequence and when subflows are created, is outside the scope of this document. This method is subject to a corresponding policy and the specifics of the implementation. If an MP-DCCP peer host wishes to limit the maximum number of paths that can be maintained (e.g., similar to that discussed inSection 3.4 of [RFC8041]), the creation of new subflows from that peer host is omitted when the threshold of maximum paths is exceeded and incoming subflow requestsMUST be rejected.¶
Through the use of Multipath Options, MP-DCCP adds connection-level sequence numbers and the exchange ofRound-Trip Time (RTT) information to enable optional reordering features. As a hint for scheduling decisions, a Multipath Option that allows a peer to indicate its priorities for which path to use is also defined.¶
Subflows are terminated in the same way as regular DCCP connections, as describedinSection 8.3 of [RFC4340]. MP-DCCP connections are closed by including an MP_CLOSE option in subflow DCCP-CloseReq or DCCP-Close messages. An MP-DCCP connection may also be reset through the use of an MP_FAST_CLOSE option. Key Data from the initial handshake is included in MP_CLOSE and MP_FAST_CLOSE to protect from an unauthorized shutdown of MP-DCCP connections.¶
The DCCP protocol feature list (Section 6.4 of [RFC4340]) isextended in this document by adding a new Multipath Feature with Feature Number 10, asshown inTable 1.¶
| Number | Meaning | Rec'n Rule | Initial Value | Req'd |
|---|---|---|---|---|
| 10 | Multipath Capable | SP | 0 | N |
The reconciliation rule used for the feature. SP indicates the server-priority as defined inSection 6.3 of [RFC4340].¶
The initial value for the feature. Every feature has a known initial value.¶
This column is "Y" if and only if every DCCP implementationMUSTunderstand the feature. If it is "N", then the feature behaves like an extension, and it is safe to respond to Change options for the featurewith empty Confirm options.¶
This specification adds a DCCP protocol option as defined inSection 5.8 of [RFC4340], providinga new multipath-related variable-length option with option type 46, asshown inTable 2.¶
| Type | Option Length | Meaning | DCCP-Data? |
|---|---|---|---|
| 46 | variable | Multipath | Y |
A DCCP endpoint negotiates the Multipath Capable Feature to determine whether multipath extensions can be enabled for a DCCP connection.¶
The Multipath Capable Feature (MP_CAPABLE) has Feature Number 10 and follows the structure for features given inSection 6 of [RFC4340]. Beside the negotiation of the feature itself, one or several values can also be exchanged. The value field specified here for the Multipath Capable Feature has a Length of one byte and can be repeated several times within the DCCP option for feature negotiation. This can be, for example, required to announce support of different versions of the protocol. For that, the leftmost four bits inFigure 3 specify the compatible version of theMP-DCCP implementation andMUST be set to 0 following this specification. The four bits following the Version field are unassigned in version 0 andMUST be set to zero by the sender andMUST be ignored by the receiver.¶
0 1 2 3 4 5 6 7+-----------+------------+| Version | Unassigned |+-----------+------------+
The setting of the Multipath Capable FeatureMUST follow the server-priority reconciliation rule describedinSection 6.3.1 of [RFC4340]. This allows multiple versions to bespecified in order of priority.¶
The negotiationMUST be a part of the initial handshake procedure described inSection 3.3. No subsequent renegotiation ofthe Multipath Capable Feature is allowed for the same MP-DCCP connection.¶
ClientsMUST include a Change R option (Section 6 of [RFC4340]) during the initial handshake request tosupply a list of supported MP-DCCP protocol versions, ordered by preference.¶
ServersMUST include a Confirm L option (Section 6 of [RFC4340]) in the subsequent response to agree onan MP-DCCP version to be used from the Client list, followed by its ownsupported version(s), ordered by preference. Any subflow added to an existing MP-DCCP connectionMUST use theversion negotiated for the first subflow.¶
If no agreement is found, the ServerMUST reply with an empty Confirm L optionwith Feature Number 10 and no values.¶
An example of successful version negotiation is shown hereafter and follows the negotiation example shown inSection 6.5 of [RFC4340]. For better understanding, this example uses the unspecified MP-DCCP versions 1 and 2 in addition to the MP-DCCP version 0 specified in this document:¶
Client Server------ ------DCCP-Req + Change R(MP_CAPABLE, 1 0) -----------------------------------> DCCP-Resp + Confirm L(MP_CAPABLE, 1, 2 1 0) <----------------------------------- * agreement on version = 1 *
This example illustrates the following:¶
The Client indicates support for both MP-DCCP versions 1 and 0, with a preference for version 1.¶
The Server agrees on using MP-DCCP version 1 indicated by the first value and supplies its own preference list with the subsequent values.¶
MP-DCCP is then enabled between the Client and Server with version 1.¶
Unlike the example inFigure 4, this document only allows thenegotiation of MP-DCCP version 0. Therefore, per successfulnegotiation of MP-DCCP as defined in this document, the Clientand the ServerMUST both support MP-DCCP version 0.¶
If the version negotiation fails or the Multipath Capable Feature is not present in the DCCP-Request or DCCP-Response packets of the initial handshake procedure, the MP-DCCP connection eitherMUST fall back to regular DCCP orMUST close the connection. Further details are specified inSection 3.6.¶
MP-DCCP uses one single option to signal various multipath-related operations. The format of this Multipath Option is shown inFigure 5.¶
1 2 3 01234567 89012345 67890123 45678901 23456789+--------+--------+--------+--------+--------+|00101110| Length | MP_OPT | Value(s) ...+--------+--------+--------+--------+--------+ Type=46
The fields used by the Multipath Option are described inTable 3. MP_OPT refers to a Multipath Option.¶
| Type | Option Length | MP_OPT | Meaning |
|---|---|---|---|
| 46 | var | 0 =MP_CONFIRM | Confirm reception and processing of an MP_OPT option |
| 46 | 12 | 1 =MP_JOIN | Join subflow to an existing MP-DCCP connection |
| 46 | var | 2 =MP_FAST_CLOSE | Close an MP-DCCP connection unconditionally |
| 46 | var | 3 =MP_KEY | Exchange key material for MP_HMAC |
| 46 | 9 | 4 =MP_SEQ | Multipath sequence number |
| 46 | 23 | 5 =MP_HMAC | Hash-based message authentication code for MP-DCCP |
| 46 | 12 | 6 =MP_RTT | Transmit RTT values and calculation parameters |
| 46 | var | 7 =MP_ADDADDR | Advertise one or more additional addresses/ports |
| 46 | 8 | 8 =MP_REMOVEADDR | Remove one or more addresses/ports |
| 46 | 4 | 9 =MP_PRIO | Change subflow priority |
| 46 | var | 10 =MP_CLOSE | Close an MP-DCCP connection |
| 46 | var | 11 =MP_EXP | Experimental option for private use |
| 46 | TBD | >11 | (available for future Multipath Options) |
Future Multipath Options could be defined in a later version of or extension to this specification.¶
These operations are largely inspired by the signals defined in[RFC8684]. The procedures for handling faulty or unknown Multipath Options are described inSection 3.6.¶
Some Multipath Options require confirmation from the remote peer (seeTable 4) for which MP_CONFIRM is specified.¶
1 2 3 4 5 01234567 89012345 67890123 45678901 23456789 01234567 89012345+--------+--------+--------+--------+--------+--------+--------+|00101110| var |00000000| List of confirmations ...+--------+--------+--------+--------+--------+--------+--------+ Type=46 Length MP_OPT=0
Multipath Options that require confirmation will be retransmitted by the sender until an MP_CONFIRM is received or the confirmation of options is considered irrelevant because the data contained in the options has already been replaced by newer information.¶
This can happen, for example, with an MP_PRIO option if the path prioritizationis changed while the previous prioritization has not yet been confirmed. The further processingof the Multipath Options in the receiving host is not the subject of MP_CONFIRM.¶
Multipath Options could arrive out of order; therefore, Multipath Options defined inTable 4MUST be sent in a DCCP datagram with MP_SEQ (seeSection 3.2.5). This allows a receiver to identify whetherMultipath Options are associated with obsolete datasets (information carried in the option header) that would otherwise conflict with newer datasets. In the case of MP_ADDADDR or MP_REMOVEADDR, the same dataset is identified based on AddressID, whereas the same dataset for MP_PRIO is identified by the subflow in use. An outdatedmultipath Option is detected at the receiver if a previous Multipath Option referring to the same dataset contained a higher sequence numberin the MP_SEQ. An MP_CONFIRMMAY be generated for Multipath Options that are identified as outdated.¶
Similarly, an MP_CONFIRM could arrive out of order. The associatedMP_SEQ receivedMUST be echoed to ensure that the most recent Multipath Option is confirmed. This protects from inconsistencies that could occur, e.g., if three MP_PRIO options are sent one afterthe other on one path in order to first set the path priority to 0, then to 1, and finally to 0 again. Without an associatedMP_SEQ, a loss of the third MP_PRIO option and a loss of the MP_CONFIRM of the second update and the third update wouldcause the sender to incorrectly interpret that the priority value was set to 0 without recognizing that the receiver has appliedpriority value 1.¶
The length of the MP_CONFIRM option and the path over which the option is sent depend on the confirmed Multipath Options and the receivedMP_SEQ, which are both copied verbatim and appended as a list of confirmations. The list is structured by first listing the receivedMP_SEQ followed by the related Multipath Option or options to confirm. The same rules apply when Multipath Options with different MP_SEQs are confirmed at once.This could happen if the following are received in short succession: a datagram with MP_PRIO and a first MP_SEQ_1 and another datagram with MP_ADDADDR and a second MP_SEQ_2. In this case, the structure described above is concatenated resulting in MP_SEQ_2 + MP_ADDADDR + MP_SEQ_1 + MP_PRIO.The order of the confirmed Multipath Options in the list of confirmationsMUST reflect the incoming order at the host who sends the MP_CONFIRM, with the mostrecent suboption received listed first. This could allow the host receiving the MP_CONFIRM to verify that the options were applied in the correct orderand to take countermeasures if they were not, e.g., if an MP_REMOVEADDR overtakes an MP_ADDADDR that refers to the same dataset.¶
| Type | Option Length | MP_OPT | MP_CONFIRM Sending Path |
|---|---|---|---|
| 46 | var | 7 =MP_ADDADDR | Any available |
| 46 | 4 | 8 =MP_REMOVEADDR | Any available |
| 46 | 4 | 9 =MP_PRIO | Any available |
An example to illustrate the MP-DCCP confirm procedure for the MP_PRIO option is shown inFigure 7. Host A sends a DCCP-Request on path A2-B2 with an MP_PRIO option with value 1 and an associated sequence number of 1. Host B replies on the same path in this instance (any path can be used) with a DCCP-Response containing the MP_CONFIRM option and a list containing the original sequence number (1) together with the associated option (MP_PRIO).¶
Host A Host B------------------------ ------------------------Address A1 Address A2 Address B1 Address B2---------- ---------- ---------- ---------- | | | | | | DCCP-Request(seqno 1) + MP_PRIO(1)| | | |------------------------------------------>| | | | | | | DCCP-Response + | | | |<---- MP_CONFIRM(seqno 1, MP_PRIO) --------| | | | |
A second example that illustrates the same MP-DCCP confirm procedure but where an out-of-date option is also delivered is shown inFigure 8.Here, the first DCCP-Data is sent from Host A to Host B with option MP_PRIO set to 4. Host A subsequently sends the second DCCP-Data with option MP_PRIOset to 1. In this case, the delivery of the first MP_PRIO is delayed in the network between Host A and Host B and arrives after the second MP_PRIO. Host Bignores this second MP_PRIO as the associated sequence number is earlier than the first. Host B sends a DCCP-Ack with sequence number 2 to confirm the receipt of the MP_PRIO(1).¶
Host A Host B------------------------ ------------------------Address A1 Address A2 Address B1 Address B2---------- ---------- ---------- ---------- | | | | | | DCCP-Data(seqno 1) + MP_PRIO(4) | | | |------------ | | | | \ | | | | DCCP-Data(seqno 2) + MP_PRIO(1) | | | |--------------\--------------------------->| | | \ | | | | -------------------------->| | | | | | | DCCP-Ack + | | | |<---- MP_CONFIRM(seqno 2, MP_PRIO) --------| | | | |
The MP_JOIN option is used to add a new subflow to an existing MP-DCCPconnection, and a successful establishment of the first subflow using MP_KEY isREQUIRED.¶
1 2 3 01234567 89012345 67890123 45678901+--------+--------+--------+--------+|00101110|00001100|00000001| Addr ID|+--------+--------+--------+--------+| Connection Identifier |+--------+--------+--------+--------+| Nonce |+--------+--------+--------+--------+ Type=46 Length=12 MP_OPT=1
The CI is the one from the peer host,which was previously exchanged with the MP_KEY option.MP_HMACMUST be set when using MP_JOIN within a DCCP-Response packet; seeSection 3.2.6 for details. Similar to the setup of the first subflow, MP_JOIN also exchanges the Multipath Capable Feature MP_CAPABLE as described inSection 3.1. This procedure includes the DCCP Confirm principle and thus ensures a reliable exchange of the MP_JOIN in accordance withSection 6.6.4 of [RFC4340].¶
The MP_JOIN option includes an "Addr ID" (Address ID) generated by the sender of the option, which is used to identify the sourceaddress of this packet, even if the IP header was changed intransit by a middlebox. The value of this field is generatedby the sender andMUST map uniquely to a source IP address for thesending host. The Address ID allows address removal (Section 3.2.9)without the need to know the source address at the receiver,thus allowing address removal through NATs. The Address ID alsoallows correlation between new subflow setup attempts and addresssignaling (Section 3.2.8), to prevent setting up duplicate subflowson the same path, if an MP_JOIN and MP_ADDADDR are sent at the sametime.¶
The Address IDs of the subflow used in the initial DCCP Request/Response exchange ofthe first subflow in the connection are implicit and have the valuezero. A hostMUST store the mappings between Address IDs andaddresses for both itself and the remote host. An implementationwill also need to know which local and remote Address IDs areassociated with which established subflows for when addresses areremoved from a local or remote host. An Address IDMUST always be uniqueover the lifetime of a subflow and can only be reassigned if sender andreceiver no longer have them in use.¶
The Nonce is a 32-bit random value locally generated for every MP_JOIN option.Together with the derived key from both hosts' Key Data (as described inSection 3.2.4), the Nonce value builds the basis to calculate the Hash-based Message Authentication Code (HMAC) used in the handshake process (as described inSection 3.3) to avoid replay attacks.¶
If the CI cannot be verified by the receiving host during a handshake negotiation, the new subflowMUST be closed, as specified inSection 3.6.¶
DCCP can send a Close or Reset signal to abruptly close aconnection. Using MP-DCCP, a regular Close or Reset only has the scope of thesubflow over which a signal was received. As such, it will only close the subflow and does notaffect other remaining subflows or the MP-DCCP connection (unless it is the lastsubflow).This permits break-before-make handover betweensubflows.¶
In order to provide an MP-DCCP-level"reset" and thus allow the abrupt closure of the MP-DCCP connection, the MP_FAST_CLOSE suboption can be used.¶
1 2 3 01234567 89012345 67890123 45678901 23456789+--------+--------+--------+--------+--------+|00101110| var |00000010| Key Data ...+--------+--------+--------+--------+--------+ Type=46 Length MP_OPT=2
When Host A wants to abruptly close an MP-DCCP connection with Host B, it will send out the MP_FAST_CLOSE. The MP_FAST_CLOSE suboptionMUST be sent from Host A on all subflows using a DCCP-Reset packet with Reset Code 13. The requirement to send the MP_FAST_CLOSE on all subflows increases the probability that Host B will receive the MP_FAST_CLOSE to take the same action. To protect from an unauthorized shutdown of an MP-DCCP connection, the selected Key Data of the peer host during the handshake procedure is carried by the MP_FAST_CLOSE option.¶
After sending the MP_FAST_CLOSE on all subflows, Host AMUST tear down all subflows, and the MP-DCCP connection immediately terminates.¶
Upon reception of the first MP_FAST_CLOSE with successfully validated Key Data, Host B will send a DCCP-Reset packet response on all subflows to Host A with Reset Code 13 to clean potential middlebox states. Host BMUST then tear down all subflows and terminate the MP-DCCP connection.¶
MP-DCCP protects against some on-path attacker as further outlined inSection 4. The basis of this protection is laid by an initial exchange of keys during the MP-DCCP connection setup, for which MP_KEY is introduced. The basis of this protection is laid by an initial exchange of keys during the MP-DCCP connection setup, for which MP_KEY is introduced.¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+---------------+---------------+---------------+---------------+|0 0 1 0 1 1 1 0| var |0 0 0 0 0 0 1 1| resvd |+---------------+---------------+---------------+---------------+| Connection Identifier |+---------------+---------------+---------------+---------------+| Key Type (1) | Key Data (1) | Key Type (2) | Key Data (2) |+---------------+---------------+---------------+---------------+| Key Type (3) | ...+---------------+---------------+ Type=46 Length MP_OPT=3
The MP_KEY suboption is used to exchange a CI and key material betweenhosts (Host A and Host B) for a given connection.The CI is a unique number in the host for each multipath connection and is generated for inclusion in the first exchange of a connection with MP_KEY. With the CI, it is possible to connect other DCCP subflows to an MP-DCCP connection with MP_JOIN (Section 3.2.2). Its size of 32 bits also defines the maximum number of simultaneous MP-DCCP connections in a host to 232.According to the Key-related elements of the MP_KEY suboption, the Length varies between 17 and 73 bytes for a single-key message and up to82 bytes when all specified Key Types 0 and 255 are provided. The Key Type field specifies the type of the following Key Data. The set of Key Types are shown inTable 5.¶
| Key Type | Key Length (bytes) | Meaning |
|---|---|---|
| 0 =Plain Text | 8 | Plain text Key |
| 1-254 | (available for future Key Types) | |
| 255 =Experimental | 64 | For private use only |
Key Data is exchanged in plain text between hosts (Host A and Host B), and the respective key parts (KeyA and KeyB) are used by each host to generate the derived key (d-key) by concatenating the two parts with the local key in front. That is,¶
This Key Type allows the use of other Key Data and can be used to validate other key exchange mechanisms for a possible future specification.¶
Multiple keys are only permitted in the DCCP-Request messageof the handshake procedure for the first subflow. This allows the hosts to agreeon a single Key Type to be used, as described inSection 3.3¶
It is possible that not all hosts will support all Key Types, and this specification does notrecommend or enforce the announcement of any particular Key Type within the MP_KEY option as this could have securityimplications. However, at least Key Type 0 (Plain Text)MUST be supported for interoperability testsin implementations of MP-DCCP. If the Key Type cannot be agreed in the handshake procedure, the MP-DCCP connectionMUST fall back to not using MP-DCCP, as indicated inSection 3.6.¶
DCCP[RFC4340] defines a packet sequencing scheme that continues to apply to the individual DCCP subflows within an MP-DCCP connection. However, for the operation of MP-DCPP, the order of packets within an MP-DCCP connectionMUST be known before assigning packets to subflows to apply the received Multipath Options in the correct order or to recognize whether delayed Multipath Options are obsolete. Therefore, MP_SEQ is introduced and can also be used to reorder data packets on the receiver side.¶
1 2 3 4 5 01234567 89012345 67890123 45678901 23456789 01234567 89012345+--------+--------+--------+--------+--------+--------+--------+|00101110|00001001|00000100| Multipath Sequence Number+--------+--------+--------+--------+--------+--------+--------+ |+--------+--------+ Type=46 Length=9 MP_OPT=4
The MP_SEQ suboption is used for end-to-end 48-bit datagram-based sequencenumbers of an MP-DCCP connection. The initial data sequencenumber (IDSN)SHOULD be set randomly[RFC4086]. As with the standard DCCPsequence number, the data sequence number should not start at zero but ata random value to make blind session hijacking more difficult; see alsoSection 7.2 of [RFC4340].¶
The MP_SEQ number space isindependent of the path individual sequence number space andMUST besent with all DCCP-Data and DCCP-DataACK packets.¶
When the sequence number space is exhausted, the sequence numberMUSTbe wrapped.[RFC7323] provides guidance on selecting an appropriatelysized sequence number space according to the Maximum Segment Lifetime (MSL) ofTCP. 64 bits is the recommended size for TCP to avoid the sequence numberspace going through within the segment lifetime. For DCCP, the MSL is the same as that of TCP as specified inSection 3.4 of [RFC4340].Compared to TCP, the sequence number for DCCP is incrementedper packet rather than per byte transmitted. For this reason, the 48 bitschosen in MP_SEQ are considered sufficiently large per the currentglobally routable maximum packet size (MPS) of 1500 bytes, which corresponds toroughly 375 pebibytes (PiBs) of data within the sequence number space.¶
MP-DCCP protects against some on-path attacker as further outlined inSection 4. Once an MP-DCCP connection has been established, the MP_HMAC option introduced here provides further protection based on the key material exchanged with MP_KEY when the connection is established.¶
1 2 3 4 01234567 89012345 67890123 45678901 23456789 01234567+--------+--------+--------+--------+--------+--------+|00101110|00010111|00000101| HMAC-SHA256 (20 bytes) ...+--------+--------+--------+--------+--------+--------+ Type=46 Length=23 MP_OPT=5
The MP_HMAC suboption is used to provide authentication for the MP_ADDADDR and MP_REMOVEADDR suboptions. In addition, it providesauthentication for subflows joining an existing MP_DCCP connection,as described in the second and third step of the handshake of asubsequent subflow inSection 3.3. For this specification of MP-DCCP,the HMAC code is generated according to[RFC2104] in combinationwith the SHA-256 hash algorithm described in[RFC6234], with theoutput in big-endian format truncated to the leftmost 160 bits (20 bytes). It is possiblethat other versions of MP-DCCP will define other hash algorithms in the future.¶
The "Key" used for the HMAC computation is the derived key (d-keyA for Host A or d-KeyB for Host B)described inSection 3.2.4, while the HMAC "Message" for MP_JOIN, MP_ADDADDR, and MP_REMOVEADDR must be calculated in both hosts in order to protect the Multipath Option when sending and to validate the Multipath Option when receiving; it is a concatenation of:¶
For MP_JOIN: The Nonces of the MP_JOIN messages for which authentication shall be performed. Depending on whether Host A or Host B performs the HMAC-SHA256 calculation, it is carried out as follows:¶
A usage example is shown inFigure 21.¶
For MP_ADDADDR: The Address ID and Nonce with an associated IP address and a port, if defined; otherwise, 2 bytes of value 0. The IP address and portMUST be used in network byte order (NBO). Depending on whether Host A or Host B performs the HMAC-SHA256 calculation, it is carried out as follows:¶
For MP_REMOVEADDR: Solely the Address ID. Depending on whether Host A or Host B performs the HMAC-SHA256 calculation, it is carried out as follows:¶
MP_JOIN, MP_ADDADDR, and MP_REMOVEADDR can coexist or be used multiple timeswithin a single DCCP packet. All these Multipath Options require an individualMP_HMAC option. This ensures that the MP_HMAC is correctly associated.Otherwise, the receiver cannot validate multiple MP_JOIN, MP_ADDADDR, orMP_REMOVEADDR options. Therefore, an MP_HMACMUST directly follow its associated MultipathOption. In the likely case of sending an MP_JOIN together with an MP_ADDADDR, thisresults in concatenating MP_JOIN + MP_HMAC_1 + MP_ADDADDR + MP_HMAC_2, whereas thefirst MP_HMAC_1 is associated with the MP_JOIN and the second MP_HMAC_2 is associated with theMP_ADDADDR suboption.¶
On the receiver side, the HMAC validation of the suboptionsMUST be carried out according tothe sending sequence in which the associated MP_HMAC follows a suboption. If the suboptioncannot be validated by a receiving host because the HMAC validation fails (HMAC is wrong or missing), the subsequent handling dependson which suboption was being verified. If the suboption to be authenticated was eitherMP_ADDADDR or MP_REMOVEADDR, the receiving hostMUST silently ignore it (see Sections3.2.8 and3.2.9). If the suboption to be authenticated was MP_JOIN, the subflowMUST be closed (seeSection 3.6).¶
In the event that an MP_HMAC cannot be associated with a suboption, this MP_HMACMUST be ignored, unlessit is a single MP_HMAC that was sent in a DCCP-Ack corresponding to a DCCP response packet with MP_JOIN (see the penultimate arrow inFigure 21).¶
The MP_RTT suboption is used to transmit RTT values and Age (represented in milliseconds) that belong to the path over which this information is transmitted. This information is useful for the receiving host to calculate the RTT difference between the subflows and to estimate whether missing data has been lost.¶
1 2 3 4 5 01234567 89012345 67890123 45678901 23456789 01234567 89012345+--------+--------+--------+--------+--------+--------+--------+|00101110|00001100|00000110|RTT Type| RTT+--------+--------+--------+--------+--------+--------+--------+ | Age |+--------+--------+--------+--------+--------+ Type=46 Length=12 MP_OPT=6
The RTT and Age information is a 32-bit integer. This covers a period ofapproximately 1193 hours.¶
The Field RTT type indicates the type of RTT estimation, according to the following description:¶
Raw RTT value of the last Datagram round trip.¶
Min RTT value over a given period.¶
Max RTT value over a given period.¶
Averaged RTT value over a given period.¶
Each CCID specifies the algorithms and period applied for their corresponding RTT estimations. The availability of the above-described types, to be used in the MP_RTT option, depends on the CCID implementation in place.¶
The Age parameter defines the time difference between now -- the creation of the MP_RTT option -- and the conducted RTT measurement in milliseconds. If no previous measurement exists, e.g., when initialized, the value is 0.¶
An example of a flow showing the exchange of path individual RTT information is provided inFigure 15. RTT1 refers to the first path and RTT2 to the second path. TheRTT values could be extracted from the sender's congestion control algorithm and are conveyed to the receiving host using the MP_RTT suboption. With the reception of RTT1and RTT2, the receiver is able to calculate the path_delta that corresponds tothe absolute difference of both values.In the case where the path individual RTTs are symmetric in the down-link and up-link directions and there is no jitter, packets with missing sequence number MP_SEQ, e.g., in a reordering process, can be assumed lost after path_delta/2.¶
MP-DCCP MP-DCCPSender Receiver+--------+ MP_RTT(RTT1) +-------------+| RTT1 |----------------| || | | path_delta= || | MP_RTT(RTT2) | |RTT1-RTT2| || RTT2 |----------------| |+--------+ +-------------+
The MP_ADDADDR suboption announces additional addresses (and, optionally,port numbers) by which a host can be reached. This can be sent at anytime during an existing MP-DCCP connection, when the sender wishes toenable multiple paths and/or when additional paths become available.Multiple instances of this suboption within a packet can simultaneously advertise new addresses.¶
The Length is variable depending on the address family (IPv4 or IPv6) and whether a port number isused. This field is in the range between 12 and 26 bytes.¶
The Nonce is a 32-bit random value that is generated locally foreach MP_ADDADDR option and is used in the HMAC calculation processto prevent replay attacks.¶
The final 2 bytes optionally specify the DCCP port number touse, and their presence can be inferred from the length of the option.Although it is expected that the majority of use cases will use thesame port pairs as used for the initial subflow (e.g., port 80remains port 80 on all subflows, as does the ephemeral port at theclient), there could be cases (such as port-based load balancing) wherethe explicit specification of a different port is required. If noport is specified, the receiving hostMUST assume that any attempt toconnect to the specified address uses the port already used by thesubflow on which the MP_ADDADDR signal was sent.¶
Along with the MP_ADDADDR option, an MP_HMAC optionMUST be sent forauthentication. The truncated HMAC parameter present in this MP_HMACoption is the leftmost 20 bytes of an HMAC, negotiated and calculatedas described inSection 3.2.6. Similar to MP_JOIN,the key for the HMAC algorithm will be d-KeyA when the message is transmittedby Host A and d-KeyB when transmitted by Host B. These are the keys that were exchanged andselected in the original MP_KEY handshake. The message for the HMAC isthe Address ID, Nonce, IP address, and port number that precede the HMAC in theMP_ADDADDR option. If the port number is not present in the MP_ADDADDR option,the HMAC message will include 2 bytes of value zero.The rationale for the HMAC is to prevent unauthorized entities frominjecting MP_ADDADDR signals in an attempt to hijack a connection.Additionally, note that the presence of this HMAC prevents theaddress from being changed in flight unless the key is known by anintermediary. If a host receives an MP_ADDADDR option for which itcannot validate the HMAC, itMUST silently ignore the option.¶
The presence of an MP_SEQ (Section 3.2.5)MUST be ensured in a DCCP datagramin which MP_ADDADDR is sent, as described inSection 3.2.1.¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+---------------+---------------+-------+-------+---------------+|0 0 1 0 1 1 1 0| var |0 0 0 0 0 1 1 1| Address ID |+---------------+---------------+-------+-------+---------------+| Nonce |+-------------------------------+-------------------------------+| Address (IPv4 - 4 bytes / IPv6 - 16 bytes) |+-------------------------------+-------------------------------+| Port (2 bytes, optional) | + MP_HMAC option+-------------------------------+ Type=46 Length MP_OPT=7
Each address has an Address ID that could be used for uniquelyidentifying the address within a connection for address removal.Each host maintains a list of unique Address IDs, and it manages these as it wishes. TheAddress ID is also used to identify MP_JOIN options (seeSection 3.2.2)relating to the same address, even when address translators are in use.The Address IDMUST uniquely identify the address for the sender of theoption (within the scope of the connection); the mechanism forallocating such IDs is implementation specific.¶
All Address IDs learned via either MP_JOIN or MP_ADDADDR can be storedby the receiver in a data structure that gathers all theAddress-ID-to-address mappings for a connection (identified by a CIpair). In this way, there is a stored mapping between the Address ID,the observed source address, and the CI pair for future processing of controlinformation for a connection. Note that an implementationMAY discard incoming address advertisements. Reasons for this are, for example:¶
Possible scenarios in which this applies are the lack of resources to storea mapping or when IPv6 addresses are advertised even though the host onlysupports IPv4. Therefore, a hostMUST treat address announcements as soft state.However, a senderMAY choose to update the announcements periodically toovercome temporary limitations.¶
A hostMAY advertise private addresses, e.g., because there is a NAT on the path. It isdesirable to allow this as there could be cases where both hostshave additional interfaces on the same private network. The advertisementof broadcast or multicast IP addressesMUST be ignored by the recipient ofthis option, as it is not permitted according to the unicast principle of thebasic DCCP.¶
The MP_JOIN handshake used tocreate a new subflow (Section 3.2.2) provides mechanisms to minimizesecurity risks. The MP_JOIN message contains a 32-bit CI thatuniquely identifies a connection to the receiving host. If theCI is unknown, the hostMUST send a DCCP-Reset.¶
Further security considerations around the issue ofMP_ADDADDR messages that accidentally misdirect, or maliciously direct,new MP_JOIN attempts are discussed inSection 4.If a sending host of an MP_ADDADDR knows that no incoming subflows canbe established at a particular address, an MP_ADDADDRMUST NOTannounce that address unless the sending host has new knowledge aboutthe possibility to do so. This information can be obtained from localfirewall or routing settings, knowledge about availability of an externalNAT or a firewall, or connectivity checks performed by thehost/application.¶
The reception of an MP_ADDADDR message is acknowledged using MP_CONFIRM(Section 3.2.1). This ensures a reliable exchange of addressinformation.¶
A host that receives an MP_ADDADDR but findsthat the IP address and port number is unsuccessful at connection setupSHOULD NOT performfurther connection attempts to this address/port combination for thisconnection to save resources. However, if a sender wishes to trigger a new incomingconnection attempt on a previously advertised address/port combination, they can refresh the MP_ADDADDR information by sending the option again.¶
A hostMAY send an MP_ADDADDR message with an already-assigned AddressID using the IP address previously assigned to this Address ID. The newMP_ADDADDR could have the same port number or a different port number. ThereceiverMUST silently ignore the MP_ADDADDR if the IP address is not thesame as that previously assigned to this Address ID. A host wishing toreplace an existing Address IDMUST first remove the existing one(Section 3.2.9).¶
If, during the lifetime of an MP-DCCP connection, a previously announcedaddress becomes invalid (e.g., if an interface disappears), theaffected hostSHOULD announce this. The peer can remove a previously added address with an Address ID from a connectionusing the Remove Address (MP_REMOVEADDR) suboption. Thiswill terminate any subflows currently using that address.¶
MP_REMOVEADDR is only used to close already-established subflows thathave an invalid address. Functional flows with a valid addressMUST beclosed with a DCCP Close exchange (as with regular DCCP) instead ofusing MP_REMOVEADDR. For more information seeSection 3.5.¶
The Nonce is a 32-bit random value that is generated locally foreach MP_REMOVEADDR option and is used in the HMAC calculation processto prevent replay attacks.¶
Along with the MP_REMOVEADDR suboption, an MP_HMAC optionMUST be sent forauthentication. The truncated HMAC parameter present in this MP_HMACoption is the leftmost 20 bytes of an HMAC, negotiated and calculatedas described inSection 3.2.6. Similar to MP_JOIN,the key for the HMAC algorithm will be d-KeyA when the message is transmitted by Host A andd-KeyB when transmitted by Host B. These are the keys that were exchanged andselected in the original MP_KEY handshake. The message for the HMAC isthe Address ID.¶
The rationale for using an HMAC is to prevent unauthorized entities frominjecting MP_REMOVEADDR signals in an attempt to hijack a connection.Additionally, note that the presence of this HMAC prevents theaddress from being modified in flight unless the key is known by anintermediary. If a host receives an MP_REMOVEADDR option for which itcannot validate the HMAC, itMUST silently ignore the option.¶
A receiverMUST include an MP_SEQ (Section 3.2.5) in a DCCP datagram that sendsan MP_REMOVEADDR. Further details are given inSection 3.2.1.¶
The reception of an MP_REMOVEADDR message is acknowledged using MP_CONFIRM(Section 3.2.1). This ensures a reliable exchange of addressinformation. To avoid inconsistent states, the sender releases the Address ID only after MP_REMOVEADDR has been confirmed.¶
The sending and receiving of this messageSHOULD trigger the closing proceduredescribed in[RFC4340] between the client and the server on the affectedsubflow(s), if possible. This helps remove middlebox state beforeremoving any local state.¶
Address removal is done by the Address ID to allow the use of NATs and othermiddleboxes that rewrite source addresses. If there is no addressat the requested Address ID, the receiver will silently ignore the request.¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+---------------+---------------+---------------+---------------+|0 0 1 0 1 1 1 0|0 0 0 0 0 1 0 0|0 0 0 0 1 0 0 0| Address ID |+---------------+---------------+---------------+---------------+| Nonce |+-------------------------------+-------------------------------+ Type=46 Length=8 MP_OPT=8-> followed by the MP_HMAC option
The path priority signaled with the MP_PRIO option provides hints for the packet scheduler when making decisions about which path to use for payload traffic.When a single specific path from the set of availablepaths is treated with higher priority compared to the otherswhen making scheduling decisions for payload traffic, a host can signal such change in priority to the peer.This could be used when there are different costs forusing different paths (e.g., Wi-Fi is free while cellular has a limit onvolume, and 5G has higher energy consumption). The priority of a pathcould also change, for example, when a mobile host runs outof battery, and the usage of only a single path may be the preferred choiceof the user.¶
The MP_PRIO suboption, shown below, can be used to set a priority valuefor the subflow over which the suboption is received.¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+---------------+---------------+---------------+---------------+|0 0 1 0 1 1 1 0|0 0 0 0 0 1 0 0|0 0 0 0 1 0 0 1|(resvd)| prio |+---------------+---------------+---------------+---------------+ Type=46 Length=4 MP_OPT=9
The following values are available for the Prio field:¶
0: Do not use. The path is not available.¶
1: Standby: Do not use this path for traffic scheduling if another path (secondary or primary) is available. The path will only be used if other secondary or primary paths are not established.¶
2: Secondary: Do not use this path for traffic scheduling if the other paths are good enough. The path will be used occasionally for increasing the available capacity temporarily, e.g., when primary paths are congested or are not available. This is the recommended setting for paths that have costs or data caps as these paths will be used less frequently then primary paths.¶
3 - 15: Primary: The path can be used for packet scheduling decisions. The priority number indicates the relative priority of one path over the other for primary paths. Higher numbers indicate higher priority. The peer should consider sending traffic first over higher priority paths. This is the recommended setting for paths that do not have a cost or data caps associated with them as these paths will be frequently used.¶
Example use cases include:¶
Setting the Wi-Fi path to Primary and Cellular path to Secondary. In this case, Wi-Fi will be used and Cellular will be used only if the Wi-Fi path is congested or not available. Such setting results in using the Cellular path only temporally, if more capacity is needed than the Wi-Fi path can provide, indicating a clear priority of the Wi-Fi path over the Cellular due to, e.g., cost reasons.¶
Setting the Wi-Fi path to Primary and Cellular path to Standby. In this case, Wi-Fi will be used and Cellular will be used only if the Wi-Fi path is not available.¶
Setting the Wi-Fi path to Primary and Cellular path to Primary. In this case, both paths can be used when making packet scheduling decisions.¶
If not specified, the default behavior is to always use a path for packet scheduling decisions (MP_PRIO=3), when the path has been established and added to an existing MP-DCCP connection. At least one path ought to have an MP_PRIO value greater than or equal to one for it to be allowed to send on the connection. It isRECOMMENDED to update at least one path to a non-zero MP_PRIOvalue when an MP-DCCP connection enters a state where all paths remain with anMP_PRIO value of zero. This helps an MP-DCCP connection to schedule when the multipath scheduler strictly respects MP_PRIO value 0.To ensure reliable transmission, the MP_PRIO suboptionMUST be acknowledged via an MP_CONFIRM (seeTable 4).¶
The relative ratio of the primary path values 3-15 depends on the path usage strategy, which is described in more detail inSection 3.11.In the case of path mobility (Section 3.11.1), only one path can be used at a time andMUST have the highest available priority value. That also includes the prio numbers 1 and 2. In the other case of concurrent path usage (Section 3.11.2), the definition is up to the multipath scheduler logic.¶
An MP_SEQ (Section 3.2.5)MUST be present in a DCCP datagramin which the MP_PRIO suboption is sent. Further details are given inSection 3.2.1.¶
The mechanism available in DCCP[RFC4340] for closing a connection cannot give an indication for closing an MP-DCCP connection, which typically contains several DCCP subflows; therefore, one cannot conclude from the closing of a subflow to the closing of an MP-DCCP connection. This is solved by introducing MP_CLOSE.¶
1 2 3 01234567 89012345 67890123 45678901 23456789+--------+--------+--------+--------+--------+|00101110| var |00001010| Key Data ...+--------+--------+--------+--------+--------+ Type=46 Length MP_OPT=10
An MP-DCCP connection can be gracefully closed by sending an MP_CLOSE to the peer host. On all subflows, the regular termination procedure described in[RFC4340]MUST be initiated using MP_CLOSE in the initial packet (either a DCCP-CloseReq or a DCCP-Close). When a DCCP-CloseReq is used, the following DCCP-CloseMUST also carry the MP_CLOSE to avoid keeping a state in the sender of the DCCP-CloseReq. At the initiator of the DCCP-CloseReq, all sockets, including the MP-DCCP connection socket,transition to CLOSEREQ state. To protect from unauthorized shutdown of a multipath connection, the selected Key Data of the peer hostMUST be included in the MP_CLOSE option during the handshake procedure andMUST be validated by the peer host. Please note that the Key Data sent in DCCP-CloseReq will not be the same as the Key Data sent in DCCP-Close as these originate from different ends of the connection.¶
On reception of the first DCCP-CloseReq carrying an MP_CLOSE with valid Key Data, or due to a local decision, all subflows transition to the CLOSING state before transmitting a DCCP-Close carrying MP_CLOSE. The MP-DCCP connection socket on the host sending the DCCP-Close reflects the state of the initial subflow during the handshake with MP_KEY option. If the initial subflow no longer exists, the state moves immediately to CLOSED.¶
Upon reception of the first DCCP-Close carrying an MP_CLOSE with valid Key Data at the peer host, all subflows, as well as the MP-DCCP connection socket, move to the CLOSED state. After this, a DCCP-Reset with Reset Code 1MUST be sent on any subflow in response to a received DCCP-Close containing a valid MP_CLOSE option.¶
When the MP-DCCP connection socket is in CLOSEREQ or CLOSED state, new subflow requests using MP_JOINMUST be ignored.¶
Contrary to an MP_FAST_CLOSE (Section 3.2.3), no single-sided abrupt termination is applied.¶
This section reserves a Multipath Option to define and specify any experimental additional feature for improving and optimizing the MP-DCCP protocol. Thisoption could be applicable to specific environments or scenarios according to potential new requirements and is meant for private use only. MP_OPT Feature Number 11 is specified with an exemplary description as below:¶
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+---------------+---------------+---------------+---------------+|0 0 1 0 1 1 1 0| var |0 0 0 0 1 0 1 1| Data |+---------------+---------------+---------------+---------------+| ...+---------------------------------------------------------------+ Type=46 Length MP_OPT=11
The Data field can carry any data according to the foreseen use by the experimenters with a maximum Length of 252 bytes.¶
An example MP-DCCP handshake procedure is shown inFigure 21.¶
Host A Host B------------------------ ----------Address A1 Address A2 Address B1---------- ---------- ---------- | | | | DCCP-Request + Change R (MP_CAPABLE,...) | |----- MP_KEY(CI-A + KeyA(1), KeyA(2),...) ---------->| |<------------------- MP_KEY(CI-B + KeyB) ------------| | DCCP-Response + Confirm L (MP_CAPABLE, ...) | | | | | DCCP-Ack | | |---------------------------------------------------->| |<----------------------------------------------------| | DCCP-Ack | | | | | | |DCCP-Request + Change R(MP_CAPABLE,...)| | |--- MP_JOIN(CI-B,RA) ----------------->| | |<------MP_JOIN(CI-A,RB) + MP_HMAC(B)---| | |DCCP-Response+Confirm L(MP_CAPABLE,...)| | | | | |DCCP-Ack | | |-------- MP_HMAC(A) ------------------>| | |<--------------------------------------| | |DCCP-Ack |
The basic initial handshake for the first subflow is as follows:¶
Host A sends a DCCP-Request with the Multipath Capable Feature changerequest and the MP_KEY option with a Host-specific CI-A and a KeyA foreach of the supported Key Types as described inSection 3.2.4. CI-A is a unique identifier during thelifetime of an MP-DCCP connection.¶
Host B sends a DCCP-Response with a Confirm feature forMP-Capable and the MP_Key option with a unique Host-specific CI-B and a single Host-specific KeyB.The type of the key is chosen from the list of supported typesfrom the previous request.¶
Host A sends a DCCP-Ack to confirm the proper key exchange.¶
Host B sends a DCCP-Ack to complete the handshake and set both connection ends to the OPEN state.¶
It should be noted that DCCP is protected against corruption of DCCP header data (Section 9 of [RFC4340]), so no additional mechanisms beyond the general confirmation are required to ensure that the header data has been properly received.¶
Host A waits for the final DCCP-Ack from Host B before starting anyestablishment of additional subflow connections.¶
The handshake for subsequent subflows, based on a successful initialhandshake, is as follows:¶
Host A sends a DCCP-Request with the Multipath Capable Feature change request and the MP_JOIN option with Host B's CI-B, obtained during the initial handshake. Additionally, a random Nonce RA is transmitted with the MP_JOIN.¶
Host B computes the HMAC of the DCCP-Request and sends a DCCP-Response with a Confirm feature option for MP-Capable and the MP_JOIN option with the CI-A and a random Nonce RB together with the computed MP_HMAC. As specified inSection 3.2.6, the HMAC is calculated by taking the leftmost 20 bytes from the SHA-256 hash of an HMAC code that is created by using the Nonce received with MP_JOIN(A) and the local Nonce RB as the Message and the derived key as the Key, as described inSection 3.2.4:¶
MP_HMAC(B) = HMAC-SHA256(Key=d-keyB, Msg=RB+RA)¶
Host A sends a DCCP-Ack with the HMAC computed for the DCCP-Response. As specified inSection 3.2.6, the HMAC is calculated by taking the leftmost 20 bytes from the SHA-256 hash of an HMAC code created by using the local Nonce RA and the Nonce received with MP_JOIN(B) as message and the derived key described inSection 3.2.4 as key:¶
MP_HMAC(A) = HMAC-SHA256(Key=d-keyA, Msg=RA+RB)¶
Host B sends a DCCP-Ack to confirm the HMAC and to conclude the handshake.¶
When a host (Host A) wants to advertise the availability of a new path, it should use the MP_ADDADDR option (Section 3.2.8) asshown in the example inFigure 22. The MP_ADDADDR option passed in the DCCP-Data contains the following parameters:¶
an identifier (id 2) for the new IP address, which is used as a reference in subsequent control exchanges¶
a Nonce value to prevent replay attacks¶
the IP address of the new path (A2_IP)¶
a pair of bytes specifying the port number associated with this IP address. The value of 00 here indicates that the port number is the sameas that used for the initial subflow address A1_IP.¶
According toSection 3.2.8, the following options are required in a packet carrying MP_ADDADDR:¶
the leftmost 20 bytes of the HMAC(A) generated during the initial handshake procedure described in Sections3.3 and3.2.6¶
the MP_SEQ option with the sequence number (seqno 12) for this message, according toSection 3.2.5¶
Host B acknowledges receipt of the MP_ADDADDR message with a DCCP-Ack containing the MP_CONFIRM option. The parameters supplied in thisresponse are as follows:¶
an MP_CONFIRM containing the MP_SEQ number (seqno 12) of the packet carrying the option that we are confirming together with the MP_ADDADDR option¶
the leftmost 20 bytes of the HMAC(B) generated during the initial handshake procedure (Section 3.3)¶
Host A Host B------------------------ -----------Address A1 Address A2 Address B1---------- ---------- ----------- | | | | DCCP-Data + MP_ADDADDR(id 2, Nonce, A2_IP, 00) + | |------- MP_HMAC(A) + MP_SEQ(seqno 12) -------------->| | | | | DCCP-Ack + MP_HMAC(B) + | |<----- MP_CONFIRM(seqno 12, MP_ADDADDR) -------------|
When a host (Host A) wants to indicate that a path is no longer available, it should use the MP_REMOVEADDR option (Section 3.2.9) asshown in the example inFigure 23. The MP_REMOVEADDR option passed in the DCCP-Data contains the following parameters:¶
an identifier (id 2) for the IP address to remove (A2_IP) and that was specified in a previous MP_ADDADDR message¶
a Nonce value to prevent replay attacks¶
According toSection 3.2.9, the following options are required in a packet carrying MP_REMOVEADDR:¶
the leftmost 20 bytes of the HMAC(A) generated during the initial handshake procedure described in Sections3.3 and3.2.6¶
the MP_SEQ option with the sequence number (seqno 33) for this message, according toSection 3.2.5¶
Host B acknowledges receipt of the MP_REMOVEADDR message with a DCCP-Ack containing the MP_CONFIRM option. The parameters supplied in thisresponse are as follows:¶
an MP_CONFIRM containing the MP_SEQ number (seqno 33) of the packet carrying the option that we are confirming, together with the MP_REMOVEADDR option¶
the leftmost 20 bytes of the HMAC(B) generated during the initial handshake procedure (Section 3.3)¶
Host A Host B------------------------ -----------Address A1 Address A2 Address B1---------- ---------- ----------- | | | | DCCP-Data + MP_REMOVEADDR(id 2, Nonce) + | |------- MP_HMAC(A) + MP_SEQ(seqno 33) -------------->| | | | | DCCP-Ack + MP_HMAC(B) + | |<----- MP_CONFIRM(seqno 33, MP_REMOVEADDR) ----------|
When a host wants to close an existing subflow but not the whole MP-DCCPconnection, itMUST initiate the regular DCCP connection termination procedure as described inSection 5.6 of [RFC4340], i.e., it sends a DCCP-Close/DCCP-Reset on the subflow. Thismay be preceded by a DCCP-CloseReq. In the event of an irregular termination of a subflow,e.g., during subflow establishment, itMUST use an appropriate DCCP-Reset Code as specified by IANA[DCCP-PARAMETERS] for DCCP operations. This could be, for example, sending Reset Code 5 (Option Error) when an MP-DCCPoption provides invalid data or Reset Code 9 (Too Busy) when the maximum number of maintainable pathsis reached. Note that receiving a Reset Code 9 for secondary subflowsMUST NOT impact already existing activesubflows. If necessary, these subflows are terminated in a subsequent step using the procedures described inthis section.¶
A host terminates an MP-DCCP connection using the DCCP connection termination specified inSection 5.5 of [RFC4340] on each subflow with the first packet on each subflow carrying MP_CLOSE (seeSection 3.2.11).¶
Host A Host B------ ------ <- Optional DCCP-CloseReq + MP_CLOSE [A's key] [on all subflows]DCCP-Close + MP_CLOSE ->[B's key] [on all subflows] <- DCCP-Reset [on all subflows]¶
Additionally, an MP-DCCP connection may be closed abruptly using the "fast close"procedure described inSection 3.2.3, where a DCCP-Reset is sent on allsubflows, each carrying the MP_FAST_CLOSE option.¶
Host A Host B------ ------DCCP-Reset + MP_FAST_CLOSE ->[B's key] [on all subflows] <- DCCP-Reset [on all subflows]¶
When a subflow fails to operate following the intended behavior of the MP-DCCP, it is necessary to proceed with a fallback. This may be either falling back to regular DCCP[RFC4340] or removing a problematic subflow. The main reasons for a subflow failing include: no MP support at the peer host, failure to negotiate the protocolversion, loss of Multipath Options, faulty/non-supported MP-DCCP options, or modificationof payload data.¶
At the start of an MP-DCCP connection, the handshake ensures the exchange of the MP-DCCP feature and options and thus ensures that the path is fully MP-DCCP capable. If during thehandshake procedure it appears that DCCP-Request or DCCP-Responsemessages do not carry the Multipath Capable Feature, the MP-DCCP connection will not be established and the handshakeSHOULD fall back to regular DCCP. If this is not possible, the connectionMUST be closed.¶
If the endpoints fail to agree on the protocol version to use during the MultipathCapable Feature negotiation, the connectionMUST either be closed or fall backto regular DCCP. This is described inSection 3.1. The protocol version negotiationdistinguishes between negotiation for the initial connection establishment andthe addition of subsequent subflows. If protocol version negotiation is not successfulduring the initial connection establishment, the MP-DCCP connection will fall back to regular DCCP.¶
The fallback procedure for regular DCCPMUST also be applied if the MP_KEY (Section 3.2.4) Key Type cannot be negotiated.¶
If a subflow attempts to join an existing MP-DCCP connection but MP-DCCP options or the Multipath Capable Feature are not present or are faulty in the handshake procedure, that subflowMUST be closed.This is the case especially if a different MP_CAPABLE version than the originally negotiatedversion is used. Reception of a non-verifiable MP_HMAC (Section 3.2.6) or an invalidCI used in MP_JOIN (Section 3.2.2) during flow establishmentMUST cause thesubflow to be closed.¶
The subflow closing procedureMUST also be applied if a final ACK carrying MP_KEY with the wrong KeyA/KeyB isreceived or the MP_KEY option is malformed.¶
Another relevant case is when payload data is modified by middleboxes. DCCP uses a checksum to protect the data, as described inSection 9 of [RFC4340]. A checksum will fail if the data has been changed in any way. All data from the start of the segment thatfailed the checksum onwards cannot be considered trustworthy. As defined by DCCP, if the checksum fails, the receiving endpointMUST drop the application data and report that data as dropped due to corruption using a Data Dropped option (Drop Code 3, Corrupt). If data is dropped due to corruption for an MP-DCCP connection, the affectedsubflowMAY be closed. The same procedure applies if the Multipath Option is unknown.¶
The MP-DCCP per subflow state transitions follow thestate transitions defined for DCCP in[RFC4340] to a large extent, with some modifications due to the MP-DCCP 4-way handshake and fast close procedures. The state diagram belowshows the most common state transitions. The diagram is illustrative.For example, there are arcs (not shown) from several additional states to TIMEWAIT, contingent on the receipt of a valid DCCP-Reset.¶
When the state moves from CLOSED to OPEN during the 4-way handshake, the transitioned states remain the same as for DCCP, but it is no longer possible to transmitapplication data while in the REQUEST state. The fast close procedurecan be triggered by either the client or the server and results in the transmissionof a Reset packet. The fast close procedure moves the state of the Client and Serverdirectly to TIMEWAIT and CLOSED, respectively.¶
+----------------------------+ +------------------------------+| v v || +----------+ || +-------------+ CLOSED +-------------+ || | passive +----------+ active | || | open open | || | snd Request | || v v || +-----------+ +----------+ || | LISTEN | | REQUEST | || +-----+-----+ +----+-----+ || | rcv Request rcv Response | || | snd Response snd Ack | || v v || +-----------+ +----------+ || | RESPOND | | PARTOPEN | || +-----+-----+ +----+-----+ || | rcv Ack rcv Ack/DataAck | || | snd Ack | || | +-----------+ | || +------------>| OPEN |<-----------+ || +--+-+-+-+--+ || server active close | | | | active close || snd CloseReq | | | | or rcv CloseReq || | | | | snd Close || | | | | || +-----------+ | | | | +----------+ || | CLOSEREQ |<---------+ | | +----------->| CLOSING | || +-----+-----+ | | +----+-----+ || | rcv Close | | rcv Reset | || | snd Reset | | | || | | | active FastClose | ||<----------+ rcv Close | | or rcv FastClose v || or server active FastClose | | snd Reset +----+-----+ || or server rcv FastClose | +------------->| TIMEWAIT | || snd Reset | +----+-----+ |+------------------------------+ | | +-----------+ 2MSL timer expires
SendersMUST manage per-path congestion status and avoid sending more data on a given path than congestion control allows for each path.¶
A DCCP implementation maintains the maximum packet size (MPS) during operation of a DCCP session. This procedure is specified for single-path DCCP inSection 14 of [RFC4340]. Without any restrictions, this is adopted for MP-DCCP operations, in particular the Path MTU (PMTU) measurement and the Sender Behavior. The DCCP application interfaceSHOULD allow the application to discover the current MPS. This reflects the current largest size supported for the data stream that can be used across the set of all active MP-DCCP subflows.¶
MP-DCCP does not support any explicit procedure to negotiatethe maximum number of subflows between endpoints. However, in practicalscenarios, there will be resource limitations on the hostor use cases that do not benefit from additional subflows.¶
It isRECOMMENDED to limit the number of subflows in implementations and to reject incoming subflow requests with a DCCP-Reset using the Reset Code "too busy" according to[RFC4340] if the resource limit is exceeded or it is known that the multipath connection will not benefit from further subflows. Likewise, it isRECOMMENDED that the host that wants to create the subflows considers the available resources and possible gains.¶
To avoid further inefficiencies with subflows due to short-lived connections, itMAY be useful to delay the start of additional subflows. The decision on the initial number of subflows can be based on the occupancy of the socket buffer and/or the timing.¶
While in the socket-buffer-based approach the number of initial subflows can be derived by opening new subflows until their initial windows cover the amount of buffered application data, the timing-based approach delays the start of additional subflows based on a certain time period, load, or knowledge of traffic and path properties. The delay-based approach also provides resilience for low-bandwidth but long-lived applications. All this could also be supported by advanced APIs that signal application traffic requests to the MP-DCCP.¶
MP-DCCP can be configured to realize one of several strategies for path usage via selecting one DCCP subflow out of the multiple DCCP subflows within an MP-DCCP connection for data transmission. This can be a dynamic process further facilitated by the means of DCCP and MP-DCCP-defined options such as path preference using MP-PRIO; adding or removing DCCP subflows using MP_REMOVEADDR, MP_ADDADDR, or DCCP-Close/DCCP-Reset; and path metrics such as packet loss rate, congestion window (CWND), or RTT provided by the congestion control algorithm.Selecting an appropriate method can allow MP-DCCP to realize different path utilization strategies that make MP-DCCP suitable for end-to-end implementation over the Internet or in controlled environments such as Hybrid Access or 5G ATSSS.¶
The path mobility strategy provides the use of a single path with a seamless handover function to continue the connection when the currently used path is deemed unsuitable for service delivery.Some of the DCCP subflows of an MP-DCCP connection might become inactive due to either the occurrence of certain error conditions (e.g., DCCP timeout, packet loss threshold, RTT threshold, and closed/removed) or adjustments from the MP-DCCP user.When there is outbound data to send and the primary path becomes inactive (e.g., due to failures) or deprioritized, the MP-DCCP endpointSHOULD try to send the data through an alternate path with a different source or destination address (depending on the point of failure), if one exists. This processSHOULD respect the path priority configured by the MP_PRIO suboption; otherwise, if the path priority is not available, pick the most divergent source-destination pair from the originally used source-destination pair.¶
Note: Rules for picking the most appropriate source-destination pairare an implementation decision and are not specified within this document.Path mobility is supported in the current Linux reference implementation[MP-DCCP.Site].¶
Different from a path mobility strategy, the selection between MP-DCCPsubflows is a per-packet decision that is a part of the multipathscheduling process. This method would allow multiple subflows to besimultaneously used to aggregate the path resources to obtain higherconnection throughput.¶
In this scenario, the selection of congestion control, per-packet scheduling,and a potential reordering method determines a concurrent path utilizationstrategy and result in a particular transport characteristic.A concurrent path usage method uses a scheduling design that could seek tomaximize reliability, maximize throughput, minimize latency, etc.¶
Concurrent path usage over the Internet can have implications. When an MP-DCCP connection uses two or more paths, there is no guarantee that these paths are fully disjoint. When two (or more) subflows share the same bottleneck, using a standard congestion control algorithm could result in an unfair distribution of the capacity with the multipath connection using more capacity than competing single-path connections.¶
Multipath TCP uses the coupled congestion control Linked Increases Algorithm (LIA) specified in an experimental specification[RFC6356] to solve this problem. This scheme could also be specified for MP-DCCP. The same applies to other coupled congestion control algorithms that have been proposed for Multipath TCP such as the Opportunistic Linked Increases Algorithm[OLIA].¶
The specification of scheduling for concurrent multipath and related congestion control algorithms and reordering methods for use in the generalInternet are outside the scope of this document. If, and when, the IETFspecifies a method for concurrent usage of multiple paths for thegeneral Internet, the framework specified in this document could be used to provide an IETF-recommended method for MP-DCCP.¶
Similar to DCCP, MP-DCCP does not provide cryptographic securityguarantees inherently. Thus, if applications need cryptographic security(integrity, authentication, confidentiality, access control, andanti-replay protection), the use of IPsec, DTLS over DCCP[RFC5238], or otherend-to-end security is recommended;the Secure Real-time Transport Protocol (SRTP)[RFC3711] is one candidateprotocol for authentication. Integrity would be provided if using SRTP together with the encryption of header extensions described in[RFC6904].¶
DCCP[RFC4340] provides protection against hijackingand limits the potential impact of some denial-of-service attacks, butDCCP provides no inherent protection against an on-path attacker snooping on datapackets. Regarding the security of MP-DCCP compared to regular DCCP, no additional risks should be introduced. The security objectives for MP-DCCP are:¶
Provide assurance that the parties involved in anMP-DCCP handshake procedure are identical to those in the original DCCP connection.¶
Before a path is used, verify that the new advertised path is valid for receiving traffic.¶
Provide replay protection, i.e., ensure that a request to add/remove asubflow is 'fresh'.¶
Allow a party to limit the number of subflows that it allows.¶
To achieve these goals, MP-DCCP includes a hash-based handshakealgorithm documented in Sections3.2.4,3.2.6, and3.3. Thesecurity of the MP-DCCP connection depends on the use of keys that areshared once at the start of the first subflow and are never sent againover the network. Depending on the security requirements, different Key Types canbe negotiated in the handshake procedure or must follow the fallback scenariodescribed inSection 3.6. If there are security requirements that go beyond thecapabilities of Key Type 0, then it isRECOMMENDED that Key Type 0 not be enabledto avoid downgrade attacks that result in the key being exchanged as plain text.To ease demultiplexing while not revealingcryptographic material, subsequent subflows use the initially exchangedCI information. The keys exchanged once at the beginning areconcatenated and used as keys for creating HMACs used on subflow setup, in order to verifythat the parties in the handshake of subsequent subflows are the same as in the originalconnection setup. This also provides verification that the peer canreceive traffic at this new address. Replay attacks would still bepossible when only keys are used;therefore, the handshakes use single-use random numbers (Nonces) for bothparties -- this ensures that the HMAC will never be the same on two handshakes.Guidance on generating random numbers suitable for use as keys is givenin[RFC4086]. During normal operation, regular DCCP protectionmechanisms (such as the header checksum to protect DCCP headers againstcorruption) is designed to provide the same level of protection against attacks onindividual DCCP subflows as exists for regular DCCP.¶
As discussed inSection 3.2.8, a host may advertise its privateaddresses, but these might point to different hosts in the receiver'snetwork. The MP_JOIN handshake (Section 3.2.2) is designed to ensure that thisdoes not set up a subflow to the incorrect host.However, it could still create unwanted DCCP handshake traffic. Thisfeature of MP-DCCP could be a target for denial-of-service exploits,with malicious participants in MP-DCCP connections encouraging therecipient to target other hosts in the network. Therefore,implementations should consider heuristics at both thesender and receiver to reduce the impact of this.¶
As described inSection 3.9, an MPS is maintained for an MP-DCCP connection.If MP-DCCP exposes a minimum MPS across all paths,any change to one path impacts the sender for all paths.To mitigate attacks that seek to force a low MPS, MP-DCCPcould detect an attempt to reduce the MPS to less than a minimum MPS and thenstop using these paths.¶
Issues from interaction with on-path middleboxes such as NATs, firewalls, proxies,IDSs, and others have to be considered for allextensions to standard protocols; otherwise, unexpected reactions ofmiddleboxes may hinder its deployment. DCCP already provides means tomitigate the potential impact of middleboxes, in comparison to TCP (seeSection 16 of [RFC4340]). When both hosts are located behind a NAT orfirewall entity, specific measures have to be applied such as the simultaneous-open technique specified in[RFC5596] that updates the asymmetric connection-establishment procedures for DCCP. Further standardized technologiesaddressing middleboxes operating as NATs are provided in[RFC5597].¶
[RFC6773] specifies UDP encapsulation for NAT traversal of DCCP sessions,similar to other UDP encapsulations such as the Stream Control Transmission Protocol (SCTP)[RFC6951]. Futurespecifications by the IETF could specify other methods for DCCP encapsulation.¶
The security impact of MP-DCCP-aware middleboxes is discussed inSection 4.¶
The approach described above has been implemented in open source across different testbeds, and a new scheduling algorithm has been extensively tested. Also, demonstrations of a laboratory setup have been executed and published; see[MP-DCCP.Site].¶
This section provides guidance to the Internet Assigned Numbers Authority (IANA) regarding the registration of values related to the MP extension of the DCCP protocol in accordance with the RFC Required policy inSection 4.7 of [RFC8126]. This document defines one new value that has been allocated in the IANA "DCCP Feature Numbers" registry and creates three new registries that have been added in the "Datagram Congestion Control Protocol (DCCP) Parameters" registry group.¶
Per this document, IANA has assigned a new DCCP feature parameter for negotiatingthe support of multipath capability for DCCP sessions between hostsas described inSection 3. The following entry inTable 6 has been added to the "Feature Numbers" registry in the DCCP registry group according toSection 19.4 of [RFC4340].¶
| Number | Description/Meaning | Reference |
|---|---|---|
| 10 | Multipath Capable | RFC 9897 |
Section 3.1 specifies the new 1-byte entry above that includes a 4-bit part to specify the version of the used MP-DCCP implementation. IANA has created a new "MP-DCCP Versions" registry in the DCCP registry group to track the MP-DCCP version. The initial content of this registry is as follows:¶
| Version | Value | Reference |
|---|---|---|
| 0 | 0000 | RFC 9897 |
| 1-15 | Unassigned |
Future MP-DCCP versions 1 to 15 will be assigned from this registry using the RFC Required policy (Section 4.7 of [RFC8126]).¶
IANA has assigned value 46 in the DCCP "Option Types" registry, as described inSection 3.2.¶
IANA has created a new "Multipath Options" registry within the DCCP registry group. The following entries inTable 8 have been added to the new "Multipath Options" registry. The registry has an upper boundary of 255 in the numeric value field.¶
| Multipath Option | Name | Description | Reference |
|---|---|---|---|
| MP_OPT=0 | MP_CONFIRM | Confirm reception/processing of an MP_OPT option | Section 3.2.1 |
| MP_OPT=1 | MP_JOIN | Join subflow to an existing MP-DCCP connection | Section 3.2.2 |
| MP_OPT=2 | MP_FAST_CLOSE | Close an MP-DCCP connection unconditionally | Section 3.2.3 |
| MP_OPT=3 | MP_KEY | Exchange key material for MP_HMAC | Section 3.2.4 |
| MP_OPT=4 | MP_SEQ | Multipath sequence number | Section 3.2.5 |
| MP_OPT=5 | MP_HMAC | Hash-based message authentication code for MP-DCCP | Section 3.2.6 |
| MP_OPT=6 | MP_RTT | Transmit RTT values and calculation parameters | Section 3.2.7 |
| MP_OPT=7 | MP_ADDADDR | Advertise one or more additional addresses/ports | Section 3.2.8 |
| MP_OPT=8 | MP_REMOVEADDR | Remove one or more addresses/ports | Section 3.2.9 |
| MP_OPT=9 | MP_PRIO | Change subflow priority | Section 3.2.10 |
| MP_OPT=10 | MP_CLOSE | Close an MP-DCCP connection | Section 3.2.11 |
| MP_OPT=11 | MP_EXP | Experimental option for private use | Section 3.2.12 |
| MP_OPT=12-255 | Unassigned |
Future Multipath Options with MP_OPT>11 will be assigned from this registry using the RFC Required policy (Section 4.7 of [RFC8126]).¶
IANA has assigned a new DCCP-Reset Code, value 13, in the "Reset Codes" registry, with the description "Abrupt MP termination". Use of this Reset Code is defined inSection 3.2.3.¶
IANA has created a new "Multipath Key Type" registry for this version of the MP-DCCP protocol that contains two different suboptions to the MP_KEY option to identify the MP_KEY Key types in terms of 8-bit values as specified inSection 3.2.4. See the initial entries inTable 9 below. Values in the range 1-254 (decimal) inclusive remain unassigned in this specified version 0 of the protocol and will be assigned via the RFC Required policy[RFC8126] in potential future versions of the MP-DCCP protocol.¶
| Type | Name | Meaning | Reference |
|---|---|---|---|
| 0 | Plain Text | Plain text Key | Section 3.2.4 |
| 1-254 | Unassigned | ||
| 255 | Experimental | For private use only | Section 3.2.4 |
This appendix is informative.¶
MP-DCCP is similar to Multipath TCP[RFC8684] in that itextends the related basic DCCP transport protocol[RFC4340] withmultipath capabilities in the same way as Multipath TCP extends TCP[RFC9293].However, because of the differences between the underlying TCP and DCCPprotocols, the transport characteristics of MPTCP and MP-DCCP aredifferent.¶
Table 10 compares the protocol characteristics of TCPand DCCP, which are by nature inherited by their respective multipathextensions. A major difference lies in the delivery of the payload, whichfor TCP is an exact copy of the generated byte stream. DCCP behavesdifferently and does not guarantee the delivery of any payload nor theorder of delivery.Since this is mainly affecting the receiving endpoint of a TCP orDCCP communication, many similarities on the sender side can be identified.Both transport protocols share the 3-way initiation of acommunication and both employ congestion control to adapt the sendingrate to the path characteristics.¶
| Feature | TCP | DCCP |
|---|---|---|
| Full-Duplex | yes | yes |
| Connection-Oriented | yes | yes |
| Header option space | 40 bytes | < 1008 bytes or PMTU |
| Data transfer | reliable | unreliable |
| Packet-loss handling | retransmission | report only |
| Ordered data delivery | yes | no |
| Sequence numbers | one per byte | one per PDU |
| Flow control | yes | no |
| Congestion control | yes | yes |
| ECN support | yes | yes |
| Selective ACK | yes | depends on congestion control |
| Fix message boundaries | no | yes |
| Path MTU discovery | yes | yes |
| Fragmentation | yes | no |
| SYN flood protection | yes | no |
| Half-open connections | yes | no |
Consequently, the multipath characteristics shown inTable 11 are the same, supporting volatile pathsthat have varying capacities and latency, session handovers, and pathaggregation capabilities. All of these features profit by the existence ofcongestion control.¶
| Feature | MPTCP | MP-DCCP |
|---|---|---|
| Volatile paths | yes | yes |
| Session handover | yes | yes |
| Path aggregation | yes | yes |
| Data reordering | yes | optional |
| Expandability | limited by TCP header | flexible |
Therefore, the sender logic is not much different between MP-DCCP andMPTCP.¶
The receiver side for MP-DCCP has to deal with the unreliable delivery provided by DCCP. The multipath sequence numbers included in MP-DCCP (seeSection 3.2.5) facilitatesadding optional mechanisms for data stream packet reordering at the receiver. Information from the MP_RTT Multipath Option (Section 3.2.7), DCCP path sequencing, and the DCCP Timestamp Option provide further means for advanced reordering approaches, e.g., as proposed in[MULTIPATH-REORDERING].However, such mechanisms do not affect interoperabilityand are not part of the MP-DCCP protocol. Many applications that use unreliable transport protocols can also inherently process out-of-sequence data (e.g., through adaptive audio and video buffers), so additional reordering support might not be necessary. The addition of optional reordering mechanisms are likely to be needed when the different DCCP subflows are routed across paths with different latencies. In theory, applications using DCCP are aware that packet reordering could occur, because DCCP does not provide mechanisms to restore the original packet order.¶
In contrast to TCP, the receiver processing for MPTCP adopted a rigid"just wait" approach, because TCP guarantees reliable in-order delivery.¶
[RFC8684] defines Multipath TCP and provides important inputs for this specification.¶
The authors gratefully acknowledge significant input into this document fromDirk von Hugo,Nathalie Romo Moreno,Omar Nassef,Mohamed Boucadair,Simone Ferlin,Olivier Bonaventure,Gorry Fairhurst, andBehcet Sarikaya.¶