Cisco Cisco ACE Application Control Engine Module Manuel Technique
MPTCP and Product Support Overview
Document ID: 116519
Contributed by Jay Young and Daniel Wing, Cisco TAC Engineers.
Sep 17, 2013
Sep 17, 2013
Contents
Introduction
MPTCP Overview
Background Information
Session Establishment
Join Additional Sub−flows
Add Address
Segmentation, Multipath, and Reassembly
Impact on Flow Inspection
Cisco Products Impacted by MPTCP
ASA
TCP Operations
Protocol Inspection
Cisco ASA Next−Generation Firewall Services
TCP Operations
Inline Secure Sockets Layer (SSL) Decryption
IPS
Cisco IOS Firewall
Context−Based Access Control (CBAC)
Zone−Based Firewall (ZBFW)
ACE
Cloud Web Security (ScanSafe)
Cisco Products not Impacted by MPTCP
MPTCP Overview
Background Information
Session Establishment
Join Additional Sub−flows
Add Address
Segmentation, Multipath, and Reassembly
Impact on Flow Inspection
Cisco Products Impacted by MPTCP
ASA
TCP Operations
Protocol Inspection
Cisco ASA Next−Generation Firewall Services
TCP Operations
Inline Secure Sockets Layer (SSL) Decryption
IPS
Cisco IOS Firewall
Context−Based Access Control (CBAC)
Zone−Based Firewall (ZBFW)
ACE
Cloud Web Security (ScanSafe)
Cisco Products not Impacted by MPTCP
Introduction
This document provides an overview of Multipath TCP (MPTCP), its impact on flow inspection, and the
Cisco products that are and are not affected by it.
Cisco products that are and are not affected by it.
MPTCP Overview
Background Information
Hosts connected to the Internet or within a data center environment are often connected by multiple paths.
However, when TCP is used for data transport, communication is restricted to a single network path. It is
possible that some paths between the two hosts are congested, whereas alternate paths are underutilized. A
more efficient use of network resources is possible if these multiple paths are used concurrently. In addition,
the use of multiple connections enhances the user experience, because it provides higher throughput and
improved resilience against network failures.
However, when TCP is used for data transport, communication is restricted to a single network path. It is
possible that some paths between the two hosts are congested, whereas alternate paths are underutilized. A
more efficient use of network resources is possible if these multiple paths are used concurrently. In addition,
the use of multiple connections enhances the user experience, because it provides higher throughput and
improved resilience against network failures.
MPTCP is a set of extensions to regular TCP that enables a single data flow to be separated and carried across
multiple connections. Refer to RFC6824: TCP Extensions for Multipath Operation with Multiple Addresses
for more information.
multiple connections. Refer to RFC6824: TCP Extensions for Multipath Operation with Multiple Addresses
for more information.