Native Multipath TCP support for OpenSSH
During the Open Week at UCLouvain, we added native Multipath TCP support on the OpenSSH client and server in order to connect to a remote machine using multiple network interfaces.
What’s the point ?
There are several benefits to this native support :
- Improve the total bandwidth by combining the bandwidth of each interface.
- Move the ssh session from an interface to another without losing the connection.
- Keep the connection alive even if there is no interface connected during some time.
Compiling and installation
Follow the instructions shown in the README file.
Setting up mptcpd
mptcpd is a daemon that allows to automatically setup new interfaces with mptcp. It comes with a config file allowing to specify a mode or list of modes for each new mptcp address. Our tests were done using the ‘subflow’ mode.
Manual mptcp configuration
New addresses can be added manually using the ip command. To do so, please refer to the redhat documentation.
Prevent timeouts
Configure those options in sshd_config:
- ClientAliveInterval 60
- > Sends a packet to the client after 60 seconds of inactivity.
- ClientAliveCountMax 60
- > Closes the connection when 60 packets have been sent and no response have been received.
Usage
Clone this fork of openssh, compile on the mptcp_support branch and install, set the client and server config files:
- Uncomment UseMPTCP no in ssh_config and change to yes
- Uncomment UseMPTCP no in sshd_config and change to yes
Then run SSH as usual.
Alternatively, run the following commands from the directory where the compiled binaries are located:
On the server side:
$(pwd)/sshd -o UseMPTCP=yes
On the client side:
./ssh -o UseMPTCP=yes user@hostname
Real life testing
The first step to check our port of ssh to mptcp was to see in Wireshark if mptcp packets were being transmitted. Then, the real life testing can begin.
Here, at the UCLouvain, we have a lot of auditoriums and computer labs close to each other. The eduroam network is used accross buildings to give students access to the internet. This gave us the idea to walk from building to building, switching access point often and to keep a mobile 4G connection used by Multipath TCP. The goal was to see if an ssh session would break over time. You can see the path we have taken accross the city in the following picture:
Along with it, we have captured the packets on the client device to see which interface was used and when. In the plot, we have only selected the “interesting” part of the data when the connection switches between 4G and wifi. We see on the first part that the 4G took over. We think it is because there was a black zone in eduroam between the two first access points in our path. The same phenomenon can be seen a bit later.
At the end we noticed that the ssh connection was still alive even after switching interfaces multiple times. We can thus say from our experiment that the MPTCP port of ssh seems to be successful.