stream control transmission protocol

Stream Control Transmission Protocol: The design of a new reliable transport protocol for IP networksStream Control Transmission Protocol: The design of a new reliable transport protocol for IP networks

T y p e U n i t O r D e p a r t m e n t H e r eT y p e Y o u r N a m e H e r e

T ype U n itO rD ep artm en tH ereT ype Y o urN a m eH e re

Espoo, 12th of February, 2002Espoo, 12th of February, 2002

Author:Author: Iván Arias RodríguezIván Arias RodríguezSupervisor:Supervisor: Raimo KantolaRaimo Kantola

Stream Control Stream Control Transmission ProtocolTransmission Protocol

The design of a new reliable transport protocol for IP networks






Table of contentsTable of contents Why a new reliable transport protocol? Datagram structure of SCTP. The SYN attack in TCP Establishment procedure in SCTP. Transmission of data. Taking profit of multihomed hosts. The Head Of Line (HOL) blocking in TCP. Avoiding the HOL blocking in TCP using several connections. Avoiding the HOL blocking in SCTP using several streams. Avoiding the HOL blocking in SCTP using unordered DATA chunks. The path heartbeat mechanism. Reporting non fatal errors in SCTP. Aborting associations in SCTP. Gracefully termination of an association. Summarizing: Main characteristics of SCTP






Why a new reliable transport protocol?Why a new reliable transport protocol? There is an increasing interest in merging IP and telephony networks. Among the problems that TCP has regarding telephony signaling transport we can

cite:

• It suffers from the so-called Head Of Line (HOL) blocking.

• It is stream oriented. There are no message delimiters.

• TCP is not designed to be multihomed.

• It is relatively vulnerable to denial of service attacks. TCP is very difficult to extend. These problems could not be solved by any TCP

extension. The SIGTRAN working group of the IETF started to design a new reliable transport

protocol in summer 1998. The initial design was called Multi-Network Datagram Transmission Protocol

(MDTP). It ran on top of UDP instead of directly over IP. The design of SCTP took about two years and a half. SCTP specifications are

published in RFC 2960. However, a second version of them will be published soon.






Datagram structure of SCTPDatagram structure of SCTP

Parameters or Error Causes

Fixed Fields

Chunk Type Chunk Flags Chunk Length

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Parameter Value

Parameter Type Parameter Length

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Cause Value

Cause Code Cause Length

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Common

Header

Chunks

Checksum

Verification Tag

Source Port Number Destination Port Number

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

An SCTP datagram is composed of a Common Header and at least one Chunk.

The Parameters are optional or variable length fields.

Inside an SCTP datagram there can be many Chunks. The quantity of chunks is only restricted by the Maximum Transfer Unit (MTU). They are Type-Length-Value (TLV) structures. They all have a Chunk Type, the Chunk Flags, the Chunk Length and optionally Fixed Fields and either Parameters or Error Causes.

The Error Causes are syntactically the same as the Parameters but semantically different. They help discovering anomalous situations.

An SCTP datagram is composed of a Common Header and at least one Chunk.

Inside an SCTP datagram there can be many chunks. Its number is only restricted by the Maximum Transfer Unit (MTU).

They are Type-Length-Value (TLV) structures. They all have a Chunk Type, the Chunk Flags, the Chunk Length and optionally Fixed Fields and either Parameters or Error Causes.

The Parameters are optional or variable length fields.






The SYN attack in TCPThe SYN attack in TCP

The attacker sends SYN segments to a server. This attacker uses IP spoofing, forging the source address of the IP datagrams containing those TCP segments.

IP Destination Address AIP Destination Address ASYN-SYN-ACKACK

IP Destination Address BIP Destination Address BSYN-SYN-ACKACK

IP Destination Address ZIP Destination Address ZSYN-SYN-ACKACK

Fake IP Source Address AFake IP Source Address AFake IP Source Address BFake IP Source Address B

Fake IP Source Address ZFake IP Source Address Z

SYNSYN

SYNSYN

SYNSYN

SYNSYN

SYNSYN

SYNSYN

The receiver of the SYN segment saves the state of the future connection.

The server sends back a SYN-ACK segment to the source address of the SYN segment. Normally nobody listens to that address, and the segment is lost.

The attacker sends many SYN segments and the receiver keeps filling its buffers.

At some point, the server is out of resources and legitimate users can not access its services. The attacker has successfully made a Denial of Service attack.

ServerServer

AttackerAttacker






The server answers with an INIT ACK chunk, which has a similar structure than the INIT chunk. However, it does not save any state about the future association.

The INIT ACK chunk compulsorily includes the State Cookie parameter. It carries the information that came inside the INIT chunk plus server specific data, and a Message Authentication Code calculated with a Secret Key.

Using its secret key, the server verifies that the information inside the COOKIE ECHO chunk has not been modified.

If so, the server opens a new association. This way, the server has not reserved any resource until checking that the client included its real address in the first datagram.

The final step is answering to the client with a COOKIE ACK chunk.

The client sends to the server a datagram containing only an INIT chunk. The INIT chunk contains the Initiate Tag, the Advertised Receiver Window Credit,

the Number of Outbound and Inbound Streams, and the Initial TSN. It can also include Parameters.

Parameters

Initial TSN

Number of Outbound Streams Number of Inbound Streams

Advertised Receiver Window Credit

Initiate Tag = Tag A

Chunk Type = 1(INIT) Chunk Flags(Reserved)Chunk Length

Verification Tag = 0


Parameters

Initial TSN



Initiate Tag = Tag A

Chunk Type = 1(INIT)

Chunk Flags(Reserved) Chunk Length

Checksum

Verification Tag = 0


The State Cookie parameter is sent back inside the COOKIE ECHO chunk.

Cookie + Other Parameters

Initial TSN

Number of Outbound Streams Number of Inbound StreamsAdvertised Receiver Window Credit

Initiate Tag = Tag Z

Chunk Type = 2(INIT ACK) Chunk Flags(Reserved)Chunk Length

Checksum

Verification Tag = Tag ASource Port Number Destination Port Number

The State Cookie parameter is sent back inside the COOKIE ECHO chunk.

Received Cookie

Chunk Type = 10(COOKIE ECHO) Chunk Flags(Reserved) Chunk LengthChecksum

Verification Tag = Tag ZSource Port Number

Chunk Type = 11(COOKIE ACK) Chunk Flags(Reserved) Chunk Length

Checksum

Verification Tag = A


Received Cookie

Chunk Type = 10(COOKIE ECHO)


Checksum

Verification Tag = Tag Z


Chunk Type = 11(COOKIE ACK)


Checksum

Verification Tag = Tag A


State Cookie + Other Parameters

Initial TSN



Initiate Tag = Tag Z

Chunk Type = 2(INIT ACK)


Checksum



Establishment procedure in SCTPEstablishment procedure in SCTP The client sends to the server a

datagram containing only an INIT chunk. The INIT chunk contains the Initiate

Tag, the Advertised Receiver Window Credit, the Number of Outbound and Inbound Streams, and the Initial TSN.

It can also include Parameters. The server answers with an INIT ACK

chunk, which has a similar structure than the INIT chunk. However, it does not save any state about the future association.

The INIT ACK chunk compulsorily includes the State Cookie parameter. It carries the information that came inside the INIT chunk plus server specific data, and a Message Authentication Code calculated with a Secret Key.






Duplicate TSN #D

. . .

Duplicate TSN #1

Gap Ack Block #G Start Gap Ack Block #G End

. . .

Gap Ack Block #1 Start Gap Ack Block #1 End

Number of Gap Ack Blocks = G Number of Duplicate TSNs = DAdvertised Receiver Window Credit

Cumulative TSN Acknowledgement

Chunk Type = 3(SACK) Chunk Flags( Reserved)Chunk Length

ChecksumVerification Tag = Tag Z


The user data is sent inside the DATA chunks. The Payload Protocol Identifier (PPI) identifies the upper user that generated the DATA chunk.

A DATA chunk is uniquely identified by its Transmission Sequence Number (TSN). Its order inside the Stream is given by the Stream Sequence Number (SSN).

The B (Beginning) and E (End) flags are used when fragmenting the user data. The U (Unordered) flag identifies the unordered DATA chunks.

The DATA chunks are acknowledged by the SACK chunks. A SACK chunk acknowledges all TSNs previous to (and including) the Cumulative

TSN Acknowledgement. The Gap Ack Blocks are included if there is a hole in the reception sequence.

If a duplicate TSN was received duplicated, its TSN is included in a Duplicate TSN.

User Data

Payload Protocol IdentifierStream Identifier Stream Sequence Number

Transmission Sequence Number

Chunk Type = 0(DATA) Reserved U B EChunk Length

Checksum

Verification Tag = Tag ZSource Port Number Destination Port Number

User Data

Payload Protocol Identifier

Stream Identifier Stream Sequence Number


Chunk Type = 0(DATA) Reserved U B E Chunk Length

Checksum



Duplicate TSN #D

. . .

Duplicate TSN #1


. . .


Number of Gap Ack Blocks = G Number of Duplicate TSNs = D



Chunk Type = 3(SACK)

Chunk Flags( Reserved) Chunk Length

Checksum



Transmission of dataTransmission of data

The user data is sent inside the DATA chunks. The Payload Protocol Identifier (PPI) identifies the upper user that generated the DATA chunk.

A DATA chunk is uniquely identified by its Transmission Sequence Number (TSN). Its order inside the Stream is given by the Stream Sequence Number (SSN).

The B (Beginning) and E (End) flags are used when fragmenting the user data. The U (Unordered) flag identifies the unordered DATA chunks.






User Data

Payload Protocol IdentifierStream Identifier Stream Sequence Number





Taking profit of multihomed hostsTaking profit of multihomed hosts

User Data





Checksum


Duplicate TSN #D

. . .

Duplicate TSN #1Gap Ack Block #G Start Gap Ack Block #G End

. . .

Gap Ack Block #1 Start Gap Ack Block #1 EndNumber of Gap Ack Blocks = G Number of Duplicate TSNs = D






Duplicate TSN #D

. . .

Duplicate TSN #1Gap Ack Block #G Start Gap Ack Block #G End

. . .


Number of Gap Ack Blocks = G Number of Duplicate TSNs = DAdvertised Receiver Window Credit



Checksum


Duplicate TSN #D

. . .

Duplicate TSN #1


. . .

Gap Ack Block #1 Start Gap Ack Block #1 EndNumber of Gap Ack Blocks = G Number of Duplicate TSNs = D

Advertised Receiver Window CreditCumulative TSN Acknowledgement


Checksum


User Data





Checksum


User Data





Checksum


IP Network

During the establishment phase the two peers exchange their IP addresses. All of them can be used as source or destination addresses. However, one of them is the Primary Address and is the one normally used as the

destination address. The rest are kept as a backup in case the Primary Address fails and also used for the retransmissions.

In case the Primary Address fails, we can use any of the other addresses. This way we have network redundancy and it is less probable to loose an association

due to network failures.






The The Head Of Line (HOL)Head Of Line (HOL) blocking in TCP blocking in TCP

It happens when the data sender sends unrelated messages through the same TCP connection and one segment is lost in the way to the receiver.

TCP connection2 16 5 4 3 26 5 4 3 1 3

232432

5432

65432

6 5 4 36 5 46 56 25461

Even if all the subsequent of segments arrive normally to the receiver, they will be kept at the receiver.

Only when the lost segment is retransmitted and arrives to the receiver the rest of messages can be delivered to the upper user.

Receiver's Buffer

TCP User

654321






TCP connection A2 1

Avoiding the HOL blocking in TCP using Avoiding the HOL blocking in TCP using several connectionsseveral connections

The HOL blocking can be avoided using different TCP connections for different user messages.

TCP connection C

TCP connection B

1

Receiver'sBuffer

A

TCPUser

A

Receiver'sBuffer

B

Receiver'sBuffer

C

TCPUser

B

TCPUser

C

2 21

21

2

2

2 1

2 1

2 1

2

However, having many open connections is expensive.

If one segment is lost in one of the connections, it does not affect the other user messages.






Stream 2

Stream 1

Stream 0

SCTP association

2/1 1/1

Avoiding the HOL blocking in SCTP using Avoiding the HOL blocking in SCTP using several streamsseveral streams

In SCTP, a stream represents an uni-directional logical channel within which all user messages are delivered in sequence.

The TSN uniquely identifies the DATA chunks belonging to an association, and the SSN is used to order those DATA chunks within a stream, independently of the other streams. The Stream Identifier in the DATA chunk identifies the stream used.

4/1 3/1

2/1

2/1 1/16/1 5/1

6/1 5/16/1 5/1

2/1 1/1

Receiver's Buffer

SCTP UserStrea

m 0Stream 1

Stream 21/1 2/1

2/1

4/13/1

6/15/1

2/1

A DATA chunk can be sent to any existing stream of the association. A missing TSN sent to one stream does not affect to any TSN sent to another stream. The streams are cheap. They all share the same buffer and congestion variables.






SCTP association Stream 02/0 1/06/0 5/0 4/0 3/0 3/02/05/04/06/0

Avoiding the HOL blocking in SCTP using Avoiding the HOL blocking in SCTP using unordered DATA chunksunordered DATA chunks

The DATA chunks sent with the U flag set are delivered to the upper user as soon as they are reassembled at the receiver. They are not directed to any specific stream.

2/06/0 5/0 4/0 3/0 16/0 5/0 4/0 3/06/0 5/0 4/06/0 5/06/0

Unordered DATA chunks are conceptually similar to UDP datagrams. However, unordered messages are normally acknowledged and can also be fragmented. Using unordered data we can also avoid the HOL blocking without even using streams. However, this scheme can be used only if the order of delivery of user

messages does not matter.

Receiver's Buffer

SCTP UserSCTP User

2/03/02/04/03/02/0

2/05/02/06/05/02/0

2/0






Sender-specific Heartbeat Info

Heartbeat Info Type = 1 Heartbeat Info Length

Chunk Type = 5(HEARTBEAT A.) Chunk Flags(Reserved) Chunk Length

Checksum





Chunk Type = 4(HEARTBEAT) Chunk Flags(Reserved) Chunk Length

Checksum





Chunk Type = 5(HEARTBEAT A.)


Checksum





Chunk Type = 4(HEARTBEAT)


Checksum



One host sends the HEARTBEAT chunk to its peer. It contains a TLV structure similar to a Parameter, called Heartbeat Info. Its internal structure is implementation specific.

Upon receipt of this chunk, the receiver must answer with a HEARTBEAT ACK chunk, copying the Heartbeat Info inside the HEARTBEAT ACK chunk.

If the HEARTBEAT ACK chunk is not received on time, it counts as an error on the address used. Too many errors make the address to be considered as unreachable.

The path heartbeat mechanismThe path heartbeat mechanism






If one of the hosts involved in an association has any non-fatal problem, it sends an ERROR chunk to its peer endpoint.

An ERROR chunk must include at least one Error Cause indicating the reason(s) why the chunk was sent.

They are used to indicate solvable problems, to help debugging SCTP implementations and to make SCTP extensions backward compatibles.

Parameters

Chunk Typ = 9(ERROR) Chunk Flags(Reserved)Chunk Length

Checksum



Reporting non fatal errors in SCTPReporting non fatal errors in SCTP

Error Causes

Chunk Type = 9(ERROR)


Checksum








When a host has a problem that makes impossible continuing with an existing association, it sends the ABORT chunk.

As the ERROR chunk, the ABORT chunk can carry Error Causes to state which was the problem. However, they are not compulsory in the ABORT chunk.

Once the ABORT chunk is received, the association ceases to exist. The abort procedure should not be used to terminate associations if possible.

Parameters

Chunk Typ = 6(ABORT) Reserveddf TChunk Length

Checksum



Error Causes

Chunk Type = 6(ABORT) Reserved T Chunk Length

Checksum



Aborting associations in SCTPAborting associations in SCTP






The last chunk used in the shutdown procedure is the SHUTDOWN COMPLETE. The T (TCB missing) flag is set when there is not a TCB at the SHUTDOWN ACK receiver. This can

happen if the peer has restarted. In SCTP there are not half closed associations as in TCP. The shutdown procedure is asymmetric.

When the peer endpoint has also received the acknowledgement of all the DATA chunks, it sends back the SHUTDOWN ACK chunk.

If a host wants to start the shutdown procedure, it sends the SHUTDOWN chunk. Is the responsibility of the sender to send this chunk when all the data it wants to send has been already

acknowledged. The SHUTDOWN chunk also includes the Cumulative TSN Acknowledgement as the SACK chunk

does.

Received Cookie

Chunk Type = 10(COOKIE ECHO) Chunk Flags(Reserved) Chunk LengthChecksum

Verification Tag = Tag ZSource Port Number

Cumulative TSN ACK

Chunk Type = 8(SHUTDOWN) Chunk Flags(Reserved)Chunk Length

Checksum



Cumulative TSN ACK

Chunk Type = 8(SHUTDOWN)


Checksum



Chunk Type = 9(SHUTDOWN A.) Chunk Flags(Reserved)Chunk Length

Checksum



Chunk Type = 9(SHUTDOWN A.)


Checksum



Gracefully termination of an associationGracefully termination of an association

When the peer endpoint has also received the acknowledgement of all the DATA chunks, it sends back the SHUTDOWN ACK chunk.

If a host wants to start the shutdown procedure, it sends the SHUTDOWN chunk.

Is the responsibility of the sender to send this chunk when all the data it wants to send has been already acknowledged.

The SHUTDOWN chunk includes the Cumulative TSN Acknowledgement as the SACK chunk does.Chunk Type = 14

(SHUTDOWN C.) Reserved T Chunk Length

Checksum








Summarizing: Main characteristics of SCTPSummarizing: Main characteristics of SCTP

It is able to take profit of multihomed hosts. It can avoid the SYN attack thanks to its cookie mechanism. The existence of independent streams helps avoiding the HOL blocking. It is message-oriented as UDP, but at the same time reliable as TCP is. It is able to notify error conditions, thus making possible solving certain errors at the

transport level. It is highly inspired in TCP. Most of the optional features of TCP are compulsory in

SCTP. The congestion avoidance mechanism is the same as in TCP. SCTP uses a very similar socket interface than the one TCP uses. There are already some open source SCTP implementations. SCTP performance is at least as good as TCP's one.






QuestioQuestions?ns?






Extra slidesExtra slides






The finite state machine model (I)The finite state machine model (I) As TCP, SCTP is a

symmetrical protocol. The client and the server are functionally identical.

It uses a four-way handshake establishment procedure. However, the last two legs can already carry user data.

It provides mechanisms to solve initiation collisions or to realize about a restart of the peer.

COOKIE-WAIT

CLOSED

Any State

ESTABLISHED

ABORTABORT

INIT ACKINIT ACK

INITINIT

COOKIE ECHOCOOKIE ECHO

SHUTDOSHUTDOWNWN

SHUTDOWN

ABORT

ASSOCIATE

COOKIE-ECHOED

COOKIE COOKIE ACKACK

COOKIE ACKCOOKIE ACK

INITINIT

ABORTABORT

INIT ACKINIT ACK

COOKIE ECHOCOOKIE ECHO

CLIENTCLIENT SERVERSERVER

ESTABLISHED

User Primitive CallUser Primitive CallASSOCIATE

StateState

SHUTDOWSHUTDOWNN

COMPLETECOMPLETE

State changeState change

Control chunkControl chunksent or receivedsent or received






The finite state machine model (II)The finite state machine model (II) SCTP uses a three-way

handshake shutdown algorithm.

There is not half closed associations in SCTP.

The shutdown algorithm is asymmetric. Once one endpoint starts closing the association, the other host must do the same.

ESTABLISHED

SHUTDOWN-PENDING

SHUTDOWN-SENT

SHUTDOWN-RECEIVED

SHUTDOWN-ACK-SENT

CLOSED

SHUTDOWSHUTDOWNN

COMPLETECOMPLETE

SHUTDOSHUTDOWNWN

SHUTDOWNSHUTDOWN

SHUTDOWN SHUTDOWN COMPLETECOMPLETE

SHUTDOWNSHUTDOWN ACKACK

SHUTDOWN

ESTABLISHED

User Primitive CallUser Primitive CallASSOCIATE

StateState

SHUTDOWSHUTDOWNN

COMPLETECOMPLETE

State changeState change

Control chunkControl chunksent or receivedsent or received* The state is changed * The state is changed

and the signal is sent and the signal is sent when there are no when there are no more outstanding DATA more outstanding DATA chunks.chunks.

SHUTDOWNSHUTDOWN**

SHUTDOWN ACKSHUTDOWN ACK **

CLIENTCLIENT SERVERSERVER

stream control transmission protocol

Documents