Stream Control Transmission Protocol (SCTP)

AcknowledgementsProf. Paul Amer

Randall Stewart ~ Philip Conrad ~ Janardhan Iyengar

CISC 856: TCP/IP and Upper Layer ProtocolsPresented By : Nikhil Shirude

November 15, 2007

Overview

• Motivation for SCTP• SCTP PDU and Chunk

Format• SCTP 4-Way Association• SCTP Association Shutdown• SCTP Multi-Homing• Summary

• Primary Motivation – Transportation of telephony signaling messages over IP networks

• Telephony Signaling – rigid timing & reliability requirements• TCP Limitations

head-of-line blocking does not preserve A-PDU boundaries no support for multi-homing vulnerable to SYN Flooding attacks

• SCTP Features 4 way handshake multihoming multistreaming framing

SCTP Motivation

SCTP OverviewServices/Features SCTP TCP UDP

Connection-oriented yes yes noFull duplex yes yes yesReliable data transfer yes yes noPartial-reliable data transfer proposed no noFlow control yes yes noTCP-friendly congestion control yes yes noECN capable yes yes noOrdered data delivery yes yes noUnordered data delivery yes no yesUses selective ACKs yes optional noPath MTU discovery yes yes noApplication PDU fragmentation yes yes noApplication PDU bundling yes yes noPreserves application PDU boundaries

yes no yes

Multistreaming yes no noMultihoming yes no noProtection against SYN flooding attack

yes no n/a

Allows half-closed connections no yes n/aReachability check yes yes noPseudo-header for checksum no (uses

vtags)yes yes

Time wait state for vtags for 4-tuple n/a

SCTP PDU Format

Source PortDestination

Port

Verification Tag

Checksum

Chunk 1

…

Chunk N

Common Header

• Building blocks of an SCTP PDU– Common Header which occupies the first 12 bytes– Header has a CRC-32 checksum.– Chunks are of two types: Control chunks and Data

chunks

Chunks

SCTP

PDU

SCTP Chunk Format

Type Flag Length

Chunk Information(Multiple of 4 bytes)

Type - Data, Init, SACK, Cookie Echo, HeartBeat …

Flag - Bit meanings depend on type

Length - Defines total size of the chunk including type, flags, length and data/parameters

Some SCTP Chunk Types

0x00 DATA User data

0x01 INIT ~ SYN

0x02 INIT-ACK

0x03 SACK Selective ACK

0x04 HEARTBEATKeep-alive message

0x05HEARTBEAT-

ACK

0x07 SHUTDOWN ~FIN

0x08SHUTDOWN-

ACK

Type SCTP

TCP

SCTP Feature Summary

What TCP and SCTP both have: reliability (retransmissions) congestion control connection oriented

SCTP adds the following: 4-way handshake

to reduce vulnerability to Denial of Service attacks multihoming

instead of one IP address per endpointa set of IP addresses per endpoint

framing preserve message boundaries multistreaming

instead of one ordered stream, up to 64K independent ordered streams

closed

listen

t=0

SYN

SYN sent

data

1RTT

ACK

established

First - TCP Connection Establishment

established

SYN-ACK

SYN recd(TCB created)

Security: TCP Flooding Attack

128.3.4.5

(victim) TCP-based web server

flooded!!

spoofed SYN’s

221.3.5.10

192.10.2.8

SYN 190.13.4.1

SYN 228.3.14.5

SYN 130.2.4.15

Internet

process

SYN

TCB = Transport Control Block

(attackers)

TCB

SYN 130.2.4.15 TCB

SYN 228.3.14.5

TCB

SYN 190.13.4.1

The SCTP Way: 4-way handshake limits attack

128.3.4.5

spoofed INIT’s

221.3.5.10

192.10.2.8

INIT 190.13.4.1

INIT 228.3.14.5

INIT 130.2.4.15

Internetproces

sINIT

(victim) SCTP-based web server

(attackers)

INIT-ACK130.2.4.15

INIT-ACK228.3.14.5

INIT-ACK190.13.4.1No reserved resources

No flooding!!

V: Verification tag I : Initiate tag

1RTTINIT–ACK (V=TagA) (I=TagB)(StateCookie)

closed

closed

t=0 INIT (V=0) (I=TagA)cookiewait

COOKIE–ECHO (V=TagB) (StateCookie) cookieechoed

data (V=TagB) established

2RTTCOOKIE–ACK (V=TagA)

estab’d

SCTP: Four-way Association Setup

Information from original INIT Information from current INIT-ACK Timestamp Life span of cookie (Time to Live) Signature for authentication (MD5)

What does a Cookie contain?

SCTP Association Graceful Shutdown

DATADATA

SACK

SHUTDOWN

Upper layer invokes SHUTDOWN

shutdown_pending

shutdown_sent

estbl’d estbl’d

stop accepting data

shutdown_pending

shutdown_sent

shutdown_received

stop accepting data

shutdown_ack_sent

closed

(delete TCB)

SHUTDOWN_ACK

SHUTDOWN + SACK

SHUTDOWN

DATA

SHUTDOWN_COMPLETE

closed

(delete TCB)

SCTP Feature SummaryWhat TCP and SCTP both have: reliability (retransmissions) congestion control connection oriented

SCTP adds the following: 4-way handshake

to reduce vulnerability to Denial of Service attacks multihoming

instead of one IP address per endpointa set of IP addresses per endpoint

framingpreserve message boundaries

multistreaminginstead of one ordered stream, up to 64K independent ordered streams

......

Application

SCTP

IP

...

...

port

IP addresses

Link

Physical

132 (IANA)

Multi-Homing

Multi-Homing: Technique to improve reachability of hostswhich are reachable on more than 1 destinations (interfaces)

18

Traditional “Uni” homing

Web server client

InternetB

transport connection

A

points of failure

19

Traditional “Multi” homing (TCP)

Web server client

InternetB2

A2

B1

transport connection

points of failure

A1

•In TCP, host choose 1 of 4 possible combinations:(A1,B1) or (A1,B2) or (A2,B1) or (A2, B2)

20

Innovative “Multi” homing in SCTP

Web server client

Internet

transport “association”

B2A2

A1

SCTP Multihoming

•Hosts use one association ({A1,A2}, {B1,B2})•New data sent to one primary destination - Let B1 be the web server’s primary destination - Let A1 be the client’s primary destination •Path status and destination reachability constantly monitored.

B1

single-homed SCTP endpoint

A1

Host A

IP=128.33.6.12

endpoint=[128.33.6.12 : 100]

B2

multi-homed SCTP endpoint

B3B1

Host B

IP1=160.15.82.20IP2=161.10.8.221IP3=10.1.61.11

endpoint=[160.15.82.20, 161.10.8.221, 10.1.61.11 : 200]

B2 B3B1

Host B

association={ [128.33.6.12 : 100] : [160.15.82.20, 161.10.8.221, 10.1.61.11 : 200] }

SCTP association

application

SCTP100

application

SCTP200

A1

Host A

IP=128.33.6.12

application

SCTP100

SCTP200

applicationIP1=160.15.82.20IP2=161.10.8.221IP3=10.1.61.11

Multi-homing Association

1232341

TCP data transfer without loss

A2

A1

B2

B1

receive buffer (6)

delivered to application

123456 132

sent by application

23456 3456 456 56 6

45

4

56

5

6

6

datadata

data to be sent

34156 1232

TCP data transfer with loss

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 13 2

data

23456

4

4

5

5

6

6

retransmission

loss

datasent from application

515 66 123234

TCP data transfer with single path failure

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 132

sent by applicationdata

23456 3456 456

4

connection fails!

6 65 54 4

data

1232341

SCTP data transfer without loss

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 132

sent by application

data

23456 3456 456 56 6

45

4

56

5

6

6

data

1345634156

2

2

SCTP data transfer with loss

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 13 2

data

23456 6 45 6

retransmission

2

loss

datasent from application

231

SCTP data transfer with single path failure

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456

sent by application

data

23456 3456 456

6 65 54 4

45656 6

123456215436

retransmission

data

Multihoming Example1. Laptop connected via Ethernet and Wireless.2. Both the interfaces are reachable by the peer.3. Ethernet gets disconnected, transmission of data fails.4. Failure detected, SCTP uses the wireless interface to transmit.5. HEARTBEAT is received. 6. Ethernet link is restored.

Client Host(SCTP) Server Host

(SCTP)

A1

A2

B1

B2Internet

EthernetEthernet

802.11

802.11

New Transmission Path

Heartbeat received

primary alternates

DATA

• Host A monitors reachability of primary dest address of Host B

SCTP Failure Detection

Host A starts the retransmission timer• If timer expires increment error_count

If error_count > threshold path = inactive

• If Host A receives SACK before timer expires error_count = 0 & path = active

SACKA1

Host Aapplication

SCTP100

B2 B3B1

Host Bapplication

SCTP200

error_count --> variable associated with each destination address of a host. (initially zero)

Host A monitors reachability of idle destination addresses of Host B

•HEARTBEAT is sent periodically to each idle address• When a HEARTBEAT is sent

increment error_count If error_count > threshold

path = inactive

• If Host A receives a HEARTBEAT-ACK error_count = 0 & path = active

• When primary dest. address is detected unreachable => SCTP sender chooses REACHABLE, alternate dest. address as primary

primary alternates

HEARTBEAT HEARTBEAT-ACK

A1

Host Aapplication

SCTP100

B2 B3B1

Host Bapplication

SCTP200

HEARTBEAT?

•HEARTBEAT is a chunk that an endpoint sends to its peer endpoints to probe the reachability of a particular destination transport address.

•In our case, the HEARTBEAT is sent to a destination address which has been idle for a long time to check for its reachability.

•HEARTBEAT ACK is a chunk which an endpoint sends to its peer endpoints as a response to a HEARBEAT

chunk.

32

Summary of SCTP

• SCTP used for applications which require data reliability and rigid timing.

• SCTP provides security against DOS attacks by using cookies during association

• SCTP association can bind multiple IP addresses at each endpoint

• SCTP provides multi-homing for applications that require high degree of fault tolerance.

33

Reference Material

Textbooks Stream Control Transmission Protocol (SCTP)Randall Stewart, Qiaobing Xie, Addison Wesley, 2002

TCP/IP Protocol Suite – Chapter 13Behrouz Forouzan

RFC’s• RFC 2960 - Stream Control Transmission Protocol

• RFC 3286 - An Introduction to SCTP

• RFC 4460 - SCTP Specification Errata and Issues

Thank You!!!!