Professional Documents
Culture Documents
Stream Control Transmission Protocol - SCTP: Randall Stewart NSSTG Prof. Paul Amer
Stream Control Transmission Protocol - SCTP: Randall Stewart NSSTG Prof. Paul Amer
Stream Control Transmission Protocol - SCTP: Randall Stewart NSSTG Prof. Paul Amer
application
UDP TCP SCTP DCCP UDP
lite
IP IP
CHAOS !
IP IP IP
IP
IP
What is SCTP?
Start with TCP: reliable (retransmissions) congestion-controlled flow-controlled connection-oriented selective acknowledgments Add: association 4-way handshake to reduce vulnerability to DOS attacks framing, unordered service preserve message boundaries multistreaming not one ordered stream, but 64K independent ordered streams multihoming not one, but a set of IP addresses per endpoint reachability heartbeating keeps track of endpoint status
SCTP Overview
Services/Features Connection-oriented Full duplex Reliable data transfer Partial-reliable data transfer Flow control TCP-friendly congestion control ECN capable Ordered data delivery Unordered data delivery Uses selective ACKs Path MTU discovery Application PDU fragmentation Application PDU bundling Preserves application PDU boundaries Multistreaming Multihoming Protection against SYN flooding attack Allows half-closed connections Reachability check Pseudo-header for checksum Time wait state SCTP yes yes yes optional yes yes yes yes yes yes yes yes yes yes yes yes yes no yes no (uses vtags) for vtags TCP yes yes yes no yes yes yes yes no optional yes yes yes no no no no yes yes yes for 4-tuple UDP no yes no no no no no no yes no no no no yes no no n/a n/a no yes n/a
cookie wait
agA)
INIT PDU
(contd)
cookie wait
agA)
(contd)
cookie wait
agA)
cookie echoed
(contd)
cookie wait
agA)
cookie echoed
CK T_A B) INI =Tag I agA; T (V=CO OKI E_EC (V=T HO agB) A KIE_ COO A) =Tag (V CK
estbld
Internet
spoofed SYNs
228.3.14.5
TCB
190.13.4.1
flooded!!
spoofed INITs
process INIT
INIT-ACK 228.3.14.5
Example - DNS
Response size <= 512, UDP is used If response size > 512, TCP is used
Message 1
Message 2
l ro nt Co s TP unk SC Ch on mm Co r TP ade SC He er ad He
k un Ch s ta der Da ea H
IP
data to be sent
TSN TSN TSN TSN TSN TSN 6 5 4 3 2 1
A1 A2
TSN 6 1 4 3 2 5
TSN TSN 6 1 4 5 3 2
B1 B2
Multi-homed Considerations
When a peer is multi-homed, a primary destination address will be selected by the SCTP endpoint. By default, all data will be sent to this primary address.* When the primary address fails, the sender will select an alternate primary address until it is restored or the user changes the primary address.
SCTP Multistreaming
Logical separation of data within an assoc Designed to prevent head-of-line blocking Can be used to deliver multiple objects belonging to the same assoc
HOL blocking!
retransmission loss
TCP connection Web server Web client
Web server
SCTP association
Web client
= PDU lost
= PDU lost
time
time
How?
Multiple persistent TCP connections to transfer independent web objects Possible HOL blocking within one TCP connection No shared sequence space => Less robust to loss detection and recovery Increased load on web server Increased connection establishment latency during SYN losses. Aggressive behavior during congestion
Problems
An SCTP sender can send all messages in a single ordered stream to achieve the same behaviour as TCP.
Available in FreeBSD 7.0 (patch avail for 6.0, 6.1 and 6.2 Available as a KLM for MAC O/S X Available for NetBSD, But? Not supportable on OpenBSD :-(
Where is it?
Linux (lk-sctp project), HP-UX (from Emerson), Solaris 10, AIX and a myriad of purchasable stacks.
Also a user space open source stack that can run in windows (supported by Kyoto Univ).
Other stuff
One of the MOST active groups in the SCTP community is the WIDE SCTP-wg, if you are a WIDE member please join it :-D Later this year (August) Kyoto University will be th hosting the 9 SCTP inter-op, thank you :-D SCTP documents continue to move through the IETF, many of which are implemented in most implementations (BSD stack implements all extensions that I know of :-)