This action might not be possible to undo. Are you sure you want to continue?
Protocol · Engineering · Laboratory
Randall Stewart NSSTG
Computer Science Dept
Prof. Paul Amer
Located at http://sctp.org Under the RFC tab
Where does it fit in?
Transport UDP TCP SCTP DCCP UDP
UDP TCP SCTP DCCP UDP
IP IP IP
What is SCTP? Start with TCP: reliable (retransmissions) congestion-controlled flow-controlled connection-oriented selective acknowledgments Add: “association” 4-way handshake to reduce vulnerability to DOS attacks framing. but 64K independent ordered streams multihoming not one. unordered service preserve message boundaries multistreaming not one ordered stream. but a set of IP addresses per endpoint reachability heartbeating keeps track of endpoint status .
SCTP Overview Services/Features Connection-oriented Full duplex Reliable data transfer Partial-reliable data transfer Flow control TCP-friendly congestion control ECN capable Ordered data delivery Unordered data delivery Uses selective ACKs Path MTU discovery Application PDU fragmentation Application PDU bundling Preserves application PDU boundaries Multistreaming Multihoming Protection against SYN flooding attack Allows half-closed connections Reachability check Pseudo-header for checksum Time wait state SCTP yes yes yes optional yes yes yes yes yes yes yes yes yes yes yes yes yes no yes no (uses vtags) for vtags TCP yes yes yes no yes yes yes yes no optional yes yes yes no no no no yes yes yes for 4-tuple UDP no yes no no no no no no yes no no no no yes no no n/a n/a no yes n/a .
SCTP Association setup How many way handshake ? Host A closed INIT (V=0 . I=T Host B V: verification tag I: initiation tag closed cookie wait agA) INIT PDU .
SCTP Association setup Host A closed INIT (V=0 . I=T (cont’d) Host B V: verification tag I: initiation tag closed cookie wait agA) CK ) T_A NI TagB I I= agA. (V=T INIT ACK PDU .
I=T (cont’d) Host B V: verification tag I: initiation tag closed cookie wait agA) cookie echoed CK ) T_A NI TagB I I= agA. T (V=C OOK IE_E CHO (V=T agB) COOKIE ECHO PDU .SCTP Association setup Host A closed INIT (V=0 .
T (V=CO OKI E_EC (V=T HO agB) A KIE_ COO A) =Tag (V CK estbl’d estbl’d 4–way handshake ! COOKIE ACK PDU . I=T (cont’d) Host B V: verification tag I: initiation tag closed cookie wait agA) cookie echoed CK T_A B) INI =Tag I agA.SCTP Association setup Host A closed INIT (V=0 .
18.104.22.168.15 192.5 (victim) TCP-based web server process SYN TCB TCB SYN 22.214.171.124.3.Security: TCP Flooding Attack (attackers) Internet spoofed SYNs 126.96.36.199 188.8.131.52.8 SYN 228.1 flooded!! TCB = Transport Control Block .10.1 SYN 228.5 TCB 184.108.40.206 SYN SYN 130.10 SYN 190.5.2.
3.10 INIT 190.2.1 INIT-ACK 220.127.116.11 No reserved resources .5 INIT INIT-ACK 130.4.5 (victim) SCTP-based web server process INIT INIT-ACK 228.4-way handshake limits attack (attackers) spoofed INITs 18.104.22.168.15 22.214.171.124.8 Internet INIT 228.13.15 192.5 126.96.36.199.3.3.4.
TCP. and SCTP ● Example . UDP is used If response size > 512.DNS – – Response size <= 512.Message Boundaries. TCP is used ● Application must preface the header with message length ● ● ● UDP preserves message boundaries TCP does not SCTP does – Data flags manage message boundaries and fragmentation . UDP.
IP Encapsulated SCTP PDU IP PDU SCTP PDU Data Chunks Message 1 Message 2 l ro nt Co s TP unk SC Ch on mm Co r TP ade SC He er ad He k un Ch s ta der Da ea H IP .
E bit set to 1 .B bit set to 1 2 .A Large Message Transfer (2760 octets) data sent from application data delivered to application receive buffer (6) TSN TSN TSN TSN TSN TSN 6² 5 4 3 2 1¹ data to be sent TSN TSN TSN TSN TSN TSN 6² 5 4 3 2 1¹ A1 A2 TSN 6² 1¹ 4 3 2 5 TSN TSN 6² 1¹ 4 5 3 2 B1 B2 Path MTU = 512 octets 1 .
• By default. a “primary destination address” will be selected by the SCTP endpoint.* • When the primary address fails.Multi-homed Considerations • When a peer is multi-homed. * Concurrent Multipath Transfer (CMT) may change this rule . all data will be sent to this primary address. the sender will select an alternate primary address until it is restored or the user changes the primary address.
TCP data transfer with single path failure data sent by application data to be sent 6 5 4 3 2 2 6 5 4 3 3 6 5 4 4 6 5 1 A1 5 4 3 2 6 1 A2 connection fails! 4 5 6 3 2 1 B1 B2 data delivered to application receive buffer (6) 2 3 1 .
SCTP data transfer with single path failure data sent from application data to be sent 6 5 4 3 2 2 6 5 4 3 3 6 5 4 4 6 5 5 6 6 1 A1 2 6 3 4 5 1 4 5 A2 6 5 4 3 2 6 1 4 5 6 B1 B2 data delivered to application receive buffer (6) 6 5 4 3 2 1 retransmission … and eventual failover .
files in an FTP mget .SCTP Multistreaming ● ● ● Logical separation of data within an assoc Designed to prevent head-of-line blocking Can be used to deliver multiple objects belonging to the same assoc – Eg: objects on a webpage. multimedia streams (audio/video/text).
TCP experiences HOL blocking sent from application objects in send buffer HOL blocking! delivered to application receive buffer retransmission loss TCP connection Web server Web client .
SCTP Multistreaming reduces HOL blocking sent from application objects in send buffer delivered to application receive buffer retransmission loss stream 1 stream 2 stream 3 Web server SCTP association Web client .
Head-of-Line (HOL) Blocking HTTP over TCP HTTP over SCTP (multistreaming) = PDU lost = PDU lost time time .
TCP work-around to mitigate HOL blocking ● How? – Multiple persistent TCP connections to transfer independent web objects Possible HOL blocking within one TCP connection No shared sequence space => Less robust to loss detection and recovery Increased load on web server Increased connection establishment latency during SYN losses. Aggressive behavior during congestion ● Problems – – – – – .
SCTP and TCP: Similarities • Both use a handshake to setup and terminate the state (communication) relationship between peers • Both have an abortive method to terminate the state • Both provide a “reliable ordered” service: • Both follow an AIMD-based congestion control mechanism. –Lost data is retransmitted –Data is (or can be) delivered in the order sent .
SCTP and TCP • SCTP uses a four-way handshake to setup an association. this does not mean that data can start to be sent more quickly (relative to the start of the connection) with TCP. TCP uses a three-way handshake to setup a connection. • However. . TCP in practicality does not (due to socket API issues). • SCTP can exchange data on the third and fourth leg of its handshake.
not a “byte stream” –An application using TCP must “frame” its own messages –Escapes head of line blocking. while preserving order within each stream • SCTP streams allows “partially ordered” transfers • An SCTP sender can send all messages in a single ordered stream to achieve the same behaviour as TCP. .SCTP and TCP • SCTP delivers messages.
SCTP and TCP • SCTP also provides a “reliable un-ordered” service for applications .
1 and 6. 6.Where is it in BSDish systems? ● Available in FreeBSD 7. But? Not supportable on OpenBSD :-( ● ● ● .2 Available as a KLM for MAC O/S X Available for NetBSD.0.0 (patch avail for 6.
Where is it? ● Other O/S's have it too – – – – – Linux (lk-sctp project). Solaris 10. ● Also a user space open source stack that can run in windows (supported by Kyoto Univ). . HP-UX (from Emerson). AIX and a myriad of “purchasable” stacks.
Other stuff ● One of the MOST active groups in the SCTP community is the WIDE SCTP-wg. many of which are implemented in most implementations (BSD stack implements all extensions that I know of :-) ● ● . thank you :-D SCTP documents continue to move through the IETF. if you are a WIDE member please join it :-D Later this year (August) Kyoto University will be th hosting the 9 SCTP inter-op.
This action might not be possible to undo. Are you sure you want to continue?