This action might not be possible to undo. Are you sure you want to continue?
Protocol · Engineering · Laboratory
Randall Stewart NSSTG
Computer Science Dept
Prof. Paul Amer
Located at http://sctp.org Under the RFC tab
Where does it fit in?
Transport UDP TCP SCTP DCCP UDP
UDP TCP SCTP DCCP UDP
IP IP IP
unordered service preserve message boundaries multistreaming not one ordered stream. but a set of IP addresses per endpoint reachability heartbeating keeps track of endpoint status .What is SCTP? Start with TCP: reliable (retransmissions) congestion-controlled flow-controlled connection-oriented selective acknowledgments Add: “association” 4-way handshake to reduce vulnerability to DOS attacks framing. but 64K independent ordered streams multihoming not one.
SCTP Overview Services/Features Connection-oriented Full duplex Reliable data transfer Partial-reliable data transfer Flow control TCP-friendly congestion control ECN capable Ordered data delivery Unordered data delivery Uses selective ACKs Path MTU discovery Application PDU fragmentation Application PDU bundling Preserves application PDU boundaries Multistreaming Multihoming Protection against SYN flooding attack Allows half-closed connections Reachability check Pseudo-header for checksum Time wait state SCTP yes yes yes optional yes yes yes yes yes yes yes yes yes yes yes yes yes no yes no (uses vtags) for vtags TCP yes yes yes no yes yes yes yes no optional yes yes yes no no no no yes yes yes for 4-tuple UDP no yes no no no no no no yes no no no no yes no no n/a n/a no yes n/a .
I=T Host B V: verification tag I: initiation tag closed cookie wait agA) INIT PDU .SCTP Association setup How many way handshake ? Host A closed INIT (V=0 .
I=T (cont’d) Host B V: verification tag I: initiation tag closed cookie wait agA) CK ) T_A NI TagB I I= agA.SCTP Association setup Host A closed INIT (V=0 . (V=T INIT ACK PDU .
T (V=C OOK IE_E CHO (V=T agB) COOKIE ECHO PDU . I=T (cont’d) Host B V: verification tag I: initiation tag closed cookie wait agA) cookie echoed CK ) T_A NI TagB I I= agA.SCTP Association setup Host A closed INIT (V=0 .
I=T (cont’d) Host B V: verification tag I: initiation tag closed cookie wait agA) cookie echoed CK T_A B) INI =Tag I agA.SCTP Association setup Host A closed INIT (V=0 . T (V=CO OKI E_EC (V=T HO agB) A KIE_ COO A) =Tag (V CK estbl’d estbl’d 4–way handshake ! COOKIE ACK PDU .
220.127.116.11.3.Security: TCP Flooding Attack (attackers) Internet spoofed SYNs 18.104.22.168.2.10 SYN 22.214.171.124 128.4.1 flooded!! TCB = Transport Control Block .8 SYN 228.5 SYN SYN 130.5 (victim) TCP-based web server process SYN TCB TCB SYN 221.2.15 192.5 TCB 126.96.36.199 SYN 188.8.131.52.
4.13.4-way handshake limits attack (attackers) spoofed INITs 130.8 Internet INIT 184.108.40.206 (victim) SCTP-based web server process INIT INIT-ACK 228.5 INIT INIT-ACK 130.10 INIT 220.127.116.11.1 No reserved resources .1 INIT-ACK 18.104.22.168.22.214.171.124.4.2.15 192.5 221.15 128.3.10.
Message Boundaries.DNS – – Response size <= 512. UDP. TCP is used ● Application must preface the header with message length ● ● ● UDP preserves message boundaries TCP does not SCTP does – Data flags manage message boundaries and fragmentation . UDP is used If response size > 512. TCP. and SCTP ● Example .
IP Encapsulated SCTP PDU IP PDU SCTP PDU Data Chunks Message 1 Message 2 l ro nt Co s TP unk SC Ch on mm Co r TP ade SC He er ad He k un Ch s ta der Da ea H IP .
B bit set to 1 2 .E bit set to 1 .A Large Message Transfer (2760 octets) data sent from application data delivered to application receive buffer (6) TSN TSN TSN TSN TSN TSN 6² 5 4 3 2 1¹ data to be sent TSN TSN TSN TSN TSN TSN 6² 5 4 3 2 1¹ A1 A2 TSN 6² 1¹ 4 3 2 5 TSN TSN 6² 1¹ 4 5 3 2 B1 B2 Path MTU = 512 octets 1 .
* Concurrent Multipath Transfer (CMT) may change this rule .Multi-homed Considerations • When a peer is multi-homed. • By default. all data will be sent to this primary address. the sender will select an alternate primary address until it is restored or the user changes the primary address. a “primary destination address” will be selected by the SCTP endpoint.* • When the primary address fails.
TCP data transfer with single path failure data sent by application data to be sent 6 5 4 3 2 2 6 5 4 3 3 6 5 4 4 6 5 1 A1 5 4 3 2 6 1 A2 connection fails! 4 5 6 3 2 1 B1 B2 data delivered to application receive buffer (6) 2 3 1 .
SCTP data transfer with single path failure data sent from application data to be sent 6 5 4 3 2 2 6 5 4 3 3 6 5 4 4 6 5 5 6 6 1 A1 2 6 3 4 5 1 4 5 A2 6 5 4 3 2 6 1 4 5 6 B1 B2 data delivered to application receive buffer (6) 6 5 4 3 2 1 retransmission … and eventual failover .
files in an FTP mget .SCTP Multistreaming ● ● ● Logical separation of data within an assoc Designed to prevent head-of-line blocking Can be used to deliver multiple objects belonging to the same assoc – Eg: objects on a webpage. multimedia streams (audio/video/text).
TCP experiences HOL blocking sent from application objects in send buffer HOL blocking! delivered to application receive buffer retransmission loss TCP connection Web server Web client .
SCTP Multistreaming reduces HOL blocking sent from application objects in send buffer delivered to application receive buffer retransmission loss stream 1 stream 2 stream 3 Web server SCTP association Web client .
Head-of-Line (HOL) Blocking HTTP over TCP HTTP over SCTP (multistreaming) = PDU lost = PDU lost time time .
Aggressive behavior during congestion ● Problems – – – – – .TCP work-around to mitigate HOL blocking ● How? – Multiple persistent TCP connections to transfer independent web objects Possible HOL blocking within one TCP connection No shared sequence space => Less robust to loss detection and recovery Increased load on web server Increased connection establishment latency during SYN losses.
SCTP and TCP: Similarities • Both use a handshake to setup and terminate the state (communication) relationship between peers • Both have an abortive method to terminate the state • Both provide a “reliable ordered” service: • Both follow an AIMD-based congestion control mechanism. –Lost data is retransmitted –Data is (or can be) delivered in the order sent .
this does not mean that data can start to be sent more quickly (relative to the start of the connection) with TCP.SCTP and TCP • SCTP uses a four-way handshake to setup an association. • However. TCP uses a three-way handshake to setup a connection. . • SCTP can exchange data on the third and fourth leg of its handshake. TCP in practicality does not (due to socket API issues).
SCTP and TCP • SCTP delivers messages. while preserving order within each stream • SCTP streams allows “partially ordered” transfers • An SCTP sender can send all messages in a single ordered stream to achieve the same behaviour as TCP. . not a “byte stream” –An application using TCP must “frame” its own messages –Escapes head of line blocking.
SCTP and TCP • SCTP also provides a “reliable un-ordered” service for applications .
6.0 (patch avail for 6.Where is it in BSDish systems? ● Available in FreeBSD 7.0. But? Not supportable on OpenBSD :-( ● ● ● .2 Available as a KLM for MAC O/S X Available for NetBSD.1 and 6.
.Where is it? ● Other O/S's have it too – – – – – Linux (lk-sctp project). HP-UX (from Emerson). AIX and a myriad of “purchasable” stacks. ● Also a user space open source stack that can run in windows (supported by Kyoto Univ). Solaris 10.
thank you :-D SCTP documents continue to move through the IETF.Other stuff ● One of the MOST active groups in the SCTP community is the WIDE SCTP-wg. many of which are implemented in most implementations (BSD stack implements all extensions that I know of :-) ● ● . if you are a WIDE member please join it :-D Later this year (August) Kyoto University will be th hosting the 9 SCTP inter-op.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.