Stream Control Transmission

Protocol (SCTP)
Acknowledgements
Prof. Paul Amer
Randall Stewart ~ Philip Conrad ~ Janardhan Iyengar

CISC 856: TCP/IP and Upper Layer Protocols

Presented By : Nikhil Shirude
November 15, 2007
Overview

Motivation for SCTP

SCTP PDU and Chunk
Format
SCTP 4-Way Association
SCTP Association Shutdown
SCTP Multi-Homing
Summary
SCTP Motivation
Primary Motivation Transportation of telephony signaling
messages over IP networks
Telephony Signaling rigid timing & reliability requirements
TCP Limitations
head-of-line blocking
does not preserve A-PDU boundaries
no support for multi-homing
vulnerable to SYN Flooding attacks
SCTP Features
4 way handshake
multihoming
multistreaming
framing
SCTP Overview
Services/Features SCTP TCP UDP
Connection-oriented yes yes no
Full duplex yes yes yes
Reliable data transfer yes yes no
Partial-reliable data transfer proposed no no
Flow control yes yes no
TCP-friendly congestion control yes yes no
ECN capable yes yes no
Ordered data delivery yes yes no
Unordered data delivery yes no yes
Uses selective ACKs yes optional no
Path MTU discovery yes yes no
Application PDU fragmentation yes yes no
Application PDU bundling yes yes no
Preserves application PDU boundaries yes no yes
Multistreaming yes no no
Multihoming yes no no
Protection against SYN flooding attack yes no n/a
Allows half-closed connections no yes n/a
Reachability check yes yes no
Pseudo-header for checksum no (uses vtags) yes yes
Time wait state for vtags for 4-tuple n/a
 SCTP PDU Format
Destination
Source Port
Port Common Header
Verification Tag
SCTP Checksum
PDU Chunk 1
Chunks

Chunk N
Building blocks of an SCTP PDU
Common Header which occupies the first 12 bytes
Header has a CRC-32 checksum.
Chunks are of two types: Control chunks and Data
chunks
SCTP Chunk Format

Type Flag Length

Chunk Information
(Multiple of 4 bytes)

Type - Data, Init, SACK, Cookie Echo, HeartBeat

Flag - Bit meanings depend on type
Length - Defines total size of the chunk including
type, flags, length and data/parameters
Some SCTP Chunk Types

Type SCTP TCP

0x00 DATA User data
0x01 INIT ~ SYN

0x02 INIT-ACK

0x03 SACK Selective ACK

Keep-alive
0x04 HEARTBEAT
message
0x05 HEARTBEAT-ACK

0x07 SHUTDOWN ~FIN

0x08 SHUTDOWN-ACK
SCTP Feature Summary
What TCP and SCTP both have:
reliability (retransmissions)
congestion control
connection oriented

SCTP adds the following:

4-way handshake
to reduce vulnerability to Denial of Service attacks
multihoming
instead of one IP address per endpoint
a set of IP addresses per endpoint
framing
preserve message boundaries
multistreaming
instead of one ordered stream,
up to 64K independent ordered streams
First - TCP Connection Establishment

t=0

1RTT
Security: TCP Flooding Attack

(victim) process
(attackers)
TCP-based SYN
Internet spoofed SYNs web server

128.3.4.5 SYN 130.2.4.15 TCB

SYN 130.2.4.15 TCB
192.10.2.8 SYN 228.3.14.5
SYN 228.3.14.5

TCB
221.3.5.10 SYN 190.13.4.1
flooded!!
SYN 190.13.4.1
TCB = Transport Control Block
The SCTP Way: 4-way handshake limits attack

(attackers) (victim)
SCTP-based process
spoofed INITs INIT
Internet web server

128.3.4.5 INIT 130.2.4.15

INIT-ACK 130.2.4.15

192.10.2.8 INIT 228.3.14.5

INIT-ACK 228.3.14.5

221.3.5.10 INIT 190.13.4.1

No reserved resources
INIT-ACK 190.13.4.1 No flooding!!
SCTP: Four-way Association Setup

t=0

1RTT

2RTT
What does a Cookie contain?

Information from original INIT

Information from current INIT-ACK
Timestamp
Life span of cookie (Time to Live)
Signature for authentication (MD5)
SCTP Association Graceful Shutdown

Upper layer estbld estbld

invokes
SHUTDOWN

shutdown_pending

stop
shutdown_sent accepting
data
shutdown_pending
stop accepting
data

shutdown_sent shutdown_received

shutdown_ack_sent

closed
(delete TCB)
closed
(delete TCB)
SCTP Feature Summary
What TCP and SCTP both have:
reliability (retransmissions)
congestion control
connection oriented

SCTP adds the following:

4-way handshake
to reduce vulnerability to Denial of Service attacks
multihoming
instead of one IP address per endpoint
a set of IP addresses per endpoint
framing
preserve message boundaries
multistreaming
instead of one ordered stream,
up to 64K independent ordered streams
Multi-Homing
Application port

SCTP 132 (IANA)

IP addresses
IP ...
Link
... ...
Physical
...

Multi-Homing: Technique to improve reachability of hosts

which are reachable on more than 1 destinations (interfaces)
Traditional Uni homing

transport connection

A
Internet
B
client
Web server

points of failure

18
 Traditional Multi homing (TCP)

transport connection

A1
Internet B1
A2 B2
client
Web server

points of failure
In TCP, host choose 1 of 4 possible combinations:
(A1,B1) or (A1,B2) or (A2,B1) or (A2, B2)
19
Innovative Multi homing in SCTP
transport association

A1
Internet B1

A2 B2
client
Web server
SCTP Multihoming
Hosts use one association ({A1,A2}, {B1,B2})
New data sent to one primary destination
- Let B1 be the web servers primary destination
- Let A1 be the clients primary destination
Path status and destination reachability constantly monitored.

20
Multi-homing Association
single-homed SCTP multi-homed SCTP endpoint
endpointHost A Host B
application application IP1=160.15.82.20
100 200 IP2=161.10.8.221
SCTP SCTP IP3=10.1.61.11

A1 B1 B2 B3
IP=128.33.6.12
endpoint=[128.33.6.12 : 100] endpoint=[160.15.82.20, 161.10.8.221, 10.1.61.11 : 200]

SCTP association
Host A
Host B
application application
100 200 IP1=160.15.82.20
SCTP SCTP IP2=161.10.8.221
IP3=10.1.61.11
A1
B1 B2 B3
IP=128.33.6.12

association={ [128.33.6.12 : 100] : [160.15.82.20, 161.10.8.221, 10.1.61.11 : 200] }

TCP data transfer without loss
data data
sent by application delivered to application

data to be sent receive buffer (6)

6 6
5 6
4 6
5 3 6
4
5 2 6
3
4
5 2
3
4
5
1 2
3
4
5
6
1

A1 6
4
3
2
5
1 3
2
4
5
6
1 B1

A2 B2
TCP data transfer with loss
data data
sent from application delivered to application

data to be sent receive buffer (6)

6 6
5 5
4 4
3 3
2 2
1 6 5 4 3 2
1

retransmission

A1 2
4
3
6
5
1 3
2
4
5
61
loss B1

A2 B2
TCP data transfer with single path failure

data data
sent by application delivered to application

data to be sent receive buffer (6)

6 6
5 6
4 6
5 3 5
4
5 2 4
3
4 2
3
1 connection 2
3
1
fails!

A1 4
3
2
6
5
1 6
5
4
3
2
1 B1

A2 B2
SCTP data transfer without loss
data data
sent by application delivered to application

data to be sent receive buffer (6)

6 6
5 6
4 6
5 3 6
4
5 2 6
3
4
5 2
3
4
5
1 2
3
4
5
6
1

A1 6
4
3
2
5
1 3
2
4
5
6
1 B1

A2 B2
 SCTP data transfer with loss
data data
sent from application delivered to application

data to be sent receive buffer (6)

6 6
5 5
4 4
3 3
2 6
2
1 5 4 3 6
2
1

A1 2
4
3
6
5
1 6
5
4
31
loss B1

A2 2 2 B2

retransmission
SCTP data transfer with single path
failure
data data
sent by application delivered to application

data to be sent receive buffer (6)

6 6
5 6
4 6
5 3 6
4
5 2 6
3
4
5 2
3
4
5
1 5
3
2
4
1
6

A1 5
2
6
3
4
1 5
4
3
2
6
1 B1

A2 65
4 64
5 B2
retransmission
Multihoming Example
1. Laptop connected via Ethernet and Wireless.
2. Both the interfaces are reachable by the peer.
3. Ethernet gets disconnected, transmission of data fails.
4. Failure detected, SCTP uses the wireless interface to transmit.
5. HEARTBEAT is received.
6. Ethernet link is restored.

Heartbeat received
B1

A1 Internet B2

A2
802.11
Client Host New Transmission Path
(SCTP) Server Host
(SCTP)
 SCTP Failure Detection
Host A monitors reachability of primary dest address of Host B
Host A Host B
application application
100 primary 200 alternates
SCTP SCTP
A1 B1 B2 B3
DATA SACK

Host A starts the retransmission timer error_count --> variable

If timer expires associated with each
increment error_count destination address of a host.
(initially zero)
If error_count > threshold
path = inactive

If Host A receives SACK before timer expires

error_count = 0 & path = active
 Host A monitors reachability of idle destination addresses of Host B
Host A Host B
application application
100 primary 200 alternates
SCTP SCTP
A1 B1 B2 B3
HEARTBEAT HEARTBEAT-ACK

HEARTBEAT is sent periodically to each idle address

When a HEARTBEAT is sent
increment error_count
If error_count > threshold
path = inactive

If Host A receives a HEARTBEAT-ACK

error_count = 0 & path = active

When primary dest. address is detected unreachable =>

SCTP sender chooses REACHABLE, alternate dest. address as primary
HEARTBEAT?
HEARTBEAT is a chunk that an endpoint sends to its
peer endpoints to probe the reachability of a
particular destination transport address.

In our case, the HEARTBEAT is sent to a destination

address which has been idle for a long time to check
for its reachability.

HEARTBEAT ACK is a chunk which an endpoint sends

to its peer endpoints as a response to a HEARBEAT
chunk.
Summary of SCTP
SCTP used for applications which require data
reliability and rigid timing.
SCTP provides security against DOS attacks by using
cookies during association
SCTP association can bind multiple IP addresses at
each endpoint
SCTP provides multi-homing for applications that
require high degree of fault tolerance.

32
Reference Material
Textbooks
Stream Control Transmission Protocol (SCTP)
Randall Stewart, Qiaobing Xie, Addison Wesley, 2002

TCP/IP Protocol Suite Chapter 13

Behrouz Forouzan

RFCs
RFC 2960 - Stream Control Transmission Protocol
RFC 3286 - An Introduction to SCTP
RFC 4460 - SCTP Specification Errata and Issues

33
Thank You!!!!