sctp: stream control transfer protocol naveen kumar department of computer and information sciences...

40
SCTP: Stream Control Transfer Protocol Naveen Kumar Department of Computer and Information Sciences *Some slides have been taken from Prof. Amer

Upload: blaze-lindsey

Post on 02-Jan-2016

217 views

Category:

Documents


0 download

TRANSCRIPT

SCTP: Stream Control Transfer Protocol

Naveen Kumar

Department of Computer and Information Sciences

*Some slides have been taken from Prof. Amer

TCP Limitations• Head-of-Line blocking• Strict ordering of data• Doesn’t preserve boundaries• Limited scope of TCP sockets• Vulnerable to SYN attacks

SCTP: Transport Layer

User Application

SCTP Transport

IP

User Application

SCTP Transport

IP

HOST 1 HOST 2

network

Features of SCTP• Multi streaming• Multi homing • Connection oriented• Immune to denial of service attacks• Message framing

Multi Streaming

TCP: Multiple connections

physical

data link

IP

transportTCP

buffersTCP

buffers

filetransfer text voice video video voice text file

transfer

sender receiver

4 independent connections

Efficient..?

videofile

transfer text voice video

SCTP: Multi streaming

physicaldata link

IP

transport stream buffers

stream buffers

1 association w/4 streams

filetransfertext voice

sender receiver

File text transfer chunk chunk

SCTP Packet

SCTP: Multi streaming

Stream 0Stream 1Stream 2

Stream n

• A stream is Uni-directional– SCTP makes no correlation between an inbound and outbound stream

• An association may have more streams travelling in one direction than the other.

Multi-homing

SCTP: Association

• An association in SCTP is analogous to connection in TCP

• An SCTP association can be represented as a pair of SCTP endpoints:

association = { [10.1.61.11 : 2223], [161.10.8.221, 120.1.1.5 : 80] }

Multi-homing

Network 1

Network 2

Network n

IP=128.33.6.12

IP=10.13.56.9

sender=[128.33.6.12, 198.3.69.5: 6590]

receiver=[123.45.17.9, 19.234.45.5, 42.45.78.12: 80]

IP=123.45.17.9

IP=19.234.45.5

IP=42.45.78.12

1232341

A2

A1

B2

B1

receive buffer (6)

delivered to application

123456 132

sent by application

23456 3456 456 56 6

45

4

56

5

6

6

datadata

data to be sent

TCP data transfer without loss

34156 1232

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 13 2

data

23456

4

4

5

5

6

6

retransmission

loss

datasent from application

TCP data transfer with loss

1232341

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 132

sent by application

data

23456 3456 456 56 6

45

4

56

5

6

6

data

SCTP data transfer without loss

1345634156

2

2

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 13 2

data

23456 6 45 6

retransmission

2

loss

datasent from application

SCTP data transfer with loss

515 66 123234

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456 132

sent by applicationdata

23456 3456 456

4

connection fails!

6 65 54 4

data

TCP data transfer single path failure

231

A2

A1

B2

B1

receive buffer (6)

delivered to application

data to be sent

123456

sent by application

data

23456 3456 456

6 65 54 4

45656 6

123456215436

retransmission

data

SCTP data transfer with single path failure

Packet Format

SCTP Packet Format

COMMON HEADER

CHUNK # 1

CHUNK # 2

……………..

CHUNK # n

Common HeaderControl ChunkData Chunk

0x00 DATA

0x01 INIT

0x02 INIT-ACK

0x03 SACK

0x04 HEARTBEAT

0x05HEARTBEAT-

ACK

0x07 SHUTDOWN

0x08SHUTDOWN-

ACK

Type SCTP

SCTP Chunk Types

Association Setup

V: Verification tag I : Initiate tag

1RTTINIT–ACK (V=TagA) (I=TagB)(State Cookie)

closed

closed

t=0 INIT (V=0) (I=TagA)cookiewait

COOKIE–ECHO (V=TagB) (State Cookie) cookieechoed

data (V=TagB) established

2RTTCOOKIE–ACK (V=TagA)

estab’d

SCTP: Four-way Association Setup

Information from original INIT Information from current INIT-ACK Timestamp Life span of cookie (Time to Live) Signature for authentication (MD5)

What is in the COOKIE ?

Data Transfer

SCTP: Data Transfer

SCTP: Packet Parameters

• TSN(32 bits) : A 32-bit sequence number attached to each chunk containing user data to permit the receiving SCTP endpoint to acknowledge its receipt and detect duplicate deliveries.

• SI(16 bits): Identifies the stream to which the following user data belongs.

• SSN(16 bits) : A sequence number to assure sequenced delivery of the user messages within a given stream.

SCTP: Packets, Data, Chunk and Streams

SCTP: Data Transfer

Association Shutdown

DATADATA

SACK

SHUTDOWN

Upper layer invokes SHUTDOWN

shutdown_pending

shutdown_sent

estbl’d estbl’d

stop accepting data

SCTP: Graceful Shutdown

shutdown_pending

shutdown_sent

shutdown_received

stop accepting data

shutdown_ack_sent

closed

(delete TCB)

SHUTDOWN_ACK

SHUTDOWN + SACK

SHUTDOWN

DATA

SHUTDOWN_COMPLETE

closed

(delete TCB)

Message Framing

Web server

Web client

TCP connection

A-PDU 3

A-PDU 2

A-PDU 1 bytes 1 - 100

bytes 101 - 200

bytes 201 - 300

bytes 1 – 75

bytes 176 – 230

bytes 231 – 300

bytes 76 – 175

TCP does not preserve message boundaries

Web server Web client

SCTP association

A-PDU 3

A-PDU 2

A-PDU 1

A-PDU 1

A-PDU 2

A-PDU 3bytes 1 - 100

bytes 101 - 200

bytes 201 - 300 bytes 1 - 100

bytes 201 - 300

bytes 101 - 200

SCTP preserves message boundaries

Immune to attacks

TCP Flooding Attack

128.3.4.5

(victim) TCP-based web server

flooded!!

spoofed SYN’s

221.3.5.10

192.10.2.8

SYN 190.13.4.1

SYN 228.3.14.5

SYN 130.2.4.15

Internet

process

SYN

TCB = Transport Control Block

(attackers)

TCB

SYN 130.2.4.15 TCB

SYN 228.3.14.5

TCB

SYN 190.13.4.1

The SCTP Way: 4-way handshake limits attack

128.3.4.5

spoofed INIT’s

221.3.5.10

192.10.2.8

INIT 190.13.4.1

INIT 228.3.14.5

INIT 130.2.4.15

Internetproces

sINIT

(victim) SCTP-based web server

(attackers)

INIT-ACK130.2.4.15

INIT-ACK228.3.14.5

INIT-ACK190.13.4.1No reserved resources

No flooding!!

SCTP Implementations COMPANY IMPLEMENTATION OS

TYPE

Open-Source Kernel FreeBSD/Net BSD

Continuos Computing User space UNIX/LINUX/ VxWorks/ Windows

Ulticom Kernel Solaris and Linux

Sun Microsystems Kernel Solaris Sparc/X86

IBM Kernel AIX

CISCO Proprietary IOS

SCTP VS TCP VS UDP

Any Questions ?