sctp: stream control transfer protocol naveen kumar department of computer and information sciences...
TRANSCRIPT
SCTP: Stream Control Transfer Protocol
Naveen Kumar
Department of Computer and Information Sciences
*Some slides have been taken from Prof. Amer
TCP Limitations• Head-of-Line blocking• Strict ordering of data• Doesn’t preserve boundaries• Limited scope of TCP sockets• Vulnerable to SYN attacks
SCTP: Transport Layer
User Application
SCTP Transport
IP
User Application
SCTP Transport
IP
HOST 1 HOST 2
network
Features of SCTP• Multi streaming• Multi homing • Connection oriented• Immune to denial of service attacks• Message framing
Multi Streaming
TCP: Multiple connections
physical
data link
IP
transportTCP
buffersTCP
buffers
filetransfer text voice video video voice text file
transfer
sender receiver
4 independent connections
Efficient..?
videofile
transfer text voice video
SCTP: Multi streaming
physicaldata link
IP
transport stream buffers
stream buffers
1 association w/4 streams
filetransfertext voice
sender receiver
File text transfer chunk chunk
SCTP Packet
SCTP: Multi streaming
Stream 0Stream 1Stream 2
Stream n
• A stream is Uni-directional– SCTP makes no correlation between an inbound and outbound stream
• An association may have more streams travelling in one direction than the other.
Multi-homing
SCTP: Association
• An association in SCTP is analogous to connection in TCP
• An SCTP association can be represented as a pair of SCTP endpoints:
association = { [10.1.61.11 : 2223], [161.10.8.221, 120.1.1.5 : 80] }
Multi-homing
Network 1
Network 2
Network n
IP=128.33.6.12
IP=10.13.56.9
sender=[128.33.6.12, 198.3.69.5: 6590]
receiver=[123.45.17.9, 19.234.45.5, 42.45.78.12: 80]
IP=123.45.17.9
IP=19.234.45.5
IP=42.45.78.12
1232341
A2
A1
B2
B1
receive buffer (6)
delivered to application
123456 132
sent by application
23456 3456 456 56 6
45
4
56
5
6
6
datadata
data to be sent
TCP data transfer without loss
34156 1232
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 13 2
data
23456
4
4
5
5
6
6
retransmission
loss
datasent from application
TCP data transfer with loss
1232341
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 132
sent by application
data
23456 3456 456 56 6
45
4
56
5
6
6
data
SCTP data transfer without loss
1345634156
2
2
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 13 2
data
23456 6 45 6
retransmission
2
loss
datasent from application
SCTP data transfer with loss
515 66 123234
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 132
sent by applicationdata
23456 3456 456
4
connection fails!
6 65 54 4
data
TCP data transfer single path failure
231
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456
sent by application
data
23456 3456 456
6 65 54 4
45656 6
123456215436
retransmission
data
SCTP data transfer with single path failure
Packet Format
SCTP Packet Format
COMMON HEADER
CHUNK # 1
CHUNK # 2
……………..
CHUNK # n
Common HeaderControl ChunkData Chunk
0x00 DATA
0x01 INIT
0x02 INIT-ACK
0x03 SACK
0x04 HEARTBEAT
0x05HEARTBEAT-
ACK
0x07 SHUTDOWN
0x08SHUTDOWN-
ACK
Type SCTP
SCTP Chunk Types
Association Setup
V: Verification tag I : Initiate tag
1RTTINIT–ACK (V=TagA) (I=TagB)(State Cookie)
closed
closed
t=0 INIT (V=0) (I=TagA)cookiewait
COOKIE–ECHO (V=TagB) (State Cookie) cookieechoed
data (V=TagB) established
2RTTCOOKIE–ACK (V=TagA)
estab’d
SCTP: Four-way Association Setup
Information from original INIT Information from current INIT-ACK Timestamp Life span of cookie (Time to Live) Signature for authentication (MD5)
What is in the COOKIE ?
Data Transfer
SCTP: Data Transfer
SCTP: Packet Parameters
• TSN(32 bits) : A 32-bit sequence number attached to each chunk containing user data to permit the receiving SCTP endpoint to acknowledge its receipt and detect duplicate deliveries.
• SI(16 bits): Identifies the stream to which the following user data belongs.
• SSN(16 bits) : A sequence number to assure sequenced delivery of the user messages within a given stream.
SCTP: Packets, Data, Chunk and Streams
SCTP: Data Transfer
Association Shutdown
DATADATA
SACK
SHUTDOWN
Upper layer invokes SHUTDOWN
shutdown_pending
shutdown_sent
estbl’d estbl’d
stop accepting data
SCTP: Graceful Shutdown
shutdown_pending
shutdown_sent
shutdown_received
stop accepting data
shutdown_ack_sent
closed
(delete TCB)
SHUTDOWN_ACK
SHUTDOWN + SACK
SHUTDOWN
DATA
SHUTDOWN_COMPLETE
closed
(delete TCB)
Message Framing
Web server
Web client
TCP connection
A-PDU 3
A-PDU 2
A-PDU 1 bytes 1 - 100
bytes 101 - 200
bytes 201 - 300
bytes 1 – 75
bytes 176 – 230
bytes 231 – 300
bytes 76 – 175
TCP does not preserve message boundaries
Web server Web client
SCTP association
A-PDU 3
A-PDU 2
A-PDU 1
A-PDU 1
A-PDU 2
A-PDU 3bytes 1 - 100
bytes 101 - 200
bytes 201 - 300 bytes 1 - 100
bytes 201 - 300
bytes 101 - 200
SCTP preserves message boundaries
Immune to attacks
TCP Flooding Attack
128.3.4.5
(victim) TCP-based web server
flooded!!
spoofed SYN’s
221.3.5.10
192.10.2.8
SYN 190.13.4.1
SYN 228.3.14.5
SYN 130.2.4.15
Internet
process
SYN
TCB = Transport Control Block
(attackers)
TCB
SYN 130.2.4.15 TCB
SYN 228.3.14.5
TCB
SYN 190.13.4.1
The SCTP Way: 4-way handshake limits attack
128.3.4.5
spoofed INIT’s
221.3.5.10
192.10.2.8
INIT 190.13.4.1
INIT 228.3.14.5
INIT 130.2.4.15
Internetproces
sINIT
(victim) SCTP-based web server
(attackers)
INIT-ACK130.2.4.15
INIT-ACK228.3.14.5
INIT-ACK190.13.4.1No reserved resources
No flooding!!
SCTP Implementations COMPANY IMPLEMENTATION OS
TYPE
Open-Source Kernel FreeBSD/Net BSD
Continuos Computing User space UNIX/LINUX/ VxWorks/ Windows
Ulticom Kernel Solaris and Linux
Sun Microsystems Kernel Solaris Sparc/X86
IBM Kernel AIX
CISCO Proprietary IOS
SCTP VS TCP VS UDP
Any Questions ?