Stream Control Transmission Protocol (SCTP) Acknowledgements Prof. Paul Amer Randall Stewart ~ Philip Conrad ~ Janardhan Iyengar CISC 856: TCP/IP and Upper Layer Protocols Presented By : Nikhil Shirude November 15, 2007

Overview Motivation for SCTP SCTP PDU and Chunk Format SCTP 4-Way Association SCTP Association Shutdown SCTP Multi-Homing Summary

SCTP Motivation Primary Motivation – Transportation of telephony signaling messages over IP networks Telephony Signaling – rigid timing & reliability requirements TCP Limitations head-of-line blocking does not preserve A-PDU boundaries no support for multi-homing vulnerable to SYN Flooding attacks SCTP Features 4 way handshake multihoming multistreaming framing Add key points in the history of your country to the timeline.

SCTP Overview Services/Features SCTP TCP UDP Connection-oriented yes Full duplex Reliable data transfer Partial-reliable data transfer proposed Flow control TCP-friendly congestion control ECN capable Ordered data delivery Unordered data delivery Uses selective ACKs optional Path MTU discovery Application PDU fragmentation Application PDU bundling Preserves application PDU boundaries Multistreaming Multihoming Protection against SYN flooding attack n/a Allows half-closed connections Reachability check Pseudo-header for checksum no (uses vtags) Time wait state for vtags for 4-tuple

SCTP PDU Format Building blocks of an SCTP PDU Destination Port Source Port Destination Port Verification Tag Checksum Chunk 1 … Chunk N Common Header SCTP PDU Chunks Building blocks of an SCTP PDU Common Header which occupies the first 12 bytes Header has a CRC-32 checksum. Chunks are of two types: Control chunks and Data chunks

SCTP Chunk Format Type Flag Length Chunk Information (Multiple of 4 bytes) Type - Data, Init, SACK, Cookie Echo, HeartBeat … Flag - Bit meanings depend on type Length - Defines total size of the chunk including type, flags, length and data/parameters General format for all chunks Type determines what flag bits mean and whether they are used or not. Length includes type, flags, length, and data. Minimum size is 4. Data is optional.

Some SCTP Chunk Types Type SCTP TCP 0x00 DATA User data 0x01 INIT ~ SYN 0x02 INIT-ACK 0x03 SACK Selective ACK 0x04 HEARTBEAT Keep-alive message 0x05 HEARTBEAT-ACK 0x07 SHUTDOWN ~FIN 0x08 SHUTDOWN-ACK Chunk types may have permanent parameters specific to the chunk type. Some may also have optional parameters.

SCTP Feature Summary What TCP and SCTP both have: reliability (retransmissions) congestion control connection oriented SCTP adds the following: 4-way handshake to reduce vulnerability to Denial of Service attacks multihoming instead of one IP address per endpoint a set of IP addresses per endpoint framing preserve message boundaries multistreaming instead of one ordered stream, up to 64K independent ordered streams Note: will discuss

First - TCP Connection Establishment closed t=0 SYN SYN sent listen 1RTT ACK established SYN-ACK SYN recd (TCB created) data established

Security: TCP Flooding Attack process SYN (victim) TCP-based web server (attackers) spoofed SYN’s Internet 128.3.4.5 SYN 130.2.4.15 TCB SYN 130.2.4.15 TCB SYN 228.3.14.5 192.10.2.8 SYN 228.3.14.5 TCB SYN 190.13.4.1 221.3.5.10 SYN 190.13.4.1 flooded!! TCB = Transport Control Block

The SCTP Way: 4-way handshake limits attack process INIT (victim) SCTP-based web server (attackers) spoofed INIT’s Internet 128.3.4.5 INIT 130.2.4.15 INIT-ACK 130.2.4.15 192.10.2.8 INIT 228.3.14.5 INIT-ACK 228.3.14.5 INIT 190.13.4.1 221.3.5.10 No reserved resources No flooding!! INIT-ACK 190.13.4.1

SCTP: Four-way Association Setup closed V: Verification tag I : Initiate tag t=0 INIT (V=0) (I=TagA) cookie wait INIT–ACK (V=TagA) (I=TagB)(StateCookie) closed 1RTT COOKIE–ECHO (V=TagB) (StateCookie) cookie echoed COOKIE–ACK (V=TagA) 2RTT estab’d data (V=TagB) established

What does a Cookie contain? Information from original INIT Information from current INIT-ACK Timestamp Life span of cookie (Time to Live) Signature for authentication (MD5)

SCTP Association Graceful Shutdown Upper layer invokes SHUTDOWN estbl’d estbl’d DATA DATA shutdown_pending SACK SHUTDOWN Mandatory: • chunk type • chunk flags • chunk length • cumulative TSN stop accepting data shutdown_sent

shutdown_pending SHUTDOWN stop accepting data DATA shutdown_sent shutdown_received SHUTDOWN + SACK SHUTDOWN_ACK shutdown_ack_sent SHUTDOWN_COMPLETE Mandatory: • chunk type • chunk flags • chunk length closed (delete TCB) closed (delete TCB)

SCTP Feature Summary What TCP and SCTP both have: reliability (retransmissions) congestion control connection oriented SCTP adds the following: 4-way handshake to reduce vulnerability to Denial of Service attacks multihoming instead of one IP address per endpoint a set of IP addresses per endpoint framing preserve message boundaries multistreaming instead of one ordered stream, up to 64K independent ordered streams Note: will discuss

Multi-Homing port Application SCTP 132 (IANA) ... IP addresses IP Link ... ... Physical ... Multi-Homing: Technique to improve reachability of hosts which are reachable on more than 1 destinations (interfaces) The property of SCTP of most interest is the decoupling of the transport-layer session state from the actual IP address at each end of the connection. Lots of folk seem interested in having a transport-layer session that could have increased robustness simply by multi-homing each end-host for the session onto different networks (providing path diversity). Maintain uninterrupted connections for FCS applications as IP addresses change/fail while nodes migrate and/or become disabled Persistence during dynamic addition and deletion of IP addresses Failover and changeover without degradation of performance or QoS

Traditional “Uni” homing transport connection A Internet points of failure B Fig – server client 2 int each. Server’s 1 interface dies. Tcp connection aborted. client Web server

Traditional “Multi” homing (TCP) transport connection A1 Internet points of failure B1 A2 B2 Fig – server client 2 int each. Server’s 1 interface dies. Tcp connection aborted. client Web server In TCP, host choose 1 of 4 possible combinations: (A1,B1) or (A1,B2) or (A2,B1) or (A2, B2)

Innovative “Multi” homing in SCTP transport “association” A1 Internet B1 A2 B2 client Web server SCTP Multihoming Hosts use one association ({A1,A2}, {B1,B2}) New data sent to one primary destination - Let B1 be the web server’s primary destination - Let A1 be the client’s primary destination Path status and destination reachability constantly monitored. Fig – server client 2 int each. Server’s 1 interface dies. Tcp connection aborted. Multiple src/dest ip addresses Path concept Use of different physical paths not guaranteed Peer reachability and path status are monitored (heartbeat) One selectable default path Parameters per path (cwnd, RTT, RTO, PRL)

Multi-homing Association single-homed SCTP endpoint multi-homed SCTP endpoint Host B Host A application application IP1=160.15.82.20 IP2=161.10.8.221 IP3=10.1.61.11 200 100 SCTP SCTP B1 B2 B3 A1 IP=128.33.6.12 endpoint=[128.33.6.12 : 100] endpoint=[160.15.82.20, 161.10.8.221, 10.1.61.11 : 200] SCTP association Host A Host B application application 100 IP1=160.15.82.20 IP2=161.10.8.221 IP3=10.1.61.11 200 SCTP SCTP A1 B1 B2 B3 IP=128.33.6.12 association={ [128.33.6.12 : 100] : [160.15.82.20, 161.10.8.221, 10.1.61.11 : 200] }

TCP data transfer without loss sent by application delivered to application data to be sent receive buffer (6) 6 5 6 4 6 5 4 3 5 6 6 5 4 3 2 1 4 5 6 3 2 3 1 4 2 5 6 A1 B1 5 6 2 4 1 3 3 2 1 6 4 5 A2 B2 22

TCP data transfer with loss sent from application delivered to application data to be sent receive buffer (6) 6 6 5 5 4 4 3 3 2 1 2 6 5 4 3 1 2 retransmission loss A1 B1 5 4 1 6 2 3 5 3 4 2 1 6 A2 B2 23

TCP data transfer with single path failure sent by application delivered to application data to be sent receive buffer (6) 6 6 5 5 6 4 3 4 5 6 4 5 2 3 2 4 1 3 connection fails! 2 1 3 A1 B1 5 6 6 2 3 1 5 4 4 5 4 6 1 5 4 3 6 2 A2 B2 24

SCTP data transfer without loss sent by application delivered to application data to be sent receive buffer (6) 6 6 5 4 6 5 4 6 5 3 4 5 2 3 6 5 6 3 4 2 1 5 6 1 3 4 2 A1 B1 5 2 6 3 1 4 6 1 4 2 3 5 A2 B2 25

SCTP data transfer with loss sent from application delivered to application data to be sent receive buffer (6) 6 5 6 5 4 4 3 3 2 2 1 6 5 4 3 1 2 6 loss A1 B1 3 4 1 6 2 5 6 3 1 5 4 A2 2 2 B2 retransmission 26

SCTP data transfer with single path failure sent by application delivered to application data to be sent receive buffer (6) 6 5 6 4 6 5 6 4 3 5 3 6 4 5 2 2 4 5 3 6 1 5 6 1 2 4 3 A1 B1 Research questions: when to failover? sooner-faster failover detection, but greater chance of spurious failover 2 4 1 5 6 3 5 4 6 2 3 1 A2 6 5 4 6 4 5 B2 retransmission 27

Multihoming Example B1 A1 Internet B2 A2 Laptop connected via Ethernet and Wireless. Both the interfaces are reachable by the peer. Ethernet gets disconnected, transmission of data fails. Failure detected, SCTP uses the wireless interface to transmit. HEARTBEAT is received. Ethernet link is restored. Heartbeat received Ethernet B1 Ethernet A1 Internet B2 Insert a picture of one of the geographic features of your country. 802.11 A2 802.11 Client Host (SCTP) New Transmission Path Server Host (SCTP)

SCTP Failure Detection Host A monitors reachability of primary dest address of Host B Host A Host B application application 100 primary 200 alternates SCTP SCTP A1 B1 B2 B3 SACK DATA Host A starts the retransmission timer If timer expires increment error_count If error_count > threshold path = inactive If Host A receives SACK before timer expires error_count = 0 & path = active error_count --> variable associated with each destination address of a host. (initially zero)

Host A monitors reachability of idle destination addresses of Host B application application 100 primary 200 alternates SCTP SCTP A1 B1 B2 B3 HEARTBEAT HEARTBEAT-ACK HEARTBEAT is sent periodically to each idle address When a HEARTBEAT is sent increment error_count If error_count > threshold path = inactive If Host A receives a HEARTBEAT-ACK error_count = 0 & path = active When primary dest. address is detected unreachable => SCTP sender chooses REACHABLE, alternate dest. address as primary

HEARTBEAT? HEARTBEAT is a chunk that an endpoint sends to its peer endpoints to probe the reachability of a particular destination transport address. In our case, the HEARTBEAT is sent to a destination address which has been idle for a long time to check for its reachability. HEARTBEAT ACK is a chunk which an endpoint sends to its peer endpoints as a response to a HEARBEAT chunk. Insert a picture illustrating a season in your country.

Summary of SCTP SCTP used for applications which require data reliability and rigid timing. SCTP provides security against DOS attacks by using cookies during association SCTP association can bind multiple IP addresses at each endpoint SCTP provides multi-homing for applications that require high degree of fault tolerance.

Reference Material Textbooks Stream Control Transmission Protocol (SCTP) Randall Stewart, Qiaobing Xie, Addison Wesley, 2002 TCP/IP Protocol Suite – Chapter 13 Behrouz Forouzan RFC’s RFC 2960 - Stream Control Transmission Protocol RFC 3286 - An Introduction to SCTP RFC 4460 - SCTP Specification Errata and Issues

Thank You!!!!