On this page
|
| SUMMARY | |
| Protocol |
: |
Stream Control Transmission Protocol |
| Protocol suite |
: |
TCP/IP |
| Layer |
: |
Transport Layer |
| SNMP MIBs |
: |
iso.org.dod.internet.mgmt.mib-2.sctpMIB (1.3.6.1.2.1.104)
Working groups: sigtran, Signaling Transport
tsvwg, Transport Area Working Group |
| Ports |
: |
132 |
| Related protocols |
: |
UDP,
TCP,
IP,
SS7/C7,
SIGTRAN |
|
| DESCRIPTION |
SCTP is designed to transport PSTN signaling messages over IP networks, but is capable of broader applications. SCTP is a reliable transport protocol operating on top of a connectionless packet network such as IP. It offers the following services to its users:
- Acknowledged error-free non-duplicated transfer of user data.
- Data fragmentation to conform to discovered path MTU size.
- Sequenced delivery of user messages within multiple streams, with an option for order-of-arrival delivery of individual user messages.
- Optional bundling of multiple user messages into a single SCTP packet.
- Network-level fault tolerance through supporting of multi-homing at either or both ends of an association.
The design of SCTP includes appropriate congestion avoidance behavior and resistance to flooding and masquerade attacks.
Functional View of SCTP
The SCTP transport service can be decomposed into a number of functions. These are depicted in the following illustration.
SCTP User Application
-----------------------------------------------------
_____________ ____________________
| | | Sequenced delivery |
| Association | | within streams |
| | |____________________|
| startup |
| | ____________________________
| and | | User Data Fragmentation |
| | |____________________________|
| takedown |
| | ____________________________
| | | Acknowledgement |
| | | and |
| | | Congestion Avoidance |
| | |____________________________|
| |
| | ____________________________
| | | Chunk Bundling |
| | |____________________________|
| |
| | ________________________________
| | | Packet Validation |
| | |________________________________|
| |
| | ________________________________
| | | Path Management |
|_____________| |________________________________|
- Association Startup and Takedown
An association is initiated by a request from the SCTP user. A cookie mechanism is employed during the initialization to provide protection against security attacks. The cookie mechanism uses a four-way handshake, the last two legs of which are allowed to carry user data for fast setup.
SCTP provides for graceful close (i.e., shutdown) of an active association on request from the SCTP user. SCTP also allows ungraceful close (i.e., abort), either on request from the user (ABORT primitive) or as a result of an error condition detected within the SCTP layer.
SCTP does not support a half-open state (like TCP) wherein one side may continue sending data while the other end is closed. When either endpoint performs a shutdown, the association on each peer will stop accepting new data from its user and only deliver data in queue at the time of the graceful close.
- Sequenced Delivery within Streams
The term "stream" is used in SCTP to refer to a sequence of user messages that are to be delivered to the upper-layer protocol in order with respect to other messages within the same stream. This is in contrast to its usage in TCP, where it refers to a sequence of bytes (in this document a byte is assumed to be eight bits).
The SCTP user can specify at association startup time the number of streams to be supported by the association. This number is negotiated with the remote end. User messages are associated with stream numbers (send, receive primitives). Internally, SCTP assigns a stream sequence number to each message passed to it by the SCTP user. On the receiving side, SCTP ensures that messages are delivered to the SCTP user in sequence within a given stream. However, while one stream may be blocked waiting for the next in-sequence user message, delivery from other streams may proceed.
SCTP provides a mechanism for bypassing the sequenced delivery service. User messages sent using this mechanism are delivered to the SCTP user as soon as they are received.
- User Data Fragmentation
When needed, SCTP fragments user messages to ensure that the SCTP packet passed to the lower layer conforms to the path MTU. On receipt, fragments are reassembled into complete messages before being passed to the SCTP user.
- Acknowledgement and Congestion Avoidance
SCTP assigns a Transmission Sequence Number (TSN) to each user data fragment or unfragmented message. The TSN is independent of any stream sequence number assigned at the stream level. The receiving end acknowledges all TSNs received, even if there are gaps in the sequence. In this way, reliable delivery is kept functionally separate from sequenced stream delivery.
The acknowledgement and congestion avoidance function is responsible for packet retransmission when timely acknowledgement has not been received. Packet retransmission is conditioned by congestion avoidance procedures similar to those used for TCP.
- Chunk Bundling
The SCTP packet as delivered to the lower layer consists of a common header followed by one or more chunks. Each chunk may contain either user data or SCTP control information. The SCTP user has the option to request bundling of more than one user messages into a single SCTP packet. The chunk bundling function of SCTP is responsible for assembly of the complete SCTP packet and its disassembly at the receiving end.
During times of congestion an SCTP implementation MAY still perform bundling even if the user has requested that SCTP not bundle. The user's disabling of bundling only affects SCTP implementations that may delay a small period of time before transmission (to attempt to encourage bundling). When the user layer disables bundling, this small delay is prohibited but not bundling that is performed during congestion or retransmission.
- Packet Validation
A mandatory Verification Tag field and a 32 bit checksum field are included in the SCTP common header. The Verification Tag value is chosen by each end of the association during association startup. Packets received without the expected Verification Tag value are discarded, as a protection against blind masquerade attacks and against stale SCTP packets from a previous association.
- Path Management
The sending SCTP user is able to manipulate the set of transport addresses used as destinations for SCTP packets. The SCTP path management function chooses the destination transport address for each outgoing SCTP packet based on the SCTP user's instructions and the currently perceived reachability status of the eligible destination set. The path management function monitors reachability through heartbeats when other packet traffic is inadequate to provide this information and advises the SCTP user when reachability of any far-end transport address changes. The path management function is also responsible for reporting the eligible set of local transport addresses to the far end during association startup, and for reporting the transport addresses returned from the far end to the SCTP user.
At association start-up, a primary path is defined for each SCTP endpoint, and is used for normal sending of SCTP packets.
On the receiving end, the path management is responsible for verifying the existence of a valid SCTP association to which the inbound SCTP packet belongs before passing it for further processing.
Note: Path Management and Packet Validation are done at the same time, so although described separately above, in reality they cannot be performed as separate items.
SCTP header format
16 | 32 bit | Source Port Number | Destination Port Number | Verification Tag | Checksum |
- Source Port Number
This is the SCTP sender's port number. It can be used by the receiver, in combination with the source IP Address, to identify the association to which this datagram belongs.
- Destination Port Number
This is the SCTP port number to which this datagram is destined. The receiving host will use this port number to de-multiplex the SCTP datagram to the correct receiving endpoint/application.
- Verification Tag
The receiver of this 32 bit datagram uses the Verification tag to identify the association. On transmit, the value of this Verification tag must be set to the value of the Initiate tag received from the peer endpoint during the association initialization.
For datagrams carrying the INIT chunk, the transmitter sets the Verification tag to all 0's. If the receiver receives a datagram with an all-zeros Verification tag field, it checks the Chunk ID immediately following the common header. If the chunk type is not INIT or SHUTDOWN ACK, the receiver drops the datagram. For datagrams carrying the SHUTDOWN-ACK chunk, the transmitter sets the Verification tag to the Initiate tag received from the peer endpoint during the association initialization, if known. Otherwise the Verification tag is set to all 0's.
- Checksum
Contains the checksum of this SCTP packet. SCTP uses the Adler-32 algorithm for calculating the checksum.
Chunk Field Descriptions
The figure below illustrates the field format for the chunks to be transmitted in the SCTP packet. Each chunk is formatted with a Chunk Type field, a chunk-specific Flag field, a Chunk Length field, and a Value field.
8 | 16 | 32 bit | Chunk Type | Chunk Flags | Chunk Length | Chunk Value (variable) |
- Chunk Type
Identifies the type of information contained in the Chunk data. The value of 255 is reserved for future use as an extension field.
Chunk types are encoded such that the highest-order two bits specify the action that must be taken if the processing endpoint does not recognize the Chunk type.
- 00 - Stop processing this SCTP packet and discard it, do not process any further chunks within it.
- 01 - Stop processing this SCTP packet and discard it, do not process any further chunks within it, and report the unrecognized parameter in an 'Unrecognized Parameter Type' (in either an ERROR or in the INIT ACK).
- 10 - Skip this chunk and continue processing.
- 11 - Skip this chunk and continue processing, but report in an ERROR Chunk using the 'Unrecognized Chunk Type' cause of error.
The total length of a chunk MUST be a multiple of 4 bytes. If the length of the chunk is not a multiple of 4 bytes, the sender MUST pad the chunk with all zero bytes and this padding is not included in the chunk length field. The sender should never pad with more than 3 bytes. The receiver MUST ignore the padding bytes.
| Chunk type | Description | | 0 | DATA, Payload Data. | | 1 | INIT, Initiation. | | 2 | INIT ACK, Initiation Acknowledgement. | | 3 | SACK, Selective Acknowledgement. | | 4 | HEARTBEAT, Heartbeat Request. | | 5 | HEARTBEAT ACK, Heartbeat Acknowledgement. | | 6 | ABORT, Abort. | | 7 | SHUTDOWN, Shutdown. | | 8 | SHUTDOWN ACK, Shutdown Acknowledgement. | | 9 | ERROR, Operation Error. | | 10 | COOKIE ECHO, State Cookie. | | 11 | COOKIE ACK, Cookie Acknowledgement. | | 12 | ECNE, Reserved for Explicit Congestion Notification Echo. | | 13 | CWR, Reserved for Congestion Window Reduced. | | 14 | SHUTDOWN COMPLETE, Shutdown Complete. | | 15-191 | | | 192 | Forward TSN. | | 193-255 | |
- Chunk Flags
The usage of these bits depends on the chunk type as given by the Chunk Type. Unless otherwise specified, they are set to zero on transmit and are ignored on receipt.
- Chunk Length
This value represents the size of the chunk in bytes including the Chunk Type, Chunk Flags, Chunk Length, and Chunk Value fields. Therefore, if the Chunk Value field is zero-length, the Length field will be set to 4. The Chunk Length field does not count any padding.
- Chunk Value
The Chunk Value field contains the actual information to be transferred in the chunk. The usage and format of this field is dependent on the Chunk Type.
|
 Top of Page
|
| EXAMPLES |
Example 1: Normal Association Establishment
In the following example, "A" initiates the association and then sends a user message
to "Z", then "Z" sends two user messages to "A" later (assuming no bundling or
fragmentation occurs):
Endpoint A Endpoint Z
{app sets association with Z}
(build TCB)
INIT [I-Tag=Tag_A
& other info] --------
(Start T1-init timer)
(Enter COOKIE-WAIT state) ---> (compose temp TCB and Cookie_Z)
/--- INIT ACK [Veri Tag=Tag_A,
/ I-Tag=Tag_Z,
(Cancel T1-init timer) <------/ Cookie_Z, & other info]
(destroy temp TCB)
COOKIE ECHO [Cookie_Z] ------
(Start T1-init timer)
(Enter COOKIE-ECHOED state) ---> (build TCB enter ESTABLISHED state)
/---- COOKIE-ACK
/
(Cancel T1-init timer, <-----/
Enter ESTABLISHED state)
{app sends 1st user data; strm 0}
DATA [TSN=initial TSN_A
Strm=0,Seq=1 & user data]--
(Start T3-rtx timer)
->
/----- SACK [TSN Ack=init
TSN_A,Block=0]
(Cancel T3-rtx timer) <------/
...
{app sends 2 messages;strm 0}
/---- DATA
/ [TSN=init TSN_Z
<--/ Strm=0,Seq=1 & user data 1]
SACK [TSN Ack=init TSN_Z, /---- DATA
Block=0] -------- / [TSN=init TSN_Z +1,
/ Strm=0,Seq=2 & user data 2]
<------/
------>
If the T1-init timer expires at "A" after the INIT or COOKIE ECHO chunks are sent, the
same INIT or COOKIE ECHO chunk with the same Initiate Tag (i.e., Tag_A) or State
Cookie shall be retransmitted and the timer restarted. This shall be repeated
Max.Init.Retransmits times before "A" considers "Z" unreachable and reports the failure
to its upper layer (and thus the association enters the CLOSED state). Example 2: Association Restart
In the following example, "A" initiates the association after a restart has
occurred. Endpoint "Z" had no knowledge of the restart until the exchange
(i.e. Heartbeats had not yet detected the failure of "A"). (assuming no
bundling or fragmentation occurs):
Endpoint A Endpoint Z
<-------------- Association is established---------------------->
Tag=Tag_A Tag=Tag_Z
<--------------------------------------------------------------->
{A crashes and restarts}
{app sets up a association with Z}
(build TCB)
INIT [I-Tag=Tag_A'
& other info] --------
(Start T1-init timer)
(Enter COOKIE-WAIT state) ---> (find a existing TCB
compose temp TCB and Cookie_Z
with Tie-Tags to previous
association)
/--- INIT ACK [Veri Tag=Tag_A',
/ I-Tag=Tag_Z',
(Cancel T1-init timer) <------/ Cookie_Z[TieTags=
Tag_A,Tag_Z
& other info]
(destroy temp TCB,leave original in place)
COOKIE ECHO [Veri=Tag_Z',
Cookie_Z
Tie=Tag_A,
Tag_Z]----------
(Start T1-init timer)
(Enter COOKIE-ECHOED state) ---> (Find existing association,
Tie-Tags match old tags,
Tags do not match i.e.
case X X M M above,
Announce Restart to ULP
and reset association).
/---- COOKIE-ACK
/
(Cancel T1-init timer, <-----/ Enter ESTABLISHED state)
{app sends 1st user data; strm 0}
DATA [TSN=initial TSN_A
Strm=0,Seq=1 & user data]--
(Start T3-rtx timer)
->
/----- SACK [TSN Ack=init TSN_A,Block=0]
(Cancel T3-rtx timer) <------/
|
Top of Page
|
| PROTOCOL RELATIONS |
■ Parent layer
■ Child layer
IP
| | SCTP | |
Top of Page
|
| GLOSSARY |
|
Bundling
Bundling is an optional multiplexing operation, whereby more than one user message may be carried in the same SCTP packet. Each user message occupies its own DATA chunk.
Chunk
Chunk is a unit of information within an SCTP packet, consisting of a chunk header and chunk-specific content.
Cookie
A cookie is a random number used by a mobile node to prevent spoofing by a bogus correspondent node in the return routability procedure.
IP
The IP (Internet Protocol) is a protocol which uses datagrams to communicate over a packet-switched network. IP specifies the format of packets, also called datagrams, and the addressing scheme. Most networks combine IP with a higher-level protocol called Transmission Control Protocol (TCP), which establishes a virtual connection between a destination and a source.
IP by itself is something like the postal system. It allows you to address a package and drop it in the system, but there's no direct link between you and the recipient. TCP/IP, on the other hand, establishes a connection between two hosts so that they can send messages back and forth for a period of time.
The current version of IP is IPv4. A new version, called IPv6 or IPng, is under development.
MTU
MTU (Maximum transmission unit) is the size of the largest packet that can be transmitted over a particular medium. Packets exceeding the MTU value in size are fragmented or segmented, and then reassembled at the receiving end. If fragmentation is not supported or possible, a packet that exceeds the MTU value is dropped.
PSTN
PSTN (Public Switched Telephone Network), which refers to the international telephone system based on copper wires carrying analog voice data. This is in contrast to newer telephone networks base on digital technologies, such as ISDN and FDDI.
Packet
A packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. When any file (e-mail message, HTML file, Graphics Interchange Format file, Uniform Resource Locator request, and so forth) is sent from one place to another on the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into "chunks" of an efficient size for routing. Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the receiving end).
Path
The route taken by the SCTP packets sent by one SCTP endpoint to a specific destination transport address of its peer SCTP endpoint. Sending to different destination transport addresses does not necessarily guarantee getting separate paths.
SCTP
SCTP (Stream Control Transmission Protocol) is a type of mobility management for IP-based networks that focuses on the transport and session layers, rather the network layer. SCTP, in general terms, is a reliable transport protocol operating on top of potentially unreliable connectionless packet service.
Service
The NAS provides a service to the dial-in user, such as PPP or Telnet.
Stream
Stream is a uni-directional logical channel established from one to another associated SCTP endpoint, within which all user messages are delivered in sequence except for those submitted to the unordered delivery service.
TSN
Transmission Sequence Number (TSN) is a 32-bit sequence number used internally by SCTP. One TSN is attached to each chunk containing user data to permit the receiving SCTP endpoint to acknowledge its receipt and detect duplicate deliveries.
Transport address
The Transport Address is traditionally defined by Network Layer address, Transport Layer protocol and Transport Layer port number. In the case of SCTP running over IP, a transport address is defined by the combination of an IP address and an SCTP port number (where SCTP is the Transport protocol).
|
Top of Page
|
| REFERENCES |
Related links:
SCTP parameters
sctp.org
RFCs:
[ RFC 2960] Stream Control Transmission Protocol.
[ RFC 3257] Stream Control Transmission Protocol Applicability Statement.
[ RFC 3286] An Introduction to the Stream Control Transmission Protocol (SCTP).
[ RFC 3309] Stream Control Transmission Protocol (SCTP) Checksum Change.
Updates: RFC 2960.
[ RFC 3436] Transport Layer Security over Stream Control Transmission Protocol.
[ RFC 3554] On the Use of Stream Control Transmission Protocol (SCTP) with IPsec.
[ RFC 3708] Using TCP Duplicate Selective Acknowledgement (DSACKs) and Stream Control Transmission Protocol (SCTP) Duplicate Transmission Sequence Numbers (TSNs) to Detect Spurious Retransmissions.
[ RFC 3758] Stream Control Transmission Protocol (SCTP) Partial Reliability Extension.
Defines SCTP chunk type 192 (Forward TSN).
[ RFC 3873] Stream Control Transmission Protocol (SCTP) Management Information Base (MIB).
Defines SNMP MIB iso.org.dod.internet.mgmt.mib-2.sctpMIB (1.3.6.1.2.1.104).
[ RFC 4138] Forward RTO-Recovery (F-RTO): An Algorithm for Detecting Spurious Retransmission Timeouts with TCP and the Stream Control Transmission Protocol (SCTP).
Publications:
[ISBN 0201721864] Stream Control Transmission Protocol (SCTP).
|
Top of Page
|
| OTHER PROTOCOLS OF TCP/IP SUITE |
|
|
|
|
|
