1. SCTP: Stream Control Transfer Protocol Naveen Kumar Department of Computer and Information Sciences *Some slides have been taken from Prof. Amer

2. TCP Limitations Head-of-Line blocking Strict ordering of data Doesn’t preserve boundaries Limited scope of TCP sockets Vulnerable to SYN attacks

3. SCTP: Transport Layer User Application SCTP Transport IP User Application SCTP Transport IP HOST 1 HOST 2 network

4. Features of SCTP Multi streaming Multi homing Connection oriented Immune to denial of service attacks Message framing

5. Multi Streaming

6. TCP: Multiple connections physical data link IP transport TCP buffers file transfer textvoicevideo voicetext file transfer sender receiver 4 independent connections Efficient..?

7. video file transfer textvoicevideo SCTP: Multi streaming physical data link IP transport stream buffers 1 association w/4 streams file transfer textvoice sender receiver File text transfer chunk chunk SCTP Packet

8. SCTP: Multi streaming Stream 0 Stream 1 Stream 2 Strea m n A stream is Uni-directional – SCTP makes no correlation between an inbound and outbound stream An association may have more streams travelling in one direction than the other.

9. Multi-homing

10. SCTP: Association An association in SCTP is analogous to connection in TCP An SCTP association can be represented as a pair of SCTP endpoints: association = { [10.1.61.11 : 2223], [161.10.8.221, 120.1.1.5 : 80] }

11. Multi-homing Network 1 Network 2 Network n IP=128.33.6.12 IP=10.13.56.9 sender=[ 128.33.6.12, 198.3.69.5: 6590] receiver=[ 123.45.17.9, 19.234.45.5, 42.45.78.12: 80] IP=123.45.17.9 IP=19.234.45.5 IP=42.45.78.12

12. 1232341 A2A2 A1A1 B2B2 B1B1 receive buffer (6) delivered to application 123456132 sent by application 234563456456566 45 4 56 5 6 6 data data to be sent TCP data transfer without loss

13. 341561232 A2A2 A1A1 B2B2 B1B1 receive buffer (6) delivered to application data to be sent 123456132 data 23456 4 4 5 5 6 6 retransmission loss data sent from application TCP data transfer with loss

14. 1232341 A2A2 A1A1 B2B2 B1B1 receive buffer (6) delivered to application data to be sent 123456132 sent by application data 234563456456566 45 4 56 5 6 6 SCTP data transfer without loss

15. 1345634156 2 2 A2A2 A1A1 B2B2 B1B1 receive buffer (6) delivered to application data to be sent 123456132 data 234566456 retransmission 2 loss data sent from application SCTP data transfer with loss

16. 51566123234 A2A2 A1A1 B2B2 B1B1 receive buffer (6) delivered to application data to be sent 123456132 sent by application data 234563456456 4 connection fails! 665544 data TCP data transfer single path failure

17. 231 A2A2 A1A1 B2B2 B1B1 receive buffer (6) delivered to application data to be sent 123456 sent by application data 234563456456 6655 44 45 6 566 123456215436 retransmission data SCTP data transfer with single path failure

18. Packet Format

19. SCTP Packet Format COMMON HEADER CHUNK # 1 CHUNK # 2 …………….. CHUNK # n Common Header Control Chunk Data Chunk

20. 0x00DATA 0x01INIT 0x02INIT-ACK 0x03SACK 0x04HEARTBEAT 0x05HEARTBEAT-ACK 0x07SHUTDOWN 0x08SHUTDOWN-ACK Type SCTP SCTP Chunk Types

21. Association Setup

22. V: Verification tag I : Initiate tag 1RTT INIT–ACK (V=TagA) (I=TagB)( State Cookie ) closed t=0 INIT (V=0) (I=TagA) cookie wait COOKIE–ECHO (V=TagB) ( State Cookie ) cookie echoed data (V=TagB) established 2RTT COOKIE–ACK (V=TagA) estab’d SCTP: Four-way Association Setup

23.  Information from original INIT  Information from current INIT-ACK  Timestamp  Life span of cookie (Time to Live)  Signature for authentication (MD5) What is in the COOKIE ?

24. Data Transfer

25. SCTP: Data Transfer

26. SCTP: Packet Parameters TSN(32 bits) : A 32-bit sequence number attached to each chunk containing user data to permit the receiving SCTP endpoint to acknowledge its receipt and detect duplicate deliveries. SI(16 bits): Identifies the stream to which the following user data belongs. SSN(16 bits) : A sequence number to assure sequenced delivery of the user messages within a given stream.

27. SCTP: Packets, Data, Chunk and Streams

28. SCTP: Data Transfer

29. Association Shutdown

30. DATA SACK SHUTDOWN Upper layer invokes SHUTDOWN shutdown_pending shutdown_sent estbl’d stop accepting data SCTP: Graceful Shutdown

31. shutdown_pending shutdown_sent shutdown_received stop accepting data shutdown_ack_sent closed (delete TCB) ‏ SHUTDOWN_ACK SHUTDOWN + SACK SHUTDOWN DATA SHUTDOWN_COMPLETE closed (delete TCB) ‏

32. Message Framing

33. Web server Web client TCP connection A-PDU 3 A-PDU 2 A-PDU 1 bytes 1 - 100 bytes 101 - 200 bytes 201 - 300 bytes 1 – 75 bytes 176 – 230 bytes 231 – 300 bytes 76 – 175 TCP does not preserve message boundaries

34. Web server Web client SCTP association A-PDU 3A-PDU 2 A-PDU 1 A-PDU 2A-PDU 3 bytes 1 - 100 bytes 101 - 200 bytes 201 - 300 bytes 1 - 100 bytes 201 - 300 bytes 101 - 200 SCTP preserves message boundaries

35. Immune to attacks

36. TCP Flooding Attack 128.3.4.5 (victim) TCP-based web server flooded!! spoofed SYN’s 221.3.5.10 192.10.2.8 SYN 190.13.4.1 SYN 228.3.14.5 SYN 130.2.4.15 Internet process SYN TCB = Transport Control Block (attackers) TCB SYN 130.2.4.15 TCB SYN 228.3.14.5 TCB SYN 190.13.4.1

37. The SCTP Way: 4-way handshake limits attack 128.3.4.5 spoofed INIT’s 221.3.5.10 192.10.2.8 INIT 190.13.4.1 INIT 228.3.14.5 INIT 130.2.4.15 Internet process INIT (victim) SCTP-based web server (attackers) INIT-ACK 130.2.4.15 INIT-ACK 228.3.14.5 INIT-ACK 190.13.4.1 No reserved resources No flooding!!

38. SCTP Implementations COMPANY IMPLEMENTATION OS TYPE Open-Source Kernel FreeBSD/Net BSD Continuos Computing User space UNIX/LINUX/ VxWorks/ Windows Ulticom Kernel Solaris and Linux Sun Microsystems Kernel Solaris Sparc/X86 IBM Kernel AIX CISCO Proprietary IOS

39. SCTP VS TCP VS UDP

40. Any Questions ?