Title: Lecture 9 SCTP Sockets
1Lecture 9SCTP Sockets
- CPE 401 / 601Computer Network Systems
slides are modified from Janardhan Iyengar, John
Rumsey, Nimish Vartak
2Where is SCTP in the stack?
Application
Application
Socket API
Socket API
UDP
TCP
UDP
TCP
3SCTP Motivation
- New applications
- Migration from PSTN to Packet based Internet
- Telephony signaling messages
- Shortcomings of existing protocols
- TCP
- head-of-line blocking
- Byte-oriented, not message-oriented
- Multi-homing support not built in
- DoS attack prone
- UDP
- No Reliability
- Absence of congestion control
- Absence of flow control
4SCTP Overview
- SCTP is a reliable transport protocol operating
on top of a connectionless packet network such as
IP. - RFC 2960
- Has built-in support for multi-homed hosts
- Is message-based conserves the message
boundaries. - Classifies messages as
- sequenced delivery of user messages within
multiple streams - with an option for un-ordered delivery of
individual user messages - Additional security mechanisms
5SCTP Feature Summary
- Start with TCP
- reliable (retransmissions)
- congestion controlled
- connection oriented
- Add
- 4-way handshake
- to reduce vulnerability to DOS attacks
- framing
- preserve message boundaries
- multistreaming
- instead of one ordered stream, up to 64K
independent ordered streams - multihoming
- instead of one IP address per endpoint a set
of IP addresses per endpoint -
6TCP Connection Setup
A
B
closed
t0
listen
SYN
SYN sent
SYN-ACK
1RTT
SYN recd (TCB created)
ACK
data
established
estabd
7SYN Flooding Attack
attackers
Flooded!!
victim
130.2.4.15
128.3.4.5
TCB
SYN
TCB
228.3.14.5
192.10.2.8
SYN
TCB
TCB
190.13.4.1
SYN
TCB
221.3.5.10
Unavailable, reserved resources
- There is no ACK in response to the SYN-ACK,
hence connection - remains half-open
- Other genuine clients cannot open connections
to the victim - The victim is unable to provide service
8SCTP Features (contd )
(SYN) INIT
(SYN-ACK) INIT-ACK
COOKIE-ECHO
COOKIE-ACK
End-Point A
End-Point Z
9Whats in a cookie?
- Information from original INIT
- Information from current INIT-ACK
- Timestamp
- Life span of cookie (Time to live)
- Signature for authentication (SHA-1, MD5, etc.)
10SCTP Association Setup
V Verification tag I Initiate tag
closed
A
B
t0
INIT (V0) (ITagA)
cookie wait
INITACK (VTagA) (ITagB) (StateCookie)
closed
1RTT
COOKIEECHO (VTagB) (StateCookie)
cookie echoed
COOKIEACK (VTagA)
2RTT
estabd
data (VTagB)
established
11SCTP Features (contd )
SHUTDOWN
SHUTDOWN-ACK
SHUTDOWN-CMPL
End-Point A
End-Point Z
No Half Closed State
12Graceful Shutdown
A
B
App signals shutdown
(pending data)
Shutdown pending
SHUTDOWN
Shutdown received
Shutdown sent
(pending data)
SHUTDOWN-ACK
Shutdown-Ack sent
SHUTDOWN-COMPLETE
Closed
Closed
13SCTP state diagram
14SCTP Feature Summary
- Start with TCP
- reliable (retransmissions)
- congestion controlled
- connection oriented
- Add
- 4-way handshake
- to reduce vulnerability to DOS attacks
- framing
- preserve message boundaries
- multistreaming
- instead of one ordered stream, up to 64K
independent ordered streams - multihoming
- instead of one IP address per endpoint a set
of IP addresses per endpoint -
15Message Boundaries
- UDP honors message boundaries
- Each app message becomes a datagram
- TCP does not honor message boundaries
- App messages become part of a byte stream
- SCTP maintains message boundaries
- Each app message is maintained as one or more
data chunks
16Chunks in SCTP
17SCTP Header
- Source Port Destination Port
- Uses same port concept as TCP and UDP
- Verification Tag
- Exchanged between endpoints at startup
- To Validate the sender
- Checksum
- Protected by 32 bit checksum (CRC32 algorithm)
SCTP Header
Source Port
Destination Port
Verification Tag
Checksum
4 4 2 2
18SCTP Chunks
- Type
- Used to distinguish data chunks and different
types of control chunks - Flags
- Usage depends on Chunk type
- Length
- Required because chunks have a variable length
- Value
- Payload field
Chunk
Flags
Type
Value
Length
N 2 1 1
19INIT Chunk
20Data Chunk
21Selective Acknowledgement
22SACK Chunk
23SCTP Feature Summary
- Start with TCP
- reliable (retransmissions)
- congestion controlled
- connection oriented
- Add
- 4-way handshake
- to reduce vulnerability to DOS attacks
- framing
- preserve message boundaries
- multistreaming
- instead of one ordered stream, up to 64K
independent ordered streams - multihoming
- instead of one IP address per endpoint a set
of IP addresses per endpoint -
24Multi-streaming
- A.k.a. partial ordering. Eliminates Head of Line
(HOL) blocking - In TCP, all data must be sent in order loss at
head of line delays delivery of subsequent data - In SCTP, you can send over up to 64K independent
streams, each ordered independently - A loss on one stream does not delay the delivery
on other streams i.e. multi-streaming eliminates
HOL blocking
25Head-of-Line Blocking in TCP
S
Rs App
R
1
2
ACK 2
3
1
4
ACK 3
2
5
ACK 3
6
ACK 3
ACK 3
PDU 3 is blocking the head of the line.
26Head-of-line Blocking
- TCP provides a single data stream
- When a segment is lost, subsequent segments must
wait to be processed. - Problem for some applications (telephony)
- SCTP provides multiple independent streams per
association
27SCTP Multistreaming
- Logical separation of data within an assoc
- Designed to prevent head-of-line blocking
- Can be used to deliver multiple objects belonging
to the same assoc - Eg objects on a webpage, multimedia streams
(audio/video/text), files in an FTP mget
28SCTP Feature Summary
- Start with TCP
- reliable (retransmissions)
- congestion controlled
- connection oriented
- Add
- 4-way handshake
- to reduce vulnerability to DOS attacks
- framing
- preserve message boundaries
- multistreaming
- instead of one ordered stream, up to 64K
independent ordered streams - multihoming
- instead of one IP address per endpoint a set
of IP addresses per endpoint -
29Multi-homing
Internet
End-Point A
End-Point Z
- In TCP, connections made between
and - If a host is multi-homed, you have to choose ONE
IP Addr only, at each end - If that interface goes down, so does the
connection - With SCTP, you can list as many IP addresses per
endpoint as you like - If host is still reachable through ANY of those
addresses, connection stays up.
30SCTP Multi-Homing
- Multiple src/dest ip addresses
- Use of different physical paths not guaranteed
- Peer reachability and path status are monitored
(heartbeat) - One selectable default destination
- Parameters per path (cwnd, ssthresh, RTT)
31What is SCTP Multihoming?
- Hosts pick 1 of 4 possible TCP connections
- (A1, B1), (A1, B2), (A2, B1), (A2, B2)
- Hosts use 1 SCTP association
- (A1,A2, B1,B2)
- Selectable primary dest Host A ? B1 Host B ?
A1 - New data sent only to primary destination
32Multihoming Operation
SACK
33SCTP Summary
Well suited for Multimedia
- Like TCP
- Provides connection establishment
- Ensures Reliability
- Provisions for ordered and un-ordered data
- Provides Congestion Control
- In addition to TCP features
- Provides multi-homing
- Provides multi-streaming
- Has security features
34(No Transcript)
35SCTP Socket Types
- SCTP socket API comes in two forms one-to-one
and one-to-many. - The one-to-many at one time was known by the UDP
style socket. The one-to-one used to be called
the a TCP style socket. - So what is the purpose of each socket style and
how can it be used?
36One-to-One style
- The purpose of the one-to-one style socket is to
provide a smooth transition mechanism for those
applications running on TCP and wishing to move
to SCTP. - The same semantics used in TCP are used with this
style. - A server will typically open the socket, make a
call to listen (to accept associations), and call
accept, blocking upon the arrival of a new
association. - The only notable difference between a TCP socket
and a SCTP socket is the socket call uses
IPPROTO_SCTP instead of IPPROTO_TCP (or 0).
37One-to-One Example Server
- int sd, newfd, sosz
- struct sockaddr_in6 sin6
- sosz sizeof(sin6)
- sd socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP)
- listen(sd, 1)
- while (1)
- newfd accept(sd, (struct sockaddr )sin6,
sosz) - do_child_stuff(newfd, sin6, sosz)
38 One-to-Many style
- A typical server using a one-to-many style socket
will do a socket() call, followed by a listen()
and recvfrom(). - A typical client will just sendto() the server of
his choice. - Note that the connect() and accept() call are not
needed. - The connect() call can be done by either side
(server or client) but it is not needed. - Note that this style is more like what a UDP
client/server would look like thus the previous
name.
39One-to-many Example Server
- int sd, newfd, sosz, msg_flags
- struct sockaddr_in6 sin6
- struct sndrcvinfo snd_rcv
- char buf8000
- sosz sizeof(sin6)
- sd socket(AF_INET6, SOCK_SEQPKT, IPPROTO_SCTP)
- listen(sd, 1)
- while (1)
- len sctp_recvmsg(sd, buf, sizeof(buf),
(sockaddr )sin6, sosz,
snd_rcv, msg_flags) - do_child_stuff(newfd, buf, len, sin6,
snd_rcv, msg_flags)
40SCTP Notifications
- The SCTP stack, at times, has information it may
wish to share with its application (or Upper
Layer Protocol ... ULP). - The ULP can turn off and on specific
notifications via a socket options call. - By default ALL notifications are off.
- We can get a notification
- By reading data and looking at the msg_flags, if
the message read is a notification, then
"MSG_NOTIFICATION is contained within the
msg_flags argument upon return.
41Deciphering Notifications
- Every Notification uses a TLV format as
illustrated below - Type of notifications
- SCTP_ASSOC_CHANGE
- SCTP_PEER_ADDR_CHANGE
- SCTP_REMOTE_ERROR
- SCTP_SEND_FAILED
- SCTP_SHUTDOWN_EVENT
- ....
struct sctp_tlv u_int16_t sn_type u_int16_t
sn_flags u_int32_t sn_length
42Socket Options
- SCTP provides a host of socket options to perform
a mirad of operations. - Some have unique structures others just turn
things on and off with boolean's or integers. - SCTP_NODELAY
- SCTP_MAXSEG
- SCTP_ASSOCINFO
- SCTP_AUTOCLOSE
- SCTP_ADAPTION_LAYER
- SCTP_DEFAULT_SEND_PARAM
- SCTP_DISABLE_FRAGMENTS
- ...
43Extended system calls.
- sctp_connectx
- Allows a user to specify multiple address to
attempt to connect too. - sctp_bindx
- Allows an application to bind a set of addresses
instead of one or all addresses. - sctp_opt_info
- Some implementations do not support a
getsockopt() call that allows data to be passed
both ways. This call is compatible with all
implementations. - sctp_peeloff
- this call is used to convert a single association
that is part of a one-to-many socket into an
individual new socket descriptor that is a
one-to-one socket.
44Extended system calls
- sctp_getpaddrs
- This call will return a block of memory holding
the peers addresses currently part of the
association. - sctp_freepaddrs
- This call is used to release the memory back that
the sctp_getpaddrs call allocated. - sctp_getladdrs
- This call will return a block of memory holding
the local addresses bound to an association. - sctp_freeladdrs
- This call should be used to release the memory
allocated by sctp-getladdrs back to the system.
45Extended system calls
- sctp_sendmsg
- This call will allow the caller to specify on the
command line things like the stream number and
other SCTPish information to be sent with a
message. - sctp_send
- This call has a similar purpose to sctp_sendmsg
but instead of a large number of command line
options, a sctp_sendrcvinfo structure is used to
pass the relevant information. - sctp_recvmsg
- This call (as we saw previously) is used to
receive a message but also a sctp_sendrcvinfo
structure with details on the message (e.g. The
stream number and stream sequence number).
46Summary
- SCTP is a new transport protocol
- available now in bleeding edge Linux and BSD
kernels,and will make its way into the
mainstream - It has some cool new features