SCTP Technical Tutorial

1
SCTP Stream Control Transmission Protocol
2
Stream Control Transmission Protocol

• Next Generation Networks
• TCP Transmission Control Protocol
• SCTP Stream Control Transmission Protocol
• User Adaptation Layers for SCTP
• SCTP Packets
• Establishing the Connection (Association)
• Data Transmission
• Closing the Connection (Association)
• Multihoming Operation
• Congestion Control
• Security Issues

3
Next Generation Networks
Softswitch or Media Gateway Controller
Legacy ISDN Subscriber
Legacy ISDN Subscriber
4
Next Generation Networks
Softswitch or Media Gateway Controller
PBX Signalling
PBX Signalling
Media Gateway Control Protocol
Legacy ISDN Subscriber
Legacy ISDN Subscriber
5
Next Generation Networks
Softswitch or Media Gateway Controller
PBX Signalling
PBX Signalling
Media Gateway Control Protocol
Legacy ISDN Subscriber
Legacy ISDN Subscriber
6
Next Generation Networks
Softswitch or Media Gateway Controller
PBX Signalling
PBX Signalling
Media Gateway Control Protocol
Legacy ISDN Subscriber
Legacy ISDN Subscriber
7
How are Services are carried over IP

• Voice is carried over IP using Real Time
  Protocol but how is signalling carried?

?? PBX Signalling / RTP or UDP or TCP / IP ??
Voice / RTP / IP
Softswitch or Media Gateway Controller
8
TCP - Transmission Control Protocol

• Good Points
• Provides Reliable, In-Sequence delivery of data
  packets
• Supports Congestion Control and Avoidance
  Features

• Bad Points
• TCP transports a byte stream which must be
  delivered in order
• Doesnt Support Multistreaming
• Vulnerable to Denial of Service Attacks
• Doesnt support Multihoming or Path Monitoring

9
Stream Control Transmission Protocol

• SCTP has been specifically designed to provide
  reliable, error free transport of message
  oriented applications over IP

PBX Signalling
Steam Control Transmission Protocol
Softswitch or Media Gateway Controller

• Supports the good aspects of TCP and fixes the
  bad aspects of TCP

10
Stream Control Transmission Protocol

• SCTP provides the backhauling of signalling
  messages between a Signalling Gateway and a Media
  Gateway Controller, over an IP network

Signalling Gateway
SCTP
Softswitch or Media Gateway Controller
11
Stream Control Transmission Protocol

• Supports multiple signalling streams over a
  single SCTP connection (association)

Signalling Gateway
SCTP
Softswitch or Media Gateway Controller
12
Stream Control Transmission Protocol
Signalling Gateway
SCTP
Softswitch or Media Gateway Controller
13
User Adaptation Layers for SCTP

• IUA/SCTP
• The transport of ISDN Q.921 user messages over IP
• DUA/SCTP
• The transport of DASS/DPNSS messages over IP
• V5UA/SCTP
• The transport of V5.2 messages over IP
• MTP2/SCTP
• The transport of Signalling System 7 Message
  Transfer Part 2 (SS7 MTP2) user signalling
  messages over IP
• MTP3/SCTP
• The transport of any SS7 MTP3 - User signalling
  (e.g., ISUP and SCCP messages) over IP
• SUA/SCTP
• The transport of any Signalling Connection
  Control Part - User signalling over IP

14
Why Use SCTP?

• SCTP is a reliable transport protocol
• Specifically designed for transport of message
  oriented applications
• Acknowledged error free transfer of messages
• Detection of data corruption, loss of data and
  duplication of data
• Selective retransmission to correct lost or
  corrupted data
• Heartbeat actively monitors connectivity of
  session
• Resistance to Denial of Service attacks
• Supports several streams within a connection (or
  association)

15
SCTP Stream
16
SCTP Packets
17
SCTP Header

• Source Port Destination Port
• Uses same port concept as TCP and UDP
• Verification Tag
• Exchanged between endpoints at startup
• 2 per Association
• To Validate the sender
• Checksum
• Protected by 32 bit checksum (CRC32 algorithm)

SCTP Header
Source Port
Destination Port
Verification Tag
Checksum
4 4 2 2
18
Chunks
SCTP Header
Source Port
Destination Port
Verification Tag
Checksum
4 4 2 2
19
Chunks

• Type
• Used to distinguish data chunks and different
  types of control chunks
• Flags
• Usage depends on Chunk type
• Length
• Required because chunks have a variable length
• Value
• Payload field

Chunk
Flags
Type
Value
Length
N 2 1 1
20
0 Payload Data 1 Initiation 2 Initiation
Acknowledgement 3 Selective Acknowledgement 4 Hear
tbeat Request 5 Heartbeat Acknowledgement 6 Abort
7 Shutdown 8 Shutdown Acknowledgement 9 Operation
Error 10 State Cookie 11 Cookie
Acknowledgement 12 Reserved for Explicit
Congestion Notification Echo 13 Reserved for
Congestion Window Reduced 14 Shutdown
Complete 15-62 Reserved by IETF 63 IETF-defined
Chunk Extensions 64-126 Reserved by
IETF 127 IETF-defined Chunk Extensions 128-190 Res
erved by IETF 191 IETF-defined Chunk
Extensions 192-254 Reserved by IETF 255 IETF-defin
ed Chunk Extensions
Chunk Types
Chunk
Flags
Type
Value
Length
N 2 1 1
21
Establishing the Association
22
Establishing the Association

• Endpoint A sends an Initiation chunk and
  enters the COOKIE WAIT state

23
Initiation (INIT) Chunk
24
Establishing the Association

• Endpoint B receives the INIT Chunk and analyses
  the data
• From the data it generates a secure hash using a
  secret key
• The values are then put into a COOKIE, along
  with the derived message authentication code
  (MAC)
• The COOKIE is sent to the sender of the INIT
  Chunk in an INIT ACK Chunk
• Endpoint B remains in the CLOSED STATE

25
Initiation Acknowledgement (INIT ACK) Chunk
26
Establishing the Association

• Endpoint A takes the COOKIE from the INIT-ACK
  chunk, places it in a COOKIE ECHO chunk and
  returns it to Endpoint B
• Endpoint A enters the COOKIE-ECHOED STATE

27
Cookie Echo (COOKIE ECHO) Chunk
28
Establishing the Association

• Endpoint B unpacks the data contained in the
  COOKIE and uses the Message Authentication Code
  (MAC) to verify whether it was the originator of
  this COOKIE
• If the MAC computes OK, the data values
  contained in the COOKIE are used to initialise
  the SCTP instance

29
Establishing the Association
30
Cookie Acknowledgement (COOKIE ACK) Chunk
31
Data Transmission
ESTABLISHED STATE
ESTABLISHED STATE
32
Payload Data Chunk
33
Data Transmission
DATA chunk
ESTABLISHED STATE
ESTABLISHED STATE

• The Selective Acknowledgement Chunk is used to
  acknowledge received Data Chunks, and to inform
  of gaps in the sequence of Data Chunks

34
Selective Acknowledgement (SACK) Chunk
35
Acknowledging DATA Chunks
36
Acknowledging DATA Chunks
37
Terminating the Association

• Graceful Termination of an Association
• All outstanding data will be acknowledged before
  shutdown
• Aborting the Association
• Shutdown immediately on receiving the ABORT
  chunk
• Special Cases
• Restart of an Endpoint where it uses a new tag
  value
• Both endpoint send an INIT chunk at about the
  same time
• Excessive delay of Cookie chunks

38
Graceful Termination of the Association
ESTABLISHED STATE
ESTABLISHED STATE

• The initiator of the shutdown enters SHUTDOWN
  PENDING state and waits for all outstanding data
  to be acknowledged
• It will not accept any new data from its upper
  layers but will retransmit data to Endpoint B if
  necessary

39
Graceful Termination of the Association
ESTABLISHED STATE
ESTABLISHED STATE

• Endpoint A sends a SHUTDOWN chunk to Endpoint B
  and enters the SHUTDOWN SENT state
• On receipt of the SHUTDOWN chunk, Endpoint B
  enters the SHUTDOWN RECEIVED state

40
Shutdown Association (SHUTDOWN) Chunk
41
Graceful Termination of the Association
ESTABLISHED STATE
ESTABLISHED STATE
SHUTDOWN PENDING STATE
SHUTDOWN RECEIVED STATE

• Endpoint B waits for all outstanding data to be
  acknowledged
• It will not accept any new data from its upper
  layers but will retransmit data to Endpoint A if
  necessary

42
Graceful Termination of the Association
ESTABLISHED STATE
ESTABLISHED STATE
SHUTDOWN PENDING STATE
SHUTDOWN RECEIVED STATE

• Endpoint B sends a SHUTDOWN ACK chunk to
  Endpoint A and enters the SHUTDOWN ACK SENT state

43
Shutdown Acknowledgement (SHUTDOWN ACK) Chunk
44
Graceful Termination of the Association
ESTABLISHED STATE
ESTABLISHED STATE
SHUTDOWN PENDING STATE
SHUTDOWN RECEIVED STATE
45
Shutdown Complete (SHUTDOWN COMPLETE) Chunk
46
Abort Association (ABORT) Chunk
Operation Error (ERROR) Chunk
Error Cause
47
Error Causes

• Invalid Stream Identifier
• Missing Mandatory Parameter
• Stale Cookie Error
• Out of Resource
• Unresolvable Address
• Unrecognised Chunk Type
• Invalid Mandatory Parameter
• Unrecognised Parameters
• No User Data
• Cookie Received While Shutting Down

48
Multihoming Operation
The Source IP Address in the INIT chunk is used
as the destination address for the INIT ACK
response
Both the INIT and INIT ACK chunks contain lists
of IP addresses, which are exchanged during
INITIATION of association
INIT
INIT ACK
49
Multihoming Operation

• Endpoints will monitor data timeouts and the
  number of retransmissions to determine the
  suitability of the path

SACK
50
Multihoming Operation

• Retransmitted Data chunks will be sent over both
  paths if the status of one path is suspect

SACK
51
Multihoming Operation

• All faulty paths will be marked as Out of
  Service

SACK
52
Multihoming Operation

• Heartbeat chunks are sent periodically to all
  inactive IP addresses
• Non responding IP addresses will be marked as
  Out of Service

Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
Heartbeat Ack
53
Heartbeat Request (HEARTBEAT) Chunk
Heartbeat Acknowledgement (HEARTBEAT ACK) Chunk
54
Congestion Control

• Basically congestion is controlled by observing
  the number of packets lost and modifying the
  transmission rate accordingly
• Congestion Control Window
• Represents the senders view of network
  conditions
• Dynamically changed to suit network conditions
• Receiver Window Size
• Represents the senders view of the receivers
  incoming buffer space
• Updated by the receiver in SACK chunks
  (Advertised Receiver Window Credit)

55
Congestion Control
Congestion Control Window
The Congestion Control Window dictates how many
Data Chunks can be transmitted before you must
wait for an Acknowledgement
SACK
SACK
SACK
56
Congestion Control
Congestion Control Window
If packets are being successfully delivered and
acknowledged. The Congestion Control Window will
be increased.
SACK
SACK
SACK
57
Congestion Control
Congestion Control Window
If lost packets are being experienced, the
Congestion Control Window will be reset, and the
Slow Start Threshold may be lowered.
SACK
SACK
SACK
58
Congestion Control
Congestion Control Window
Receiver Buffer Window
SACK
SACK
SACK
59
Security Considerations

• Verification Tag and Cookie Mechanisms to stop
  Denial of Service Attacks
• SCTP specifies the use of IPSec if strong
  security is required
• RFC 3436 describes the usage of the Transport
  Layer Security (TLS) protocol, as defined in RFC
  2246, over the Stream Control Transmission
  Protocol (SCTP)