1、Stream Control Transmission Protocol(SCTP)Where is SCTP in the stack?applicationIPIPIPIPIPapplicationSCTP DCCPUDP liteSCTP DCCPUDP liteIPIPTransportUDP TCPUDP TCPCHAOS!A Brief HistoryPrimary motivation:Transportation of telephony signaling messages over IP networksRFCs RFC 2960 Stream Control Transm
2、ission Protocol RFC 3257-SCTP Applicability Statement RFC 3286-An introduction to SCTP RFC 3309 SCTP Checksum Change RFC 3436 Transport Layer Security over SCTP RFC 3758 SCTP Partial Reliability ExtensionSCTP History Origins:Public Telephone Network SignalingSS7 over IP(IETF Sigtran working group)Cu
3、rrent home:IETF TSVWG(Transport Services Working Group)IETF recognizes broader scope Proposed Standard-RFC2960Supported by industry:Participation in Bakeoffs:ADAX-Cisco HP/Compaq-Data Connection-DataKinetics-Ericsson-Hughes Software-IBM-Motorola Netbricks-Nokia-Open SS7-Performance Technologies-Radi
4、Sys -Siemens Spider-Sun Microsystems-Telesoft Technologies-Toshiba-Ulticom-WiproImplementations:AIX,FreeBSD,Linux,QNX,Solaris,True64,IOS(Cisco Routers),Sony PlayStation II,Mac OS,moreMunich 6/0012Research Triangle Park10/0022Sophia Antipolis 4/0119San Jose(Connectathon)2/026U.of Essen(Germany)9/0220
5、Bakeoffs Date AttendU of Delaware6/03Muenster(Germany)7/0411SCTP Feature SummaryStart with TCP:reliable(retransmissions)congestion controlledconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message boundaries multistreaminginstead of one ordered stream,up t
6、o 64K independent ordered streams multihoming instead of one IP address per endpointa set of IP addresses per endpoint1RTTSYN-ACKclosedlistent=0SYNSYN sentACKdata establishedestabdABTCP Connection SetupSYN recd(TCB created)SYNvictimFlooded!SYN Flooding AttackTCBTCBTCBTCBTCB There is no ACK in respon
7、se to the SYN-ACK,hence connection remains half-open Other genuine clients cannot open connections to the victim The victim is unable to provide serviceattackers128.3.4.5192.10.2.8221.3.5.10SYNSYN190.13.4.1228.3.14.5130.2.4.15Unavailable,reserved resourcesV:Verification tagI:Initiate tag1RTTINITACK(
8、V=TagA)(I=TagB)(StateCookie)closedclosedt=0INIT(V=0)(I=TagA)cookiewaitCOOKIEECHO(V=TagB)(StateCookie)cookieechoeddata(V=TagB)established2RTTCOOKIEACK(V=TagA)estabdABSCTP Association SetupWhats in a cookie?Information from original INIT Information from current INIT-ACK Timestamp Life span of cookie(
9、Time to live)Signature for authentication(SHA-1,MD5,etc.)Graceful ShutdownSHUTDOWNSHUTDOWN-ACKSHUTDOWN-COMPLETEApp signals shutdownShutdown pending(pending data)Shutdown sent(pending data)Shutdown receivedShutdown-Ack sentClosedClosedABSCTP Feature SummaryStart with TCP:reliable(retransmissions)cong
10、estion controlledconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message boundaries multistreaminginstead of one ordered stream,up to 64K independent ordered streams multihoming instead of one IP address per endpointa set of IP addresses per endpointMessag
11、e Boundaries UDP honors message boundaries Each app message becomes a datagram TCP does not honor message boundaries App messages become part of a byte stream SCTP maintains message boundaries Each app message is maintained as one or more data chunksChunks in SCTPSource PortDestination PortVerificat
12、ion TagChecksumChunk 1Chunk NCommon Header Building blocks of an SCTP PDU Two kinds control chunks and data chunks data chunks are smallest atomic data unitsChunksSCTPPDUSCTP Chunk FormatTypeFlagsLengthChunk DataType e.g.Data,Init,SACKFlags bit meanings depend on typeLength includes type,flags,lengt
13、h,and data/parametersSome Chunk Types0 x00DATAUser data0 x01INIT SYN0 x02INIT-ACK0 x03SACKSelective ACK0 x04HEARTBEATKeep-alive message0 x05HEARTBEAT-ACK0 x07SHUTDOWNFIN0 x08SHUTDOWN-ACKExample INIT ChunkChunk Type 0 x01Flags=0Length=0 x14Initiation TagReceiver WindowOutbound StreamsMaximum Inbound
14、StreamsInitial Transmission Sequence Number(TSN)Parameter type 0 x05Parameter Length=0 x0008IPv4 AddressParameter type 0 x06Parameter Length=0 x0014IPv6 AddressPermanent parameters for INITSome possible optional parameters for INIT.Length of options limited only by path MTU size.(0 x30)031Data Chunk
15、Type=0 x00Flags=UBELengthTransmission Sequence Number(TSN)Stream Identifier(SID)Stream Seq.Num.(SSN)User supplied Payload Protocol IdentifierUser Data031SACK ChunkType=0 x3Flags=0Length=variableCumulative TSN acknowledgementAdvertised receiver windowNum.Gap ACK blocks=NNum.duplicates=XGap ACK blk#1
16、start TSN offsetGap ACK blk#1 end TSN offset.Gap ACK blk#N start TSN offsetGap ACK blk#N end TSN offsetDuplicate TSN 1.Duplicate TSN XOffset is relative to cumulative TSN.GAP ACK blocks are blocks received after cum TSN.031Chunk Bundling in SCTP Multiple chunks in one SCTP PDU Control chunks bundled
17、 before data chunks Chunk boundary cannot cross SCTP PDU boundary Optional at sender,but receiver has to supportSource PortDestination PortVerification TagChecksumChunk 1Chunk NCommon HeaderBundlingSCTPPDUSCTP PDUMessage 1Message 2SCTP Common HeaderSCTP Control ChunksData Chunk HeadersData ChunksSCT
18、P PDUFragmentation/Reassembly in SCTPUBEDescription*10(Begin)First Piece of fragmented message*00Middle piece of fragmented message*01(End)Last piece of fragmented message*11Non-fragmented message*U set to 1 specifies unordered messageNote:Fragmentation req.sequential TSNsLarge messages are fragment
19、ed and encapsulated into several data chunksReassembled before delivery to receiving appFragmentation ExampleStream 2 messageU=0,B=1,E=0TSN=6SID=2SSN=1 First data frag.U=0,B=0,E=0TSN=7SID=2SSN=1 Second data frag.E.g.Message for Stream 2 from app exceeds PMTU.U=0,B=0,E=1TSN=8SID=2SSN=1 Last data frag
20、.Part of Data Chunk HeaderUpon completion,Stream Sequence Number incrementsUnordered delivery Streams by definition are ordered Unordered data may be sent in a stream(U bit=1)SSN is ignored for U=1 Unordered messages should be processed firstSCTP Feature SummaryStart with TCP:reliable(retransmission
21、s)congestion controlledconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message boundaries multistreaminginstead of one ordered stream,up to 64K independent ordered streams multihoming instead of one IP address per endpointa set of IP addresses per endpoint
22、Head-of-Line Blocking in TCPSRACK 2123456ACK 3ACK 3ACK 3PDU 3 is blocking the head of the line.12Rs AppACK 3Head-of-line Blocking TCP provides a single data stream When a segment is lost,subsequent segments must wait to be processed.Problem for some applications(telephony)SCTP provides multiple inde
23、pendent streams per associationSCTP Multistreaming Logical separation of data within an assoc Designed to prevent head-of-line blocking Can be used to deliver multiple objects belonging to the same assoc Eg:objects on a webpage,multimedia streams(audio/video/text),files in an FTP mgetHead-of-Line Bl
24、ocking in SCTPSR1:1NOTE:An SCTP ACK a cum ack based onTSN.App LayerTransport LayerApp LayerSID:SSN1:1,3:1ACK 2ACK 23:2,1:3,2:11:21,24,5,6TSNs7,8,91:4,2:2,3:3ACK 22:2,3:33:2,2:11:1,3:1SID:SSN3:11:23:21:32:12:23:31:43(all ordered streams)undeliveredHead-of-Line Blocking in SCTPSR1:aApp LayerTransport
25、LayerApp LayerSID:SSN3:1,1:aACK 2ACK 23:2,2:1,1:c1:b1,24,5,6TSNs7,8,92:2,3:4,1:dACK 22:2,3:3,1:d3:2,2:1,1:c3:1,1:aSID:SSN3:11:b1:c3:22:12:23:31:d3(stream 1 unordered)Only blocked messageLetters show unordered chunks w/in a stream.U bit is set&SSN is ignored.SCTP Multi-Homing Multiple src/dest ip add
26、resses Use of different physical paths not guaranteed Peer reachability and path status are monitored(heartbeat)One selectable default destination Parameters per path(cwnd,ssthresh,RTT)IP networkIP A2IP B2IP B1IP B3IP A1SCTP Feature SummaryStart with TCP:reliable(retransmissions)congestion controlle
27、dconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message boundaries multistreaminginstead of one ordered stream,up to 64K independent ordered streams multihoming instead of one IP address per endpointa set of IP addresses per endpointWhat is SCTP Multihomi
28、ng?Host AA1A2Host BB1B2InternetISPISPISPISPHosts pick 1 of 4 possible TCP connections:(A1,B1),(A1,B2),(A2,B1),(A2,B2)Hosts use 1 SCTP association:(A1,A2,B1,B2)Selectable“primary”dest:Host A B1;Host B A1New data sent only to primary destinationPath status and reachability monitored(hearbeats)SCTP Mul
29、tihomingWhy important?multihoming is now happening on wide scalewired+wireless,multiple ISPs,etc.Key Research Problemsfault toleranceload sharing(concurrent transfer)SCTP Research at PELISP 1ISP 2ISP 3ISP 6ISP 5ISP 4InternetConcurrent Multipath Transfer(CMT)Existing Paths With TCPWithcurrent SCTPWit
30、h CMTPath 2Path 1Path 3CMT ProtocolsCMTnaiveSCTP(RFC 2960)with 1 modificationmodified SCTP to send new data to all destinations concurrentlysignificant reordering observedCauses unnecessary fast retransmitsCauses incorrect cwnd growth Where should retransmissions be sent?What should sender do if pat
31、hs intersect?CMTsmartCMTnaive with 3 proposed algorithms*split fast retransmit(“SFR-CACC”)algorithm cwnd update(“CUC”)algorithmdelayed ack(“DAC”)algorithmRetransmissions sent to destination with largest ssthresh http:/www.cis.udel.edu/iyengar/publications/SCTP Retransmission Policy Current retransmi
32、ssion policy Retransmit to an alternate destination,if exists Attempts to improve chances of success No prior research to demonstrate benefits this policy degrades performance in many cases Alternate solutions Retransmit to same dst Fast retransmit to same dst,Timeouts to alternate dst Multiple Fast
33、 Retransmit Algorithm Failover:Parameter Settings Investigate and improve performance during failover How do you decide when to failover to an alternate path?Default parameter settings and algorithms in SCTP take too long This work investigates alternate parameter settings and algorithms SCTP Shim M
34、igrate existing TCP applications to SCTP transparently Application gains:fault tolerance,SACK supporthttp:/www.cis.udel.edu/bickhart/research.htmlOther PEL Contribution SCTP module for ns-2(in ver 2.27 or greater)most widely used network simulator in research community downloaded and used by several
35、 researchers part of coursework/course projects(UCLA,TAMU,UF,)SCTP module for tcpdump(in ver.3.7 or greater)Available at http:/pel.cis.udel.edu Services/FeaturesSCTPTCPUDPConnection-oriented yesyesnoFull duplex yesyesyesReliable data transfer yesyesnoPartial-reliable data transfer proposednonoFlow c
36、ontrol yesyesnoTCP-friendly congestion control yesyesnoECN capable yesyesnoOrdered data delivery yesyesnoUnordered data delivery yesnoyesUses selective ACKs yesoptionalnoPath MTU discovery yesyesnoApplication PDU fragmentation yesyesnoApplication PDU bundling yesyesnoPreserves application PDU bounda
37、ries yesnoyesMultistreaming yesnonoMultihoming yesnonoProtection against SYN flooding attack yesnon/aAllows half-closed connections noyesn/aReachability check yesyesnoPseudo-header for checksum no(uses vtags)yesyesTime wait state for vtagsfor 4-tuple n/aResources Randall R.Stewart,Qiaobing Xie,2002,
38、“Stream Control Transmission Protocol(SCTP)A Reference Guide Stewart et.al.,Stream Contol Stream Transmission Protocol RFC-2960,October 2000.URL:http:/www.ietf.org/rfc/rfc2960.txt Ong L.and J.Yoakum,May 2002,“An Introduction to the Stream Control Transmission Protocol(SCTP)”URL:http:/www.ietf.org/rf
39、c/rfc3286.txt Caro Jr.et al,“SCTP:A Proposed Standard for Robust Internet Data Transport”,November 2003,IEEE Computerhttp:/www.eecis.udel.edu/amer/PEL/poc/index.html#pubs Protocol Engineering Lab:http:/pel.cis.udel.edu Questions?Extra slidesOutlinethose in the audienceWhat are the components of the
40、Internet?those in computer scienceWhat is a transport protocol?those who have taken networksWhat is SCTP?those who know TCP SCTP researchbrief personal commentsResearch Project I:Improving FTP Using SCTP MultistreamingFile Transfer ProtocolFTP servercontrol connectiondata connectionFTP clientn+1 TCP
41、 connectionsClassic FTP over TCPPORT200SYNNLSTSYN-ACKACK150NAME LISTFINFIN-ACK226ACKPORT200SIZE213RETRSYNSYN-ACKACK150DATAFINFIN-ACK226ACKClientServerRedundant round tripsUsing multistreaming in FTPFTP serverFTP clientcontrol streamdata stream1 SCTP association Server ClientPORT200NLSTSYNSYN-ACKACK1
42、50DATAFIN 226 FIN-ACKPORTACK200213RETRSYNSYN-ACKACK150DATAFIN 226SIZEFTP over TCPNLST150DATA 226213SIZE150DATA 226SIZE Client ServerFTP over multistreamed SCTP with command pipelining213RETRRETR Server ClientNLST150DATA 226213RETR150DATA 226SIZEFTP over multistreamed SCTPNLST150Name List226SIZE213RE
43、TR150DATA226ClientServerNLST150Name List226SIZE213RETR150DATA226ClientServerSIZERETR213stream 0stream 0stream 0stream 0stream 1stream 0stream 0stream 0stream 1stream 0stream 0stream 0stream 0stream 0stream 0stream 1stream 0stream 0stream 0stream 0stream 1stream 0FTP over multistreamedSCTPFTP over mu
44、ltistreamedSCTP with command pipeliningstream 0Experimental SetupFTP serverFTP clientTraffic shaperbandwidth=BW delay=Dbandwidth=BW delay=DBandwidth-Delay Configurations:1Mbps-35ms:US end-to-end coast 256Kbps-125ms:Satellite communication 3Mbps-1ms:UAV communicationLoss probability:0,.01,.03,.06,.10
45、Loss probability distribution:UniformFile sizes:10K,50K,200K,500K,1MNumber of files transferred:10,100configuration:1Mbps -35msEnd-to-End configuration:BW=1Mbps,RTT=70msconfiguration:256Kbps-125msEnd-to-End configuration:BW=256Kbps,RTT=250msEnd-to-End configuration:BW=1Mbps,RTT=70msEnd-to-End config
46、uration:BW=1Mbps,RTT=70msResultsFTP over SCTP with multistreaming/pipelining dramatically reduces end-to-end latency in multiple file transfers,and in a TCP-friendly manner reduces the server load(by decreasing the number of connections)reduces the network load maintains simplicity at the application