SCTP Technical Tutorial - University of Belgrade

Download Report

Transcript SCTP Technical Tutorial - University of Belgrade

LongReach Technical Tutorial
John Rumsey
Senior Systems Engineer
LongReach Networks
Technical Tutorial – Stream Control Transmission Protocol
Page 1
Stream Control Transmission Protocol
• Next Generation Networks
• TCP – Transmission Control Protocol
• SCTP – Stream Control Transmission Protocol
• User Adaptation Layers for SCTP
• SCTP Packets
• Establishing the Connection (Association)
• Data Transmission
• Closing the Connection (Association)
• Multihoming Operation
• Congestion Control
• Security Issues
Technical Tutorial – Stream Control Transmission Protocol
Page 2
Next Generation Networks
Softswitch or
Media Gateway Controller
TeS
Media Gateway
Control Protocol
Legacy ISDN
Subscriber
IP Network
MGW
MGW
Media
Gateway
Media
Gateway
Technical Tutorial – Stream Control Transmission Protocol
PBX
PBX
Legacy ISDN
Subscriber
Page 3
Next Generation Networks
Softswitch or
Media Gateway Controller
TeS
Media Gateway
Control Protocol
Legacy ISDN
Subscriber
IP Network
MGW
MGW
Media
Gateway
Media
Gateway
Technical Tutorial – Stream Control Transmission Protocol
PBX
PBX
Legacy ISDN
Subscriber
Page 4
Next Generation Networks
Softswitch or
Media Gateway Controller
TeS
Media Gateway
Control Protocol
Legacy ISDN
Subscriber
IP Network
MGW
MGW
Media
Gateway
Media
Gateway
Technical Tutorial – Stream Control Transmission Protocol
PBX
PBX
Legacy ISDN
Subscriber
Page 5
Next Generation Networks
Softswitch or
Media Gateway Controller
TeS
Media Gateway
Control Protocol
Legacy ISDN
Subscriber
IP Network
Voice Connection
MGW
MGW
Media
Gateway
Media
Gateway
Technical Tutorial – Stream Control Transmission Protocol
PBX
PBX
Legacy ISDN
Subscriber
Page 6
How are Services are carried over IP
 Voice is carried over IP using “Real Time Protocol” but how is
signalling carried?
PBX
?? PBX Signalling / RTP or UDP or TCP / IP ??
TeS
MGW
Media
Gateway
MGW
Technical Tutorial – Stream Control Transmission Protocol
Softswitch or
Media Gateway
Controller
Page 7
TCP - Transmission Control Protocol
Good Points
• Provides Reliable, In-Sequence delivery of data packets
• Supports Congestion Control and Avoidance Features
Bad Points
• TCP transports a byte stream which must be delivered in order
• Doesn’t Support Multistreaming
• Vulnerable to Denial of Service Attacks
• Doesn’t support Multihoming or Path Monitoring
Technical Tutorial – Stream Control Transmission Protocol
Page 8
Stream Control Transmission Protocol
 SCTP has been specifically designed to provide reliable, error free
transport of message oriented applications over IP
PBX
PBX Signalling
MGW
Steam Control Transmission Protocol
Media
Gateway
TeS
Softswitch or
Media Gateway
Controller
 Supports the good aspects of TCP and fixes the bad aspects of TCP
Technical Tutorial – Stream Control Transmission Protocol
Page 9
Stream Control Transmission Protocol
 SCTP provides the backhauling of signalling messages between a
Signalling Gateway and a Media Gateway Controller, over an IP
network
Signalling Gateway
PBX
SCTP
MGW
Media
Gateway
Technical Tutorial – Stream Control Transmission Protocol
TeS
Softswitch or
Media Gateway
Controller
Page 10
Stream Control Transmission Protocol
PBX
PBX
PBX
 Supports multiple signalling streams over a
single SCTP connection (association)
PBX
Signalling Gateway
PBX
PBX
SCTP
Media
Gateway
TeS
Softswitch or
Media Gateway
Controller
PBX
PBX
PBX
PBX
MGW
Technical Tutorial – Stream Control Transmission Protocol
Page 11
Stream Control Transmission Protocol
PBX
PBX
PBX
User Adaptation Layer
PBX
Signalling Gateway
PBX
PBX
xUA / SCTP
Media
Gateway
TeS
Softswitch or
Media Gateway
Controller
PBX
PBX
PBX
PBX
MGW
Technical Tutorial – Stream Control Transmission Protocol
Page 12
User Adaptation Layers for SCTP
• IUA/SCTP
The transport of ISDN Q.921 user messages over IP
• DUA/SCTP
The transport of DASS/DPNSS messages over IP
• V5UA/SCTP
The transport of V5.2 messages over IP
• MTP2/SCTP
The transport of Signalling System 7 Message Transfer Part 2 (SS7 MTP2) user
signalling messages over IP
• MTP3/SCTP
The transport of any SS7 MTP3 - User signalling (e.g., ISUP and SCCP messages)
over IP
• SUA/SCTP
The transport of any Signalling Connection Control Part - User signalling over IP
Technical Tutorial – Stream Control Transmission Protocol
Page 13
Why Use SCTP?
 SCTP is a reliable transport protocol
 Specifically designed for transport of message oriented applications
 Acknowledged error free transfer of messages
 Detection of data corruption, loss of data and duplication of data
 Selective retransmission to correct lost or corrupted data
 Heartbeat actively monitors connectivity of session
 Resistance to Denial of Service attacks
 Supports several streams within a connection (or association)
Technical Tutorial – Stream Control Transmission Protocol
Page 14
SCTP Stream
SCTP Node A
SCTP Node B
SCTP User
Application
Same layer as TCP
and UDP applications
SCTP User
Application
SCTP
Transport
Service
Same layer as
TCP and UDP
SCTP
Transport
Service
IP Network
Service
IP Network Transport
Technical Tutorial – Stream Control Transmission Protocol
IP Network
Service
Page 15
SCTP Packets
• An SCTP packet forms the payload of an IP packet
Type
Value
Length
Flags
Type
Checksum
Verification
Tag
N
2
1
1
N
2
1
1
4
4
Destination
Port
Source
Port
Flags
SCTP Header
Length
Chunk 1
Value
Chunk N
2
2
• An SCTP packet consists of a 12 byte common header
and one or more “Chunks”
Technical Tutorial – Stream Control Transmission Protocol
Page 16
SCTP Header
Source Port & Destination Port
- Uses same port concept as TCP and UDP
Verification
Tag
- Exchanged between endpoints at startup
- 2 per Association
- To Validate the sender
Checksum
Verification Tag
4
4
Destination
Port
Source
Port
SCTP Header
Checksum
- Protected by 32 bit checksum (CRC32
algorithm)
Technical Tutorial – Stream Control Transmission Protocol
2
2
Page 17
Chunks
Type
Value
Length
Flags
Type
Checksum
Verification
Tag
N
2
1
1
N
2
1
1
4
4
Technical Tutorial – Stream Control Transmission Protocol
Destination
Port
Source
Port
Flags
SCTP Header
Length
Chunk 1
Value
Chunk N
2
2
Page 18
Chunks
Type
- Used to distinguish data chunks and different
types of control chunks
Chunk
N
2
1
Type
Flags
Length
Value
Flags
1
- Usage depends on Chunk type
Length
- Required because chunks have a variable
length
Value
- Payload field
Technical Tutorial – Stream Control Transmission Protocol
Page 19
Type
Flags
Length
Value
0
Payload Data
Chunk Types
1
Initiation
2
Initiation Acknowledgement
3
Selective Acknowledgement
4
Heartbeat Request
5
Heartbeat Acknowledgement
6
Abort
7
Shutdown
8
Shutdown Acknowledgement
Chunk
9
Operation Error
10
State Cookie
11
Cookie Acknowledgement
12
Reserved for Explicit Congestion Notification Echo
13
Reserved for Congestion Window Reduced
14
Shutdown Complete
15-62 Reserved by IETF
N
2
1 1
63
IETF-defined Chunk Extensions
64-126 Reserved by IETF
127
IETF-defined Chunk Extensions
128-190 Reserved by IETF
191
IETF-defined Chunk Extensions
192-254 Reserved by IETF
255
IETF-defined
Chunk Extensions
Technical Tutorial – Stream Control
Transmission
Protocol
Page 20
Establishing the Association
SCTP
Endpoint A
CLOSED STATE
SCTP
Endpoint B
INIT chunk
CLOSED STATE
COOKIE-WAIT
INIT-ACK chunk (contains COOKIE)
COOKIE-ECHO chunk
COOKIE-ECHOED
ESTABLISHED
COOKIE-ACK chunk
ESTABLISHED
DATA chunk(s)
Technical Tutorial – Stream Control Transmission Protocol
Page 21
Establishing the Association
SCTP
Endpoint A
CLOSED STATE
SCTP
Endpoint B
INIT chunk
CLOSED STATE
COOKIE-WAIT
• Endpoint A sends an “Initiation chunk” and enters the COOKIE
WAIT state
Technical Tutorial – Stream Control Transmission Protocol
Page 22
Initiation (INIT) Chunk
Type = 1
Chunk Flags
Chunk Length
Initiate Tag
Advertised Receiver Window Credit (a_rwnd)
Number of Outbound Streams
Number of Inbound Streams
Initial Transmission Sequence Number (TSN)
Optional/Variable-Length Parameters
IPv4 Address Parameter (Optional Parameter)
Type = 5
Length = 8
IPv4 Address
Technical Tutorial – Stream Control Transmission Protocol
Page 23
Establishing the Association
SCTP
Endpoint A
CLOSED STATE
SCTP
Endpoint B
INIT chunk
CLOSED STATE
COOKIE-WAIT
INIT-ACK chunk
• Endpoint B receives the INIT Chunk and analyses the data
• From the data it generates a secure hash using a secret key
• The values are then put into a COOKIE, along with the derived
message authentication code (MAC)
• The COOKIE is sent to the sender of the INIT Chunk in an INIT
ACK Chunk
• Endpoint B remains in the CLOSED STATE
Technical Tutorial – Stream Control Transmission Protocol
Page 24
Initiation Acknowledgement (INIT ACK) Chunk
Type = 2
Chunk Flags
Chunk Length
Initiate Tag
Advertised Receiver Window Credit (a_rwnd)
Number of Outbound Streams
Number of Inbound Streams
Initial Transmission Sequence Number (TSN)
Optional/Variable-Length Parameters
State Cookie Parameter (Mandatory Parameter)
Type = 7
Parameter Length
Parameter Value
Technical Tutorial – Stream Control Transmission Protocol
Page 25
Establishing the Association
SCTP
Endpoint A
CLOSED STATE
SCTP
Endpoint B
INIT chunk
CLOSED STATE
COOKIE-WAIT
INIT-ACK chunk (contains COOKIE)
COOKIE-ECHO chunk
COOKIE-ECHOED
• Endpoint A takes the COOKIE from the INIT-ACK chunk, places it in a
COOKIE ECHO chunk and returns it to Endpoint B
• Endpoint A enters the COOKIE-ECHOED STATE
Technical Tutorial – Stream Control Transmission Protocol
Page 26
Cookie Echo (COOKIE ECHO) Chunk
Type = 10
Chunk Flags
Length
Cookie
Technical Tutorial – Stream Control Transmission Protocol
Page 27
Establishing the Association
SCTP
Endpoint A
CLOSED STATE
SCTP
Endpoint B
INIT chunk
CLOSED STATE
COOKIE-WAIT
INIT-ACK chunk (contains COOKIE)
COOKIE-ECHO chunk
COOKIE-ECHOED
• Endpoint B unpacks the data contained in the COOKIE and uses the
Message Authentication Code (MAC) to verify whether it was the originator of
this COOKIE
• If the MAC computes OK, the data values contained in the COOKIE are
used to initialise the SCTP instance
Technical Tutorial – Stream Control Transmission Protocol
Page 28
Establishing the Association
SCTP
Endpoint A
CLOSED STATE
SCTP
Endpoint B
INIT chunk
CLOSED STATE
COOKIE-WAIT
INIT-ACK chunk (contains COOKIE)
COOKIE-ECHO chunk
COOKIE-ECHOED
ESTABLISHED
COOKIE-ACK chunk
Technical Tutorial – Stream Control Transmission Protocol
ESTABLISHED
Page 29
Cookie Acknowledgement (COOKIE ACK) Chunk
Type = 11
Chunk Flags
Technical Tutorial – Stream Control Transmission Protocol
Length = 4
Page 30
Data Transmission
SCTP
Endpoint A
ESTABLISHED
STATE
SCTP
Endpoint B
DATA chunk(s)
Technical Tutorial – Stream Control Transmission Protocol
ESTABLISHED
STATE
Page 31
Payload Data Chunk
Type = 0
Reserv. U B E
Length
Transmission Sequence Number (TSN)
Stream Identifier S
Stream Sequence Number N
Payload Protocol Identifier
User Data (seq. n of Stream S)
Technical Tutorial – Stream Control Transmission Protocol
Page 32
Data Transmission
SCTP
Endpoint A
ESTABLISHED
STATE
SCTP
Endpoint B
DATA chunk
SACK chunk
ESTABLISHED
STATE
• The Selective Acknowledgement Chunk is used to
acknowledge received Data Chunks, and to inform
of gaps in the sequence of Data Chunks
Technical Tutorial – Stream Control Transmission Protocol
Page 33
Selective Acknowledgement (SACK) Chunk
Type = 3
Chunk Flags
Chunk Length
Cumulative Transmission Sequence Number (TSN) Ack
Advertised Receiver Window Credit (a_rwnd)
Number of Gap Ack Blocks = N
Number of Duplicate TSNs = X
Gap Ack Block #1 Start
Gap Ack Block #1 End
Gap Ack Block #N Start
Gap Ack Block #N End
Duplicate Transmission Sequence Number (TSN) 1
Duplicate Transmission Sequence Number (TSN) N
Technical Tutorial – Stream Control Transmission Protocol
Page 34
Acknowledging DATA Chunks
SCTP
Endpoint A
SCTP
Endpoint B
DATA chunk TSN=100
DATA chunk TSN=101
DATA chunk TSN=102
DATA chunk TSN=103
DATA chunk TSN=104
DATA chunk TSN=105
DATA chunk TSN=106
DATA chunk TSN=107
DATA chunk TSN=108
SACK chunk Cumulative TSN=108
Technical Tutorial – Stream Control Transmission Protocol
Page 35
Acknowledging DATA Chunks
DATA chunk TSN=109
DATA chunk TSN=110
DATA chunk TSN=111
DATA chunk TSN=112
DATA chunk TSN=113
DATA chunk TSN=114
X
DATA chunk TSN=115
X
DATA chunk TSN=116
DATA chunk TSN=117
DATA chunk TSN=118
DATA chunk TSN=119
DATA chunk TSN=120
DATA chunk TSN=121
DATA chunk TSN=122
DATA chunk TSN=123
X
DATA chunk TSN=124
DATA chunk TSN=125
DATA chunk TSN=126
SACK chunk Cumulative TSN=113
Gap Ack Block #1 Start = +3 End = +9
Gap Ack Block #2 Start = +11 End = +13
Technical Tutorial – Stream Control Transmission Protocol
Page 36
Terminating the Association
• Graceful Termination of an Association
− All outstanding data will be acknowledged before shutdown
• Aborting the Association
− Shutdown immediately on receiving the ABORT chunk
• Special Cases
− Restart of an Endpoint where it uses a new tag value
− Both endpoint send an INIT chunk at about the same time
− Excessive delay of Cookie chunks
Technical Tutorial – Stream Control Transmission Protocol
Page 37
Graceful Termination of the Association
SCTP
Endpoint A
ESTABLISHED
STATE
SHUTDOWN
PENDING STATE
SCTP
Endpoint B
DATA chunk(s)
ESTABLISHED
STATE
SACK chunk
• The initiator of the shutdown enters SHUTDOWN
PENDING state and waits for all outstanding data to
be acknowledged
• It will not accept any new data from it’s upper
layers but will retransmit data to Endpoint B if
necessary
Technical Tutorial – Stream Control Transmission Protocol
Page 38
Graceful Termination of the Association
SCTP
Endpoint A
ESTABLISHED
STATE
SHUTDOWN
PENDING STATE
SCTP
Endpoint B
Payload Data chunk(s)
ESTABLISHED
STATE
SACK chunk
SHUTDOWN chunk
SHUTDOWN
SENT STATE
SHUTDOWN
RECEIVED STATE
• Endpoint A sends a SHUTDOWN chunk to
Endpoint B and enters the SHUTDOWN SENT state
• On receipt of the SHUTDOWN chunk, Endpoint B
enters the SHUTDOWN RECEIVED state
Technical Tutorial – Stream Control Transmission Protocol
Page 39
Shutdown Association (SHUTDOWN) Chunk
Type = 7
Chunk Flags
Length = 8
Cumulative Transmission Sequence Number (TSN) Ack
Technical Tutorial – Stream Control Transmission Protocol
Page 40
Graceful Termination of the Association
SCTP
Endpoint A
ESTABLISHED
STATE
SHUTDOWN
PENDING STATE
SCTP
Endpoint B
Payload Data chunk(s)
ESTABLISHED
STATE
SACK chunk
SHUTDOWN chunk
SHUTDOWN
SENT STATE
SHUTDOWN
RECEIVED STATE
SACK chunk
• Endpoint B waits for all outstanding data to be
acknowledged
• It will not accept any new data from it’s upper
layers but will retransmit data to Endpoint A if
necessary
Technical Tutorial – Stream Control Transmission Protocol
Page 41
Graceful Termination of the Association
SCTP
Endpoint A
ESTABLISHED
STATE
SHUTDOWN
PENDING STATE
SCTP
Endpoint B
Payload Data chunk(s)
ESTABLISHED
STATE
SACK chunk
SHUTDOWN chunk
SHUTDOWN
SENT STATE
SHUTDOWN
RECEIVED STATE
SACK chunk
SHUTDOWN ACK chunk
SHUTDOWN ACK
SENT STATE
• Endpoint B sends a SHUTDOWN ACK chunk to
Endpoint A and enters the SHUTDOWN ACK SENT
state
Technical Tutorial – Stream Control Transmission Protocol
Page 42
Shutdown Acknowledgement (SHUTDOWN ACK) Chunk
Type = 8
Chunk Flags
Technical Tutorial – Stream Control Transmission Protocol
Length = 4
Page 43
Graceful Termination of the Association
SCTP
Endpoint A
ESTABLISHED
STATE
SHUTDOWN
PENDING STATE
SCTP
Endpoint B
Payload Data chunk(s)
ESTABLISHED
STATE
SACK chunk
SHUTDOWN chunk
SHUTDOWN
SENT STATE
SHUTDOWN
RECEIVED STATE
SACK chunk
SHUTDOWN ACK chunk
CLOSED STATE
SHUTDOWN COMPLETE chunk
Technical Tutorial – Stream Control Transmission Protocol
SHUTDOWN ACK
SENT STATE
CLOSED STATE
Page 44
Shutdown Complete (SHUTDOWN COMPLETE) Chunk
Type = 14
Reserved
T
Technical Tutorial – Stream Control Transmission Protocol
Length = 4
Page 45
Abort Association (ABORT) Chunk
Type = 6
Reserved
Length
T
Zero or more Error Causes
Operation Error (ERROR) Chunk
Type = 9
Length
Chunk Flags
One or more Error Causes
Error Cause
Cause Code
Cause Length
Cause Specific Information
Technical Tutorial – Stream Control Transmission Protocol
Page 46
Error Causes
1. Invalid Stream Identifier
2. Missing Mandatory Parameter
3. Stale Cookie Error
4. Out of Resource
5. Unresolvable Address
6. Unrecognised Chunk Type
7. Invalid Mandatory Parameter
8. Unrecognised Parameters
9. No User Data
10. Cookie Received While Shutting Down
Technical Tutorial – Stream Control Transmission Protocol
Page 47
Multihoming Operation
Both the INIT and INIT ACK
chunks contain lists of IP
addresses, which are exchanged
during INITIATION of association
IP address A1
The Source IP Address in the
INIT chunk is used as the
destination address for the
INIT ACK response
1
INIT ACK
SCTP
Endpoint A
IP address A2
INIT
IP address B1
SCTP
Endpoint B
2
Technical Tutorial – Stream Control Transmission Protocol
IP address B2
Page 48
Multihoming Operation
• Endpoints will monitor data timeouts and the number of
retransmissions to determine the suitability of the path
IP address A1
1
SACK
SCTP
Endpoint A
IP address A2
DATA
DA
IP address B1
SCTP
Endpoint B
2
Technical Tutorial – Stream Control Transmission Protocol
IP address B2
Page 49
Multihoming Operation
• Retransmitted Data chunks will be sent over both paths if the
status of one path is suspect
IP address A1
1
SCTP
Endpoint A
IP address A2
2
DATA
IP address B1
SCTP
Endpoint B
DATA
IP address B2
SACK
Technical Tutorial – Stream Control Transmission Protocol
Page 50
Multihoming Operation
• All faulty paths will be marked as “Out of Service”
Out of Service
IP address A1
X
1
SCTP
Endpoint A
IP address A2
2
IP address B1
SCTP
Endpoint B
DATA
DA
IP address B2
SACK
Technical Tutorial – Stream Control Transmission Protocol
Page 51
Multihoming Operation
• Heartbeat chunks are sent periodically to all inactive IP addresses
• Non responding IP addresses will be marked as Out of Service
Heartbeat
IP address A1
1
Heartbeat Ack
SCTP
Endpoint A
IP address A2
IP address B1
SCTP
Endpoint B
Heartbeat
2
IP address B2
Heartbeat Ack
Technical Tutorial – Stream Control Transmission Protocol
Page 52
Heartbeat Request (HEARTBEAT) Chunk
Type = 4
Chunk Flags
Heartbeat Length
Heartbeat Information TLV (Variable Length)
Heartbeat Acknowledgement (HEARTBEAT ACK) Chunk
Type = 5
Chunk Flags
Heartbeat Ack Length
Heartbeat Information TLV (Variable Length)
Technical Tutorial – Stream Control Transmission Protocol
Page 53
Congestion Control
Basically congestion is controlled by observing the number of
packets lost and modifying the transmission rate accordingly
Congestion Control Window
• Represents the senders view of network conditions
• Dynamically changed to suit network conditions
Receiver Window Size
• Represents the senders view of the receivers incoming buffer space
• Updated by the receiver in SACK chunks (Advertised Receiver Window Credit)
Technical Tutorial – Stream Control Transmission Protocol
Page 54
Congestion Control
Congestion Control Window
Slow Start
Threshold
The Congestion Control Window
dictates how many Data Chunks
can be transmitted before you must
wait for an Acknowledgement
SCTP
Endpoint A
Technical Tutorial – Stream Control Transmission Protocol
DATA
SCTP
Endpoint B
Page 55
Congestion Control
Congestion Control Window
Slow Start
Threshold
If packets are being successfully delivered
and acknowledged. The Congestion
Control Window will be increased.
SCTP
Endpoint A
Technical Tutorial – Stream Control Transmission Protocol
DATA DATA
SCTP
Endpoint B
Page 56
Congestion Control
Congestion Control Window
Slow Start
Threshold
Slow Start
Threshold
If lost packets are being experienced,
the Congestion Control Window will
be reset, and the Slow Start
Threshold may be lowered.
SCTP
Endpoint
A
SACK
SACK
Technical Tutorial – Stream Control Transmission Protocol
DATA
SCTP
Endpoint B
Page 57
Congestion Control Window
Congestion Control
Receiver Buffer Window
Slow Start
Threshold
SCTP
Endpoint
A
SACK
SACK
Technical Tutorial – Stream Control Transmission Protocol
DATA DATA
SCTP
Endpoint B
Page 58
Security Considerations
• Verification Tag and Cookie Mechanisms to stop Denial of Service
Attacks
• SCTP specifies the use of IPSec if strong security is required
• RFC 3436 describes the usage of the Transport Layer Security (TLS)
protocol, as defined in RFC 2246, over the Stream Control
Transmission Protocol (SCTP)
Technical Tutorial – Stream Control Transmission Protocol
Page 59