SCTP Architecture

SCTP is designed to address the shortcomings in TCP. It uses mechanisms, such as four-way handshake to prevent DoS attacks. The SCTP architecture defines packet format that contains additional fields, such as cookie and verification tag, to avoid SYN flooding. The SCTP architecture includes improved congestion control algorithms that are effective in controlling congestion in unstable networks.

This section addresses the following topics:

SCTP in the IP Stack

Figure 1-1 illustrates a typical IP stack and denotes the layer in which SCTP is located.

Figure 1-1 The Internet Protocol Stack

An Internet protocol stack contains several layers and each layer provides a specific functionality. Following are the layers in an IP stack and their functionalities:

The physical layer defines the physical means of sending data over network devices.
The data link layer transfers data between network entities, and detects and corrects errors that can occur in the physical layer.
The network layer routes data packets from the sender to the receiver in the network. The most common network layer protocol is IP.
The transport layer enables transfer of data between endpoints using the services of the network layer. This layer has two primary protocols, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). TCP supports reliable and sequential packet delivery through error recovery and flow control mechanisms. UDP is a simple message-based connectionless protocol compared to TCP. SCTP is yet another transport layer protocol that application developers can use to transmit data between endpoints.
The socket layer provides the transport layer with an interface to interact with the application layer. The socket layer contains a set of APIs, which facilitate the transport layer to interface with the application layer.
The application layer provides application programs with an interface to communicate and transfer data across the network. All application layer protocols use the sockets layer as their interface, to interact with the transport layer protocol.

Connection Setup in SCTP

This section discusses the connection setup between two endpoints in TCP and SCTP. It also discusses how the connection setup in SCTP prevents the DoS attack.

Both TCP and SCTP initiate a new connection with a packet handshake. TCP uses a three-way handshake to set up a new connection, whereas SCTP uses a four-way handshake to set up a new connection.

Figure 1-2 illustrates the three-way handshake in TCP.

Figure 1-2 Three-Way Handshake in TCP

The following steps describe the three-way handshake in TCP:

Host A sends a Synchronize (SYN) packet to Host B.
Upon receiving the SYN packet, Host B allocates resources for the connection and sends a Synchronize-Acknowledge (SYN-ACK) packet to Host A.
Host A sends an ACK packet to confirm the receipt of the SYN-ACK packet.
The connection is set up between Host A and Host B, and Host A can now start sending data to Host B.

Figure 1-3 illustrates the four-way handshake in SCTP.

Figure 1-3 Four-Way Handshake in SCTP

The following steps describe the four-way handshake in SCTP:

Host A initiates an association by sending an INIT packet to Host B.
Host B responds with an INIT-ACK packet that contains the following fields:
- A Verification tag
- A Cookie
The TCP SYN-ACK packet does not contain these fields. The cookie contains the necessary state information, which the server uses to allocate resources for the association. The cookie field includes a signature for authenticity and a timestamp to prevent replay attacks using old cookies. Unlike TCP, Host B in SCTP does not allocate resources at this point in the connection. The verification tag provides a key that enables Host A to verify that the SCTP packet belongs to the current association.
Host A sends the COOKIE-ECHO packet to Host B. If Host A has a forged IP address, it never receives the INIT-ACK chunk. This prevents Host A from sending the COOKIE-ECHO packet. As a result, the conversation ends without the server allocating any resources for the connection.
Host B responds with a COOKIE-ACK chunk and allocates resources for the connection.
The connection is now established between Host A and Host B. Host A can now start sending data to Host B.

In SCTP, the transfer of data may be delayed because of the additional handshake. The four-way handshake may seem to be less efficient than a three-way handshake. To overcome this delay, SCTP permits data to be exchanged in the COOKIE-ECHO and COOKIE-ACK chunks.

SCTP Packet

SCTP transmits data in the form of messages and each message contains one or more packets.

Figure 1-4 illustrates an SCTP packet format.

Figure 1-4 SCTP Packet Format

An SCTP packet contains a common header, and one or more chunks. The SCTP common header contains the following information:

Source and destination port numbers to enable multiplexing of different SCTP associations at the same address.
A 32-bit verification tag that guards against the insertion of an out-of-date or false message into the SCTP association.
A 32-bit checksum for error detection. The checksum can be either a 32-bit CRC checksum or Adler-32 checksum.

A chunk can be either a control chunk or a DATA chunk. A control chunk incorporates different flags and parameters, depending on the chunk type. The DATA chunk incorporates flags to control segmentation and reassembly, and parameters for the transmission sequence number (TSN), Stream Identifier (SID) and Stream Sequence Number (SSN), and a Payload Protocol ID. The DATA chunk contains the actual data payload.

Each control and data chunk in the SCTP packet contains the following information:

Chunk Type

This field identifies the type of information contained in the Chunk Data field. The value of the chunk field ranges from 0 to 254. The value 255 is reserved for future use, as an extension field. SCTP consists of one DATA chunk and 12 control chunks.

Table 1-1 lists the definitions and parameters of the different chunk types.

Table 1-1 Chunk Types

Chunk	Definition
Payload Data (`DATA`)	Used for data transfer.
Initiation (`INIT`)	Initiates an SCTP association between two endpoints.
Initiation Acknowledgement (`INIT ACK`)	Acknowledges the receipt of an `INIT` chunk. The receipt of the `INIT ACK` chunk establishes an association.
Selective Acknowledgement (`SACK`)	Acknowledges the receipt of the `DATA` chunks and also reports gaps in the data.
Cookie Echo (`COOKIE ECHO`)	Used during the initiation process. The endpoint initiating the association sends the `COOKIE ECHO` chunk to the peer endpoint.
Cookie Acknowledgement (`COOKIE ACK`)	Acknowledges the receipt of the `COOKIE ECHO` chunk. The `COOKIE ACK` chunk must take precedence over any `DATA` chunk or `SACK` chunk sent in the association. The `COOKIE ACK` chunk can be bundled with `DATA` chunks or `SACK` chunks
Heartbeat Request (`HEARTBEAT`)	Tests the connectivity of a specific destination address in the association.
Heartbeat Acknowledgement (`HEARTBEAT ACK`)	Acknowledges the receipt of the `HEARTBEAT` chunk.
Abort Association (`ABORT`)	Informs the peer endpoint to close the association. The `ABORT` chunk also informs the receiver of the reason for aborting the association.
Operation Error (`ERROR`)	Reports error conditions. The `ERROR` chunk contains parameters that determine the type of error.
Shutdown Association (`SHUTDOWN`)	Triggers a graceful shutdown of an association with a peer endpoint.
Shutdown Acknowledgement (`SHUTDOWN ACK`)	Acknowledges the receipt of the `SHUTDOWN` chunk at the end of the shutdown process.
Shutdown Complete (`SHUTDOWN COMPLETE`)	Concludes the shutdown procedure.

Chunk Flag

This field contains the flags, such as U (unordered bit), B (beginning fragment bit), and E (ending fragment bit). Usage of this field depends on the chunk type specified in the chunk type field. Unless otherwise specified, SCTP sets this field to 0 while transmitting the packet and ignores the chunk flag on receipt of the packet.

Chunk Length

This field represents the size of the fields chunk type, chunk flag, chunk length, and chunk value, in bytes.

Chunk Data

This field contains the actual information to be transferred in the chunk. The usage and format of this field depends on the chunk type.

The number of chunks in an SCTP packet is determined by the MTU size of the transmission path. Multiple chunks can be bundled into one SCTP packet except the INIT, INIT ACK, and SHUTDOWN COMPLETE chunks. The SCTP packet size must not be more than the MTU size.

The SCTP packet format supports bundling of multiple DATA and control chunks into a single packet, to improve transport efficiency. An application can control bundling, to avoid bundling during initial transmission. Bundling occurs on retransmission of DATA chunks, to reduce the possibility of congestion. If the user data does not fit into one packet, SCTP fragments data into multiple chunks.

For more information on the SCTP packet format, see RFC 2960 (Stream Control Transmission Protocol).

Congestion Control in SCTP

SCTP uses various congestion control algorithms to effectively handle network failures or unexpected traffic surges, and ensures quick recovery from data congestion. SCTP and TCP support the same set of congestion control algorithms. Following are the congestion control algorithm supported by SCTP:

Slow Start and Congestion Control
Fast Retransmit and Fast Recovery

However, in SCTP, the congestion control algorithms are modified to suite the protocol-specific requirements.

For information on the TCP congestion control algorithms, see RFC 2581 (TCP Congestion Control).

This section addresses the following topics:

Slow Start and Congestion Avoidance Algorithms

The slow start and congestion avoidance algorithms are used to control the amount of outstanding data being injected into the network. SCTP uses the slow start algorithm at the beginning of the transmission, when the network condition is unknown, and also in repairing loss detected by the retransmission timer. SCTP slowly probes the network to determine the available capacity of the network to avoid congestion in the network. If SCTP detects a congestion in the network, it switches to the congestion avoidance algorithm to manage the congestion.

The slow start and congestion avoidance algorithms use the following congestion control variables:

Congestion window (cwnd)

Specifies the limit on the amount of data the sender can transmit through the network, before receiving an acknowledgement. This variable is maintained for each destination address.

Receiver window (rwnd)

Specifies the receiver’s limit on the amount of outstanding data.




	NOTE: The minimum value of the `cwnd` and `rwnd` variables determine the amount of data transmission.

Slow start threshold (ssthresh)

Determines whether the slow start or congestion avoidance algorithm must be used to control data transmission.

Partial Bytes Acknowledged(partial_byte_acked)

Adjusts of the cwnd parameter.

In an SCTP connection, the sender uses the slow start algorithm if the value of cwnd is less than the ssthresh value. If the value of cwnd is greater than the ssthresh value, the sender uses the congestion avoidance algorithm. If the values for cwnd and ssthresh are same, the sender can use either the slow start or congestion avoidance algorithm. Unlike TCP, an SCTP sender must store the cwnd, ssthresh, and partial_bytes_acked congestion control variables for each destination address of the peer. However, the sender needs to store only one rwnd value for the whole association, irrespective of whether the peer is multihomed or contains only one address.

Fast Retransmit and Fast Recovery

The fast retransmit congestion control algorithm is used to intelligently retransmit missing segments of information in an SCTP association. When a receiver in an SCTP connection receives a DATA chunk out of sequence, the receiver sends a SACK packet with the unordered TSN, to the sender. The fast retransmit algorithm uses four SACK packets to indicate loss of data, and retransmits DATA without waiting for the retransmission timer to timeout. After the fast retransmit algorithm sends the DATA that appears to be missing, the fast recovery algorithm controls the transmission of new data until all the lost segments are retransmitted.

SCTP Architecture

Technical documentation

» Table of Contents