非常好的傳輸層SCTP協(xié)議教程課件

1、Stream Control Transmission Protocol (SCTP)Where is SCTP in the stack?applicationIPIPIPIPIPapplicationSCTPDCCPUDP liteSCTPDCCPUDP liteIPIPTransportUDPTCPUDPTCPCHAOS !A Brief HistoryPrimary motivation: Transportation of telephony signaling messages over IP networksRFCsRFC 2960 Stream Control Transmis

2、sion ProtocolRFC 3257 - SCTP Applicability StatementRFC 3286 - An introduction to SCTPRFC 3309 SCTP Checksum ChangeRFC 3436 Transport Layer Security over SCTPRFC 3758 SCTP Partial Reliability ExtensionSCTP History Origins:Public Telephone Network SignalingSS7 over IP (IETF Sigtran working group)Curr

3、ent home: IETF TSVWG(Transport Services Working Group)IETF recognizes broader scopeProposed Standard - RFC2960Supported by industry: Participation in Bakeoffs: ADAX - Cisco HP/Compaq - Data Connection - DataKinetics - Ericsson - Hughes Software - IBM - Motorola Netbricks - Nokia - Open SS7 - Perform

4、ance Technologies - RadiSys - Siemens Spider - Sun Microsystems - Telesoft Technologies - Toshiba - Ulticom -WiproImplementations: AIX, FreeBSD, Linux, QNX, Solaris, True64, IOS (Cisco Routers), Sony PlayStation II, Mac OS, moreMunich 6/0012Research Triangle Park10/0022Sophia Antipolis 4/0119San Jos

5、e (Connectathon) 2/026U. of Essen (Germany) 9/0220Bakeoffs Date AttendU of Delaware6/03Muenster (Germany)7/0411SCTP Feature SummaryStart with TCP:reliable (retransmissions) congestion controlledconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message bounda

6、ries multistreaminginstead of one ordered stream, up to 64K independent ordered streams multihoming instead of one IP address per endpointa set of IP addresses per endpoint1RTTSYN-ACKclosedlistent=0SYNSYN sentACKdata establishedestabdABTCP Connection SetupSYN recd(TCB created)SYNvictimFlooded!SYN Fl

7、ooding AttackTCBTCBTCBTCBTCB There is no ACK in response to the SYN-ACK, hence connection remains half-open Other genuine clients cannot open connections to the victim The victim is unable to provide serviceattackers0SYNSYN5Unavailable, reserved resourcesV: Verification tagI: Initiate tag1RTTINITACK

8、 (V=TagA) (I=TagB) (StateCookie)closedclosedt=0INIT (V=0) (I=TagA)cookiewaitCOOKIEECHO (V=TagB) (StateCookie) cookieechoeddata (V=TagB) established2RTTCOOKIEACK (V=TagA)estabdABSCTP Association SetupWhats in a cookie?Information from original INITInformation from current INIT-ACKTimestampLife span o

9、f cookie (Time to live)Signature for authentication (SHA-1, MD5, etc.)Graceful ShutdownSHUTDOWNSHUTDOWN-ACKSHUTDOWN-COMPLETEApp signals shutdownShutdown pending(pending data)Shutdown sent(pending data)Shutdown receivedShutdown-Ack sentClosedClosedABSCTP Feature SummaryStart with TCP:reliable (retran

10、smissions) congestion controlledconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message boundaries multistreaminginstead of one ordered stream, up to 64K independent ordered streams multihoming instead of one IP address per endpointa set of IP addresses pe

11、r endpointMessage BoundariesUDP honors message boundariesEach app message becomes a datagramTCP does not honor message boundariesApp messages become part of a byte streamSCTP maintains message boundariesEach app message is maintained as one or more data chunksChunks in SCTPSource PortDestination Por

12、tVerification TagChecksumChunk 1Chunk NCommon HeaderBuilding blocks of an SCTP PDUTwo kinds control chunks and data chunksdata chunks are smallest atomic data unitsChunksSCTPPDUSCTP Chunk FormatTypeFlagsLengthChunk DataType e.g. Data, Init, SACKFlags bit meanings depend on typeLength includes type,

13、flags, length, and data/parametersSome Chunk Types0 x00DATAUser data0 x01INIT SYN0 x02INIT-ACK0 x03SACKSelective ACK0 x04HEARTBEATKeep-alive message0 x05HEARTBEAT-ACK0 x07SHUTDOWNFIN0 x08SHUTDOWN-ACKExample INIT ChunkChunk Type 0 x01Flags = 0Length = 0 x14Initiation TagReceiver WindowOutbound Stream

14、sMaximum Inbound StreamsInitial Transmission Sequence Number (TSN)Parameter type 0 x05Parameter Length = 0 x0008IPv4 AddressParameter type 0 x06Parameter Length = 0 x0014IPv6 AddressPermanent parameters for INITSome possible optional parameters for INIT.Length of options limited only by path MTU siz

15、e.(0 x30)031Data ChunkType = 0 x00Flags = UBELengthTransmission Sequence Number (TSN)Stream Identifier (SID)Stream Seq. Num. (SSN)User supplied Payload Protocol IdentifierUser Data031SACK ChunkType = 0 x3Flags = 0Length = variableCumulative TSN acknowledgementAdvertised receiver windowNum. Gap ACK b

16、locks = NNum. duplicates = XGap ACK blk #1 start TSN offsetGap ACK blk #1 end TSN offsetGap ACK blk #N start TSN offsetGap ACK blk #N end TSN offsetDuplicate TSN 1.Duplicate TSN XOffset is relative to cumulative TSN.GAP ACK blocks are blocks received after cum TSN.031Chunk Bundling in SCTPMultiple c

17、hunks in one SCTP PDUControl chunks bundled before data chunksChunk boundary cannot cross SCTP PDU boundaryOptional at sender, but receiver has to supportSource PortDestination PortVerification TagChecksumChunk 1Chunk NCommon HeaderBundlingSCTPPDUSCTP PDUMessage 1Message 2SCTP Common HeaderSCTP Cont

18、rol ChunksData Chunk HeadersData ChunksSCTP PDUFragmentation/Reassembly in SCTPUBEDescription*10(Begin) First Piece of fragmented message*00Middle piece of fragmented message*01(End) Last piece of fragmented message*11Non-fragmented messageU set to 1 specifies unordered messageNote: Fragmentation re

19、q. sequential TSNsLarge messages are fragmented and encapsulated into several data chunksReassembled before delivery to receiving appFragmentation ExampleStream 2 messageU=0, B=1, E=0TSN=6SID=2SSN=1 First data frag.U=0, B=0, E=0TSN=7SID=2SSN=1 Second data frag.E.g. Message for Stream 2 from app exce

20、eds PMTU.U=0, B=0, E=1TSN=8SID=2SSN=1 Last data frag.Part of Data Chunk HeaderUpon completion, Stream Sequence Number incrementsUnordered deliveryStreams by definition are orderedUnordered data may be sent in a stream (U bit = 1)SSN is ignored for U = 1Unordered messages should be processed firstSCT

21、P Feature SummaryStart with TCP:reliable (retransmissions) congestion controlledconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message boundaries multistreaminginstead of one ordered stream, up to 64K independent ordered streams multihoming instead of one

22、 IP address per endpointa set of IP addresses per endpointHead-of-Line Blocking in TCPSRACK 2123456ACK 3ACK 3ACK 3PDU 3 is blocking the head of the line.12Rs AppACK 3Head-of-line BlockingTCP provides a single data streamWhen a segment is lost, subsequent segments must wait to be processed.Problem fo

23、r some applications (telephony)SCTP provides multiple independent streams per associationSCTP MultistreamingLogical separation of data within an assocDesigned to prevent head-of-line blockingCan be used to deliver multiple objects belonging to the same assocEg: objects on a webpage, multimedia strea

24、ms (audio/video/text), files in an FTP mgetHead-of-Line Blocking in SCTPSR1:1NOTE: An SCTP ACK a cum ack based onTSN.App LayerTransport LayerApp LayerSID :SSN1:1, 3:1ACK 2ACK 23:2, 1:3, 2:11:21,24,5,6TSNs7,8,91:4, 2:2, 3:3ACK 22:2, 3:33:2, 2:11:1, 3:1SID :SSN3:11:23:21:32:12:23:31:43(all ordered str

25、eams)undeliveredHead-of-Line Blocking in SCTPSR1:aApp LayerTransport LayerApp LayerSID :SSN3:1, 1:aACK 2ACK 23:2, 2:1, 1:c1:b1,24,5,6TSNs7,8,92:2, 3:4, 1:dACK 22:2, 3:3, 1:d3:2, 2:1, 1:c3:1, 1:aSID :SSN3:11:b1:c3:22:12:23:31:d3(stream 1 unordered)Only blocked messageLetters show unordered chunks w/i

26、n a stream. U bit is set & SSN is ignored.SCTP Multi-HomingMultiple src/dest ip addressesUse of different physical paths not guaranteedPeer reachability and path status are monitored (heartbeat)One selectable default destinationParameters per path (cwnd, ssthresh, RTT)IP networkIP A2IP B2IP B1IP B3I

27、P A1SCTP Feature SummaryStart with TCP:reliable (retransmissions) congestion controlledconnection orientedAdd:4-way handshaketo reduce vulnerability to DOS attacksframingpreserve message boundaries multistreaminginstead of one ordered stream, up to 64K independent ordered streams multihoming instead

28、 of one IP address per endpointa set of IP addresses per endpointWhat is SCTP Multihoming?Host AA1A2Host BB1B2InternetISPISPISPISPHosts pick 1 of 4 possible TCP connections:(A1, B1), (A1, B2), (A2, B1), (A2, B2)Hosts use 1 SCTP association:(A1,A2, B1,B2)Selectable “primary” dest: Host A B1 ; Host B

29、A1New data sent only to primary destinationPath status and reachability monitored (hearbeats)SCTP MultihomingWhy important?multihoming is now happening on wide scalewired + wireless, multiple ISPs, etc.Key Research Problemsfault toleranceload sharing (concurrent transfer)SCTP Research at PELISP 1ISP

30、 2ISP 3ISP 6ISP 5ISP 4InternetConcurrent Multipath Transfer (CMT)Existing Paths With TCPWithcurrent SCTPWith CMTPath 2Path 1Path 3CMT ProtocolsCMTnaiveSCTP (RFC 2960) with 1 modificationmodified SCTP to send new data to all destinations concurrentlysignificant reordering observedCauses unnecessary f

31、ast retransmitsCauses incorrect cwnd growth Where should retransmissions be sent ?What should sender do if paths intersect ?CMTsmartCMTnaive with 3 proposed algorithms*split fast retransmit (“SFR-CACC”) algorithm cwnd update (“CUC”) algorithmdelayed ack (“DAC”) algorithmRetransmissions sent to desti

32、nation with largest ssthresh/iyengar/publications/SCTP Retransmission PolicyCurrent retransmission policyRetransmit to an alternate destination, if existsAttempts to improve chances of successNo prior research to demonstrate benefitsthis policy degrades performance in many casesAlternate solutionsRe

33、transmit to same dstFast retransmit to same dst, Timeouts to alternate dstMultiple Fast Retransmit Algorithm/papers/SCTP Failover: Parameter SettingsInvestigate and improve performance during failoverHow do you decide when to failover to an alternate path?Default parameter settings and algorithms in

34、 SCTP take too longThis work investigates alternate parameter settings and algorithms/papers/Transparent SCTP ShimMigrate existing TCP applications to SCTP transparentlyApplication gains: fault tolerance, SACK support/bickhart/research.htmlOther PEL ContributionSCTP module for ns-2 (in ver 2.27 or g

35、reater) most widely used network simulator in research communitydownloaded and used by several researcherspart of coursework / course projects (UCLA, TAMU, UF, )SCTP module for tcpdump (in ver. 3.7 or greater)Available at Services/FeaturesSCTPTCPUDPConnection-oriented yesyesnoFull duplex yesyesyesRe

36、liable data transfer yesyesnoPartial-reliable data transfer proposednonoFlow control yesyesnoTCP-friendly congestion control yesyesnoECN capable yesyesnoOrdered data delivery yesyesnoUnordered data delivery yesnoyesUses selective ACKs yesoptionalnoPath MTU discovery yesyesnoApplication PDU fragmenta

37、tion yesyesnoApplication PDU bundling yesyesnoPreserves application PDU boundaries yesnoyesMultistreaming yesnonoMultihoming yesnonoProtection against SYN flooding attack yesnon/aAllows half-closed connections noyesn/aReachability check yesyesnoPseudo-header for checksum no (uses vtags)yesyesTime wa

38、it state for vtagsfor 4-tuple n/aResourcesRandall R. Stewart, Qiaobing Xie, 2002, “Stream Control Transmission Protocol (SCTP) A Reference GuideStewart et. al., Stream Contol Stream Transmission Protocol RFC-2960, October 2000.URL: /rfc/rfc2960.txtOng L. and J. Yoakum, May 2002, “An Introduction to

39、the Stream Control Transmission Protocol (SCTP)”URL: /rfc/rfc3286.txtCaro Jr. et al, “SCTP: A Proposed Standard for Robust Internet Data Transport”, November 2003, IEEE Computer/amer/PEL/poc/index.html#pubs Protocol Engineering Lab: Questions ?Extra slidesOutlinethose in the audienceWhat are the com

40、ponents of the Internet ?those in computer scienceWhat is a transport protocol ?those who have taken networksWhat is SCTP ?those who know TCP SCTP researchbrief personal commentsResearch Project I:Improving FTP Using SCTP MultistreamingFile Transfer ProtocolFTP servercontrol connectiondata connectio

41、nFTP clientn+1 TCP connectionsClassic FTP over TCPPORT200SYNNLSTSYN-ACKACK150NAME LISTFINFIN-ACK226ACKPORT200SIZE213RETRSYNSYN-ACKACK150DATAFINFIN-ACK226ACKClientServerRedundant round tripsUsing multistreaming in FTPFTP serverFTP clientcontrol streamdata stream1 SCTP association Server ClientPORT200NLSTSYNSYN-ACKACK150DATAFIN 226 FIN-ACKPORTACK200213RETRSYNSYN-ACKACK150DATAFIN 226SIZEFTP over TCPNLST150DATA 226213SIZE150DATA 226SIZE Client ServerFTP over multistreamed SCTP with comma