Network Working Group R. R. Stewart INTERNET-DRAFT M. A. Ramalho Cisco Systems Q. Xie Motorola M. Tuexen Siemens AG I. Rytina Ericsson P. Conrad Temple University expires in six months June 29, 2001 SCTP Extensions for Dynamic Reconfiguration of IP Addresses and Enforcement of Flow and Message Limits Status of This Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026 [RFC2026]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes extensions to the Stream Control Transmission Protocol (SCTP) [RFC2960] that provide methods to (1) reconfigure IP address information on an existing association and (2) request that a peer set flow limits in units of bytes or messages, either on a per-stream or per-association basis. TABLE OF CONTENTS 1. Introduction............................................... 2 2. Conventions................................................ 3 3. Additional Chunks and Parameters........................... 3 3.1 New Chunk Types........................................... 4 3.1.1 Address/Stream Configuration Change Chunk (ASCONF)...... 4 3.1.2 Address/Stream Configuration Acknowledgment Chunk (ASCONF-ACK)............................................ 5 3.2 New Parameter Types....................................... 6 3.2.1 Add IP Address.......................................... 7 Stewart et.al. [Page 1] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 3.2.2 Delete IP Address....................................... 7 3.2.3 Stream Flow Limit Change................................ 8 3.2.4 Error Cause Indication.................................. 9 3.2.5 Set Primary IP Address.................................. 9 3.2.6 Success Indication......................................10 3.2.7 Stream Message Limit Change.............................10 3.2.8 Association Message Limit Change........................11 3.3 New Error Causes..........................................11 3.3.1 Error Cause: Request to Delete Last Remaining IP Address.................................................12 3.3.2 Error Cause: Operation Refused Due to Resource Shortage.12 3.3.3 Error Cause: Request to Delete Source IP Address........13 4. Procedures.................................................13 4.1 ASCONF Chunk Procedures...................................14 4.1.1 Congestion Control of ASCONF Chunks.....................15 4.2 Upon reception of an ASCONF Chunk.........................16 4.3 General rules for address manipulation....................18 4.3.1 A special case for OOTB ABORT chunks....................20 4.3.2 A special case for changing an address..................21 4.4 Setting of the primary address............................21 4.5 Stream Flow/Message Limit Procedures......................22 4.5.1 Stream receiver side procedures.........................22 4.5.2 Stream sender side procedures...........................23 4.5.3 ULP considerations on the use of SCTP flow limit facility................................................24 4.6 Association Message Limit Procedures......................25 4.6.1 Receiver side procedures................................25 4.6.2 Sender side procedures..................................25 5. Security Considerations....................................26 6. IANA considerations........................................26 7. Authors' Addresses.........................................26 8. References.................................................27 1. Introduction To extend the utility and application scenarios of SCTP, this document introduces optional extensions that provide SCTP with the ability to reconfigure IP address information on an existing association or to request that the peer set flow limits in units of bytes or messages, either on a per-stream or per-association basis. These extensions enable SCTP to be utilized in the following applications: - Dynamic IP address reconfiguration extension: For computational or networking platforms that allow addition/removal of physical interface cards this feature can provide: A) a graceful method to add to the interfaces of an existing association. For IPv6 this feature allows renumbering of existing associations. B) a method for an endpoint to request that its peer set Stewart et.al. [Page 2] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 its primary destination address. This can be useful when an address is about to be deleted, or when an endpoint has some predetermined knowledge about which is the preferred address to receive SCTP packets upon. - The SCTP flow limit extension: This extension enables a receiver to request that a sender impose a byte limit on the outstanding data present on a per-stream basis. The SCTP flow limit extension provides: A) The ability to minimize the occurrence of a single stream monopolizing all transport level resources (e.g. a_rwnd "deadlock"). B) The ability to dynamically change the stream buffering limits as the application deems appropriate at any particular instant. - The SCTP message limit extension: This extension enables a receiver to request that a sender impose a limit on the number of outstanding messages present on: A) each stream, and/or B) the whole association. The SCTP message limit extension provides a method for minimizing the occurrence of a lack of resources needed for messages even when resources for payload data are still available. This can become important when handling a large number of short messages. 2. Conventions The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in RFC 2119 [RFC2119]. 3. Additional Chunks and Parameters This section describes the addition of two new chunks and, eight new parameters to allow: - Dynamic addition of IP Addresses to an association. - Dynamic deletion of IP Addresses to an association. - A request to set the primary address the peer will use when sending to an endpoint. - The setting of stream byte limits. - The setting of stream message limits. - The setting of association message limits. Additionally, this section describes three new error causes that Stewart et.al. [Page 3] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 support these new chunks and parameters. 3.1 New Chunk Types This section defines two new chunk types that will be used to transfer the control information reliably. Table 1 illustrates the two new chunk types. Chunk Type Chunk Name -------------------------------------------------------------- 0xC1 Address/Stream Configuration Change Chunk (ASCONF) 0x80 Address Configuration Acknowledgment (ASCONF-ACK) Table 1: Address/Stream Configuration Chunks It should be noted that the ASCONF Chunk format requires the receiver to report to the sender if it does not understand the ASCONF Chunk. This is accomplished by setting the upper bits in the chunk type as described in [RFC2960] section 3.2. Note that the upper two bits in the ASCONF Chunk are set to one. As defined in [RFC2960] section 3.2, setting these upper bits in this manner will cause the receiver that does not understand this chunk to skip the chunk and continue processing, but report in an Operation Error Chunk using the 'Unrecognized Chunk Type' cause of error. 3.1.1 Address/Stream Configuration Change Chunk (ASCONF) This chunk is used to communicate to the remote endpoint one of the configuration change requests that MUST be acknowledged. The information carried in the ASCONF Chunk uses the form of a Tag-Length-Value (TLV), as described in "3.2.1 Optional/Variable-length Parameter Format" in [RFC2960], for all variable parameters. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0xC1 | Chunk Flags | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | Addr Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Bytes 0-3 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Bytes 4-7 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Bytes 8-11 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Bytes 12-15 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF-Request Correlation ID #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF Parameter #1 | Stewart et.al. [Page 4] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / .... / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF-Request Correlation ID #N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF Parameter #N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Serial Number : 32 bits (unsigned integer) This value represents a Serial Number for the ASCONF Chunk. The valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). Serial Numbers wrap back to 0 after reaching 4294967295. Reserved: 24 bits Reserved, set to 0 by the sender and ignored by the receiver. Address Type : 8 bits (unsigned char) This value determines the type of address found in the Address Bytes field. If the value is 5 then the first 4 bytes of the Address Bytes field contain an IPv4 address, in network byte order. If the value is 6 then the first 16 bytes of the Address Bytes field contain an IPv6 address, in network byte order. Address Bytes: 16 bytes (unsigned chars) This field contains an address which is part of the association. This field may be used by the receiver of the ASCONF to help in finding the association. ASCONF-Request Correlation ID: 32 bits (unsigned integer) This is an opaque integer assigned by the sender to identify each request parameter. It is in host byte order and is only meaningful to the sender. The receiver of the ASCONF Chunk will copy this 32 bit value into the ASCONF Correlation ID field of the ASCONF-ACK. The sender of the ASCONF can use this same value in the ASCONF-ACK to find which request the response is for. ASCONF Parameter: TLV format Each Address configuration change is represented by a TLV parameter as defined in Section 3.2. One or more requests may be present in an ASCONF Chunk. 3.1.2 Address/Stream Configuration Acknowledgment Chunk (ASCONF-ACK) This chunk is used by the receiver of an ASCONF Chunk to acknowledge Stewart et.al. [Page 5] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 the reception. It carries zero or more results for any ASCONF Parameters that were processed by the receiver. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0x80 | Chunk Flags | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Serial Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF-Request Correlation ID #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF Parameter Response#1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / .... / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF-Request Correlation ID #N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCONF Parameter Response#N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Serial Number : 32 bits (unsigned integer) This value represents the Serial Number for the received ASCONF Chunk that is acknowledged by this chunk. This value is copied from the received ASCONF Chunk. ASCONF-Request Correlation ID: 32 bits (unsigned integer) This value is copied from the ASCONF Correlation ID received in the ASCONF Chunk. It is used by the receiver of the ASCONF-ACK to identify which ASCONF parameter this response is associated with. ASCONF Parameter Response : TLV format The ASCONF Parameter Response is used in the ASCONF-ACK to report status of ASCONF processing. By default, if a responding endpoint does not include any Error Cause, a success is indicated. Thus a sender of an ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) and the Serial Number. 3.2 New Parameter Types The eight new parameters added follow the format defined in section 3.2.1 of [RFC2960]. Table 2 describes the parameters. Address Configuration Parameters Parameter Type ------------------------------------------------- Add IP Address 0xC001 Delete IP Address 0xC002 Stream Byte Limit Request 0xC003 Stewart et.al. [Page 6] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 Error Cause Indication 0xC004 Set Primary Address 0xC005 Success report 0xC006 Stream Message Limit Request 0xC007 Association Message Limit Request 0xC008 Table 2: Address Configuration Parameters 3.2.1 Add IP Address 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0xC001 | Length = Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Parameter | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address Parameter: TLV This field contains an IPv4 or IPv6 address parameter as described in 3.3.2.1 of RFC2960. The complete TLV is wrapped within this parameter. It informs the receiver that the address specified is to be added to the existing association. An example TLV requesting that the IPv4 address 10.1.1.1 be added to the association would look as follows: +--------------------------------+ | Type=0xC001 | Length = 12 | +--------------------------------+ | Type=5 | Length = 8 | +----------------+---------------+ | Value=0x0a010101 | +----------------+---------------+ Valid Chunk Appearance The Add IP Address parameter may only appear in the ASCONF Chunk type. 3.2.2 Delete IP Address 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type =0xC002 | Length = Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Parameter | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address Parameter: TLV This field contains an IPv4 or IPv6 address parameter as described in Stewart et.al. [Page 7] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 3.3.2.1 of [RFC2960]. The complete TLV is wrapped within this parameter. It informs the receiver that the address specified is to be removed from the existing association. An example TLV deleting the IPv4 address 10.1.1.1 from an existing association would look as follows: +--------------------------------+ | Type=0xC002 | Length = 12 | +--------------------------------+ | Type=5 | Length = 8 | +----------------+---------------+ | Value=0x0a010101 | +----------------+---------------+ Valid Chunk Appearance The Delete IP Address parameter may only appear in the ASCONF Chunk type. 3.2.3 Stream Flow Limit Change 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type =0xC003 | Length = Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Stream Number 1 | Byte Limit 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ / / \ \ / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Stream Number N | Byte Limit N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Stream Number n : 16 bits (unsigned integer) This is the stream number for which a limit is to be enforced. Byte Limit n : 16 bits (unsigned integer) This is the limit (in bytes) that the receiver (sending the chunk) is requesting that the sender (receiver of the chunk) enforce as the maximum amount of outstanding data permitted at any time on this stream, as per the rules in Section 4.5. Note that the value '0' holds a special meaning described in Section 4.5.1 Valid Chunk Appearance The Stream Flow Limit Change parameter may appear in the ASCONF chunk, the INIT, or the INIT-ACK chunk type. The inclusion of this parameter in the INIT or INIT-ACK can be used to indicate initial Stewart et.al. [Page 8] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 byte limits. 3.2.4 Error Cause Indication 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0xC004 | Length = Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error Cause(s) or Return Info on Success | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ When reporting an error this response parameter is used to wrap one or more standard error causes normally found within an SCTP Operational Error or SCTP Abort (as defined in [RFC2960]). The Error Cause(s) follow the format defined in section 3.3.10 of [RFC2960]. Valid Chunk Appearance The Error Cause Indication parameter may only appear in the ASCONF-ACK chunk type. 3.2.5 Set Primary IP Address 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type =0xC005 | Length = Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Parameter | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address Parameter: TLV This field contains an IPv4 or IPv6 address parameter as described in 3.3.2.1 of [RFC2960]. The complete TLV is wrapped within this parameter. It requests the receiver to mark the specified address as the primary address to send data to (see section 5.1.2 of [RFC2960]). The receiver MAY mark this as its primary upon receiving this request. An example TLV requesting that the IPv4 address 10.1.1.1 be made the primary destination address would look as follows: +--------------------------------+ | Type=0xC005 | Length = 12 | +--------------------------------+ | Type=5 | Length = 8 | +----------------+---------------+ | Value=0x0a010101 | +----------------+---------------+ Valid Chunk Appearance Stewart et.al. [Page 9] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 The Set Primary IP Address parameter may appear in the ASCONF Chunk, the INIT, or the INIT-ACK chunk type. The inclusion of this parameter in the INIT or INIT-ACK can be used to indicate an initial preference of primary address. 3.2.6 Success Indication 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0xC006 | Length = 4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ By default if a responding endpoint does not report an error for any requested TLV, a success is implicitly indicated. Thus a sender of a ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) and the Serial Number. The responding endpoint MAY also choose to explicitly report a success for a requested TLV, by returning a success report ASCONF Parameter Response. Valid Chunk Appearance The Success Indication parameter may only appear in the ASCONF-ACK chunk type. 3.2.7 Stream Message Limit Change 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type =0xC007 | Length = Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Stream Number 1 | Message Limit 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ / / \ \ / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Stream Number N | Message Limit N | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Stream Number n : 16 bits (unsigned integer) This is the stream number for which a limit is to be enforced. Message Limit n : 16 bits (unsigned integer) This is the limit (in messages) that the receiver (sending the chunk) is requesting that the sender (receiver of the chunk) Stewart et.al. [Page 10] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 enforce as the maximum number of outstanding messages permitted at any time on this stream, as per the rules in Section 4.5. Note that the value '0' holds a special meaning described in Section 4.5.1. Valid Chunk Appearance The Stream Message Limit Change parameter may appear in the ASCONF chunk, the INIT, or the INIT-ACK chunk type. The inclusion of this parameter in the INIT or INIT-ACK can be used to indicate initial stream message limits. 3.2.8 Association Message Limit Change 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type =0xC008 | Length = 8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Association Message Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Association Message Limit n : 32 bits (unsigned integer) This is the limit (in messages) that the receiver (sending the chunk) is requesting that the sender (receiver of the chunk) enforce as the maximum number of outstanding messages permitted at any time on the association, as per the rules in Section 4.6. Note that the value 0 holds a special meaning described in Section 4.5.1 Valid Chunk Appearance The Association Message Limit Change parameter may appear in the ASCONF Chunk, the INIT, or the INIT-ACK chunk type. The inclusion of this parameter in the INIT or INIT-ACK can be used to indicate an initial association message limit. 3.3 New Error Causes Three new Error Causes are added to the SCTP Operational Errors, primarily for use in the ASCONF-ACK chunk. Cause Code Value Cause Code --------- ---------------- 0xC Request to Delete Last Remaining IP Address. 0xD Operation Refused Due to Resource Shortage. 0xE Request to Delete Source IP Address. Table 3: New Error Causes Stewart et.al. [Page 11] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 3.3.1 Error Cause: Request to Delete Last Remaining IP Address Cause of error --------------- Request to Delete Last Remaining IP address: The receiver of this error sent a request to delete the last IP address from its association with its peer. This error indicates that the request is rejected. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=0x000C | Cause Length=Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ TLV-Copied-From-ASCONF / / \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ An example of a failed delete in an Error Cause TLV would look as follows in the response ASCONF-ACK message: +--------------------------------+ | Type = 0xC004 | Length = 20 | +--------------------------------+ | Cause=0x000C | Length = 16 | +----------------+---------------+ | Type= 0xC002 | Length = 12 | +----------------+---------------+ | Type=0x0005 | Length = 8 | +----------------+---------------+ | Value=0x0A010101 | +----------------+---------------+ 3.3.2 Error Cause: Operation Refused Due to Resource Shortage Cause of error --------------- This error cause is used to report a failure by the receiver to perform the requested operation due to a lack of resources. The entire TLV that is refused is copied from the ASCONF-REQ into the error cause. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=0x000D | Cause Length=Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ TLV-Copied-From-ASCONF / / \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ An example of a failed addition in an Error Cause TLV would look as follows in the response ASCONF-ACK message: Stewart et.al. [Page 12] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 +--------------------------------+ | Type = 0xC004 | Length = 20 | +--------------------------------+ | Cause=0x000D | Length = 16 | +----------------+---------------+ | Type=0xC001 | Length = 12 | +--------------------------------+ | Type=0x0005 | Length = 8 | +----------------+---------------+ | Value=0x0A010101 | +----------------+---------------+ 3.3.3 Error Cause: Request to Delete Source IP Address Cause of error --------------- Request to Delete Source IP Address: The receiver of this error sent a request to delete the source IP address of the ASCONF message. This error indicates that the request is rejected. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cause Code=0x000E | Cause Length=Variable | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ TLV-Copied-From-ASCONF / / \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ An example of a failed delete in an Error Cause TLV would look as follows in the response ASCONF-ACK message: +--------------------------------+ | Type = 0xC004 | Length = 20 | +--------------------------------+ | Cause=0x000E | Length = 16 | +----------------+---------------+ | Type=0xC002 | Length = 12 | +----------------+---------------+ | Type=0x0005 | Length = 8 | +----------------+---------------+ | Value=0x0A010101 | +----------------+---------------+ IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a packet from the address being deleted, unless the endpoint does not do proper source address selection. 4. Procedures This section will lay out the specific procedures for address/stream configuration change chunk type and its processing. Stewart et.al. [Page 13] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 4.1 ASCONF Chunk Procedures When an endpoint has an ASCONF signaled change to be sent to the remote endpoint it should do the following: A1) Create an ASCONF Chunk as defined in section 3.1.1. The chunk should contain all of the TLV(s) of information necessary to be sent to the remote endpoint, and unique correlation identities for each request. A2) A serial number should be assigned to the Chunk. The serial number should be a monotonically increasing number. All serial numbers are defined to be initialized at the start of the association to the same value as the Initial TSN. A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the remote peer, AND there is less than cwnd bytes of user data outstanding, send the chunk. A4) Start a T-4 RTO timer, using the RTO value of the selected destination address (normally the primary path; see [RFC2960] section 6.4 for details). A5) When the ASCONF-ACK that acknowledges the serial number last sent arrives, stop the T-4 RTO timer, and clear the appropriate association and destination error counters as defined in [RFC2960] section 8.1 and 8.2. A6) Process all of the TLVs within the ASCONF-ACK to find out particular status information returned to the various requests that were sent. Use the Correlation IDs to correlate the request and the responses. A7) If an error response is received for a TLV parameter, all TLVs with no response before the failed TLV are considered successful if not reported. All TLVs after the failed response are considered unsuccessful unless a specific success indication is present for the parameter. A8) If there is no response(s) to specific TLV parameter(s), and no failures are indicated, then all request(s) are considered successful. If the T-4 RTO timer expires the endpoint should do the following: B1) Increment the error counters and perform path failure detection on the appropriate destination address as defined in [RFC2960] section 8.1 and 8.2. Note error counters include the per destination error counter as well as the overall association error counter. B2) Increment the association error counters and perform endpoint failure detection on the association as defined in [RFC2960] section 8.1 and 8.2. Note error counters include the per destination error counter as well as the overall association error counter. Stewart et.al. [Page 14] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 B3) Back-off the destination address RTO timer to which the ASCONF chunk was sent by doubling the RTO timer value. B4) Re-transmit the ASCONF Chunk last sent and if possible choose an alternate destination address (please refer to [RFC2960] section 6.4.1). An endpoint MUST NOT add new parameters to this chunk, it MUST be the same (including its serial number) as the last ASCONF sent. B5) Restart the T-4 RTO timer. Note that if a different destination is selected, then the RTO used will be that of the new destination address. Note: the total number of re-transmissions is limited by B2 above. If the maximum is reached, the association will fail and enter a CLOSED state (see [RFC2960] section 6.4.1 for details). 4.1.1 Congestion Control of ASCONF Chunks In defining the ASCONF Chunk transfer procedures, it is essential that these transfers MUST NOT cause congestion within the network. To achieve this, we place these restrictions on the transfer of ASCONF Chunks: R1) One and only one ASCONF Chunk MAY be in transit and unacknowledged at any one time. If a sender, after sending an ASCONF chunk, decides it needs to transfer another ASCONF Chunk, it MUST wait until the ASCONF-ACK Chunk returns from the previous ASCONF Chunk before sending a subsequent ASCONF. Note this restriction binds each side, so at any time two ASCONF may be in-transit on any given association (one sent from each endpoint). R2) A ASCONF MUST NOT be sent if there is no room in the current cwnd. If there is room in the cwnd of the destination network, the Chunk may be sent regardless of the value of rwnd. R3) A ASCONF may be bundled with any other chunk type (except other ASCONF Chunks) as long as the source address in the IP header of the packet is already a part of the association. If the ASCONF chunk is using an alternate source address as the source in the IP header, then NO other chunks may be bundled with the ASCONF chunk. R4) A ASCONF-ACK may be bundled with any other chunk type except other ASCONF-ACKs. R5) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP state except ESTABLISHED. R6) An ASCONF MUST NOT be larger than the path MTU of the destination. R7) An ASCONF-ACK SHOULD not be larger than the path MTU. In some circumstances a ASCONF-ACK may exceed the path MTU and in such Stewart et.al. [Page 15] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 a case IP fragmentation must be used. If the sender of an ASCONF Chunk receives a Operational Error indicating that the ASCONF chunk type is not understood, then the sender MUST not send subsequent ASCONF Chunks to the peer. The endpoint should also inform the upper layer application that the peer endpoint does not support any of the extensions detailed in this document. 4.2 Upon reception of an ASCONF Chunk. When an endpoint receives an ASCONF Chunk from the remote peer special procedures MAY be needed to identify the association the ASCONF Chunk is associated with. To properly find the association the following procedures should be followed: L1) Use the source address and port number of the sender to attempt to identify the association (i.e. use the same method defined in [RFC2960] used for all other SCTP chunks ). If found proceed to rule L5. L2) If the association is not found, use the address found in the Address Bytes field combined with the port number found in the SCTP common header. If found proceed to rule L4. L3) If neither L1 or L2 locates the association, treat the chunk as an Out Of The Blue chunk as defined in [RFC2960]. L4) Verify that no other chunk is bundled with the ASCONF chunk. If other chunks are bundled with the ASCONF Chunk then the receiver MUST silently discard the ASCONF chunk. L5) Follow the normal rules to validate the SCTP verification tag found in [RFC2960]. After identification and verification of the association, the following should be performed to properly process the ASCONF Chunk: C1) Compare the value of the serial number to the value the endpoint stored in a new association variable 'Peer-Serial-Number'. This value MUST be initialized to the Initial TSN value minus 1. C2) If the value found in the serial number is equal to the the ('Peer-Serial-Number' + 1), the endpoint should: V1) Process the TLVs contained within the Chunk performing the appropriate actions as indicated by each TLV type. The TLVs MUST be processed in order within the Chunk. For example, if the sender puts 3 TLVs in one chunk, the first TLV (the one closest to the Chunk Header) in the Chunk MUST be processed first. The next TLV in the chunk (the middle one) MUST be processed second and finally the Stewart et.al. [Page 16] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 last TLV in the Chunk MUST be processed last. V2) In processing the chunk, the receiver should build a response message with the appropriate error TLVs, as specified in the Parameter type bits for any ASCONF Parameter it does not understand. To indicate an unrecognized parameter, parameter type 8 as defined in in the INIT-ACK in 3.3.3 of [RFC2960] should be used. The endpoint may also use the response to carry rejections for other reasons such as resource shortages etc using the Error Cause TLV and an appropriate error condition. Note: a positive response is implied if no error is indicated by the sender. V3) All error responses MUST copy the ASCONF-Request Correlation ID field received in the ASCONF, from the TLV being responded to, into the ASCONF-Request Correlation ID field. The ASCONF-Request Correlation ID always precedes the request TLV. V4) After processing the entire Chunk, it MUST send all TLVs for both unrecognized parameters and any other status TLVs inside the ASCONF-ACK chunk that acknowledges the arrival and processing of the ASCONF Chunk. V5) Update the 'Peer-Serial-Number' to the value found in the serial number field. C3) If the value found in the serial number is equal to the value stored in the 'Peer-Serial-Number', the endpoint should: X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any action on the TLVs parsed (since it has already performed these actions). X2) Build a response message with the appropriate response TLVs as specified in the ASCONF Parameter type bits, for any parameter it does not understand or could not process. X3) After parsing the entire Chunk, it MUST send any response TLV errors and status with an ASCONF-ACK chunk acknowledging the arrival and processing of the ASCONF Chunk. X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. IMPLEMENTATION NOTE: As an optimization a receiver may wish to save the last ASCONF-ACK for some predetermined period of time and instead of re-processing the ASCONF (with the same serial number) it may just re-transmit the ASCONF-ACK. It may wish to use the arrival of a new serial number to discard the previously saved ASCONF-ACK or any other means it may choose to expire the saved ASCONF-ACK. C4) Otherwise, the ASCONF Chunk is discarded since it must be either a stale packet or from an attacker. A receiver of such a packet MAY log the event for security purposes. Stewart et.al. [Page 17] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the source address contained in the IP header of the ASCONF being responded to. 4.3 General rules for address manipulation When building TLV parameters for the ASCONF Chunk that will add or delete IP addresses the following rules should be applied: D1) When adding an IP address to an association, the IP address is NOT considered fully added to the association until the ASCONF-ACK arrives. This means that until such time as the ASCONF containing the add is acknowledged the sender MUST NOT use the new IP address as a source for ANY SCTP chunks besides an ASCONF Chunk. The receiver of the add IP address request may use the address as a destination immediately. D2) After the ASCONF-ACK of an IP address add arrives, the endpoint MAY begin using the added IP address as a source address for any type of SCTP chunk. D3a) If an endpoint receives an Error Cause TLV indicating that the IP address Add or IP address Deletion parameters was not understood, the endpoint MUST consider the operation failed and MUST NOT attempt to send any subsequent Add or Delete requests to the peer. D3b) If an endpoint receives an Error Cause TLV indicating that the IP address Set Primary IP Address parameter was not understood, the endpoint MUST consider the operation failed and MUST NOT attempt to send any subsequent Set Primary IP Address requests to the peer. D4) When deleting an IP address from an association, the IP address MUST be considered a valid destination address for the reception of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used as a source address for any subsequent packets. This means that any datagrams that arrive before the ASCONF-ACK destined to the IP address being deleted MUST be considered part of the current association. One special consideration is that ABORT chunks arriving destined to the IP address being deleted MUST be ignored (see Section 4.3.1 for further details). D5) An endpoint MUST NOT delete its last remaining IP address from an association. In other words if an endpoint is NOT multi-homed it MUST NOT use the delete IP address. Or if an endpoint sends multiple requests to delete IP addresses it MUST NOT delete all of the IP addresses that the peer has listed for the requester. D6) An endpoint MUST NOT set a IP header source address for an SCTP packet holding the ASCONF Chunk to be the same as an address being deleted by the ASCONF Chunk. Stewart et.al. [Page 18] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 D7) If a request is received to delete the last remaining IP address of a peer endpoint, the receiver MUST send an Error Cause TLV with the error cause set to the new error code 'Request to Delete Last Remaining IP Address'. The requested delete MUST NOT be performed or acted upon, other than to send the ASCONF-ACK. D8) If a request is received to delete an IP address which is also the source address of the IP packet which contained the ASCONF chunk, the receiver MUST reject this request. To reject the request the receiver MUST send an Error Cause TLV set to the new error code 'Request to Delete Source IP Address' (unless Rule D5 has also been violated, in which case the error code 'Request to Delete Last Remaining IP Address' is sent). D9) If an endpoint receives an ADD IP address request and does not have the local resources to add this new address to the association, it MUST return an Error Cause TLV set to the new error code 'Operation Refused Due to Resource Shortage'. D10) If an endpoint receives an 'Out of Resource' error in response to its request to ADD an IP address to an association, it must either ABORT the association or not consider the address part of the association. In other words if the endpoint does not ABORT the association, it must consider the add attempt failed and NOT use this address and treat SCTP packets destined to the address as Out Of The Blue packets. D11) When an endpoint receiving an ASCONF to add an IP address sends an 'Out of Resource' in its response, it MUST also fail any subsequent add or delete requests bundled in the ASCONF. The receiver MUST NOT reject an ADD and then accept a subsequent DELETE of an IP address in the same ASCONF Chunk. In other words, once a receiver begins failing any ADD or DELETE request, it must fail all subsequent ADD or DELETE requests contained in that single ASCONF. D12) When an endpoint receives a request to delete an IP address that is the current primary address, it is an implementation decision as to how that endpoint chooses the new primary address. D13) When an endpoint receives a valid request to DELETE an IP address the endpoint MUST consider the address no longer as part of the association. It MUST NOT send SCTP packets for the association to that address and it MUST treat subsequent packets received from that address as Out Of The Blue. During the time interval between sending out the ASCONF and receiving the ASCONF-ACK it MAY be possible to receive DATA chunks out of order. The following examples illustrate these problems: Endpoint-A Endpoint-Z ---------- ---------- ASCONF[Add-IP:X]------------------------------> /--ASCONF-ACK / Stewart et.al. [Page 19] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 /--------/---New DATA: / / Destination <-------------------/ / IP:X / <--------------------------/ In the above example we see a new IP address (X) being added to the Endpoint-A. However due to packet re-ordering in the network a new DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK confirming the add of the address to the association. A similar problem exists with the deletion of an IP address as follows: Endpoint-A Endpoint-Z ---------- ---------- /------------New DATA: / Destination / IP:X ASCONF [DEL-IP:X]---------/----------------> <-----------------/------------------ASCONF-ACK / / <-------------/ In this example we see a DATA chunk destined to the IP:X (which is about to be deleted) arriving after the deletion is complete. For the ADD case an endpoint SHOULD consider the newly adding IP address valid for the association to receive data from during the interval when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from this new address until the ASCONF-ACK arrives but it may receive out of order data as illustrated and MUST NOT treat this data as an OOTB datagram (please see [RFC2960] section 8.4). It MAY drop the data silently or it MAY consider it part of the association but it MUST NOT respond with an ABORT. For the DELETE case, an endpoint MAY respond to the late arriving DATA packet as an OOTB datagram or it MAY hold the deleting IP address for a small period of time as still valid. If it treats the DATA packet as an OOTB the peer will silently discard the ABORT (since by the time the ABORT is sent the peer will have removed the IP address from this association). If the endpoint elects to hold the IP address valid for a period of time, it MUST NOT hold it valid longer than 2 RTO intervals for the destination being removed. 4.3.1 A special case for OOTB ABORT chunks Another case worth mentioning is illustrated below: Endpoint-A Endpoint-Z ---------- ---------- New DATA:------------\ Source IP:X \ Stewart et.al. [Page 20] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 \ ASCONF-REQ[DEL-IP:X]----\------------------> \ /---------ASCONF-ACK \ / \----/-----------> OOTB (Ignored <---------------------/-------------ABORT by rule D4) / <---------------------/ For this case, during the deletion of an IP address, an Abort MUST be ignored if the destination address of the Abort message is that of a destination being deleted. 4.3.2 A special case for changing an address. In some instances the sender may only have one IP address in an association that is being renumbered. When this occurs, the sender may not be able to send to the peer the appropriate ADD/DELETE pair and use the old address as a source in the IP header. For this reason the sender MUST fill in the Address Bytes field with an address that is part of the association (in this case the one being deleted). This will allow the receiver to locate the association without using the source address found in the IP header. Such an SCTP packet MUST NOT be bundled with any other chunk. The receiver of such an ASCONF chunk MUST NOT process the SCTP packet if any other chunks are contained inside the SCTP packet. The receiver MUST always first use the source address found in the IP header in looking up the association. The receiver should attempt to use the address found in the Address Bytes field only if the lookup fails using the source address from the IP header. The receiver MUST NOT reply to the source address of the packet in this special case, but to the new address that was added by the ASCONF (since the old address is no longer a part of the association after processing). 4.4 Setting of the primary address A sender of this option may elect to send this combined with a deletion or addition of an address. A sender SHOULD only send a set primary request to an address that is already considered part of the association. In other words if a sender combines a set primary with an add of a new IP address the set primary will be discarded unless the add request is to be processed BEFORE the set primary (i.e. it precedes the set primary). A request to set primary MAY also appear in a INIT or INIT-ACK chunk. This can give advice to the peer endpoint as to which of its addresses the sender of the INIT or INIT-ACK would like to be used as the primary address. The request to set an address as the primary path is an option the receiver SHOULD perform. It is considered advice to the receiver of the best destination address to use in sending SCTP packets (in the Stewart et.al. [Page 21] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 requester's view). If a request arrives that asks the receiver to set an address as primary that does not exist, the receiver should NOT honor the request, leaving its existing primary address unchanged. 4.5 Stream Flow Limit and Message Limit Procedures A stream in SCTP is an uni-directional logical channel established from one to another associated SCTP endpoint, within which all user messages are delivered in sequence except for those submitted to the un-ordered delivery service which may arrive out of sequence. Since each stream is uni-directional and no feedback mechanism exists to limit a sender, it is possible for one unique stream to monopolize all of the transport level receiver window space. The mechanism defined here attempts to alleviate this problem by allowing the receiver side to communicate to the sender a limit on how much outstanding data may be sent within a particular stream. The procedures defined here are broken down into two sides: o The stream receiver side or peer requesting the limit. And, o the stream sender side or peer that MUST honor the limit request. The receiver's side is mainly involved with sending the request to the peer. The sender's side is where the actual flow or message limit will be enforced. Note that the stream receiver is the endpoint that sends the ASCONF, INIT or INIT-ACK message (see Section 4.5.1), whereas the stream sender is the endpoint that receives the ASCONF, INIT or INIT-ACK message (see Section 4.5.2). 4.5.1 Stream receiver side procedures The receiver side SCTP requests byte or message limits in response to an upper layer request. An upper layer may request, via an API interface, that a byte or message limit be imposed on all or a subset of the active streams that send data to the upper layer receiver, or that a message limit be imposed on the association. The basis on which the upper layer determines these limits is outside the scope of this document. Any time during an association that limits are requested of the SCTP endpoint by the upper layer, the receiver side SHOULD create an ASCONF Chunk and attach to a Stream Flow Limit Change, Stream Message Limit Change, or Association Message Limit Change parameter as appropriate. These parameter types MAY also be placed in an INIT or INIT-ACK chunk at the beginning of an association to request initial values for the appropriate limits. The Stream Flow Limit Change and Stream Message Limit Changes parameters contain a sequence of one or more pairs, each of which consists of a specific stream number, and a byte or message limit to be applied to that stream. Stewart et.al. [Page 22] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 If the receiver wishes to remove the flow limit or message limit for a specific stream, it may do so by placing the special value '0' in the Flow Limit or Message Limit field. Once acknowledged by the peer endpoint the receiver should consider the limit in place. In the case of flow or message limits contained within an INIT chunk, any such limit is considered acknowledged with the arrival of the INIT-ACK, provided that the peer indicates that it understands the requested limit by NOT placing an 'unrecognized parameter' error in the INIT-ACK. Similarly, for flow or message limits contained within an INIT-ACK chunk, any such limit is considered acknowledged with the arrival of the cookie, provided that the peer indicates that it understands the requested limit by NOT placing an 'unrecognized parameter' error in the cookie. To send initial limits, ASCONF chunks are NOT bundled with the INIT or INIT-ACK. Instead the TLV is added to the variable parameters section of the INIT or INIT-ACK. Note that the parameter type field upper two bits dictates that any parameter not understood should be skipped and reported to the sender with an Operational Error. With this in mind we make the following rules for the sender of the request: Z1) If an Operational Error is received that indicates that the 'Stream Byte Limit Request' is not understood, the sender of the limit request MUST not send subsequent limit requests. The endpoint SHOULD also inform the upper layer application that the peer endpoint does not support this feature. Z2) If an Operational Error is received that indicates that the 'Stream Message Limit Request' is not understood, the sender of the limit request MUST not send subsequent limit requests. The endpoint SHOULD also inform the upper layer application that the peer endpoint does not support this feature. 4.5.2 Stream Sender side procedures When a 'Stream Byte Limit Request' or 'Stream Message Limit Request' is received the sender MUST record each limit with its appropriate stream. After a limit is set on a stream the sender MUST obey the following rules when sending to the peer on that stream: S1) When the upper layer application attempts to send to the peer on a stream, check - the number of outstanding bytes sent to that stream (those TSNs in queue to be sent, which the Cumulative TSN Acknowledgment has not passed, on this stream) versus the limit set Stewart et.al. [Page 23] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 for that stream (The last received limit for this stream is henceforth termed the current limit). - the number of outstanding messages sent on that stream (for which not all TSNs are passed by the Cumulative TSN Acknowledgment) versus the limit for this stream. S2a) If the number of outstanding bytes is greater than or equal to the current limit, the SCTP endpoint MUST reject the request and NOT queue the data for transmit. Instead it SHOULD return an error to the sending application. S2b) If the number of outstanding messages is greater or equal to the current limit, the SCTP endpoint MUST reject the request and NOT queue the data for transmit. Instead it SHOULD return an error to the sending application. S3a) If the number of outstanding bytes is less than the current limit, validate that the data to be sent plus the number of outstanding bytes is smaller than or equal to this limit. If the user data plus the number of outstanding bytes is smaller than or equal to the current limit accept the data for transmit and queue the user data (increasing the number of outstanding data bytes on this stream). If the user data plus the number of outstanding bytes is larger than the current limit for this stream, the SCTP endpoint MUST reject the request and NOT queue the data for transmit and instead SHOULD return an error to the application. S3b) If the number of outstanding messages is less than the current limit, accept the data for transmit and queue the user data (increasing the number of outstanding messages on this stream). S4) Any time a stream limit is updated to the value of 0, consider this indication to mean no limit is in effect for this stream. S5) Any stream number NOT mentioned in a limit request MUST be left unchanged. In other words failure to mention a stream in a limit request leaves the un-mentioned stream unchanged. S6) If a stream limit is reduced and the stream already exceeds the stream limit, no changes are made with respect to the outstanding data. New data request MUST be rejected however, until the streams limit will allow the sending of data (rules S2 and S3 above). NOTE: Stream limits do NOT change the underlying SCTP rwnd and its usage as defined in [RFC2960]. The association MUST still honor the rwnd when sending to the peer endpoint as defined in [RFC2960]. 4.5.3 ULP considerations on the use of SCTP flow limit facility A side-effect of rule S3 in section 4.5.2 is that an upper limit is imposed on the size of messages that may be sent to any stream where a flow limit is in place. Once a flow limit is in effect, Stewart et.al. [Page 24] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 if the sending Upper Layer Protocol (ULP) wishes to send a message that is larger than that permitted by the imposed stream limit, the ULP will need to provide a mechanism for fragmentation and re-assembly. This ULP mechanism is in addition to any fragmentation and re-assembly that may be provided by SCTP. It is the sole responsibility of the ULP to handle the case of a single user message being larger than the stream byte limit, if applicable. 4.6 Association Message Limit Procedures Using the stream flow/message limit functionality described in 4.5 it is possible for a receiver to limit the sender in a way the receiver thinks is appropriate. For an overall (per association) byte based limit the receiver can make use of the rwnd field in SACK-chunks. An overall message based limit is provided by the 'Association Message Limit Request'. This can be useful to make better use of message oriented pools (e.g. mbufs) and to limit the delivery time for messages. The procedures defined here are broken down into two sides: o The receiver side or peer requesting the limit. And, o the sender side or peer that MUST honor the limit request. The receiver's side is mainly involved with sending the request to the peer. The sender's side is where the actual limitations and flow message limit will occur. Note in section 4.6.1 the receiver is the endpoint that sends the ASCONF, INIT or INIT-ACK message, in section 4.6.2 the sender side is the endpoint that receives the ASCONF, INIT or INIT-ACK message. 4.6.1 Receiver side procedures The same rules as given in 4.5.1 for the stream limits apply to the association limit. 4.6.2 Sender side procedures When an 'Association Message Limit Request' is received the sender MUST record this limit for the association. After a limit is set for the association the sender MUST obey the following rules when sending to the peer on that stream: S1) When the upper layer application attempts to send to the peer on a stream, check the number of outstanding messages sent on the association (for which not all TSNs are passed by the Cumulative TSN Acknowledgment) versus the limit for this association. Stewart et.al. [Page 25] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 S2) If the number of outstanding messages is greater or equal to the current limit, the SCTP endpoint MUST reject the request and NOT queue the data for transmit. Instead it SHOULD return an error to the sending application. S3) If the number of outstanding messages is less than the current limit, accept the data for transmit and queue the user data (increasing the number of outstanding messages on this association). S4) Any time the association limit is updated to the value of 0, consider this indication to mean no limit is in effect for the Association. 5. Security Considerations The ADD/DELETE of an IP address to an existing association does provide an additional mechanism by which existing associations can be hijacked. Where the attacker is able to intercept and or alter the packets sent and received in an association, the use of this feature MAY increase the ease with which an association may be overtaken. This threat SHOULD be considered when deploying a version of SCTP that makes use of this feature. The IP Authentication Header [RFC2402] SHOULD be used when the threat environment requires stronger integrity protections, but does not require confidentiality. It should be noted that in the base SCTP specification [RFC2960], if an attacker is able to intercept and or alter packets, even without this feature it is possible to hijack an existing association; please refer to Section 11 of RFC2960. 6. IANA considerations This document defines the following new SCTP parameters, chunks and errors: - Two new chunk types, - Eight parameter types, and - Three new SCTP error causes. 7. Acknowledgments The authors wish to thank Jon Berger, John Loughney, Ivan Arias Rodriguez, Marshall Rose, and Chip Sharp for their invaluable comments. 8. Authors' Addresses Randall R. Stewart Tel: +1-815-477-2127 Cisco Systems, Inc. EMail: rrs@cisco.com 8745 W. Higgins Road, Suite 200 Chicago, Ill 60631 USA Micheal A. Ramalho Tel: +1-732-809-0188 Stewart et.al. [Page 26] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 Cisco Systems, Inc. EMail: mramalho@cisco.com 1802 Rue de la Porte Wall Township, NJ 0719-3784 Qiaobing Xie Tel: +1-847-632-3028 Motorola, Inc. EMail: qxie1@email.mot.com 1501 W. Shure Drive, #2309 Arlington Heights, IL 60004 USA Michael Tuexen Tel: +49-89-722-47210 SIEMENS AG EMail: Michael.Tuexen@icn.siemens.de Hofmannstr. 51 81359 Munich Germany Ian Rytina Tel: +61-3-9301-6164 Ericsson Australia EMail:ian.rytina@ericsson.com 37/360 Elizabeth Street Melbourne, Victoria 3000 Australia Phil Conrad Tel: +1-215-204-7910 Netlab Research Group Email conrad@acm.org Dept. Of Computer & Information Sciences Temple University 1805 N Broad St. Philadelphia, PA 19122 USA 9. References [RFC2960] R. R. Stewart, Q. Xie, K. Morneault, C. Sharp, H. J. Schwarzbauer, T. Taylor, I. Rytina, M. Kalla, L. Zhang, and, V. Paxson, "Stream Control Transmission Protocol," RFC 2960, October 2000. [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", RFC 2026, October 1996. [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2402] S. Kent, R. Atkinson., "IP Authentication Header.", RFC 2402, November 1998. This Internet Draft expires in 6 months from May, 2001 Stewart et.al. [Page 27] Internet Draft draft-ietf-tsvwg-addip-sctp-02 June 2001 Stewart et.al. [Page 28]