idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 2 instances of too long lines in the document, the longest one being 1 character in excess of 72. ** The abstract seems to contain references ([RFC2960]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 989 has weird spacing: '...er will treat...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some circumstances an ASCONF-ACK may exceed the path MTU and in such a case IP fragmentation should be used to transmit the chunk. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 24, 2003) is 7513 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC2960' on line 49 == Unused Reference: '1' is defined on line 1167, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2402 (ref. '3') (Obsoleted by RFC 4302, RFC 4305) ** Obsolete normative reference: RFC 2434 (ref. '4') (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2960 (ref. '5') (Obsoleted by RFC 4960) Summary: 7 errors (**), 0 flaws (~~), 8 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft M. Ramalho 4 Expires: March 24, 2004 Cisco Systems, Inc. 5 Q. Xie 6 Motorola, Inc. 7 M. Tuexen 8 Univ. of Applied Sciences Muenster 9 I. Rytina 10 M. Belinchon 11 Ericsson 12 P. Conrad 13 Temple University 14 September 24, 2003 16 Stream Control Transmission Protocol (SCTP) Dynamic Address 17 Reconfiguration 18 draft-ietf-tsvwg-addip-sctp-08.txt 20 Status of this Memo 22 This document is an Internet-Draft and is in full conformance with 23 all provisions of Section 10 of RFC2026. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF), its areas, and its working groups. Note that other 27 groups may also distribute working documents as Internet-Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at http:// 35 www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on March 24, 2004. 42 Copyright Notice 44 Copyright (C) The Internet Society (2003). All Rights Reserved. 46 Abstract 48 This document describes extensions to the Stream Control Transmission 49 Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP 50 address information on an existing association. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . 4 56 3. Additional Chunks and Parameters . . . . . . . . . . . . . . 5 57 3.1 New Chunk Types . . . . . . . . . . . . . . . . . . . . . . 5 58 3.1.1 Address Configuration Change Chunk (ASCONF) . . . . . . . . 5 59 3.1.2 Address Configuration Acknowledgment Chunk (ASCONF-ACK) . . 6 60 3.2 New Parameter Types . . . . . . . . . . . . . . . . . . . . 7 61 3.2.1 Add IP Address . . . . . . . . . . . . . . . . . . . . . . . 8 62 3.2.2 Delete IP Address . . . . . . . . . . . . . . . . . . . . . 9 63 3.2.3 Error Cause Indication . . . . . . . . . . . . . . . . . . . 10 64 3.2.4 Set Primary IP Address . . . . . . . . . . . . . . . . . . . 10 65 3.2.5 Success Indication . . . . . . . . . . . . . . . . . . . . . 11 66 3.2.6 Adaptation Layer Indication . . . . . . . . . . . . . . . . 12 67 3.3 New Error Causes . . . . . . . . . . . . . . . . . . . . . . 13 68 3.3.1 Error Cause: Request to Delete Last Remaining IP Address . . 13 69 3.3.2 Error Cause: Operation Refused Due to Resource Shortage . . 14 70 3.3.3 Error Cause: Request to Delete Source IP Address . . . . . . 15 71 3.3.4 Error Cause: Association Aborted due to illegal 72 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . . . . 15 73 3.3.5 Error Cause: Request refused - no authorization. . . . . . . 16 74 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 17 75 4.1 ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . . 17 76 4.1.1 Congestion Control of ASCONF Chunks . . . . . . . . . . . . 18 77 4.2 Upon reception of an ASCONF Chunk. . . . . . . . . . . . . . 19 78 4.3 General rules for address manipulation . . . . . . . . . . . 21 79 4.3.1 A special case for OOTB ABORT chunks . . . . . . . . . . . . 25 80 4.3.2 A special case for changing an address. . . . . . . . . . . 25 81 4.4 Setting of the primary address . . . . . . . . . . . . . . . 26 82 5. Security Considerations . . . . . . . . . . . . . . . . . . 27 83 6. IANA considerations . . . . . . . . . . . . . . . . . . . . 28 84 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 29 85 References . . . . . . . . . . . . . . . . . . . . . . . . . 30 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 30 87 A. Abstract Address Handling . . . . . . . . . . . . . . . . . 33 88 A.1 General remarks . . . . . . . . . . . . . . . . . . . . . . 33 89 A.2 Generalized endpoints . . . . . . . . . . . . . . . . . . . 33 90 A.3 Associations . . . . . . . . . . . . . . . . . . . . . . . . 34 91 A.4 Relationship with RFC 2960 . . . . . . . . . . . . . . . . . 35 92 A.5 Rules for address manipulation . . . . . . . . . . . . . . . 35 93 Intellectual Property and Copyright Statements . . . . . . . 36 95 1. Introduction 97 To extend the utility and application scenarios of SCTP, this 98 document introduces optional extensions that provide SCTP with the 99 ability to: 101 1. reconfigure IP address information on an existing association. 103 2. set the remote primary path. 105 3. exchange adaptation layer information during association setup. 107 These extensions enable SCTP to be utilized in the following 108 applications: 110 1. For computational or networking platforms that allow addition/ 111 removal of physical interface cards this feature can provide a 112 graceful method to add to the interfaces of an existing 113 association. For IPv6 this feature allows renumbering of existing 114 associations. 116 2. This provides a method for an endpoint to request that its peer 117 set its primary destination address. This can be useful when an 118 address is about to be deleted, or when an endpoint has some 119 predetermined knowledge about which is the preferred address to 120 receive SCTP packets upon. 122 3. This feature can be used to extend the usability of SCTP without 123 modifying it by allowing endpoints to exchange some information 124 during association setup. 126 2. Conventions 128 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 129 SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when 130 they appear in this document, are to be interpreted as described in 131 RFC2119 [2]. 133 3. Additional Chunks and Parameters 135 This section describes the addition of two new chunks and, six new 136 parameters to allow: 138 o Dynamic addition of IP Addresses to an association. 140 o Dynamic deletion of IP Addresses from an association. 142 o A request to set the primary address the peer will use when 143 sending to an endpoint. 145 Additionally, this section describes three new error causes that 146 support these new chunks and parameters. 148 3.1 New Chunk Types 150 This section defines two new chunk types that will be used to 151 transfer the control information reliably. Table 1 illustrates the 152 two new chunk types. 154 Chunk Type Chunk Name 155 -------------------------------------------------------------- 156 0xC1 Address Configuration Change Chunk (ASCONF) 157 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 159 Table 1: Address Configuration Chunks 161 It should be noted that the ASCONF Chunk format requires the receiver 162 to report to the sender if it does not understand the ASCONF Chunk. 163 This is accomplished by setting the upper bits in the chunk type as 164 described in RFC2960 [5] section 3.2. Note that the upper two bits in 165 the ASCONF Chunk are set to one. As defined in RFC2960 [5] section 166 3.2, setting these upper bits in this manner will cause the receiver 167 that does not understand this chunk to skip the chunk and continue 168 processing, but report in an Operation Error Chunk using the 169 'Unrecognized Chunk Type' cause of error. 171 3.1.1 Address Configuration Change Chunk (ASCONF) 173 This chunk is used to communicate to the remote endpoint one of the 174 configuration change requests that MUST be acknowledged. The 175 information carried in the ASCONF Chunk uses the form of a 176 Type-Length-Value (TLV), as described in "3.2.1 Optional/ 177 Variable-length Parameter Format" in RFC2960 [5], forall variable 178 parameters. 180 0 1 2 3 181 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 | Type = 0xC1 | Chunk Flags | Chunk Length | 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 | Serial Number | 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 | Address Parameter | 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 | ASCONF Parameter #1 | 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 \ \ 192 / .... / 193 \ \ 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 | ASCONF Parameter #N | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 198 Serial Number : 32 bits (unsigned integer) 200 This value represents a Serial Number for the ASCONF Chunk. The valid 201 range of Serial Number is from 0 to 4294967295 (2**32 - 1). Serial 202 Numbers wrap back to 0 after reaching 4294967295. 204 Address Parameter : 8 or 20 bytes (depending on type) 206 This field contains an address parameter, either IPv6 or IPv4, from 207 RFC2960 [5]. The address is an address of the sender of the ASCONF 208 chunk, the address MUST be considered part of the association by the 209 peer endpoint (the receiver of the ASCONF chunk). This field may be 210 used by the receiver of the ASCONF to help in finding the 211 association. This parameter MUST be present in every ASCONF message 212 i.e. it is a mandatory TLV parameter. 214 Note the host name address parameter is NOT allowed and MUST be 215 ignored if received in any ASCONF message. 217 ASCONF Parameter: TLV format 219 Each Address configuration change is represented by a TLV parameter 220 as defined in Section 3.2. One or more requests may be present in an 221 ASCONF Chunk. 223 3.1.2 Address Configuration Acknowledgment Chunk (ASCONF-ACK) 225 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 226 the reception. It carries zero or more results for any ASCONF 227 Parameters that were processed by the receiver. 229 0 1 2 3 230 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 | Type = 0x80 | Chunk Flags | Chunk Length | 233 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 | Serial Number | 235 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 | ASCONF Parameter Response#1 | 237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 238 \ \ 239 / .... / 240 \ \ 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 | ASCONF Parameter Response#N | 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 Serial Number : 32 bits (unsigned integer) 247 This value represents the Serial Number for the received ASCONF Chunk 248 that is acknowledged by this chunk. This value is copied from the 249 received ASCONF Chunk. 251 ASCONF Parameter Response : TLV format 253 The ASCONF Parameter Response is used in the ASCONF-ACK to report 254 status of ASCONF processing. By default, if a responding endpoint 255 does not include any Error Cause, a success is indicated. Thus a 256 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 257 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 258 (set to 8) and the Serial Number. 260 3.2 New Parameter Types 262 The six new parameters added follow the format defined in section 263 3.2.1 of RFC2960 [5]. Table 2 and 3 describes the parameters. 265 Address Configuration Parameters Parameter Type 266 ------------------------------------------------- 267 Set Primary Address 0xC004 268 Adaption Layer Indication 0xC006 270 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 272 Address Configuration Parameters Parameter Type 273 ------------------------------------------------- 274 Add IP Address 0xC001 275 Delete IP Address 0xC002 276 Set Primary Address 0xC004 278 Table 2: Parameters used in ASCONF Parameter 280 Address Configuration Parameters Parameter Type 281 ------------------------------------------------- 282 Error Cause Indication 0xC003 283 Success Indication 0xC005 285 Table 3: Parameters used in ASCONF Parameter Response 287 3.2.1 Add IP Address 289 0 1 2 3 290 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 292 | Type = 0xC001 | Length = Variable | 293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 | ASCONF-Request Correlation ID | 295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 296 | Address Parameter | 297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 299 ASCONF-Request Correlation ID: 32 bits 301 This is an opaque integer assigned by the sender to identify each 302 request parameter. It is in host byte order and is only meaningful to 303 the sender. The receiver of the ASCONF Chunk will copy this 32 bit 304 value into the ASCONF Response Correlation ID field of the ASCONF-ACK 305 response parameter. The sender of the ASCONF can use this same value 306 in the ASCONF-ACK to find which request the response is for. 308 Address Parameter: TLV 310 This field contains an IPv4 or IPv6 address parameter as described in 311 3.3.2.1 of RFC2960 [5]. The complete TLV is wrapped within this 312 parameter. It informs the receiver that the address specified is to 313 be added to the existing association. 315 An example TLV requesting that the IPv4 address 10.1.1.1 be added to 316 the association would look as follows: 318 +--------------------------------+ 319 | Type=0xC001 | Length = 16 | 320 +--------------------------------+ 321 | C-ID = 0x01023474 | 322 +--------------------------------+ 323 | Type=5 | Length = 8 | 324 +----------------+---------------+ 325 | Value=0x0a010101 | 326 +----------------+---------------+ 328 Valid Chunk Appearance 330 The Add IP Address parameter may only appear in the ASCONF Chunk 331 type. 333 3.2.2 Delete IP Address 335 0 1 2 3 336 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 338 | Type =0xC002 | Length = Variable | 339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 340 | ASCONF-Request Correlation ID | 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 | Address Parameter | 343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 345 ASCONF-Request Correlation ID: 32 bits 347 This is an opaque integer assigned by the sender to identify each 348 request parameter. It is in host byte order and is only meaningful to 349 the sender. The receiver of the ASCONF Chunk will copy this 32 bit 350 value into the ASCONF Response Correlation ID field of the ASCONF-ACK 351 response parameter. The sender of the ASCONF can use this same value 352 in the ASCONF-ACK to find which request the response is for. 354 Address Parameter: TLV 356 This field contains an IPv4 or IPv6 address parameter as described in 357 3.3.2.1 of RFC2960 [5]. The complete TLV is wrapped within this 358 parameter. It informs the receiver that the address specified is to 359 be removed from the existing association. 361 An example TLV deleting the IPv4 address 10.1.1.1 from an existing 362 association would look as follows: 364 +--------------------------------+ 365 | Type=0xC002 | Length = 16 | 366 +--------------------------------+ 367 | C-ID = 0x01023476 | 368 +--------------------------------+ 369 | Type=5 | Length = 8 | 370 +----------------+---------------+ 371 | Value=0x0a010101 | 372 +----------------+---------------+ 374 Valid Chunk Appearance 376 The Delete IP Address parameter may only appear in the ASCONF Chunk 377 type. 379 3.2.3 Error Cause Indication 381 0 1 2 3 382 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 383 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 384 | Type = 0xC003 | Length = Variable | 385 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 386 | ASCONF-Response Correlation ID | 387 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 388 | Error Cause(s) or Return Info on Success | 389 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 391 ASCONF-Response Correlation ID: 32 bits 393 This is an opaque integer assigned by the sender to identify each 394 request parameter. The receiver of the ASCONF Chunk will copy this 32 395 bit value from the ASCONF-Request Correlation ID into the ASCONF 396 Response Correlation ID field so the peer can easily correlate the 397 request to this response. 399 Error Cause(s): TLV(s) 401 When reporting an error this response parameter is used to wrap one 402 or more standard error causes normally found within an SCTP 403 Operational Error or SCTP Abort (as defined in RFC2960 [5]). The 404 Error Cause(s) follow the format defined in section 3.3.10 of RFC2960 405 [5]. 407 Valid Chunk Appearance 409 The Error Cause Indication parameter may only appear in the 410 ASCONF-ACK chunk type. 412 3.2.4 Set Primary IP Address 414 0 1 2 3 415 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 416 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 417 | Type =0xC004 | Length = Variable | 418 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 419 | ASCONF-Request Correlation ID | 420 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 421 | Address Parameter | 422 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 424 ASCONF-Request Correlation ID: 32 bits 426 This is an opaque integer assigned by the sender to identify each 427 request parameter. It is in host byte order and is only meaningful to 428 the sender. The receiver of the ASCONF Chunk will copy this 32 bit 429 value into the ASCONF Response Correlation ID field of the ASCONF-ACK 430 response parameter. The sender of the ASCONF can use this same value 431 in the ASCONF-ACK to find which request the response is for. 433 Address Parameter: TLV 435 This field contains an IPv4 or IPv6 address parameter as described in 436 3.3.2.1 of RFC2960 [5]. The complete TLV is wrapped within this 437 parameter. It requests the receiver to mark the specified address as 438 the primary address to send data to (see section 5.1.2 of RFC2960 439 [5]). The receiver MAY mark this as its primary upon receiving this 440 request. 442 An example TLV requesting that the IPv4 address 10.1.1.1 be made the 443 primary destination address would look as follows: 445 +--------------------------------+ 446 | Type=0xC004 | Length = 16 | 447 +--------------------------------+ 448 | C-ID = 0x01023479 | 449 +--------------------------------+ 450 | Type=5 | Length = 8 | 451 +----------------+---------------+ 452 | Value=0x0a010101 | 453 +----------------+---------------+ 455 Valid Chunk Appearance 457 The Set Primary IP Address parameter may appear in the ASCONF Chunk, 458 the INIT, or the INIT-ACK chunk type. The inclusion of this parameter 459 in the INIT or INIT-ACK can be used to indicate an initial preference 460 of primary address. 462 3.2.5 Success Indication 464 0 1 2 3 465 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 467 | Type = 0xC005 | Length = 8 | 468 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 469 | ASCONF-Response Correlation ID | 470 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 472 By default if a responding endpoint does not report an error for any 473 requested TLV, a success is implicitly indicated. Thus a sender of a 474 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 475 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 476 and the Serial Number. 478 The responding endpoint MAY also choose to explicitly report a 479 success for a requested TLV, by returning a success report ASCONF 480 Parameter Response. 482 ASCONF-Response Correlation ID: 32 bits 484 This is an opaque integer assigned by the sender to identify each 485 request parameter. The receiver of the ASCONF Chunk will copy this 32 486 bit value from the ASCONF-Request Correlation ID into the ASCONF 487 Response Correlation ID field so the peer can easily correlate the 488 request to this response. 490 Valid Chunk Appearance 492 The Success Indication parameter may only appear in the ASCONF-ACK 493 chunk type. 495 3.2.6 Adaptation Layer Indication 497 0 1 2 3 498 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 499 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 500 | Type =0xC006 | Length = 8 | 501 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 502 | Adaption Code point | 503 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 505 This parameter is specified for the communication of peer upper layer 506 protocols. It is envisioned to be used for flow control and other 507 adaptation layers that require an indication to be carried in the 508 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 509 to use this parameter MUST specify a an adaption code point in an 510 appropriate RFC defining its use and meaning. This parameter SHOULD 511 NOT be examined by the receiving SCTP implementation and should be 512 passed opaquely to the upper layer protocol. 514 Valid Chunk Appearance 516 The Adaptation Layer Indication parameter may appear in INIT or 517 INIT-ACK chunk and SHOULD be passed to the receivers upper layer 518 protocol. This parameter MUST NOT appear in a ASCONF chunk. 520 3.3 New Error Causes 522 Five new Error Causes are added to the SCTP Operational Errors, 523 primarily for use in the ASCONF-ACK chunk. 525 Cause Code 526 Value Cause Code 527 --------- ---------------- 528 0x0100 Request to Delete Last Remaining IP Address. 529 0x0101 Operation Refused Due to Resource Shortage. 530 0x0102 Request to Delete Source IP Address. 531 0x0103 Association Aborted due to illegal ASCONF-ACK 532 0x0104 Request refused - no authorization. 534 Table 4: New Error Causes 536 3.3.1 Error Cause: Request to Delete Last Remaining IP Address 538 Cause of error 540 Request to Delete Last Remaining IP address: The receiver of this 541 error sent a request to delete the last IP address from its 542 association with its peer. This error indicates that the request is 543 rejected. 545 0 1 2 3 546 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 547 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 548 | Cause Code=0x0100 | Cause Length=Variable | 549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 550 \ TLV-Copied-From-ASCONF / 551 / \ 552 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 554 An example of a failed delete in an Error Cause TLV would look as 555 follows in the response ASCONF-ACK message: 557 +--------------------------------+ 558 | Type = 0xC003 | Length = 28 | 559 +----------------+---------------+ 560 | C-ID = 0x01023476 | 561 +--------------------------------+ 562 | Cause=0x0100 | Length = 20 | 563 +----------------+---------------+ 564 | Type= 0xC002 | Length = 16 | 565 +----------------+---------------+ 566 | C-ID = 0x01023476 | 567 +--------------------------------+ 568 | Type=0x0005 | Length = 8 | 569 +----------------+---------------+ 570 | Value=0x0A010101 | 571 +----------------+---------------+ 573 3.3.2 Error Cause: Operation Refused Due to Resource Shortage 575 Cause of error 577 This error cause is used to report a failure by the receiver to 578 perform the requested operation due to a lack of resources. The 579 entire TLV that is refused is copied from the ASCONF into the error 580 cause. 582 0 1 2 3 583 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 584 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 585 | Cause Code=0x0101 | Cause Length=Variable | 586 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 587 \ TLV-Copied-From-ASCONF / 588 / \ 589 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 591 An example of a failed addition in an Error Cause TLV would look as 592 follows in the response ASCONF-ACK message: 594 +--------------------------------+ 595 | Type = 0xC003 | Length = 28 | 596 +--------------------------------+ 597 | C-ID = 0x01023474 | 598 +--------------------------------+ 599 | Cause=0x0101 | Length = 20 | 600 +----------------+---------------+ 601 | Type=0xC001 | Length = 16 | 602 +--------------------------------+ 603 | C-ID = 0x01023474 | 604 +--------------------------------+ 605 | Type=0x0005 | Length = 8 | 606 +----------------+---------------+ 607 | Value=0x0A010101 | 608 +----------------+---------------+ 610 3.3.3 Error Cause: Request to Delete Source IP Address 612 Cause of error 614 Request to Delete Source IP Address: The receiver of this error sent 615 a request to delete the source IP address of the ASCONF message. This 616 error indicates that the request is rejected. 618 0 1 2 3 619 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 620 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 621 | Cause Code=0x0102 | Cause Length=Variable | 622 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 623 \ TLV-Copied-From-ASCONF / 624 / \ 625 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 627 An example of a failed delete in an Error Cause TLV would look as 628 follows in the response ASCONF-ACK message: 630 +--------------------------------+ 631 | Type = 0xC003 | Length = 28 | 632 +--------------------------------+ 633 | C-ID = 0x01023476 | 634 +--------------------------------+ 635 | Cause=0x0102 | Length = 20 | 636 +----------------+---------------+ 637 | Type=0xC002 | Length = 16 | 638 +----------------+---------------+ 639 | C-ID = 0x01023476 | 640 +--------------------------------+ 641 | Type=0x0005 | Length = 8 | 642 +----------------+---------------+ 643 | Value=0x0A010101 | 644 +----------------+---------------+ 646 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 647 packet from the address being deleted, unless the endpoint does not 648 do proper source address selection. 650 3.3.4 Error Cause: Association Aborted due to illegal ASCONF-ACK 652 This error is to be included in an ABORT that is generated due to the 653 reception of an ASCONF-ACK that was not expected but is larger than 654 the current sequence number (see Section 4.3 Rule D0 ). Note that a 655 sequence number is larger than the last acked sequence number if it 656 is either the next sequence or no more than 2^^31 greater than the 657 current sequence number. 659 0 1 2 3 660 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 661 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 662 | Cause Code=0x0103 | Cause Length=4 | 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 665 3.3.5 Error Cause: Request refused - no authorization. 667 Cause of error 669 This error cause may be included to reject a request based on local 670 security policies. 672 0 1 2 3 673 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 674 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 675 | Cause Code=0x0104 | Cause Length=Variable | 676 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 677 \ TLV-Copied-From-ASCONF / 678 / \ 679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 681 4. Procedures 683 This section will lay out the specific procedures for address 684 configuration change chunk type and its processing. 686 4.1 ASCONF Chunk Procedures 688 When an endpoint has an ASCONF signaled change to be sent to the 689 remote endpoint it should do the following: 691 A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk 692 should contain all of the TLV(s) of information necessary to be 693 sent to the remote endpoint, and unique correlation identities for 694 each request. 696 A2) A serial number should be assigned to the Chunk. The serial 697 number should be a monotonically increasing number. The serial 698 number SHOULD be initialized at the start of the association to 699 the same value as the Initial TSN and every time a new ASCONF 700 chunk is created it is incremented by one after assigning the 701 serial number to the newly created chunk . 703 A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the 704 remote peer, send the chunk. 706 A4) Start a T-4 RTO timer, using the RTO value of the selected 707 destination address (normally the primary path; see RFC2960 [5] 708 section 6.4 for details). 710 A5) When the ASCONF-ACK that acknowledges the serial number last sent 711 arrives, stop the T-4 RTO timer, and clear the appropriate 712 association and destination error counters as defined in RFC2960 713 [5] section 8.1 and 8.2. 715 A6) Process all of the TLVs within the ASCONF-ACK to find out 716 particular status information returned to the various requests 717 that were sent. Use the Correlation IDs to correlate the request 718 and the responses. 720 A7) If an error response is received for a TLV parameter, all TLVs 721 with no response before the failed TLV are considered successful 722 if not reported. All TLVs after the failed response are 723 considered unsuccessful unless a specific success indication is 724 present for the parameter. 726 A8) If there is no response(s) to specific TLV parameter(s), and no 727 failures are indicated, then all request(s) are considered 728 successful. 730 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 731 that it did not recognized the ASCONF chunk type, the sender of 732 the ASCONF MUST NOT send any further ASCONF chunks and MUST stop 733 its T-4 timer. 735 If the T-4 RTO timer expires the endpoint should do the following: 737 B1) Increment the error counters and perform path failure detection 738 on the appropriate destination address as defined in RFC2960 [5] 739 section 8.1 and 8.2. 741 B2) Increment the association error counters and perform endpoint 742 failure detection on the association as defined in RFC2960 [5] 743 section 8.1 and 8.2. 745 B3) Back-off the destination address RTO value to which the ASCONF 746 chunk was sent by doubling the RTO timer value. 748 Note: The RTO value is used in the setting of all timer types for 749 SCTP. Each destination address has a single RTO estimate. 751 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 752 alternate destination address (please refer to RFC2960 [5] section 753 6.4.1). An endpoint MUST NOT add new parameters to this chunk, it 754 MUST be the same (including its serial number) as the last ASCONF 755 sent. 757 B5) Restart the T-4 RTO timer. Note that if a different destination 758 is selected, then the RTO used will be that of the new destination 759 address. 761 Note: the total number of re-transmissions is limited by B2 above. If 762 the maximum is reached, the association will fail and enter into the 763 CLOSED state (see RFC2960 [5] section 6.4.1 for details). 765 4.1.1 Congestion Control of ASCONF Chunks 767 In defining the ASCONF Chunk transfer procedures, it is essential 768 that these transfers MUST NOT cause congestion within the network. To 769 achieve this, we place these restrictions on the transfer of ASCONF 770 Chunks: 772 R1) One and only one ASCONF Chunk MAY be in transit and 773 unacknowledged at any one time. If a sender, after sending an 774 ASCONF chunk, decides it needs to transfer another ASCONF Chunk, 775 it MUST wait until the ASCONF-ACK Chunk returns from the previous 776 ASCONF Chunk before sending a subsequent ASCONF. Note this 777 restriction binds each side, so at any time two ASCONF may be 778 in-transit on any given association (one sent from each endpoint). 780 R2) An ASCONF may be bundled with any other chunk type (except other 781 ASCONF Chunks). 783 R3) An ASCONF-ACK may be bundled with any other chunk type except 784 other ASCONF-ACKs. 786 R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP 787 state except ESTABLISHED. 789 R5) An ASCONF MUST NOT be larger than the path MTU of the 790 destination. 792 R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some 793 circumstances an ASCONF-ACK may exceed the path MTU and in such a 794 case IP fragmentation should be used to transmit the chunk. 796 If the sender of an ASCONF Chunk receives an Operational Error 797 indicating that the ASCONF chunk type is not understood, then the 798 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 799 endpoint should also inform the upper layer application that the peer 800 endpoint does not support any of the extensions detailed in this 801 document. 803 4.2 Upon reception of an ASCONF Chunk. 805 When an endpoint receives an ASCONF Chunk from the remote peer 806 special procedures MAY be needed to identify the association the 807 ASCONF Chunk is associated with. To properly find the association the 808 following procedures should be followed: 810 L1) Use the source address and port number of the sender to attempt 811 to identify the association (i.e. use the same method defined in 812 RFC2960 [5] used for all other SCTP chunks). If found proceed to 813 rule L4. 815 L2) If the association is not found, use the address found in the 816 Address Parameter TLV combined with the port number found in the 817 SCTP common header. If found proceed to rule L4. 819 L3) If neither L1 or L2 locates the association, treat the chunk as 820 an Out Of The Blue chunk as defined in RFC2960 [5]. 822 L4) Follow the normal rules to validate the SCTP verification tag 823 found in RFC2960 [5]. 825 After identification and verification of the association, the 826 following should be performed to properly process the ASCONF Chunk: 828 C1) Compare the value of the serial number to the value the endpoint 829 stored in a new association variable 'Peer-Serial-Number'. This 830 value MUST be initialized to the Initial TSN value minus 1. 832 C2) If the value found in the serial number is equal to the 833 ('Peer-Serial-Number' + 1), the endpoint MUST: 835 V1) Process the TLVs contained within the Chunk performing the 836 appropriate actions as indicated by each TLV type. The TLVs 837 MUST be processed in order within the Chunk. For example, if 838 the sender puts 3 TLVs in one chunk, the first TLV (the one 839 closest to the Chunk Header) in the Chunk MUST be processed 840 first. The next TLV in the chunk (the middle one) MUST be 841 processed second and finally the last TLV in the Chunk MUST be 842 processed last. 844 V2) In processing the chunk, the receiver should build a response 845 message with the appropriate error TLVs, as specified in the 846 Parameter type bits for any ASCONF Parameter it does not 847 understand. To indicate an unrecognized parameter, cause type 8 848 as defined in the ERROR in 3.3.10.8 of RFC2960 [5] should be 849 used. The endpoint may also use the response to carry 850 rejections for other reasons such as resource shortages etc, 851 using the Error Cause TLV and an appropriate error condition. 853 Note: a positive response is implied if no error is indicated 854 by the sender. 856 V3) All responses MUST copy the ASCONF-Request Correlation ID 857 field received in the ASCONF parameter, from the TLV being 858 responded to, into the ASCONF-Request Correlation ID field in 859 the response parameter. 861 V4) After processing the entire Chunk, the receiver of the ASCONF 862 MUST send all TLVs for both unrecognized parameters and any 863 other status TLVs inside the ASCONF-ACK chunk that acknowledges 864 the arrival and processing of the ASCONF Chunk. 866 V5) Update the 'Peer-Serial-Number' to the value found in the 867 serial number field. 869 C3) If the value found in the serial number is equal to the value 870 stored in the 'Peer-Serial-Number', the endpoint should: 872 X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any 873 action on the TLVs parsed (since it has already performed these 874 actions). 876 X2) Build a response message with the appropriate response TLVs as 877 specified in the ASCONF Parameter type bits, for any parameter 878 it does not understand or could not process. 880 X3) After parsing the entire Chunk, it MUST send any response TLV 881 errors and status with an ASCONF-ACK chunk acknowledging the 882 arrival and processing of the ASCONF Chunk. 884 X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. 886 Note: the response to the retransmitted ASCONF MUST be the same as 887 the original response. This MAY mean an implementation must keep 888 state in order to respond with the same exact answer (including 889 resource considerations that may have made the implementation 890 refuse a request). 892 IMPLEMENTATION NOTE: As an optimization a receiver may wish to 893 save the last ASCONF-ACK for some predetermined period of time and 894 instead of re-processing the ASCONF (with the same serial number) 895 it may just re-transmit the ASCONF-ACK. It may wish to use the 896 arrival of a new serial number to discard the previously saved 897 ASCONF-ACK or any other means it may choose to expire the saved 898 ASCONF-ACK. 900 C4) Otherwise, the ASCONF Chunk is discarded since it must be either 901 a stale packet or from an attacker. A receiver of such a packet 902 MAY log the event for security purposes. 904 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the 905 source address contained in the IP header of the ASCONF being 906 responded to. 908 4.3 General rules for address manipulation 910 When building TLV parameters for the ASCONF Chunk that will add or 911 delete IP addresses the following rules should be applied: 913 D0) If an endpoint receives an ASCONF-ACK that is greater than or 914 equal to the next serial number to be used but no ASCONF chunk is 915 outstanding the endpoint MUST ABORT the association. Note that a 916 sequence number is greater than if it is no more than 2^^31-1 917 larger than the current sequence number (using serial arithmetic). 919 D1) When adding an IP address to an association, the IP address is 920 NOT considered fully added to the association until the ASCONF-ACK 921 arrives. This means that until such time as the ASCONF containing 922 the add is acknowledged the sender MUST NOT use the new IP address 923 as a source for ANY SCTP packet except on carrying an ASCONF 924 chunk. The receiver of the add IP address request may use the 925 address as a destination immediately. 927 D2) After the ASCONF-ACK of an IP address add arrives, the endpoint 928 MAY begin using the added IP address as a source address for any 929 type of SCTP chunk. 931 D3a) If an endpoint receives an Error Cause TLV indicating that the 932 IP address Add or IP address Deletion parameters was not 933 understood, the endpoint MUST consider the operation failed and 934 MUST NOT attempt to send any subsequent Add or Delete requests to 935 the peer. 937 D3b) If an endpoint receives an Error Cause TLV indicating that the 938 IP address Set Primary IP Address parameter was not understood, 939 the endpoint MUST consider the operation failed and MUST NOT 940 attempt to send any subsequent Set Primary IP Address requests to 941 the peer. 943 D4) When deleting an IP address from an association, the IP address 944 MUST be considered a valid destination address for the reception 945 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 946 as a source address for any subsequent packets. This means that 947 any datagrams that arrive before the ASCONF-ACK destined to the IP 948 address being deleted MUST be considered part of the current 949 association. One special consideration is that ABORT chunks 950 arriving destined to the IP address being deleted MUST be ignored 951 (see Section 4.3.1 for further details). 953 D5) An endpoint MUST NOT delete its last remaining IP address from an 954 association. In other words if an endpoint is NOT multi-homed it 955 MUST NOT use the delete IP address without an add IP address 956 preceding the delete parameter in the ASCONF chunk. Or if an 957 endpoint sends multiple requests to delete IP addresses it MUST 958 NOT delete all of the IP addresses that the peer has listed for 959 the requester. 961 D6) An endpoint MUST NOT set an IP header source address for an SCTP 962 packet holding the ASCONF Chunk to be the same as an address being 963 deleted by the ASCONF Chunk. 965 D7) If a request is received to delete the last remaining IP address 966 of a peer endpoint, the receiver MUST send an Error Cause TLV with 967 the error cause set to the new error code 'Request to Delete Last 968 Remaining IP Address'. The requested delete MUST NOT be performed 969 or acted upon, other than to send the ASCONF-ACK. 971 D8) If a request is received to delete an IP address which is also 972 the source address of the IP packet which contained the ASCONF 973 chunk, the receiver MUST reject this request. To reject the 974 request the receiver MUST send an Error Cause TLV set to the new 975 error code 'Request to Delete Source IP Address' (unless Rule D5 976 has also been violated, in which case the error code 'Request to 977 Delete Last Remaining IP Address' is sent). 979 D9) If an endpoint receives an ADD IP address request and does not 980 have the local resources to add this new address to the 981 association, it MUST return an Error Cause TLV set to the new 982 error code 'Operation Refused Due to Resource Shortage'. 984 D10) If an endpoint receives an 'Out of Resource' error in response 985 to its request to ADD an IP address to an association, it must 986 either ABORT the association or not consider the address part of 987 the association. In other words if the endpoint does not ABORT the 988 association, it must consider the add attempt failed and NOT use 989 this address since its peer will treat SCTP packets destined to 990 the address as Out Of The Blue packets. 992 D11) When an endpoint receiving an ASCONF to add an IP address sends 993 an 'Out of Resource' in its response, it MUST also fail any 994 subsequent add or delete requests bundled in the ASCONF. The 995 receiver MUST NOT reject an ADD and then accept a subsequent 996 DELETE of an IP address in the same ASCONF Chunk. In other words, 997 once a receiver begins failing any ADD or DELETE request, it must 998 fail all subsequent ADD or DELETE requests contained in that 999 single ASCONF. 1001 D12) When an endpoint receives a request to delete an IP address that 1002 is the current primary address, it is an implementation decision 1003 as to how that endpoint chooses the new primary address. 1005 D13) When an endpoint receives a valid request to DELETE an IP 1006 address the endpoint MUST consider the address no longer as part 1007 of the association. It MUST NOT send SCTP packets for the 1008 association to that address and it MUST treat subsequent packets 1009 received from that address as Out Of The Blue. 1011 During the time interval between sending out the ASCONF and 1012 receiving the ASCONF-ACK it MAY be possible to receive DATA chunks 1013 out of order. The following examples illustrate these problems: 1015 Endpoint-A Endpoint-Z 1016 ---------- ---------- 1017 ASCONF[Add-IP:X]------------------------------> 1018 /--ASCONF-ACK 1019 / 1020 /--------/---New DATA: 1021 / / Destination 1022 <-------------------/ / IP:X 1023 / 1024 <--------------------------/ 1026 In the above example we see a new IP address (X) being added to the 1027 Endpoint-A. However due to packet re-ordering in the network a new 1028 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 1029 confirming the add of the address to the association. 1031 A similar problem exists with the deletion of an IP address as 1032 follows: 1034 Endpoint-A Endpoint-Z 1035 ---------- ---------- 1036 /------------New DATA: 1037 / Destination 1038 / IP:X 1039 ASCONF [DEL-IP:X]---------/----------------> 1040 <-----------------/------------------ASCONF-ACK 1041 / 1042 / 1043 <-------------/ 1045 In this example we see a DATA chunk destined to the IP:X (which is 1046 about to be deleted) arriving after the deletion is complete. For the 1047 ADD case an endpoint SHOULD consider the newly adding IP address 1048 valid for the association to receive data from during the interval 1049 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1050 this new address until the ASCONF-ACK arrives but it may receive out 1051 of order data as illustrated and MUST NOT treat this data as an OOTB 1052 datagram (please see RFC2960 [5] section 8.4). It MAY drop the data 1053 silently or it MAY consider it part of the association but it MUST 1054 NOT respond with an ABORT. 1056 For the DELETE case, an endpoint MAY respond to the late arriving 1057 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1058 address for a small period of time as still valid. If it treats the 1059 DATA packet as an OOTB the peer will silently discard the ABORT 1060 (since by the time the ABORT is sent the peer will have removed the 1061 IP address from this association). If the endpoint elects to hold the 1062 IP address valid for a period of time, it MUST NOT hold it valid 1063 longer than 2 RTO intervals for the destination being removed. 1065 4.3.1 A special case for OOTB ABORT chunks 1067 Another case worth mentioning is illustrated below: 1069 Endpoint-A Endpoint-Z 1070 ---------- ---------- 1072 New DATA:------------\ 1073 Source IP:X \ 1074 \ 1075 ASCONF-REQ[DEL-IP:X]----\------------------> 1076 \ /---------ASCONF-ACK 1077 \ / 1078 \----/-----------> OOTB 1079 (Ignored <---------------------/-------------ABORT 1080 by rule D4) / 1081 <---------------------/ 1083 For this case, during the deletion of an IP address, an Abort MUST be 1084 ignored if the destination address of the Abort message is that of a 1085 destination being deleted. 1087 4.3.2 A special case for changing an address. 1089 In some instances the sender may only have one IP address in an 1090 association that is being renumbered. When this occurs, the sender 1091 may not be able to send to the peer the appropriate ADD/DELETE pair 1092 and use the old address as a source in the IP header. For this reason 1093 the sender MUST fill in the Address Parameter field with an address 1094 that is part of the association (in this case the one being deleted). 1095 This will allow the receiver to locate the association without using 1096 the source address found in the IP header. 1098 The receiver of such a chunk MUST always first use the source address 1099 found in the IP header in looking up the association. The receiver 1100 should attempt to use the address found in the Address Bytes field 1101 only if the lookup fails using the source address from the IP header. 1102 The receiver MUST reply to the source address of the packet in this 1103 case which is the new address that was added by the ASCONF (since the 1104 old address is no longer a part of the association after processing). 1106 4.4 Setting of the primary address 1108 A sender of this option may elect to send this combined with a 1109 deletion or addition of an address. A sender SHOULD only send a set 1110 primary request to an address that is already considered part of the 1111 association. In other words if a sender combines a set primary with 1112 an add of a new IP address the set primary will be discarded unless 1113 the add request is to be processed BEFORE the set primary (i.e. it 1114 precedes the set primary). 1116 A request to set primary MAY also appear in an INIT or INIT-ACK 1117 chunk. This can give advice to the peer endpoint as to which of its 1118 addresses the sender of the INIT or INIT-ACK would prefer to be used 1119 as the primary address. 1121 The request to set an address as the primary path is an option the 1122 receiver SHOULD perform. It is considered advice to the receiver of 1123 the best destination address to use in sending SCTP packets (in the 1124 requesters view). If a request arrives that asks the receiver to set 1125 an address as primary that does not exist, the receiver should NOT 1126 honor the request, leaving its existing primary address unchanged. 1128 5. Security Considerations 1130 The ADD/DELETE of an IP address to an existing association does 1131 provide an additional mechanism by which existing associations can be 1132 hijacked. Where the attacker is able to intercept and or alter the 1133 packets sent and received in an association, the use of this feature 1134 MAY increase the ease with which an association may be overtaken. 1135 This threat SHOULD be considered when deploying a version of SCTP 1136 that makes use of this feature. The IP Authentication Header RFC2402 1137 [3] SHOULD be used when the threat environment requires stronger 1138 integrity protections, but does not require confidentiality. It 1139 should be noted that in the base SCTP specification RFC2960 [5], if 1140 an attacker is able to intercept and or alter packets, even without 1141 this feature it is possible to hijack an existing association; please 1142 refer to Section 11 of RFC2960 [5]. 1144 6. IANA considerations 1146 This document defines the following new SCTP parameters, chunks and 1147 errors: 1149 o Two new chunk types, 1151 o Six parameter types, and 1153 o Three new SCTP error causes. 1155 This document also defines a Adaption code point. The adaption code 1156 point is a 32 bit interger that is assigned by IANA through an IETF 1157 Consensus action as defined in RFC2434 [4]. 1159 7. Acknowledgments 1161 The authors wish to thank Jon Berger, Greg Kendall, Peter Lei, John 1162 Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, and Chip 1163 Sharp for their invaluable comments. 1165 References 1167 [1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 1168 9, RFC 2026, October 1996. 1170 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 1171 Levels", BCP 14, RFC 2119, March 1997. 1173 [3] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, 1174 November 1998. 1176 [4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 1177 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 1179 [5] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, 1180 H., Taylor, T., Rytina, I., Kalla, M., Zhang, L. and V. Paxson, 1181 "Stream Control Transmission Protocol", RFC 2960, October 2000. 1183 Authors' Addresses 1185 Randall R. Stewart 1186 Cisco Systems, Inc. 1187 8725 West Higgins Road 1188 Suite 300 1189 Chicago, IL 60631 1190 USA 1192 Phone: +1-815-477-2127 1193 EMail: rrs@cisco.com 1195 Michael A. Ramalho 1196 Cisco Systems, Inc. 1197 1802 Rue de la Porte 1198 Wall Township, NJ 07719-3784 1199 USA 1201 Phone: +1.732.449.5762 1202 EMail: mramalho@cisco.com 1203 Qiaobing Xie 1204 Motorola, Inc. 1205 1501 W. Shure Drive, #2309 1206 Arlington Heights, IL 60004 1207 USA 1209 Phone: +1-847-632-3028 1210 EMail: qxie1@email.mot.com 1212 Michael Tuexen 1213 Univ. of Applied Sciences Muenster 1214 Stegerwaldstr. 39 1215 48565 Steinfurt 1216 Germany 1218 EMail: tuexen@fh-muenster.de 1220 Ian Rytina 1221 Ericsson 1222 37/360 Elizabeth Street 1223 Melbourne Victoria 1224 Australia 1226 Phone: +61-3-9301-6164 1227 EMail: ian.rytina@ericsson.com 1229 Maria-Carmen Belinchon 1230 Ericsson 1232 Spain 1234 Phone: 1235 EMail: emecbv@madrid.es.eu.ericsson.se 1236 Phillip T. Conrad 1237 Temple University 1238 CIS Department 1239 Room 303, Computer Building (038-24) 1240 1805 N. Broad St. 1241 Philadelphia, PA 19122 1242 US 1244 Phone: +1 215 204 7910 1245 EMail: conrad@acm.org 1246 URI: http://www.cis.temple.edu/~conrad 1248 Appendix A. Abstract Address Handling 1250 A.1 General remarks 1252 The following text provides a working definition of the endpoint 1253 notion to discuss address reconfiguration. It is not intended to 1254 restrict implementations in any way, its goal is to provide as set of 1255 definitions only. Using these definitions should make a discussion 1256 about address issues easier. 1258 A.2 Generalized endpoints 1260 A generalized endpoint is a pair of a set of IP addresses and a port 1261 number at any given point of time. The precise definition is as 1262 follows: 1264 A generalized endpoint gE at time t is given by 1266 gE(t) = ({IP1, ..., IPn}, Port) 1268 where {IP1, ..., IPn} is a non empty set of IP addresses. 1270 Please note that the dynamic addition and deletion of IP-addresses 1271 described in this document allows the set of IP-addresses of a 1272 generalized endpoint to be changed at some point of time. The port 1273 number can never be changed. 1275 The set of IP addresses of a generalized endpoint gE at a time t is 1276 defined as 1278 Addr(gE)(t) = {IP1, ..., IPn} 1280 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1282 The port number of a generalized endpoint gE is defined as 1284 Port(gE) = Port 1286 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1288 There is one fundamental rule which restricts all generalized 1289 endpoints: 1291 For two different generalized endpoints gE' and gE'' with the same 1292 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1293 Addr(gE'')(t) must be disjoint at every point of time. 1295 A.3 Associations 1297 Associations consists of two generalized endpoints and the two 1298 address sets known by the peer at any time. The precise definition is 1299 as follows: 1301 An association A between to different generalized endpoints gE' and 1302 gE'' is given by 1304 A = (gE', S', gE'', S'') 1306 where S'(t) and S''(t) are set of addresses at any time t such that 1307 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1308 subset of Addr(gE'')(t). 1310 If A = (gE', S', gE'', S'') is an association between the generalized 1311 endpoints gE' and gE'' the following notion is used: 1313 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1315 If the dependency on time is important the notion Addr(A, gE')(t) = 1316 S'(t) will be used. 1318 If A is an association between gE' and gE'' then Addr(A, gE') is the 1319 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1321 Association establishment between gE' and gE'' can be seen as: 1323 1. gE' and gE'' do exist before the association. 1325 2. If an INIT has to be send from gE' to gE'' address scoping rules 1326 and other limitations are applied to calculate the subset S' from 1327 Addr(gE'). The addresses of S' are included in the INIT chunk. 1329 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1330 rules and other limitations are applied to calculate the subset 1331 S'' from Addr(gE''). The addresses of S'' are included in the 1332 INIT-ACK chunk. 1334 4. After the handshake the association A = (gE', S', gE'', S'') has 1335 been established. 1337 5. Right after the association establishment Addr(A, gE') and 1338 Addr(A, gE'') are the addresses which have been seen on the wire 1339 during the handshake. 1341 A.4 Relationship with RFC 2960 1343 RFC2960 [5] defines the notion of an endpoint. This subsection will 1344 show that these endpoints are also (special) generalized endpoints. 1346 RFC2960 [5] has no notion of address scoping or other address 1347 handling limitations and provides no mechanism to change the 1348 addresses of an endpoint. 1350 This means that an endpoint is simply a generalized endpoint which 1351 does not depend on the time. Neither the Port nor the address list 1352 changes. 1354 During association setup no address scoping rules or other 1355 limitations will be applied. This means that for an association A 1356 between two endpoints gE' and gE'' the following is true: 1358 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1360 A.5 Rules for address manipulation 1362 The rules for address manipulation can now be stated in a simple way: 1364 1. An address can be added to a generalized endpoint gE only if this 1365 address is not an address of a different generalized endpoint 1366 with the same port number. 1368 2. An address can be added to an association A with generalized 1369 endpoint gE if it has been added to the generalized endpoint gE 1370 first. This means that the address must be an element of Addr(gE) 1371 first and then it can become an element of Addr(A, gE). But this 1372 is not necessary. If the association does not allow the 1373 reconfiguration of the addresses only Addr(gE) can be modified. 1375 3. An address can be deleted from an association A with generalized 1376 endpoint gE as long as Addr(A, gE) stays non-empty. 1378 4. An address can be deleted from an generalized endpoint gE only if 1379 it has been removed from all associations having gE as a 1380 generalized endpoint. 1382 These rules simply make sure that the rules for the endpoints and 1383 associations given above are always fulfilled. 1385 Intellectual Property Statement 1387 The IETF takes no position regarding the validity or scope of any 1388 intellectual property or other rights that might be claimed to 1389 pertain to the implementation or use of the technology described in 1390 this document or the extent to which any license under such rights 1391 might or might not be available; neither does it represent that it 1392 has made any effort to identify any such rights. Information on the 1393 IETF's procedures with respect to rights in standards-track and 1394 standards-related documentation can be found in BCP-11. Copies of 1395 claims of rights made available for publication and any assurances of 1396 licenses to be made available, or the result of an attempt made to 1397 obtain a general license or permission for the use of such 1398 proprietary rights by implementors or users of this specification can 1399 be obtained from the IETF Secretariat. 1401 The IETF invites any interested party to bring to its attention any 1402 copyrights, patents or patent applications, or other proprietary 1403 rights which may cover technology that may be required to practice 1404 this standard. Please address the information to the IETF Executive 1405 Director. 1407 Full Copyright Statement 1409 Copyright (C) The Internet Society (2003). All Rights Reserved. 1411 This document and translations of it may be copied and furnished to 1412 others, and derivative works that comment on or otherwise explain it 1413 or assist in its implementation may be prepared, copied, published 1414 and distributed, in whole or in part, without restriction of any 1415 kind, provided that the above copyright notice and this paragraph are 1416 included on all such copies and derivative works. However, this 1417 document itself may not be modified in any way, such as by removing 1418 the copyright notice or references to the Internet Society or other 1419 Internet organizations, except as needed for the purpose of 1420 developing Internet standards in which case the procedures for 1421 copyrights defined in the Internet Standards process must be 1422 followed, or as required to translate it into languages other than 1423 English. 1425 The limited permissions granted above are perpetual and will not be 1426 revoked by the Internet Society or its successors or assignees. 1428 This document and the information contained herein is provided on an 1429 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1430 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1431 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1432 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1433 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1435 Acknowledgement 1437 Funding for the RFC Editor function is currently provided by the 1438 Internet Society.