idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3667, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1358. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1335. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1342. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1348. ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line 1364), which is fine, but *also* found old RFC 2026, Section 10.4C, paragraph 1 text on line 44. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 30 longer pages, the longest (page 31) being 73 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 34 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 2 instances of too long lines in the document, the longest one being 1 character in excess of 72. ** The abstract seems to contain references ([RFC2960]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 950 has weird spacing: '...er will treat...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some circumstances an ASCONF-ACK may exceed the path MTU and in such a case IP fragmentation should be used to transmit the chunk. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 10, 2004) is 7260 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC2960' on line 49 == Unused Reference: '1' is defined on line 1131, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 1143, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2402 (ref. '3') (Obsoleted by RFC 4302, RFC 4305) ** Obsolete normative reference: RFC 2434 (ref. '4') (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2629 (ref. '5') (Obsoleted by RFC 7749) ** Obsolete normative reference: RFC 2960 (ref. '6') (Obsoleted by RFC 4960) Summary: 13 errors (**), 0 flaws (~~), 11 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft M. Ramalho 4 Expires: December 9, 2004 Cisco Systems, Inc. 5 Q. Xie 6 Motorola, Inc. 7 M. Tuexen 8 Univ. of Applied Sciences Muenster 9 P. Conrad 10 University of Delaware 11 June 10, 2004 13 Stream Control Transmission Protocol (SCTP) Dynamic Address 14 Reconfiguration 15 draft-ietf-tsvwg-addip-sctp-09.txt 17 Status of this Memo 19 By submitting this Internet-Draft, I certify that any applicable 20 patent or other IPR claims of which I am aware have been disclosed, 21 and any of which I become aware will be disclosed, in accordance with 22 RFC 3668. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as 27 Internet-Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on December 9, 2004. 42 Copyright Notice 44 Copyright (C) The Internet Society (2004). All Rights Reserved. 46 Abstract 48 This document describes extensions to the Stream Control Transmission 49 Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP 50 address information on an existing association. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 3. Additional Chunks and Parameters . . . . . . . . . . . . . . . 5 57 3.1 New Chunk Types . . . . . . . . . . . . . . . . . . . . . 5 58 3.1.1 Address Configuration Change Chunk (ASCONF) . . . . . 5 59 3.1.2 Address Configuration Acknowledgment Chunk 60 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 6 61 3.2 New Parameter Types . . . . . . . . . . . . . . . . . . . 7 62 3.2.1 Add IP Address . . . . . . . . . . . . . . . . . . . . 8 63 3.2.2 Delete IP Address . . . . . . . . . . . . . . . . . . 9 64 3.2.3 Error Cause Indication . . . . . . . . . . . . . . . . 10 65 3.2.4 Set Primary IP Address . . . . . . . . . . . . . . . . 11 66 3.2.5 Success Indication . . . . . . . . . . . . . . . . . . 12 67 3.2.6 Adaptation Layer Indication . . . . . . . . . . . . . 12 68 3.3 New Error Causes . . . . . . . . . . . . . . . . . . . . . 13 69 3.3.1 Error Cause: Request to Delete Last Remaining IP 70 Address . . . . . . . . . . . . . . . . . . . . . . . 13 71 3.3.2 Error Cause: Operation Refused Due to Resource 72 Shortage . . . . . . . . . . . . . . . . . . . . . . . 14 73 3.3.3 Error Cause: Request to Delete Source IP Address . . . 15 74 3.3.4 Error Cause: Association Aborted due to illegal 75 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 16 76 3.3.5 Error Cause: Request refused - no authorization. . . . 16 77 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 18 78 4.1 ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 18 79 4.1.1 Congestion Control of ASCONF Chunks . . . . . . . . . 19 80 4.2 Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 20 81 4.3 General rules for address manipulation . . . . . . . . . . 22 82 4.3.1 A special case for OOTB ABORT chunks . . . . . . . . . 25 83 4.3.2 A special case for changing an address. . . . . . . . 25 84 4.4 Setting of the primary address . . . . . . . . . . . . . . 26 85 5. Security Considerations . . . . . . . . . . . . . . . . . . . 27 86 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 28 87 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 29 88 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 89 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 29 90 A. Abstract Address Handling . . . . . . . . . . . . . . . . . . 31 91 A.1 General remarks . . . . . . . . . . . . . . . . . . . . . 31 92 A.2 Generalized endpoints . . . . . . . . . . . . . . . . . . 31 93 A.3 Associations . . . . . . . . . . . . . . . . . . . . . . . 32 94 A.4 Relationship with RFC 2960 . . . . . . . . . . . . . . . . 32 95 A.5 Rules for address manipulation . . . . . . . . . . . . . . 33 96 Intellectual Property and Copyright Statements . . . . . . . . 34 98 1. Introduction 100 To extend the utility and application scenarios of SCTP, this 101 document introduces optional extensions that provide SCTP with the 102 ability to: 104 1. reconfigure IP address information on an existing association. 105 2. set the remote primary path. 106 3. exchange adaptation layer information during association setup. 108 These extensions enable SCTP to be utilized in the following 109 applications: 111 1. For computational or networking platforms that allow addition/ 112 removal of physical interface cards this feature can provide a 113 graceful method to add to the interfaces of an existing 114 association. For IPv6 this feature allows renumbering of 115 existing associations. 116 2. This provides a method for an endpoint to request that its peer 117 set its primary destination address. This can be useful when an 118 address is about to be deleted, or when an endpoint has some 119 predetermined knowledge about which is the preferred address to 120 receive SCTP packets upon. 121 3. This feature can be used to extend the usability of SCTP without 122 modifying it by allowing endpoints to exchange some information 123 during association setup. 125 2. Conventions 127 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 128 SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when 129 they appear in this document, are to be interpreted as described in 130 RFC2119 [2]. 132 3. Additional Chunks and Parameters 134 This section describes the addition of two new chunks and, six new 135 parameters to allow: 137 o Dynamic addition of IP Addresses to an association. 138 o Dynamic deletion of IP Addresses from an association. 139 o A request to set the primary address the peer will use when 140 sending to an endpoint. 142 Additionally, this section describes three new error causes that 143 support these new chunks and parameters. 145 3.1 New Chunk Types 147 This section defines two new chunk types that will be used to 148 transfer the control information reliably. Table 1 illustrates the 149 two new chunk types. 151 Chunk Type Chunk Name 152 -------------------------------------------------------------- 153 0xC1 Address Configuration Change Chunk (ASCONF) 154 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 156 Table 1: Address Configuration Chunks 158 It should be noted that the ASCONF Chunk format requires the receiver 159 to report to the sender if it does not understand the ASCONF Chunk. 160 This is accomplished by setting the upper bits in the chunk type as 161 described in RFC2960 [6] section 3.2. Note that the upper two bits 162 in the ASCONF Chunk are set to one. As defined in RFC2960 [6] 163 section 3.2, setting these upper bits in this manner will cause the 164 receiver that does not understand this chunk to skip the chunk and 165 continue processing, but report in an Operation Error Chunk using the 166 'Unrecognized Chunk Type' cause of error. 168 3.1.1 Address Configuration Change Chunk (ASCONF) 170 This chunk is used to communicate to the remote endpoint one of the 171 configuration change requests that MUST be acknowledged. The 172 information carried in the ASCONF Chunk uses the form of a 173 Type-Length-Value (TLV), as described in "3.2.1 Optional/ 174 Variable-length Parameter Format" in RFC2960 [6], for all variable 175 parameters. 177 0 1 2 3 178 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 179 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 | Type = 0xC1 | Chunk Flags | Chunk Length | 181 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 | Serial Number | 183 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 | Address Parameter | 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 | ASCONF Parameter #1 | 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 \ \ 189 / .... / 190 \ \ 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 192 | ASCONF Parameter #N | 193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 Serial Number : 32 bits (unsigned integer) 197 This value represents a Serial Number for the ASCONF Chunk. The 198 valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). 199 Serial Numbers wrap back to 0 after reaching 4294967295. 201 Address Parameter : 8 or 20 bytes (depending on type) 203 This field contains an address parameter, either IPv6 or IPv4, from 204 RFC2960 [6]. The address is an address of the sender of the ASCONF 205 chunk, the address MUST be considered part of the association by the 206 peer endpoint (the receiver of the ASCONF chunk). This field may be 207 used by the receiver of the ASCONF to help in finding the 208 association. This parameter MUST be present in every ASCONF message 209 i.e. it is a mandatory TLV parameter. 211 Note the host name address parameter is NOT allowed and MUST be 212 ignored if received in any ASCONF message. 214 ASCONF Parameter: TLV format 216 Each Address configuration change is represented by a TLV parameter 217 as defined in Section 3.2. One or more requests may be present in an 218 ASCONF Chunk. 220 3.1.2 Address Configuration Acknowledgment Chunk (ASCONF-ACK) 222 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 223 the reception. It carries zero or more results for any ASCONF 224 Parameters that were processed by the receiver. 226 0 1 2 3 227 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 | Type = 0x80 | Chunk Flags | Chunk Length | 230 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 231 | Serial Number | 232 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 233 | ASCONF Parameter Response#1 | 234 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 235 \ \ 236 / .... / 237 \ \ 238 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 | ASCONF Parameter Response#N | 240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 Serial Number : 32 bits (unsigned integer) 244 This value represents the Serial Number for the received ASCONF Chunk 245 that is acknowledged by this chunk. This value is copied from the 246 received ASCONF Chunk. 248 ASCONF Parameter Response : TLV format 250 The ASCONF Parameter Response is used in the ASCONF-ACK to report 251 status of ASCONF processing. By default, if a responding endpoint 252 does not include any Error Cause, a success is indicated. Thus a 253 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 254 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 255 (set to 8) and the Serial Number. 257 3.2 New Parameter Types 259 The six new parameters added follow the format defined in section 260 3.2.1 of RFC2960 [6]. Table 2 and 3 describes the parameters. 262 Address Configuration Parameters Parameter Type 263 ------------------------------------------------- 264 Set Primary Address 0xC004 265 Adaption Layer Indication 0xC006 267 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 269 Address Configuration Parameters Parameter Type 270 ------------------------------------------------- 271 Add IP Address 0xC001 272 Delete IP Address 0xC002 273 Set Primary Address 0xC004 275 Table 2: Parameters used in ASCONF Parameter 277 Address Configuration Parameters Parameter Type 278 ------------------------------------------------- 279 Error Cause Indication 0xC003 280 Success Indication 0xC005 282 Table 3: Parameters used in ASCONF Parameter Response 284 Any parameter that appears where it is not allowed (for example a 285 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 286 responded to with an ABORT by the receiver of the invalid parameter. 288 3.2.1 Add IP Address 290 0 1 2 3 291 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 | Type = 0xC001 | Length = Variable | 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 295 | ASCONF-Request Correlation ID | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 | Address Parameter | 298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 300 ASCONF-Request Correlation ID: 32 bits 302 This is an opaque integer assigned by the sender to identify each 303 request parameter. It is in host byte order and is only meaningful 304 to the sender. The receiver of the ASCONF Chunk will copy this 32 305 bit value into the ASCONF Response Correlation ID field of the 306 ASCONF-ACK response parameter. The sender of the ASCONF can use this 307 same value in the ASCONF-ACK to find which request the response is 308 for. 310 Address Parameter: TLV 312 This field contains an IPv4 or IPv6 address parameter as described in 313 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 314 parameter. It informs the receiver that the address specified is to 315 be added to the existing association. 317 An example TLV requesting that the IPv4 address 10.1.1.1 be added to 318 the association would look as follows: 320 +--------------------------------+ 321 | Type=0xC001 | Length = 16 | 322 +--------------------------------+ 323 | C-ID = 0x01023474 | 324 +--------------------------------+ 325 | Type=5 | Length = 8 | 326 +----------------+---------------+ 327 | Value=0x0a010101 | 328 +----------------+---------------+ 330 Valid Chunk Appearance 332 The Add IP Address parameter may only appear in the ASCONF Chunk 333 type. 335 3.2.2 Delete IP Address 337 0 1 2 3 338 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 340 | Type =0xC002 | Length = Variable | 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 | ASCONF-Request Correlation ID | 343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 344 | Address Parameter | 345 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 347 ASCONF-Request Correlation ID: 32 bits 349 This is an opaque integer assigned by the sender to identify each 350 request parameter. It is in host byte order and is only meaningful 351 to the sender. The receiver of the ASCONF Chunk will copy this 32 352 bit value into the ASCONF Response Correlation ID field of the 353 ASCONF-ACK response parameter. The sender of the ASCONF can use this 354 same value in the ASCONF-ACK to find which request the response is 355 for. 357 Address Parameter: TLV 359 This field contains an IPv4 or IPv6 address parameter as described in 360 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 361 parameter. It informs the receiver that the address specified is to 362 be removed from the existing association. 364 An example TLV deleting the IPv4 address 10.1.1.1 from an existing 365 association would look as follows: 367 +--------------------------------+ 368 | Type=0xC002 | Length = 16 | 369 +--------------------------------+ 370 | C-ID = 0x01023476 | 371 +--------------------------------+ 372 | Type=5 | Length = 8 | 373 +----------------+---------------+ 374 | Value=0x0a010101 | 375 +----------------+---------------+ 377 Valid Chunk Appearance 379 The Delete IP Address parameter may only appear in the ASCONF Chunk 380 type. 382 3.2.3 Error Cause Indication 384 0 1 2 3 385 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 | Type = 0xC003 | Length = Variable | 388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 389 | ASCONF-Response Correlation ID | 390 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 391 | Error Cause(s) or Return Info on Success | 392 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 394 ASCONF-Response Correlation ID: 32 bits 396 This is an opaque integer assigned by the sender to identify each 397 request parameter. The receiver of the ASCONF Chunk will copy this 398 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 399 Response Correlation ID field so the peer can easily correlate the 400 request to this response. 402 Error Cause(s): TLV(s) 404 When reporting an error this response parameter is used to wrap one 405 or more standard error causes normally found within an SCTP 406 Operational Error or SCTP Abort (as defined in RFC2960 [6]). The 407 Error Cause(s) follow the format defined in section 3.3.10 of RFC2960 408 [6]. 410 Valid Chunk Appearance 411 The Error Cause Indication parameter may only appear in the 412 ASCONF-ACK chunk type. 414 3.2.4 Set Primary IP Address 416 0 1 2 3 417 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 418 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 419 | Type =0xC004 | Length = Variable | 420 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 421 | ASCONF-Request Correlation ID | 422 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 423 | Address Parameter | 424 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 426 ASCONF-Request Correlation ID: 32 bits 428 This is an opaque integer assigned by the sender to identify each 429 request parameter. It is in host byte order and is only meaningful 430 to the sender. The receiver of the ASCONF Chunk will copy this 32 431 bit value into the ASCONF Response Correlation ID field of the 432 ASCONF-ACK response parameter. The sender of the ASCONF can use this 433 same value in the ASCONF-ACK to find which request the response is 434 for. 436 Address Parameter: TLV 438 This field contains an IPv4 or IPv6 address parameter as described in 439 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 440 parameter. It requests the receiver to mark the specified address as 441 the primary address to send data to (see section 5.1.2 of RFC2960 442 [6]). The receiver MAY mark this as its primary upon receiving this 443 request. 445 An example TLV requesting that the IPv4 address 10.1.1.1 be made the 446 primary destination address would look as follows: 448 +--------------------------------+ 449 | Type=0xC004 | Length = 16 | 450 +--------------------------------+ 451 | C-ID = 0x01023479 | 452 +--------------------------------+ 453 | Type=5 | Length = 8 | 454 +----------------+---------------+ 455 | Value=0x0a010101 | 456 +----------------+---------------+ 458 Valid Chunk Appearance 459 The Set Primary IP Address parameter may appear in the ASCONF Chunk, 460 the INIT, or the INIT-ACK chunk type. The inclusion of this 461 parameter in the INIT or INIT-ACK can be used to indicate an initial 462 preference of primary address. 464 3.2.5 Success Indication 466 0 1 2 3 467 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 468 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 469 | Type = 0xC005 | Length = 8 | 470 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 471 | ASCONF-Response Correlation ID | 472 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 474 By default if a responding endpoint does not report an error for any 475 requested TLV, a success is implicitly indicated. Thus a sender of a 476 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 477 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 478 and the Serial Number. 480 The responding endpoint MAY also choose to explicitly report a 481 success for a requested TLV, by returning a success report ASCONF 482 Parameter Response. 484 ASCONF-Response Correlation ID: 32 bits 486 This is an opaque integer assigned by the sender to identify each 487 request parameter. The receiver of the ASCONF Chunk will copy this 488 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 489 Response Correlation ID field so the peer can easily correlate the 490 request to this response. 492 Valid Chunk Appearance 494 The Success Indication parameter may only appear in the ASCONF-ACK 495 chunk type. 497 3.2.6 Adaptation Layer Indication 499 0 1 2 3 500 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 501 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 502 | Type =0xC006 | Length = 8 | 503 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 504 | Adaption Code point | 505 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 507 This parameter is specified for the communication of peer upper layer 508 protocols. It is envisioned to be used for flow control and other 509 adaptation layers that require an indication to be carried in the 510 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 511 to use this parameter MUST specify a an adaption code point in an 512 appropriate RFC defining its use and meaning. This parameter SHOULD 513 NOT be examined by the receiving SCTP implementation and should be 514 passed opaquely to the upper layer protocol. 516 Valid Chunk Appearance 518 The Adaptation Layer Indication parameter may appear in INIT or 519 INIT-ACK chunk and SHOULD be passed to the receivers upper layer 520 protocol. This parameter MUST NOT appear in a ASCONF chunk. 522 3.3 New Error Causes 524 Five new Error Causes are added to the SCTP Operational Errors, 525 primarily for use in the ASCONF-ACK chunk. 527 Cause Code 528 Value Cause Code 529 --------- ---------------- 530 0x0100 Request to Delete Last Remaining IP Address. 531 0x0101 Operation Refused Due to Resource Shortage. 532 0x0102 Request to Delete Source IP Address. 533 0x0103 Association Aborted due to illegal ASCONF-ACK 534 0x0104 Request refused - no authorization. 536 Table 4: New Error Causes 538 3.3.1 Error Cause: Request to Delete Last Remaining IP Address 540 Cause of error 542 Request to Delete Last Remaining IP address: The receiver of this 543 error sent a request to delete the last IP address from its 544 association with its peer. This error indicates that the request is 545 rejected. 547 0 1 2 3 548 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 550 | Cause Code=0x0100 | Cause Length=Variable | 551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 552 \ TLV-Copied-From-ASCONF / 553 / \ 554 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 556 An example of a failed delete in an Error Cause TLV would look as 557 follows in the response ASCONF-ACK message: 559 +--------------------------------+ 560 | Type = 0xC003 | Length = 28 | 561 +----------------+---------------+ 562 | C-ID = 0x01023476 | 563 +--------------------------------+ 564 | Cause=0x0100 | Length = 20 | 565 +----------------+---------------+ 566 | Type= 0xC002 | Length = 16 | 567 +----------------+---------------+ 568 | C-ID = 0x01023476 | 569 +--------------------------------+ 570 | Type=0x0005 | Length = 8 | 571 +----------------+---------------+ 572 | Value=0x0A010101 | 573 +----------------+---------------+ 575 3.3.2 Error Cause: Operation Refused Due to Resource Shortage 577 Cause of error 579 This error cause is used to report a failure by the receiver to 580 perform the requested operation due to a lack of resources. The 581 entire TLV that is refused is copied from the ASCONF into the error 582 cause. 584 0 1 2 3 585 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 586 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 587 | Cause Code=0x0101 | Cause Length=Variable | 588 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 589 \ TLV-Copied-From-ASCONF / 590 / \ 591 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 593 An example of a failed addition in an Error Cause TLV would look as 594 follows in the response ASCONF-ACK message: 596 +--------------------------------+ 597 | Type = 0xC003 | Length = 28 | 598 +--------------------------------+ 599 | C-ID = 0x01023474 | 600 +--------------------------------+ 601 | Cause=0x0101 | Length = 20 | 602 +----------------+---------------+ 603 | Type=0xC001 | Length = 16 | 604 +--------------------------------+ 605 | C-ID = 0x01023474 | 606 +--------------------------------+ 607 | Type=0x0005 | Length = 8 | 608 +----------------+---------------+ 609 | Value=0x0A010101 | 610 +----------------+---------------+ 612 3.3.3 Error Cause: Request to Delete Source IP Address 614 Cause of error 616 Request to Delete Source IP Address: The receiver of this error sent 617 a request to delete the source IP address of the ASCONF message. 618 This error indicates that the request is rejected. 620 0 1 2 3 621 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 622 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 623 | Cause Code=0x0102 | Cause Length=Variable | 624 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 625 \ TLV-Copied-From-ASCONF / 626 / \ 627 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 629 An example of a failed delete in an Error Cause TLV would look as 630 follows in the response ASCONF-ACK message: 632 +--------------------------------+ 633 | Type = 0xC003 | Length = 28 | 634 +--------------------------------+ 635 | C-ID = 0x01023476 | 636 +--------------------------------+ 637 | Cause=0x0102 | Length = 20 | 638 +----------------+---------------+ 639 | Type=0xC002 | Length = 16 | 640 +----------------+---------------+ 641 | C-ID = 0x01023476 | 642 +--------------------------------+ 643 | Type=0x0005 | Length = 8 | 644 +----------------+---------------+ 645 | Value=0x0A010101 | 646 +----------------+---------------+ 648 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 649 packet from the address being deleted, unless the endpoint does not 650 do proper source address selection. 652 3.3.4 Error Cause: Association Aborted due to illegal ASCONF-ACK 654 This error is to be included in an ABORT that is generated due to the 655 reception of an ASCONF-ACK that was not expected but is larger than 656 the current sequence number (see Section 4.3 Rule D0 ). Note that a 657 sequence number is larger than the last acked sequence number if it 658 is either the next sequence or no more than 2^^31-1 greater than the 659 current sequence number. 661 0 1 2 3 662 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 664 | Cause Code=0x0103 | Cause Length=4 | 665 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 667 3.3.5 Error Cause: Request refused - no authorization. 669 Cause of error 671 This error cause may be included to reject a request based on local 672 security policies. 674 0 1 2 3 675 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 676 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 677 | Cause Code=0x0104 | Cause Length=Variable | 678 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 679 \ TLV-Copied-From-ASCONF / 680 / \ 681 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 683 4. Procedures 685 This section will lay out the specific procedures for address 686 configuration change chunk type and its processing. 688 4.1 ASCONF Chunk Procedures 690 When an endpoint has an ASCONF signaled change to be sent to the 691 remote endpoint it should do the following: 693 A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk 694 should contain all of the TLV(s) of information necessary to be 695 sent to the remote endpoint, and unique correlation identities for 696 each request. 697 A2) A serial number should be assigned to the Chunk. The serial 698 number should be a monotonically increasing number. The serial 699 number MUST be initialized at the start of the association to the 700 same value as the Initial TSN and every time a new ASCONF chunk is 701 created it is incremented by one after assigning the serial number 702 to the newly created chunk . 703 A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the 704 remote peer, send the chunk. 705 A4) Start a T-4 RTO timer, using the RTO value of the selected 706 destination address (normally the primary path; see RFC2960 [6] 707 section 6.4 for details). 708 A5) When the ASCONF-ACK that acknowledges the serial number last sent 709 arrives, stop the T-4 RTO timer, and clear the appropriate 710 association and destination error counters as defined in RFC2960 711 [6] section 8.1 and 8.2. 712 A6) Process all of the TLVs within the ASCONF-ACK to find out 713 particular status information returned to the various requests 714 that were sent. Use the Correlation IDs to correlate the request 715 and the responses. 716 A7) If an error response is received for a TLV parameter, all TLVs 717 with no response before the failed TLV are considered successful 718 if not reported. All TLVs after the failed response are 719 considered unsuccessful unless a specific success indication is 720 present for the parameter. 721 A8) If there is no response(s) to specific TLV parameter(s), and no 722 failures are indicated, then all request(s) are considered 723 successful. 724 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 725 that it did not recognize the ASCONF chunk type, the sender of the 726 ASCONF MUST NOT send any further ASCONF chunks and MUST stop its 727 T-4 timer. 729 If the T-4 RTO timer expires the endpoint should do the following: 731 B1) Increment the error counters and perform path failure detection 732 on the appropriate destination address as defined in RFC2960 [6] 733 section 8.1 and 8.2. 734 B2) Increment the association error counters and perform endpoint 735 failure detection on the association as defined in RFC2960 [6] 736 section 8.1 and 8.2. 737 B3) Back-off the destination address RTO value to which the ASCONF 738 chunk was sent by doubling the RTO timer value. 739 Note: The RTO value is used in the setting of all timer types for 740 SCTP. Each destination address has a single RTO estimate. 741 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 742 alternate destination address (please refer to RFC2960 [6] section 743 6.4.1). An endpoint MUST NOT add new parameters to this chunk, it 744 MUST be the same (including its serial number) as the last ASCONF 745 sent. 746 B5) Restart the T-4 RTO timer. Note that if a different destination 747 is selected, then the RTO used will be that of the new destination 748 address. 750 Note: the total number of re-transmissions is limited by B2 above. 751 If the maximum is reached, the association will fail and enter into 752 the CLOSED state (see RFC2960 [6] section 6.4.1 for details). 754 4.1.1 Congestion Control of ASCONF Chunks 756 In defining the ASCONF Chunk transfer procedures, it is essential 757 that these transfers MUST NOT cause congestion within the network. 758 To achieve this, we place these restrictions on the transfer of 759 ASCONF Chunks: 761 R1) One and only one ASCONF Chunk MAY be in transit and 762 unacknowledged at any one time. If a sender, after sending an 763 ASCONF chunk, decides it needs to transfer another ASCONF Chunk, 764 it MUST wait until the ASCONF-ACK Chunk returns from the previous 765 ASCONF Chunk before sending a subsequent ASCONF. Note this 766 restriction binds each side, so at any time two ASCONF may be 767 in-transit on any given association (one sent from each endpoint). 768 R2) An ASCONF may be bundled with any other chunk type (except other 769 ASCONF Chunks). 770 R3) An ASCONF-ACK may be bundled with any other chunk type except 771 other ASCONF-ACKs. 772 R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP 773 state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and 774 SHUTDOWN-SENT. 775 R5) An ASCONF MUST NOT be larger than the path MTU of the 776 destination. 778 R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some 779 circumstances an ASCONF-ACK may exceed the path MTU and in such a 780 case IP fragmentation should be used to transmit the chunk. 782 If the sender of an ASCONF Chunk receives an Operational Error 783 indicating that the ASCONF chunk type is not understood, then the 784 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 785 endpoint should also inform the upper layer application that the peer 786 endpoint does not support any of the extensions detailed in this 787 document. 789 4.2 Upon reception of an ASCONF Chunk. 791 When an endpoint receives an ASCONF Chunk from the remote peer 792 special procedures MAY be needed to identify the association the 793 ASCONF Chunk is associated with. To properly find the association 794 the following procedures should be followed: 796 L1) Use the source address and port number of the sender to attempt 797 to identify the association (i.e. use the same method defined in 798 RFC2960 [6] used for all other SCTP chunks). If found proceed to 799 rule L4. 800 L2) If the association is not found, use the address found in the 801 Address Parameter TLV combined with the port number found in the 802 SCTP common header. If found proceed to rule L4. 803 L3) If neither L1 or L2 locates the association, treat the chunk as 804 an Out Of The Blue chunk as defined in RFC2960 [6]. 805 L4) Follow the normal rules to validate the SCTP verification tag 806 found in RFC2960 [6]. 808 After identification and verification of the association, the 809 following should be performed to properly process the ASCONF Chunk: 811 C1) Compare the value of the serial number to the value the endpoint 812 stored in a new association variable 'Peer-Serial-Number'. This 813 value MUST be initialized to the Initial TSN value minus 1. 814 C2) If the value found in the serial number is equal to the 815 ('Peer-Serial-Number' + 1), the endpoint MUST: 817 V1) Process the TLVs contained within the Chunk performing the 818 appropriate actions as indicated by each TLV type. The TLVs 819 MUST be processed in order within the Chunk. For example, if 820 the sender puts 3 TLVs in one chunk, the first TLV (the one 821 closest to the Chunk Header) in the Chunk MUST be processed 822 first. The next TLV in the chunk (the middle one) MUST be 823 processed second and finally the last TLV in the Chunk MUST be 824 processed last. 826 V2) In processing the chunk, the receiver should build a response 827 message with the appropriate error TLVs, as specified in the 828 Parameter type bits for any ASCONF Parameter it does not 829 understand. To indicate an unrecognized parameter, cause type 830 8 as defined in the ERROR in 3.3.10.8 of RFC2960 [6] should be 831 used. The endpoint may also use the response to carry 832 rejections for other reasons such as resource shortages etc, 833 using the Error Cause TLV and an appropriate error condition. 834 Note: a positive response is implied if no error is indicated 835 by the sender. 836 V3) All responses MUST copy the ASCONF-Request Correlation ID 837 field received in the ASCONF parameter, from the TLV being 838 responded to, into the ASCONF-Request Correlation ID field in 839 the response parameter. 840 V4) After processing the entire Chunk, the receiver of the ASCONF 841 MUST send all TLVs for both unrecognized parameters and any 842 other status TLVs inside the ASCONF-ACK chunk that acknowledges 843 the arrival and processing of the ASCONF Chunk. 844 V5) Update the 'Peer-Serial-Number' to the value found in the 845 serial number field. 846 C3) If the value found in the serial number is equal to the value 847 stored in the 'Peer-Serial-Number', the endpoint should: 849 X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any 850 action on the TLVs parsed (since it has already performed these 851 actions). 852 X2) Build a response message with the appropriate response TLVs as 853 specified in the ASCONF Parameter type bits, for any parameter 854 it does not understand or could not process. 855 X3) After parsing the entire Chunk, it MUST send any response TLV 856 errors and status with an ASCONF-ACK chunk acknowledging the 857 arrival and processing of the ASCONF Chunk. 858 X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. 859 Note: the response to the retransmitted ASCONF MUST be the same as 860 the original response. This MAY mean an implementation must keep 861 state in order to respond with the same exact answer (including 862 resource considerations that may have made the implementation 863 refuse a request). 864 IMPLEMENTATION NOTE: As an optimization a receiver may wish to 865 save the last ASCONF-ACK for some predetermined period of time and 866 instead of re-processing the ASCONF (with the same serial number) 867 it may just re-transmit the ASCONF-ACK. It may wish to use the 868 arrival of a new serial number to discard the previously saved 869 ASCONF-ACK or any other means it may choose to expire the saved 870 ASCONF-ACK. 872 C4) Otherwise, the ASCONF Chunk is discarded since it must be either 873 a stale packet or from an attacker. A receiver of such a packet 874 MAY log the event for security purposes. 875 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the 876 source address contained in the IP header of the ASCONF being 877 responded to. 879 4.3 General rules for address manipulation 881 When building TLV parameters for the ASCONF Chunk that will add or 882 delete IP addresses the following rules should be applied: 884 D0) If an endpoint receives an ASCONF-ACK that is greater than or 885 equal to the next serial number to be used but no ASCONF chunk is 886 outstanding the endpoint MUST ABORT the association. Note that a 887 sequence number is greater than if it is no more than 2^^31-1 888 larger than the current sequence number (using serial arithmetic). 889 D1) When adding an IP address to an association, the IP address is 890 NOT considered fully added to the association until the ASCONF-ACK 891 arrives. This means that until such time as the ASCONF containing 892 the add is acknowledged the sender MUST NOT use the new IP address 893 as a source for ANY SCTP packet except on carrying an ASCONF 894 chunk. The receiver of the add IP address request may use the 895 address as a destination immediately. 896 D2) After the ASCONF-ACK of an IP address add arrives, the endpoint 897 MAY begin using the added IP address as a source address for any 898 type of SCTP chunk. 899 D3a) If an endpoint receives an Error Cause TLV indicating that the 900 IP address Add or IP address Deletion parameters was not 901 understood, the endpoint MUST consider the operation failed and 902 MUST NOT attempt to send any subsequent Add or Delete requests to 903 the peer. 904 D3b) If an endpoint receives an Error Cause TLV indicating that the 905 IP address Set Primary IP Address parameter was not understood, 906 the endpoint MUST consider the operation failed and MUST NOT 907 attempt to send any subsequent Set Primary IP Address requests to 908 the peer. 909 D4) When deleting an IP address from an association, the IP address 910 MUST be considered a valid destination address for the reception 911 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 912 as a source address for any subsequent packets. This means that 913 any datagrams that arrive before the ASCONF-ACK destined to the IP 914 address being deleted MUST be considered part of the current 915 association. One special consideration is that ABORT chunks 916 arriving destined to the IP address being deleted MUST be ignored 917 (see Section 4.3.1 for further details). 919 D5) An endpoint MUST NOT delete its last remaining IP address from an 920 association. In other words if an endpoint is NOT multi-homed it 921 MUST NOT use the delete IP address without an add IP address 922 preceding the delete parameter in the ASCONF chunk. Or if an 923 endpoint sends multiple requests to delete IP addresses it MUST 924 NOT delete all of the IP addresses that the peer has listed for 925 the requester. 926 D6) An endpoint MUST NOT set an IP header source address for an SCTP 927 packet holding the ASCONF Chunk to be the same as an address being 928 deleted by the ASCONF Chunk. 929 D7) If a request is received to delete the last remaining IP address 930 of a peer endpoint, the receiver MUST send an Error Cause TLV with 931 the error cause set to the new error code 'Request to Delete Last 932 Remaining IP Address'. The requested delete MUST NOT be performed 933 or acted upon, other than to send the ASCONF-ACK. 934 D8) If a request is received to delete an IP address which is also 935 the source address of the IP packet which contained the ASCONF 936 chunk, the receiver MUST reject this request. To reject the 937 request the receiver MUST send an Error Cause TLV set to the new 938 error code 'Request to Delete Source IP Address' (unless Rule D5 939 has also been violated, in which case the error code 'Request to 940 Delete Last Remaining IP Address' is sent). 941 D9) If an endpoint receives an ADD IP address request and does not 942 have the local resources to add this new address to the 943 association, it MUST return an Error Cause TLV set to the new 944 error code 'Operation Refused Due to Resource Shortage'. 945 D10) If an endpoint receives an 'Out of Resource' error in response 946 to its request to ADD an IP address to an association, it must 947 either ABORT the association or not consider the address part of 948 the association. In other words if the endpoint does not ABORT 949 the association, it must consider the add attempt failed and NOT 950 use this address since its peer will treat SCTP packets destined 951 to the address as Out Of The Blue packets. 952 D11) When an endpoint receiving an ASCONF to add an IP address sends 953 an 'Out of Resource' in its response, it MUST also fail any 954 subsequent add or delete requests bundled in the ASCONF. The 955 receiver MUST NOT reject an ADD and then accept a subsequent 956 DELETE of an IP address in the same ASCONF Chunk. In other words, 957 once a receiver begins failing any ADD or DELETE request, it must 958 fail all subsequent ADD or DELETE requests contained in that 959 single ASCONF. 960 D12) When an endpoint receives a request to delete an IP address that 961 is the current primary address, it is an implementation decision 962 as to how that endpoint chooses the new primary address. 963 D13) When an endpoint receives a valid request to DELETE an IP 964 address the endpoint MUST consider the address no longer as part 965 of the association. It MUST NOT send SCTP packets for the 966 association to that address and it MUST treat subsequent packets 967 received from that address as Out Of The Blue. 968 During the time interval between sending out the ASCONF and 969 receiving the ASCONF-ACK it MAY be possible to receive DATA chunks 970 out of order. The following examples illustrate these problems: 972 Endpoint-A Endpoint-Z 973 ---------- ---------- 974 ASCONF[Add-IP:X]------------------------------> 975 /--ASCONF-ACK 976 / 977 /--------/---New DATA: 978 / / Destination 979 <-------------------/ / IP:X 980 / 981 <--------------------------/ 983 In the above example we see a new IP address (X) being added to the 984 Endpoint-A. However due to packet re-ordering in the network a new 985 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 986 confirming the add of the address to the association. 988 A similar problem exists with the deletion of an IP address as 989 follows: 991 Endpoint-A Endpoint-Z 992 ---------- ---------- 993 /------------New DATA: 994 / Destination 995 / IP:X 996 ASCONF [DEL-IP:X]---------/----------------> 997 <-----------------/------------------ASCONF-ACK 998 / 999 / 1000 <-------------/ 1002 In this example we see a DATA chunk destined to the IP:X (which is 1003 about to be deleted) arriving after the deletion is complete. For 1004 the ADD case an endpoint SHOULD consider the newly adding IP address 1005 valid for the association to receive data from during the interval 1006 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1007 this new address until the ASCONF-ACK arrives but it may receive out 1008 of order data as illustrated and MUST NOT treat this data as an OOTB 1009 datagram (please see RFC2960 [6] section 8.4). It MAY drop the data 1010 silently or it MAY consider it part of the association but it MUST 1011 NOT respond with an ABORT. 1013 For the DELETE case, an endpoint MAY respond to the late arriving 1014 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1015 address for a small period of time as still valid. If it treats the 1016 DATA packet as an OOTB the peer will silently discard the ABORT 1017 (since by the time the ABORT is sent the peer will have removed the 1018 IP address from this association). If the endpoint elects to hold 1019 the IP address valid for a period of time, it MUST NOT hold it valid 1020 longer than 2 RTO intervals for the destination being removed. 1022 4.3.1 A special case for OOTB ABORT chunks 1024 Another case worth mentioning is illustrated below: 1026 Endpoint-A Endpoint-Z 1027 ---------- ---------- 1029 New DATA:------------\ 1030 Source IP:X \ 1031 \ 1032 ASCONF-REQ[DEL-IP:X]----\------------------> 1033 \ /---------ASCONF-ACK 1034 \ / 1035 \----/-----------> OOTB 1036 (Ignored <---------------------/-------------ABORT 1037 by rule D4) / 1038 <---------------------/ 1040 For this case, during the deletion of an IP address, an Abort MUST be 1041 ignored if the destination address of the Abort message is that of a 1042 destination being deleted. 1044 4.3.2 A special case for changing an address. 1046 In some instances the sender may only have one IP address in an 1047 association that is being renumbered. When this occurs, the sender 1048 may not be able to send to the peer the appropriate ADD/DELETE pair 1049 and use the old address as a source in the IP header. For this 1050 reason the sender MUST fill in the Address Parameter field with an 1051 address that is part of the association (in this case the one being 1052 deleted). This will allow the receiver to locate the association 1053 without using the source address found in the IP header. 1055 The receiver of such a chunk MUST always first use the source address 1056 found in the IP header in looking up the association. The receiver 1057 should attempt to use the address found in the Address Bytes field 1058 only if the lookup fails using the source address from the IP header. 1059 The receiver MUST reply to the source address of the packet in this 1060 case which is the new address that was added by the ASCONF (since the 1061 old address is no longer a part of the association after processing). 1063 4.4 Setting of the primary address 1065 A sender of this option may elect to send this combined with a 1066 deletion or addition of an address. A sender SHOULD only send a set 1067 primary request to an address that is already considered part of the 1068 association. In other words if a sender combines a set primary with 1069 an add of a new IP address the set primary will be discarded unless 1070 the add request is to be processed BEFORE the set primary (i.e. it 1071 precedes the set primary). 1073 A request to set primary MAY also appear in an INIT or INIT-ACK 1074 chunk. This can give advice to the peer endpoint as to which of its 1075 addresses the sender of the INIT or INIT-ACK would prefer to be used 1076 as the primary address. 1078 The request to set an address as the primary path is an option the 1079 receiver SHOULD perform. It is considered advice to the receiver of 1080 the best destination address to use in sending SCTP packets (in the 1081 requesters view). If a request arrives that asks the receiver to set 1082 an address as primary that does not exist, the receiver should NOT 1083 honor the request, leaving its existing primary address unchanged. 1085 5. Security Considerations 1087 The ADD/DELETE of an IP address to an existing association does 1088 provide an additional mechanism by which existing associations can be 1089 hijacked. Where the attacker is able to intercept and/or alter the 1090 packets sent and received in an association, the use of this feature 1091 MAY increase the ease with which an association may be overtaken. 1092 This threat SHOULD be considered when deploying a version of SCTP 1093 that makes use of this feature. The IP Authentication Header RFC2402 1094 [3] SHOULD be used when the threat environment requires stronger 1095 integrity protections, but does not require confidentiality. It 1096 should be noted that in the base SCTP specification RFC2960 [6], if 1097 an attacker is able to intercept and or alter packets, even without 1098 this feature it is possible to hijack an existing association; please 1099 refer to Section 11 of RFC2960 [6]. 1101 Future versions of this document may require use of purpose built 1102 keys (pbk). A purpose built key mechanism assure that the endpoint 1103 adding or deleting IP addresses is most likely the same endpoint that 1104 the association started with aka the sender of the INIT or INIT-ACK. 1106 6. IANA considerations 1108 This document defines the following new SCTP parameters, chunks and 1109 errors: 1111 o Two new chunk types, 1112 o Six parameter types, and 1113 o Three new SCTP error causes. 1115 This document also defines a Adaption code point. The adaption code 1116 point is a 32 bit interger that is assigned by IANA through an IETF 1117 Consensus action as defined in RFC2434 [4]. 1119 7. Acknowledgments 1121 The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter 1122 Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, 1123 and Chip Sharp for their invaluable comments. 1125 The authors would also like to give special mention to Maria-Carmen 1126 Belinchon and Ian Rytina for there early contributions to this 1127 document and their thoughtful comments. 1129 8 References 1131 [1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 1132 9, RFC 2026, October 1996. 1134 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 1135 Levels", BCP 14, RFC 2119, March 1997. 1137 [3] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, 1138 November 1998. 1140 [4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 1141 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 1143 [5] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, June 1144 1999. 1146 [6] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, 1147 H., Taylor, T., Rytina, I., Kalla, M., Zhang, L. and V. Paxson, 1148 "Stream Control Transmission Protocol", RFC 2960, October 2000. 1150 Authors' Addresses 1152 Randall R. Stewart 1153 Cisco Systems, Inc. 1154 8725 West Higgins Road 1155 Suite 300 1156 Chicago, IL 60631 1157 USA 1159 Phone: +1-815-477-2127 1160 EMail: rrs@cisco.com 1161 Michael A. Ramalho 1162 Cisco Systems, Inc. 1163 1802 Rue de la Porte 1164 Wall Township, NJ 07719-3784 1165 USA 1167 Phone: +1.732.449.5762 1168 EMail: mramalho@cisco.com 1170 Qiaobing Xie 1171 Motorola, Inc. 1172 1501 W. Shure Drive, #2309 1173 Arlington Heights, IL 60004 1174 USA 1176 Phone: +1-847-632-3028 1177 EMail: qxie1@email.mot.com 1179 Michael Tuexen 1180 Univ. of Applied Sciences Muenster 1181 Stegerwaldstr. 39 1182 48565 Steinfurt 1183 Germany 1185 EMail: tuexen@fh-muenster.de 1187 Phillip T. Conrad 1188 University of Delaware 1189 Department of Computer and Information Sciences 1190 Newark, DE 19716 1191 US 1193 Phone: +1 302 831 8622 1194 EMail: conrad@acm.org 1195 URI: http://www.cis.udel.edu/~pconrad 1197 Appendix A. Abstract Address Handling 1199 A.1 General remarks 1201 The following text provides a working definition of the endpoint 1202 notion to discuss address reconfiguration. It is not intended to 1203 restrict implementations in any way, its goal is to provide as set of 1204 definitions only. Using these definitions should make a discussion 1205 about address issues easier. 1207 A.2 Generalized endpoints 1209 A generalized endpoint is a pair of a set of IP addresses and a port 1210 number at any given point of time. The precise definition is as 1211 follows: 1213 A generalized endpoint gE at time t is given by 1215 gE(t) = ({IP1, ..., IPn}, Port) 1217 where {IP1, ..., IPn} is a non empty set of IP addresses. 1219 Please note that the dynamic addition and deletion of IP-addresses 1220 described in this document allows the set of IP-addresses of a 1221 generalized endpoint to be changed at some point of time. The port 1222 number can never be changed. 1224 The set of IP addresses of a generalized endpoint gE at a time t is 1225 defined as 1227 Addr(gE)(t) = {IP1, ..., IPn} 1229 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1231 The port number of a generalized endpoint gE is defined as 1233 Port(gE) = Port 1235 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1237 There is one fundamental rule which restricts all generalized 1238 endpoints: 1240 For two different generalized endpoints gE' and gE'' with the same 1241 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1242 Addr(gE'')(t) must be disjoint at every point of time. 1244 A.3 Associations 1246 Associations consists of two generalized endpoints and the two 1247 address sets known by the peer at any time. The precise definition 1248 is as follows: 1250 An association A between to different generalized endpoints gE' and 1251 gE'' is given by 1253 A = (gE', S', gE'', S'') 1255 where S'(t) and S''(t) are set of addresses at any time t such that 1256 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1257 subset of Addr(gE'')(t). 1259 If A = (gE', S', gE'', S'') is an association between the generalized 1260 endpoints gE' and gE'' the following notion is used: 1262 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1264 If the dependency on time is important the notion Addr(A, gE')(t) = 1265 S'(t) will be used. 1267 If A is an association between gE' and gE'' then Addr(A, gE') is the 1268 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1270 Association establishment between gE' and gE'' can be seen as: 1272 1. gE' and gE'' do exist before the association. 1273 2. If an INIT has to be send from gE' to gE'' address scoping rules 1274 and other limitations are applied to calculate the subset S' from 1275 Addr(gE'). The addresses of S' are included in the INIT chunk. 1276 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1277 rules and other limitations are applied to calculate the subset 1278 S'' from Addr(gE''). The addresses of S'' are included in the 1279 INIT-ACK chunk. 1280 4. After the handshake the association A = (gE', S', gE'', S'') has 1281 been established. 1282 5. Right after the association establishment Addr(A, gE') and 1283 Addr(A, gE'') are the addresses which have been seen on the wire 1284 during the handshake. 1286 A.4 Relationship with RFC 2960 1288 RFC2960 [6] defines the notion of an endpoint. This subsection will 1289 show that these endpoints are also (special) generalized endpoints. 1291 RFC2960 [6] has no notion of address scoping or other address 1292 handling limitations and provides no mechanism to change the 1293 addresses of an endpoint. 1295 This means that an endpoint is simply a generalized endpoint which 1296 does not depend on the time. Neither the Port nor the address list 1297 changes. 1299 During association setup no address scoping rules or other 1300 limitations will be applied. This means that for an association A 1301 between two endpoints gE' and gE'' the following is true: 1303 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1305 A.5 Rules for address manipulation 1307 The rules for address manipulation can now be stated in a simple way: 1308 1. An address can be added to a generalized endpoint gE only if this 1309 address is not an address of a different generalized endpoint 1310 with the same port number. 1311 2. An address can be added to an association A with generalized 1312 endpoint gE if it has been added to the generalized endpoint gE 1313 first. This means that the address must be an element of 1314 Addr(gE) first and then it can become an element of Addr(A, gE). 1315 But this is not necessary. If the association does not allow the 1316 reconfiguration of the addresses only Addr(gE) can be modified. 1317 3. An address can be deleted from an association A with generalized 1318 endpoint gE as long as Addr(A, gE) stays non-empty. 1319 4. An address can be deleted from an generalized endpoint gE only if 1320 it has been removed from all associations having gE as a 1321 generalized endpoint. 1323 These rules simply make sure that the rules for the endpoints and 1324 associations given above are always fulfilled. 1326 Intellectual Property Statement 1328 The IETF takes no position regarding the validity or scope of any 1329 Intellectual Property Rights or other rights that might be claimed to 1330 pertain to the implementation or use of the technology described in 1331 this document or the extent to which any license under such rights 1332 might or might not be available; nor does it represent that it has 1333 made any independent effort to identify any such rights. Information 1334 on the procedures with respect to rights in RFC documents can be 1335 found in BCP 78 and BCP 79. 1337 Copies of IPR disclosures made to the IETF Secretariat and any 1338 assurances of licenses to be made available, or the result of an 1339 attempt made to obtain a general license or permission for the use of 1340 such proprietary rights by implementers or users of this 1341 specification can be obtained from the IETF on-line IPR repository at 1342 http://www.ietf.org/ipr. 1344 The IETF invites any interested party to bring to its attention any 1345 copyrights, patents or patent applications, or other proprietary 1346 rights that may cover technology that may be required to implement 1347 this standard. Please address the information to the IETF at 1348 ietf-ipr@ietf.org. 1350 Disclaimer of Validity 1352 This document and the information contained herein are provided on an 1353 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1354 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1355 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1356 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1357 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1358 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1360 Copyright Statement 1362 Copyright (C) The Internet Society (2004). This document is subject 1363 to the rights, licenses and restrictions contained in BCP 78, and 1364 except as set forth therein, the authors retain all their rights. 1366 Acknowledgment 1368 Funding for the RFC Editor function is currently provided by the 1369 Internet Society.