idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1489. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1466. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1473. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1479. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC2960]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some circumstances an ASCONF-ACK may exceed the path MTU and in such a case IP fragmentation should be used to transmit the chunk. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 22, 2005) is 6727 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC2960' on line 49 == Unused Reference: '1' is defined on line 1249, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 1255, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 1261, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2402 (ref. '3') (Obsoleted by RFC 4302, RFC 4305) ** Obsolete normative reference: RFC 2434 (ref. '4') (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2629 (ref. '5') (Obsoleted by RFC 7749) ** Obsolete normative reference: RFC 2960 (ref. '6') (Obsoleted by RFC 4960) -- Possible downref: Normative reference to a draft: ref. '7' Summary: 9 errors (**), 0 flaws (~~), 9 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft M. Ramalho 4 Expires: May 26, 2006 Cisco Systems, Inc. 5 Q. Xie 6 Motorola, Inc. 7 M. Tuexen 8 Univ. of Applied Sciences Muenster 9 P. Conrad 10 University of Delaware 11 November 22, 2005 13 Stream Control Transmission Protocol (SCTP) Dynamic Address 14 Reconfiguration 15 draft-ietf-tsvwg-addip-sctp-13.txt 17 Status of this Memo 19 By submitting this Internet-Draft, each author represents that any 20 applicable patent or other IPR claims of which he or she is aware 21 have been or will be disclosed, and any of which he or she becomes 22 aware will be disclosed, in accordance with Section 6 of BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on May 26, 2006. 42 Copyright Notice 44 Copyright (C) The Internet Society (2005). 46 Abstract 48 This document describes extensions to the Stream Control Transmission 49 Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP 50 address information on an existing association. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5 56 3. Additional Chunks and Parameters . . . . . . . . . . . . . . . 6 57 3.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 6 58 3.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 6 59 3.1.2. Address Configuration Acknowledgment Chunk 60 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 7 61 3.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 8 62 3.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 9 63 3.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 10 64 3.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 11 65 3.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 12 66 3.2.5. Success Indication . . . . . . . . . . . . . . . . . . 13 67 3.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 14 68 3.2.7. Supported Extensions Parameter . . . . . . . . . . . . 14 69 3.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 15 70 3.3.1. Error Cause: Request to Delete Last Remaining IP 71 Address . . . . . . . . . . . . . . . . . . . . . . . 15 72 3.3.2. Error Cause: Operation Refused Due to Resource 73 Shortage . . . . . . . . . . . . . . . . . . . . . . . 16 74 3.3.3. Error Cause: Request to Delete Source IP Address . . . 17 75 3.3.4. Error Cause: Association Aborted due to illegal 76 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 18 77 3.3.5. Error Cause: Request refused - no authorization. . . . 18 78 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 20 79 4.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 20 80 4.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 21 81 4.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 22 82 4.3. General rules for address manipulation . . . . . . . . . . 24 83 4.3.1. A special case for OOTB ABORT chunks . . . . . . . . . 28 84 4.3.2. A special case for changing an address. . . . . . . . 28 85 4.4. Setting of the primary address . . . . . . . . . . . . . . 29 86 5. Security Considerations . . . . . . . . . . . . . . . . . . . 30 87 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 31 88 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32 89 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32 90 Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 33 91 A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 33 92 A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 33 93 A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 34 94 A.4. Relationship with RFC 2960 . . . . . . . . . . . . . . . . 35 95 A.5. Rules for address manipulation . . . . . . . . . . . . . . 35 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36 98 Intellectual Property and Copyright Statements . . . . . . . . . . 38 100 1. Introduction 102 To extend the utility and application scenarios of SCTP, this 103 document introduces optional extensions that provide SCTP with the 104 ability to: 106 1. reconfigure IP address information on an existing association. 108 2. set the remote primary path. 110 3. exchange adaptation layer information during association setup. 112 These extensions enable SCTP to be utilized in the following 113 applications: 115 1. For computational or networking platforms that allow addition/ 116 removal of physical interface cards this feature can provide a 117 graceful method to add to the interfaces of an existing 118 association. For IPv6 this feature allows renumbering of 119 existing associations. 121 2. This provides a method for an endpoint to request that its peer 122 set its primary destination address. This can be useful when an 123 address is about to be deleted, or when an endpoint has some 124 predetermined knowledge about which is the preferred address to 125 receive SCTP packets upon. 127 3. This feature can be used to extend the usability of SCTP without 128 modifying it by allowing endpoints to exchange some information 129 during association setup. 131 2. Conventions 133 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 134 SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when 135 they appear in this document, are to be interpreted as described in 136 RFC2119 [2]. 138 3. Additional Chunks and Parameters 140 This section describes the addition of two new chunks and, seven new 141 parameters to allow: 143 o Dynamic addition of IP Addresses to an association. 145 o Dynamic deletion of IP Addresses from an association. 147 o A request to set the primary address the peer will use when 148 sending to an endpoint. 150 Additionally, this section describes three new error causes that 151 support these new chunks and parameters. 153 3.1. New Chunk Types 155 This section defines two new chunk types that will be used to 156 transfer the control information reliably. Table 1 illustrates the 157 two new chunk types. 159 Chunk Type Chunk Name 160 -------------------------------------------------------------- 161 0xC1 Address Configuration Change Chunk (ASCONF) 162 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 164 Table 1: Address Configuration Chunks 166 It should be noted that the ASCONF Chunk format requires the receiver 167 to report to the sender if it does not understand the ASCONF Chunk. 168 This is accomplished by setting the upper bits in the chunk type as 169 described in RFC2960 [6] section 3.2. Note that the upper two bits 170 in the ASCONF Chunk are set to one. As defined in RFC2960 [6] 171 section 3.2, setting these upper bits in this manner will cause the 172 receiver that does not understand this chunk to skip the chunk and 173 continue processing, but report in an Operation Error Chunk using the 174 'Unrecognized Chunk Type' cause of error. 176 3.1.1. Address Configuration Change Chunk (ASCONF) 178 This chunk is used to communicate to the remote endpoint one of the 179 configuration change requests that MUST be acknowledged. The 180 information carried in the ASCONF Chunk uses the form of a Type- 181 Length-Value (TLV), as described in "3.2.1 Optional/Variable-length 182 Parameter Format" in RFC2960 [6], for all variable parameters. This 183 chunk MUST be sent in an authenticated way by using the mechanism 184 defined in SCTP-AUTH [7]. If this chunk is received unauthenticated 185 it MUST be silently discarded as described in SCTP-AUTH [7]. 187 0 1 2 3 188 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | Type = 0xC1 | Chunk Flags | Chunk Length | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 192 | Serial Number | 193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 194 | Address Parameter | 195 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 196 | ASCONF Parameter #1 | 197 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 198 \ \ 199 / .... / 200 \ \ 201 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 202 | ASCONF Parameter #N | 203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 205 Serial Number : 32 bits (unsigned integer) 207 This value represents a Serial Number for the ASCONF Chunk. The 208 valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). 209 Serial Numbers wrap back to 0 after reaching 4294967295. 211 Address Parameter : 8 or 20 bytes (depending on type) 213 This field contains an address parameter, either IPv6 or IPv4, from 214 RFC2960 [6]. The address is an address of the sender of the ASCONF 215 chunk, the address MUST be considered part of the association by the 216 peer endpoint (the receiver of the ASCONF chunk). This field may be 217 used by the receiver of the ASCONF to help in finding the 218 association. If the address 0.0.0.0 or ::0 is provided the receiver 219 MAY lookup the association by other information provided in the 220 packet. This parameter MUST be present in every ASCONF message i.e. 221 it is a mandatory TLV parameter. 223 Note the host name address parameter is NOT allowed and MUST be 224 ignored if received in any ASCONF message. 226 ASCONF Parameter: TLV format 228 Each Address configuration change is represented by a TLV parameter 229 as defined in Section 3.2. One or more requests may be present in an 230 ASCONF Chunk. 232 3.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK) 234 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 235 the reception. It carries zero or more results for any ASCONF 236 Parameters that were processed by the receiver. This chunk MUST be 237 sent in an authenticated way by using the mechanism defined in SCTP- 238 AUTH [7]. If this chunk is received unauthenticated it MUST be 239 silently discarded as described in SCTP-AUTH [7]. 241 0 1 2 3 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | Type = 0x80 | Chunk Flags | Chunk Length | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | Serial Number | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | ASCONF Parameter Response#1 | 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 \ \ 251 / .... / 252 \ \ 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 | ASCONF Parameter Response#N | 255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 257 Serial Number : 32 bits (unsigned integer) 259 This value represents the Serial Number for the received ASCONF Chunk 260 that is acknowledged by this chunk. This value is copied from the 261 received ASCONF Chunk. 263 ASCONF Parameter Response : TLV format 265 The ASCONF Parameter Response is used in the ASCONF-ACK to report 266 status of ASCONF processing. By default, if a responding endpoint 267 does not include any Error Cause, a success is indicated. Thus a 268 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 269 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 270 (set to 8) and the Serial Number. 272 3.2. New Parameter Types 274 The seven new parameters added follow the format defined in section 275 3.2.1 of RFC2960 [6]. Table 2, 3 and 4 describes the parameters. 277 Address Configuration Parameters Parameter Type 278 ------------------------------------------------- 279 Set Primary Address 0xC004 280 Adaption Layer Indication 0xC006 281 Supported Extensions 0x8008 282 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 284 Address Configuration Parameters Parameter Type 285 ------------------------------------------------- 286 Add IP Address 0xC001 287 Delete IP Address 0xC002 288 Set Primary Address 0xC004 290 Table 3: Parameters used in ASCONF Parameter 292 Address Configuration Parameters Parameter Type 293 ------------------------------------------------- 294 Error Cause Indication 0xC003 295 Success Indication 0xC005 297 Table 4: Parameters used in ASCONF Parameter Response 299 Any parameter that appears where it is not allowed (for example a 300 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 301 responded to with an ABORT by the receiver of the invalid parameter. 303 3.2.1. Add IP Address 305 0 1 2 3 306 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 308 | Type = 0xC001 | Length = Variable | 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | ASCONF-Request Correlation ID | 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 | Address Parameter | 313 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 315 ASCONF-Request Correlation ID: 32 bits 317 This is an opaque integer assigned by the sender to identify each 318 request parameter. It is in host byte order and is only meaningful 319 to the sender. The receiver of the ASCONF Chunk will copy this 32 320 bit value into the ASCONF Response Correlation ID field of the 321 ASCONF-ACK response parameter. The sender of the ASCONF can use this 322 same value in the ASCONF-ACK to find which request the response is 323 for. 325 Address Parameter: TLV 326 This field contains an IPv4 or IPv6 address parameter as described in 327 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 328 parameter. It informs the receiver that the address specified is to 329 be added to the existing association. This parameter MUST NOT 330 contain a broadcast or multicast address. If the address 0.0.0.0 or 331 ::0 is provided, the source address of the packet MUST be added. 333 An example TLV requesting that the IPv4 address 10.1.1.1 be added to 334 the association would look as follows: 336 +--------------------------------+ 337 | Type=0xC001 | Length = 16 | 338 +--------------------------------+ 339 | C-ID = 0x01023474 | 340 +--------------------------------+ 341 | Type=5 | Length = 8 | 342 +----------------+---------------+ 343 | Value=0x0a010101 | 344 +----------------+---------------+ 346 Valid Chunk Appearance 348 The Add IP Address parameter may only appear in the ASCONF Chunk 349 type. 351 3.2.2. Delete IP Address 353 0 1 2 3 354 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 | Type =0xC002 | Length = Variable | 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 358 | ASCONF-Request Correlation ID | 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 360 | Address Parameter | 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 363 ASCONF-Request Correlation ID: 32 bits 365 This is an opaque integer assigned by the sender to identify each 366 request parameter. It is in host byte order and is only meaningful 367 to the sender. The receiver of the ASCONF Chunk will copy this 32 368 bit value into the ASCONF Response Correlation ID field of the 369 ASCONF-ACK response parameter. The sender of the ASCONF can use this 370 same value in the ASCONF-ACK to find which request the response is 371 for. 373 Address Parameter: TLV 374 This field contains an IPv4 or IPv6 address parameter as described in 375 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 376 parameter. It informs the receiver that the address specified is to 377 be removed from the existing association. This parameter MUST NOT 378 contain a broadcast or multicast address. If the address 0.0.0.0 or 379 ::0 is provided, the source address of the packet MUST be deleted. 381 An example TLV deleting the IPv4 address 10.1.1.1 from an existing 382 association would look as follows: 384 +--------------------------------+ 385 | Type=0xC002 | Length = 16 | 386 +--------------------------------+ 387 | C-ID = 0x01023476 | 388 +--------------------------------+ 389 | Type=5 | Length = 8 | 390 +----------------+---------------+ 391 | Value=0x0a010101 | 392 +----------------+---------------+ 394 Valid Chunk Appearance 396 The Delete IP Address parameter may only appear in the ASCONF Chunk 397 type. 399 3.2.3. Error Cause Indication 401 0 1 2 3 402 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 403 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 404 | Type = 0xC003 | Length = Variable | 405 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 406 | ASCONF-Response Correlation ID | 407 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 408 | Error Cause(s) or Return Info on Success | 409 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 411 ASCONF-Response Correlation ID: 32 bits 413 This is an opaque integer assigned by the sender to identify each 414 request parameter. The receiver of the ASCONF Chunk will copy this 415 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 416 Response Correlation ID field so the peer can easily correlate the 417 request to this response. 419 Error Cause(s): TLV(s) 421 When reporting an error this response parameter is used to wrap one 422 or more standard error causes normally found within an SCTP 423 Operational Error or SCTP Abort (as defined in RFC2960 [6]). The 424 Error Cause(s) follow the format defined in section 3.3.10 of RFC2960 425 [6]. 427 Valid Chunk Appearance 429 The Error Cause Indication parameter may only appear in the ASCONF- 430 ACK chunk type. 432 3.2.4. Set Primary IP Address 434 0 1 2 3 435 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 436 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 437 | Type =0xC004 | Length = Variable | 438 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 439 | ASCONF-Request Correlation ID | 440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 441 | Address Parameter | 442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 444 ASCONF-Request Correlation ID: 32 bits 446 This is an opaque integer assigned by the sender to identify each 447 request parameter. It is in host byte order and is only meaningful 448 to the sender. The receiver of the ASCONF Chunk will copy this 32 449 bit value into the ASCONF Response Correlation ID field of the 450 ASCONF-ACK response parameter. The sender of the ASCONF can use this 451 same value in the ASCONF-ACK to find which request the response is 452 for. 454 Address Parameter: TLV 456 This field contains an IPv4 or IPv6 address parameter as described in 457 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 458 parameter. It requests the receiver to mark the specified address as 459 the primary address to send data to (see section 5.1.2 of RFC2960 460 [6]). The receiver MAY mark this as its primary upon receiving this 461 request. If the address 0.0.0.0 or ::0 is provided, the receiver MAY 462 mark the source address of the packet as its primary. 464 An example TLV requesting that the IPv4 address 10.1.1.1 be made the 465 primary destination address would look as follows: 467 +--------------------------------+ 468 | Type=0xC004 | Length = 16 | 469 +--------------------------------+ 470 | C-ID = 0x01023479 | 471 +--------------------------------+ 472 | Type=5 | Length = 8 | 473 +----------------+---------------+ 474 | Value=0x0a010101 | 475 +----------------+---------------+ 477 Valid Chunk Appearance 479 The Set Primary IP Address parameter may appear in the ASCONF Chunk, 480 the INIT, or the INIT-ACK chunk type. The inclusion of this 481 parameter in the INIT or INIT-ACK can be used to indicate an initial 482 preference of primary address. 484 3.2.5. Success Indication 486 0 1 2 3 487 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 488 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 489 | Type = 0xC005 | Length = 8 | 490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 | ASCONF-Response Correlation ID | 492 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 494 By default if a responding endpoint does not report an error for any 495 requested TLV, a success is implicitly indicated. Thus a sender of a 496 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 497 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 498 and the Serial Number. 500 The responding endpoint MAY also choose to explicitly report a 501 success for a requested TLV, by returning a success report ASCONF 502 Parameter Response. 504 ASCONF-Response Correlation ID: 32 bits 506 This is an opaque integer assigned by the sender to identify each 507 request parameter. The receiver of the ASCONF Chunk will copy this 508 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 509 Response Correlation ID field so the peer can easily correlate the 510 request to this response. 512 Valid Chunk Appearance 514 The Success Indication parameter may only appear in the ASCONF-ACK 515 chunk type. 517 3.2.6. Adaptation Layer Indication 519 0 1 2 3 520 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 521 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 522 | Type =0xC006 | Length = 8 | 523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 524 | Adaption Code point | 525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 527 This parameter is specified for the communication of peer upper layer 528 protocols. It is envisioned to be used for flow control and other 529 adaptation layers that require an indication to be carried in the 530 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 531 to use this parameter MUST specify a an adaption code point in an 532 appropriate RFC defining its use and meaning. This parameter SHOULD 533 NOT be examined by the receiving SCTP implementation and should be 534 passed opaquely to the upper layer protocol. 536 Valid Chunk Appearance 538 The Adaptation Layer Indication parameter may appear in INIT or INIT- 539 ACK chunk and SHOULD be passed to the receivers upper layer protocol. 540 This parameter MUST NOT appear in a ASCONF chunk. 542 3.2.7. Supported Extensions Parameter 544 This parameter is used at startup to identify any additional 545 extensions that the sender supports. 547 0 1 2 3 548 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 550 | Parameter Type = 0x8008 | Parameter Length | 551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 552 | CHUNK TYPE 1 | CHUNK TYPE 2 | CHUNK TYPE 3 | CHUNK TYPE 4 | 553 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 554 | .... | 555 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 556 | CHUNK TYPE N | PAD | PAD | PAD | 557 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 559 Parameter Type This field holds the IANA defined parameter type for 560 Supported Extensions Parameter. The suggested value of this field 561 for IANA is 0x8008. 563 Parameter Type Length This field holds the length of the parameter, 564 including the Parameter Type, Parameter Length and any addition 565 supported extensions. Note the length MUST NOT include any 566 padding. 568 CHUNK TYPE X This field(s) hold the chunk type of any SCTP 569 extension(s) that are currently supported by the sending SCTP. 570 Multiple chunk types may be defined listing each additional 571 feature that the sender supports. The sender MUST NOT include 572 multiple Supported Extensions Parameter within any chunk. 574 Parameter Appearence This parameter may appear in the INIT or INIT- 575 ACK chunk. This parameter MUST NOT appear in any other chunk. 577 3.3. New Error Causes 579 Five new Error Causes are added to the SCTP Operational Errors, 580 primarily for use in the ASCONF-ACK chunk. 582 Cause Code 583 Value Cause Code 584 --------- ---------------- 585 0x0100 Request to Delete Last Remaining IP Address. 586 0x0101 Operation Refused Due to Resource Shortage. 587 0x0102 Request to Delete Source IP Address. 588 0x0103 Association Aborted due to illegal ASCONF-ACK 589 0x0104 Request refused - no authorization. 591 Table 4: New Error Causes 593 3.3.1. Error Cause: Request to Delete Last Remaining IP Address 595 Cause of error 597 Request to Delete Last Remaining IP address: The receiver of this 598 error sent a request to delete the last IP address from its 599 association with its peer. This error indicates that the request is 600 rejected. 602 0 1 2 3 603 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 604 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 | Cause Code=0x0100 | Cause Length=Variable | 606 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 607 \ TLV-Copied-From-ASCONF / 608 / \ 609 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 611 An example of a failed delete in an Error Cause TLV would look as 612 follows in the response ASCONF-ACK message: 614 +--------------------------------+ 615 | Type = 0xC003 | Length = 28 | 616 +----------------+---------------+ 617 | C-ID = 0x01023476 | 618 +--------------------------------+ 619 | Cause=0x0100 | Length = 20 | 620 +----------------+---------------+ 621 | Type= 0xC002 | Length = 16 | 622 +----------------+---------------+ 623 | C-ID = 0x01023476 | 624 +--------------------------------+ 625 | Type=0x0005 | Length = 8 | 626 +----------------+---------------+ 627 | Value=0x0A010101 | 628 +----------------+---------------+ 630 3.3.2. Error Cause: Operation Refused Due to Resource Shortage 632 Cause of error 634 This error cause is used to report a failure by the receiver to 635 perform the requested operation due to a lack of resources. The 636 entire TLV that is refused is copied from the ASCONF into the error 637 cause. 639 0 1 2 3 640 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 641 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 642 | Cause Code=0x0101 | Cause Length=Variable | 643 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 644 \ TLV-Copied-From-ASCONF / 645 / \ 646 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 648 An example of a failed addition in an Error Cause TLV would look as 649 follows in the response ASCONF-ACK message: 651 +--------------------------------+ 652 | Type = 0xC003 | Length = 28 | 653 +--------------------------------+ 654 | C-ID = 0x01023474 | 655 +--------------------------------+ 656 | Cause=0x0101 | Length = 20 | 657 +----------------+---------------+ 658 | Type=0xC001 | Length = 16 | 659 +--------------------------------+ 660 | C-ID = 0x01023474 | 661 +--------------------------------+ 662 | Type=0x0005 | Length = 8 | 663 +----------------+---------------+ 664 | Value=0x0A010101 | 665 +----------------+---------------+ 667 3.3.3. Error Cause: Request to Delete Source IP Address 669 Cause of error 671 Request to Delete Source IP Address: The receiver of this error sent 672 a request to delete the source IP address of the ASCONF message. 673 This error indicates that the request is rejected. 675 0 1 2 3 676 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 677 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 678 | Cause Code=0x0102 | Cause Length=Variable | 679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 680 \ TLV-Copied-From-ASCONF / 681 / \ 682 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 684 An example of a failed delete in an Error Cause TLV would look as 685 follows in the response ASCONF-ACK message: 687 +--------------------------------+ 688 | Type = 0xC003 | Length = 28 | 689 +--------------------------------+ 690 | C-ID = 0x01023476 | 691 +--------------------------------+ 692 | Cause=0x0102 | Length = 20 | 693 +----------------+---------------+ 694 | Type=0xC002 | Length = 16 | 695 +----------------+---------------+ 696 | C-ID = 0x01023476 | 697 +--------------------------------+ 698 | Type=0x0005 | Length = 8 | 699 +----------------+---------------+ 700 | Value=0x0A010101 | 701 +----------------+---------------+ 703 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 704 packet from the address being deleted, unless the endpoint does not 705 do proper source address selection. 707 3.3.4. Error Cause: Association Aborted due to illegal ASCONF-ACK 709 This error is to be included in an ABORT that is generated due to the 710 reception of an ASCONF-ACK that was not expected but is larger than 711 the current sequence number (see Section 4.3 Rule D0 ). Note that a 712 sequence number is larger than the last acked sequence number if it 713 is either the next sequence or no more than 2^^31-1 greater than the 714 current sequence number. 716 0 1 2 3 717 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 718 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 719 | Cause Code=0x0103 | Cause Length=4 | 720 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 722 3.3.5. Error Cause: Request refused - no authorization. 724 Cause of error 726 This error cause may be included to reject a request based on local 727 security policies. 729 0 1 2 3 730 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 731 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 732 | Cause Code=0x0104 | Cause Length=Variable | 733 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 734 \ TLV-Copied-From-ASCONF / 735 / \ 736 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 738 4. Procedures 740 This section will lay out the specific procedures for address 741 configuration change chunk type and its processing. 743 4.1. ASCONF Chunk Procedures 745 When an endpoint has an ASCONF signaled change to be sent to the 746 remote endpoint it should do the following: 748 A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk 749 should contain all of the TLV(s) of information necessary to be 750 sent to the remote endpoint, and unique correlation identities for 751 each request. 753 A2) A serial number should be assigned to the Chunk. The serial 754 number should be a monotonically increasing number. The serial 755 number MUST be initialized at the start of the association to the 756 same value as the Initial TSN and every time a new ASCONF chunk is 757 created it is incremented by one after assigning the serial number 758 to the newly created chunk . 760 A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the 761 remote peer, send the chunk. 763 A4) Start a T-4 RTO timer, using the RTO value of the selected 764 destination address (normally the primary path; see RFC2960 [6] 765 section 6.4 for details). 767 A5) When the ASCONF-ACK that acknowledges the serial number last sent 768 arrives, stop the T-4 RTO timer, and clear the appropriate 769 association and destination error counters as defined in RFC2960 770 [6] section 8.1 and 8.2. 772 A6) Process all of the TLVs within the ASCONF-ACK to find out 773 particular status information returned to the various requests 774 that were sent. Use the Correlation IDs to correlate the request 775 and the responses. 777 A7) If an error response is received for a TLV parameter, all TLVs 778 with no response before the failed TLV are considered successful 779 if not reported. All TLVs after the failed response are 780 considered unsuccessful unless a specific success indication is 781 present for the parameter. 783 A8) If there is no response(s) to specific TLV parameter(s), and no 784 failures are indicated, then all request(s) are considered 785 successful. 787 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 788 that it did not recognize the ASCONF chunk type, the sender of the 789 ASCONF MUST NOT send any further ASCONF chunks and MUST stop its 790 T-4 timer. 792 If the T-4 RTO timer expires the endpoint should do the following: 794 B1) Increment the error counters and perform path failure detection 795 on the appropriate destination address as defined in RFC2960 [6] 796 section 8.1 and 8.2. 798 B2) Increment the association error counters and perform endpoint 799 failure detection on the association as defined in RFC2960 [6] 800 section 8.1 and 8.2. 802 B3) Back-off the destination address RTO value to which the ASCONF 803 chunk was sent by doubling the RTO timer value. 805 Note: The RTO value is used in the setting of all timer types for 806 SCTP. Each destination address has a single RTO estimate. 808 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 809 alternate destination address (please refer to RFC2960 [6] section 810 6.4.1). An endpoint MUST NOT add new parameters to this chunk, it 811 MUST be the same (including its serial number) as the last ASCONF 812 sent. 814 B5) Restart the T-4 RTO timer. Note that if a different destination 815 is selected, then the RTO used will be that of the new destination 816 address. 818 Note: the total number of re-transmissions is limited by B2 above. 819 If the maximum is reached, the association will fail and enter into 820 the CLOSED state (see RFC2960 [6] section 6.4.1 for details). 822 4.1.1. Congestion Control of ASCONF Chunks 824 In defining the ASCONF Chunk transfer procedures, it is essential 825 that these transfers MUST NOT cause congestion within the network. 826 To achieve this, we place these restrictions on the transfer of 827 ASCONF Chunks: 829 R1) One and only one ASCONF Chunk MAY be in transit and 830 unacknowledged at any one time. If a sender, after sending an 831 ASCONF chunk, decides it needs to transfer another ASCONF Chunk, 832 it MUST wait until the ASCONF-ACK Chunk returns from the previous 833 ASCONF Chunk before sending a subsequent ASCONF. Note this 834 restriction binds each side, so at any time two ASCONF may be in- 835 transit on any given association (one sent from each endpoint). 837 R2) An ASCONF may be bundled with any other chunk type (except other 838 ASCONF Chunks). 840 R3) An ASCONF-ACK may be bundled with any other chunk type except 841 other ASCONF-ACKs. 843 R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP 844 state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and 845 SHUTDOWN-SENT. 847 R5) An ASCONF MUST NOT be larger than the path MTU of the 848 destination. 850 R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some 851 circumstances an ASCONF-ACK may exceed the path MTU and in such a 852 case IP fragmentation should be used to transmit the chunk. 854 If the sender of an ASCONF Chunk receives an Operational Error 855 indicating that the ASCONF chunk type is not understood, then the 856 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 857 endpoint should also inform the upper layer application that the peer 858 endpoint does not support any of the extensions detailed in this 859 document. 861 4.2. Upon reception of an ASCONF Chunk. 863 When an endpoint receives an ASCONF Chunk from the remote peer 864 special procedures MAY be needed to identify the association the 865 ASCONF Chunk is associated with. To properly find the association 866 the following procedures should be followed: 868 L1) Use the source address and port number of the sender to attempt 869 to identify the association (i.e. use the same method defined in 870 RFC2960 [6] used for all other SCTP chunks). If found proceed to 871 rule L4. 873 L2) If the association is not found, use the address found in the 874 Address Parameter TLV combined with the port number found in the 875 SCTP common header. If found proceed to rule L4. 877 L3) If neither L1 or L2 locates the association, treat the chunk as 878 an Out Of The Blue chunk as defined in RFC2960 [6]. 880 L4) Follow the normal rules to validate the SCTP verification tag 881 found in RFC2960 [6]. 883 After identification and verification of the association, the 884 following should be performed to properly process the ASCONF Chunk: 886 C1) Compare the value of the serial number to the value the endpoint 887 stored in a new association variable 'Peer-Serial-Number'. This 888 value MUST be initialized to the Initial TSN value minus 1. 890 C2) If the value found in the serial number is equal to the ('Peer- 891 Serial-Number' + 1), the endpoint MUST: 893 V1) Process the TLVs contained within the Chunk performing the 894 appropriate actions as indicated by each TLV type. The TLVs 895 MUST be processed in order within the Chunk. For example, if 896 the sender puts 3 TLVs in one chunk, the first TLV (the one 897 closest to the Chunk Header) in the Chunk MUST be processed 898 first. The next TLV in the chunk (the middle one) MUST be 899 processed second and finally the last TLV in the Chunk MUST be 900 processed last. 902 V2) In processing the chunk, the receiver should build a response 903 message with the appropriate error TLVs, as specified in the 904 Parameter type bits for any ASCONF Parameter it does not 905 understand. To indicate an unrecognized parameter, cause type 906 8 as defined in the ERROR in 3.3.10.8 of RFC2960 [6] should be 907 used. The endpoint may also use the response to carry 908 rejections for other reasons such as resource shortages etc, 909 using the Error Cause TLV and an appropriate error condition. 911 Note: a positive response is implied if no error is indicated 912 by the sender. 914 V3) All responses MUST copy the ASCONF-Request Correlation ID 915 field received in the ASCONF parameter, from the TLV being 916 responded to, into the ASCONF-Request Correlation ID field in 917 the response parameter. 919 V4) After processing the entire Chunk, the receiver of the ASCONF 920 MUST send all TLVs for both unrecognized parameters and any 921 other status TLVs inside the ASCONF-ACK chunk that acknowledges 922 the arrival and processing of the ASCONF Chunk. 924 V5) Update the 'Peer-Serial-Number' to the value found in the 925 serial number field. 927 C3) If the value found in the serial number is equal to the value 928 stored in the 'Peer-Serial-Number', the endpoint should: 930 X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any 931 action on the TLVs parsed (since it has already performed these 932 actions). 934 X2) Build a response message with the appropriate response TLVs as 935 specified in the ASCONF Parameter type bits, for any parameter 936 it does not understand or could not process. 938 X3) After parsing the entire Chunk, it MUST send any response TLV 939 errors and status with an ASCONF-ACK chunk acknowledging the 940 arrival and processing of the ASCONF Chunk. 942 X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. 944 Note: the response to the retransmitted ASCONF MUST be the same as 945 the original response. This MAY mean an implementation must keep 946 state in order to respond with the same exact answer (including 947 resource considerations that may have made the implementation 948 refuse a request). 950 IMPLEMENTATION NOTE: As an optimization a receiver may wish to 951 save the last ASCONF-ACK for some predetermined period of time and 952 instead of re-processing the ASCONF (with the same serial number) 953 it may just re-transmit the ASCONF-ACK. It may wish to use the 954 arrival of a new serial number to discard the previously saved 955 ASCONF-ACK or any other means it may choose to expire the saved 956 ASCONF-ACK. 958 C4) Otherwise, the ASCONF Chunk is discarded since it must be either 959 a stale packet or from an attacker. A receiver of such a packet 960 MAY log the event for security purposes. 962 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the 963 source address contained in the IP header of the ASCONF being 964 responded to. 966 4.3. General rules for address manipulation 968 When building TLV parameters for the ASCONF Chunk that will add or 969 delete IP addresses the following rules should be applied: 971 D0) If an endpoint receives an ASCONF-ACK that is greater than or 972 equal to the next serial number to be used but no ASCONF chunk is 973 outstanding the endpoint MUST ABORT the association. Note that a 974 sequence number is greater than if it is no more than 2^^31-1 975 larger than the current sequence number (using serial arithmetic). 977 D1) When adding an IP address to an association, the IP address is 978 NOT considered fully added to the association until the ASCONF-ACK 979 arrives. This means that until such time as the ASCONF containing 980 the add is acknowledged the sender MUST NOT use the new IP address 981 as a source for ANY SCTP packet except on carrying an ASCONF 982 chunk. The receiver of the add IP address request may use the 983 address as a destination immediately. 985 D2) After the ASCONF-ACK of an IP address add arrives, the endpoint 986 MAY begin using the added IP address as a source address for any 987 type of SCTP chunk. 989 D3a) If an endpoint receives an Error Cause TLV indicating that the 990 IP address Add or IP address Deletion parameters was not 991 understood, the endpoint MUST consider the operation failed and 992 MUST NOT attempt to send any subsequent Add or Delete requests to 993 the peer. 995 D3b) If an endpoint receives an Error Cause TLV indicating that the 996 IP address Set Primary IP Address parameter was not understood, 997 the endpoint MUST consider the operation failed and MUST NOT 998 attempt to send any subsequent Set Primary IP Address requests to 999 the peer. 1001 D4) When deleting an IP address from an association, the IP address 1002 MUST be considered a valid destination address for the reception 1003 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 1004 as a source address for any subsequent packets. This means that 1005 any datagrams that arrive before the ASCONF-ACK destined to the IP 1006 address being deleted MUST be considered part of the current 1007 association. One special consideration is that ABORT chunks 1008 arriving destined to the IP address being deleted MUST be ignored 1009 (see Section 4.3.1 for further details). 1011 D5) An endpoint MUST NOT delete its last remaining IP address from an 1012 association. In other words if an endpoint is NOT multi-homed it 1013 MUST NOT use the delete IP address without an add IP address 1014 preceding the delete parameter in the ASCONF chunk. Or if an 1015 endpoint sends multiple requests to delete IP addresses it MUST 1016 NOT delete all of the IP addresses that the peer has listed for 1017 the requester. 1019 D6) An endpoint MUST NOT set an IP header source address for an SCTP 1020 packet holding the ASCONF Chunk to be the same as an address being 1021 deleted by the ASCONF Chunk. 1023 D7) If a request is received to delete the last remaining IP address 1024 of a peer endpoint, the receiver MUST send an Error Cause TLV with 1025 the error cause set to the new error code 'Request to Delete Last 1026 Remaining IP Address'. The requested delete MUST NOT be performed 1027 or acted upon, other than to send the ASCONF-ACK. 1029 D8) If a request is received to delete an IP address which is also 1030 the source address of the IP packet which contained the ASCONF 1031 chunk, the receiver MUST reject this request. To reject the 1032 request the receiver MUST send an Error Cause TLV set to the new 1033 error code 'Request to Delete Source IP Address' (unless Rule D5 1034 has also been violated, in which case the error code 'Request to 1035 Delete Last Remaining IP Address' is sent). 1037 D9) If an endpoint receives an ADD IP address request and does not 1038 have the local resources to add this new address to the 1039 association, it MUST return an Error Cause TLV set to the new 1040 error code 'Operation Refused Due to Resource Shortage'. 1042 D10) If an endpoint receives an 'Out of Resource' error in response 1043 to its request to ADD an IP address to an association, it must 1044 either ABORT the association or not consider the address part of 1045 the association. In other words if the endpoint does not ABORT 1046 the association, it must consider the add attempt failed and NOT 1047 use this address since its peer will treat SCTP packets destined 1048 to the address as Out Of The Blue packets. 1050 D11) When an endpoint receiving an ASCONF to add an IP address sends 1051 an 'Out of Resource' in its response, it MUST also fail any 1052 subsequent add or delete requests bundled in the ASCONF. The 1053 receiver MUST NOT reject an ADD and then accept a subsequent 1054 DELETE of an IP address in the same ASCONF Chunk. In other words, 1055 once a receiver begins failing any ADD or DELETE request, it must 1056 fail all subsequent ADD or DELETE requests contained in that 1057 single ASCONF. 1059 D12) When an endpoint receives a request to delete an IP address that 1060 is the current primary address, it is an implementation decision 1061 as to how that endpoint chooses the new primary address. 1063 D13) When an endpoint receives a valid request to DELETE an IP 1064 address the endpoint MUST consider the address no longer as part 1065 of the association. It MUST NOT send SCTP packets for the 1066 association to that address and it MUST treat subsequent packets 1067 received from that address as Out Of The Blue. 1069 During the time interval between sending out the ASCONF and 1070 receiving the ASCONF-ACK it MAY be possible to receive DATA chunks 1071 out of order. The following examples illustrate these problems: 1073 Endpoint-A Endpoint-Z 1074 ---------- ---------- 1075 ASCONF[Add-IP:X]------------------------------> 1076 /--ASCONF-ACK 1077 / 1078 /--------/---New DATA: 1079 / / Destination 1080 <-------------------/ / IP:X 1081 / 1082 <--------------------------/ 1084 In the above example we see a new IP address (X) being added to the 1085 Endpoint-A. However due to packet re-ordering in the network a new 1086 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 1087 confirming the add of the address to the association. 1089 A similar problem exists with the deletion of an IP address as 1090 follows: 1092 Endpoint-A Endpoint-Z 1093 ---------- ---------- 1094 /------------New DATA: 1095 / Destination 1096 / IP:X 1097 ASCONF [DEL-IP:X]---------/----------------> 1098 <-----------------/------------------ASCONF-ACK 1099 / 1100 / 1101 <-------------/ 1103 In this example we see a DATA chunk destined to the IP:X (which is 1104 about to be deleted) arriving after the deletion is complete. For 1105 the ADD case an endpoint SHOULD consider the newly adding IP address 1106 valid for the association to receive data from during the interval 1107 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1108 this new address until the ASCONF-ACK arrives but it may receive out 1109 of order data as illustrated and MUST NOT treat this data as an OOTB 1110 datagram (please see RFC2960 [6] section 8.4). It MAY drop the data 1111 silently or it MAY consider it part of the association but it MUST 1112 NOT respond with an ABORT. 1114 For the DELETE case, an endpoint MAY respond to the late arriving 1115 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1116 address for a small period of time as still valid. If it treats the 1117 DATA packet as an OOTB the peer will silently discard the ABORT 1118 (since by the time the ABORT is sent the peer will have removed the 1119 IP address from this association). If the endpoint elects to hold 1120 the IP address valid for a period of time, it MUST NOT hold it valid 1121 longer than 2 RTO intervals for the destination being removed. 1123 4.3.1. A special case for OOTB ABORT chunks 1125 Another case worth mentioning is illustrated below: 1127 Endpoint-A Endpoint-Z 1128 ---------- ---------- 1130 New DATA:------------\ 1131 Source IP:X \ 1132 \ 1133 ASCONF-REQ[DEL-IP:X]----\------------------> 1134 \ /---------ASCONF-ACK 1135 \ / 1136 \----/-----------> OOTB 1137 (Ignored <---------------------/-------------ABORT 1138 by rule D4) / 1139 <---------------------/ 1141 For this case, during the deletion of an IP address, an Abort MUST be 1142 ignored if the destination address of the Abort message is that of a 1143 destination being deleted. 1145 4.3.2. A special case for changing an address. 1147 In some instances the sender may only have one IP address in an 1148 association that is being renumbered. When this occurs, the sender 1149 may not be able to send to the peer the appropriate ADD/DELETE pair 1150 and use the old address as a source in the IP header. For this 1151 reason the sender MUST fill in the Address Parameter field with an 1152 address that is part of the association (in this case the one being 1153 deleted). This will allow the receiver to locate the association 1154 without using the source address found in the IP header. 1156 The receiver of such a chunk MUST always first use the source address 1157 found in the IP header in looking up the association. The receiver 1158 should attempt to use the address found in the Address Bytes field 1159 only if the lookup fails using the source address from the IP header. 1160 The receiver MUST reply to the source address of the packet in this 1161 case which is the new address that was added by the ASCONF (since the 1162 old address is no longer a part of the association after processing). 1164 4.4. Setting of the primary address 1166 A sender of this option may elect to send this combined with a 1167 deletion or addition of an address. A sender SHOULD only send a set 1168 primary request to an address that is already considered part of the 1169 association. In other words if a sender combines a set primary with 1170 an add of a new IP address the set primary will be discarded unless 1171 the add request is to be processed BEFORE the set primary (i.e. it 1172 precedes the set primary). 1174 A request to set primary MAY also appear in an INIT or INIT-ACK 1175 chunk. This can give advice to the peer endpoint as to which of its 1176 addresses the sender of the INIT or INIT-ACK would prefer to be used 1177 as the primary address. 1179 The request to set an address as the primary path is an option the 1180 receiver SHOULD perform. It is considered advice to the receiver of 1181 the best destination address to use in sending SCTP packets (in the 1182 requesters view). If a request arrives that asks the receiver to set 1183 an address as primary that does not exist, the receiver should NOT 1184 honor the request, leaving its existing primary address unchanged. 1186 5. Security Considerations 1188 The ADD/DELETE of an IP address to an existing association does 1189 provide an additional mechanism by which existing associations can be 1190 hijacked. 1192 This document requires the use of the authentication mechanism 1193 defined in SCTP-AUTH [7] to limit the ability of an attacker to 1194 hijack an association. Hijacking an association by using ADD/DELETE 1195 of an IP address is only possible for an attacker who is able to 1196 intercept the association setup. However, if a preconfigured shared 1197 end-point pair key is used this is not possible. For a more detailed 1198 analysis see SCTP-AUTH [7]. 1200 6. IANA considerations 1202 This document defines the following new SCTP parameters, chunks and 1203 errors: 1205 o Two new chunk types, 1207 o Seven parameter types, and 1209 o Five new SCTP error causes. 1211 One of the two new chunk types must come from the range of chunk 1212 types where the upper two bits are one, we recommend 0xC1 but any 1213 other available code point with the upper bits set is also 1214 acceptable. 1216 The second chunk type must come from the range where only the upper 1217 bit is set to one. We recommend 0x80 but any other available code 1218 point with the upper bit set is also acceptable. 1220 All but one of the parameter types must come from the range of types 1221 where the upper two bits are set, we recommend 0xC001 - 0xC006, as 1222 specified in this document. The other parameter type must come from 1223 the 0x8000 range, we recommend 0x8008. Note that for any of these 1224 values a different unique parameter type may be assigned by IANA as 1225 long as the upper bits correspond to the ones specified in this 1226 document. 1228 The five new error causes can be any value, in this document we have 1229 used 0x0100-0x0104 in an attempt to seperate these from the common 1230 ranges of error codes. Any other unassigned values are also 1231 acceptable. 1233 This document also defines a Adaption code point. The adaption code 1234 point is a 32 bit integer that is assigned by IANA through an IETF 1235 Consensus action as defined in RFC2434 [4]. 1237 7. Acknowledgments 1239 The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter 1240 Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, 1241 and Chip Sharp for their invaluable comments. 1243 The authors would also like to give special mention to Maria-Carmen 1244 Belinchon and Ian Rytina for there early contributions to this 1245 document and their thoughtful comments. 1247 8. References 1249 [1] Bradner, S., "The Internet Standards Process -- Revision 3", 1250 BCP 9, RFC 2026, October 1996. 1252 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 1253 Levels", BCP 14, RFC 2119, March 1997. 1255 [3] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, 1256 November 1998. 1258 [4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 1259 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 1261 [5] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1262 June 1999. 1264 [6] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, 1265 H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., and V. Paxson, 1266 "Stream Control Transmission Protocol", RFC 2960, October 2000. 1268 [7] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla, 1269 "Authenticated Chunks for Stream Control Transmission Protocol 1270 (SCTP)", draft-tuexen-sctp-auth-chunk-03 (work in progress), 1271 February 2005. 1273 Appendix A. Abstract Address Handling 1275 A.1. General remarks 1277 The following text provides a working definition of the endpoint 1278 notion to discuss address reconfiguration. It is not intended to 1279 restrict implementations in any way, its goal is to provide as set of 1280 definitions only. Using these definitions should make a discussion 1281 about address issues easier. 1283 A.2. Generalized endpoints 1285 A generalized endpoint is a pair of a set of IP addresses and a port 1286 number at any given point of time. The precise definition is as 1287 follows: 1289 A generalized endpoint gE at time t is given by 1291 gE(t) = ({IP1, ..., IPn}, Port) 1293 where {IP1, ..., IPn} is a non empty set of IP addresses. 1295 Please note that the dynamic addition and deletion of IP-addresses 1296 described in this document allows the set of IP-addresses of a 1297 generalized endpoint to be changed at some point of time. The port 1298 number can never be changed. 1300 The set of IP addresses of a generalized endpoint gE at a time t is 1301 defined as 1303 Addr(gE)(t) = {IP1, ..., IPn} 1305 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1307 The port number of a generalized endpoint gE is defined as 1309 Port(gE) = Port 1311 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1313 There is one fundamental rule which restricts all generalized 1314 endpoints: 1316 For two different generalized endpoints gE' and gE'' with the same 1317 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1318 Addr(gE'')(t) must be disjoint at every point of time. 1320 A.3. Associations 1322 Associations consists of two generalized endpoints and the two 1323 address sets known by the peer at any time. The precise definition 1324 is as follows: 1326 An association A between to different generalized endpoints gE' and 1327 gE'' is given by 1329 A = (gE', S', gE'', S'') 1331 where S'(t) and S''(t) are set of addresses at any time t such that 1332 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1333 subset of Addr(gE'')(t). 1335 If A = (gE', S', gE'', S'') is an association between the generalized 1336 endpoints gE' and gE'' the following notion is used: 1338 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1340 If the dependency on time is important the notion Addr(A, gE')(t) = 1341 S'(t) will be used. 1343 If A is an association between gE' and gE'' then Addr(A, gE') is the 1344 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1346 Association establishment between gE' and gE'' can be seen as: 1348 1. gE' and gE'' do exist before the association. 1350 2. If an INIT has to be send from gE' to gE'' address scoping rules 1351 and other limitations are applied to calculate the subset S' from 1352 Addr(gE'). The addresses of S' are included in the INIT chunk. 1354 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1355 rules and other limitations are applied to calculate the subset 1356 S'' from Addr(gE''). The addresses of S'' are included in the 1357 INIT-ACK chunk. 1359 4. After the handshake the association A = (gE', S', gE'', S'') has 1360 been established. 1362 5. Right after the association establishment Addr(A, gE') and 1363 Addr(A, gE'') are the addresses which have been seen on the wire 1364 during the handshake. 1366 A.4. Relationship with RFC 2960 1368 RFC2960 [6] defines the notion of an endpoint. This subsection will 1369 show that these endpoints are also (special) generalized endpoints. 1371 RFC2960 [6] has no notion of address scoping or other address 1372 handling limitations and provides no mechanism to change the 1373 addresses of an endpoint. 1375 This means that an endpoint is simply a generalized endpoint which 1376 does not depend on the time. Neither the Port nor the address list 1377 changes. 1379 During association setup no address scoping rules or other 1380 limitations will be applied. This means that for an association A 1381 between two endpoints gE' and gE'' the following is true: 1383 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1385 A.5. Rules for address manipulation 1387 The rules for address manipulation can now be stated in a simple way: 1389 1. An address can be added to a generalized endpoint gE only if this 1390 address is not an address of a different generalized endpoint 1391 with the same port number. 1393 2. An address can be added to an association A with generalized 1394 endpoint gE if it has been added to the generalized endpoint gE 1395 first. This means that the address must be an element of 1396 Addr(gE) first and then it can become an element of Addr(A, gE). 1397 But this is not necessary. If the association does not allow the 1398 reconfiguration of the addresses only Addr(gE) can be modified. 1400 3. An address can be deleted from an association A with generalized 1401 endpoint gE as long as Addr(A, gE) stays non-empty. 1403 4. An address can be deleted from an generalized endpoint gE only if 1404 it has been removed from all associations having gE as a 1405 generalized endpoint. 1407 These rules simply make sure that the rules for the endpoints and 1408 associations given above are always fulfilled. 1410 Authors' Addresses 1412 Randall R. Stewart 1413 Cisco Systems, Inc. 1414 4875 Forest Drive 1415 Suite 200 1416 Columbia, SC 29206 1417 USA 1419 Phone: 1420 Email: rrs@cisco.com 1422 Michael A. Ramalho 1423 Cisco Systems, Inc. 1424 1802 Rue de la Porte 1425 Wall Township, NJ 07719-3784 1426 USA 1428 Phone: +1.732.449.5762 1429 Email: mramalho@cisco.com 1431 Qiaobing Xie 1432 Motorola, Inc. 1433 1501 W. Shure Drive, #2309 1434 Arlington Heights, IL 60004 1435 USA 1437 Phone: +1-847-632-3028 1438 Email: qxie1@email.mot.com 1440 Michael Tuexen 1441 Univ. of Applied Sciences Muenster 1442 Stegerwaldstr. 39 1443 48565 Steinfurt 1444 Germany 1446 Email: tuexen@fh-muenster.de 1447 Phillip T. Conrad 1448 University of Delaware 1449 Department of Computer and Information Sciences 1450 Newark, DE 19716 1451 US 1453 Phone: +1 302 831 8622 1454 Email: conrad@acm.org 1455 URI: http://www.cis.udel.edu/~pconrad 1457 Intellectual Property Statement 1459 The IETF takes no position regarding the validity or scope of any 1460 Intellectual Property Rights or other rights that might be claimed to 1461 pertain to the implementation or use of the technology described in 1462 this document or the extent to which any license under such rights 1463 might or might not be available; nor does it represent that it has 1464 made any independent effort to identify any such rights. Information 1465 on the procedures with respect to rights in RFC documents can be 1466 found in BCP 78 and BCP 79. 1468 Copies of IPR disclosures made to the IETF Secretariat and any 1469 assurances of licenses to be made available, or the result of an 1470 attempt made to obtain a general license or permission for the use of 1471 such proprietary rights by implementers or users of this 1472 specification can be obtained from the IETF on-line IPR repository at 1473 http://www.ietf.org/ipr. 1475 The IETF invites any interested party to bring to its attention any 1476 copyrights, patents or patent applications, or other proprietary 1477 rights that may cover technology that may be required to implement 1478 this standard. Please address the information to the IETF at 1479 ietf-ipr@ietf.org. 1481 Disclaimer of Validity 1483 This document and the information contained herein are provided on an 1484 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1485 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1486 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1487 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1488 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1489 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1491 Copyright Statement 1493 Copyright (C) The Internet Society (2005). This document is subject 1494 to the rights, licenses and restrictions contained in BCP 78, and 1495 except as set forth therein, the authors retain all their rights. 1497 Acknowledgment 1499 Funding for the RFC Editor function is currently provided by the 1500 Internet Society.