idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1440. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1417. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1424. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1430. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC2960]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: R2) An ASCONF may be bundled with any other chunk type (except other ASCONF Chunks). R3) An ASCONF-ACK may be bundled with any other chunk type except other ASCONF-ACKs. R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and SHUTDOWN-SENT. R5) An ASCONF MUST NOT be larger than the path MTU of the destination. R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some circumstances an ASCONF-ACK may exceed the path MTU and in such a case IP fragmentation should be used to transmit the chunk. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 6, 2006) is 6626 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2026' is defined on line 1205, but no explicit reference was found in the text == Unused Reference: 'RFC2402' is defined on line 1211, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1218, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2402 (Obsoleted by RFC 4302, RFC 4305) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2629 (Obsoleted by RFC 7749) ** Obsolete normative reference: RFC 2960 (Obsoleted by RFC 4960) == Outdated reference: A later version (-08) exists of draft-ietf-tsvwg-sctp-auth-01 Summary: 9 errors (**), 0 flaws (~~), 10 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft M. Ramalho 4 Expires: September 7, 2006 Cisco Systems, Inc. 5 Q. Xie 6 Motorola, Inc. 7 M. Tuexen 8 Univ. of Applied Sciences Muenster 9 P. Conrad 10 University of Delaware 11 March 6, 2006 13 Stream Control Transmission Protocol (SCTP) Dynamic Address 14 Reconfiguration 15 draft-ietf-tsvwg-addip-sctp-14.txt 17 Status of this Memo 19 By submitting this Internet-Draft, each author represents that any 20 applicable patent or other IPR claims of which he or she is aware 21 have been or will be disclosed, and any of which he or she becomes 22 aware will be disclosed, in accordance with Section 6 of BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on September 7, 2006. 42 Copyright Notice 44 Copyright (C) The Internet Society (2006). 46 Abstract 48 This document describes extensions to the Stream Control Transmission 49 Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP 50 address information on an existing association. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 3. Additional Chunks and Parameters . . . . . . . . . . . . . . . 4 57 3.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 5 58 3.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 5 59 3.1.2. Address Configuration Acknowledgment Chunk 60 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 6 61 3.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 7 62 3.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 8 63 3.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 9 64 3.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 10 65 3.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 11 66 3.2.5. Success Indication . . . . . . . . . . . . . . . . . . 12 67 3.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 13 68 3.2.7. Supported Extensions Parameter . . . . . . . . . . . . 13 69 3.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 14 70 3.3.1. Error Cause: Request to Delete Last Remaining IP 71 Address . . . . . . . . . . . . . . . . . . . . . . . 14 72 3.3.2. Error Cause: Operation Refused Due to Resource 73 Shortage . . . . . . . . . . . . . . . . . . . . . . . 15 74 3.3.3. Error Cause: Request to Delete Source IP Address . . . 16 75 3.3.4. Error Cause: Association Aborted due to illegal 76 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 17 77 3.3.5. Error Cause: Request refused - no authorization. . . . 17 78 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 18 79 4.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 18 80 4.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 19 81 4.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 20 82 4.3. General rules for address manipulation . . . . . . . . . . 22 83 4.3.1. A special case for OOTB ABORT chunks . . . . . . . . . 25 84 4.3.2. A special case for changing an address. . . . . . . . 26 85 4.4. Setting of the primary address . . . . . . . . . . . . . . 26 86 5. Security Considerations . . . . . . . . . . . . . . . . . . . 27 87 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 27 88 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 28 89 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 90 Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 28 91 A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 29 92 A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 29 93 A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 29 94 A.4. Relationship with RFC 2960 . . . . . . . . . . . . . . . . 30 95 A.5. Rules for address manipulation . . . . . . . . . . . . . . 31 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 32 98 Intellectual Property and Copyright Statements . . . . . . . . . . 34 100 1. Introduction 102 To extend the utility and application scenarios of SCTP, this 103 document introduces optional extensions that provide SCTP with the 104 ability to: 106 1. reconfigure IP address information on an existing association. 107 2. set the remote primary path. 108 3. exchange adaptation layer information during association setup. 110 These extensions enable SCTP to be utilized in the following 111 applications: 113 1. For computational or networking platforms that allow addition/ 114 removal of physical interface cards this feature can provide a 115 graceful method to add to the interfaces of an existing 116 association. For IPv6 this feature allows renumbering of 117 existing associations. 118 2. This provides a method for an endpoint to request that its peer 119 set its primary destination address. This can be useful when an 120 address is about to be deleted, or when an endpoint has some 121 predetermined knowledge about which is the preferred address to 122 receive SCTP packets upon. 123 3. This feature can be used to extend the usability of SCTP without 124 modifying it by allowing endpoints to exchange some information 125 during association setup. 127 2. Conventions 129 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 130 SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when 131 they appear in this document, are to be interpreted as described in 132 RFC2119 [RFC2119]. 134 3. Additional Chunks and Parameters 136 This section describes the addition of two new chunks and, seven new 137 parameters to allow: 139 o Dynamic addition of IP Addresses to an association. 140 o Dynamic deletion of IP Addresses from an association. 141 o A request to set the primary address the peer will use when 142 sending to an endpoint. 144 Additionally, this section describes three new error causes that 145 support these new chunks and parameters. 147 3.1. New Chunk Types 149 This section defines two new chunk types that will be used to 150 transfer the control information reliably. Table 1 illustrates the 151 two new chunk types. 153 Chunk Type Chunk Name 154 -------------------------------------------------------------- 155 0xC1 Address Configuration Change Chunk (ASCONF) 156 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 158 Table 1: Address Configuration Chunks 160 It should be noted that the ASCONF Chunk format requires the receiver 161 to report to the sender if it does not understand the ASCONF Chunk. 162 This is accomplished by setting the upper bits in the chunk type as 163 described in RFC2960 [RFC2960] section 3.2. Note that the upper two 164 bits in the ASCONF Chunk are set to one. As defined in RFC2960 165 [RFC2960] section 3.2, setting these upper bits in this manner will 166 cause the receiver that does not understand this chunk to skip the 167 chunk and continue processing, but report in an Operation Error Chunk 168 using the 'Unrecognized Chunk Type' cause of error. 170 3.1.1. Address Configuration Change Chunk (ASCONF) 172 This chunk is used to communicate to the remote endpoint one of the 173 configuration change requests that MUST be acknowledged. The 174 information carried in the ASCONF Chunk uses the form of a Type- 175 Length-Value (TLV), as described in "3.2.1 Optional/Variable-length 176 Parameter Format" in RFC2960 [RFC2960], for all variable parameters. 177 This chunk MUST be sent in an authenticated way by using the 178 mechanism defined in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. If this 179 chunk is received unauthenticated it MUST be silently discarded as 180 described in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. 182 0 1 2 3 183 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 | Type = 0xC1 | Chunk Flags | Chunk Length | 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 | Serial Number | 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 | Address Parameter | 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 | ASCONF Parameter #1 | 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 \ \ 194 / .... / 195 \ \ 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 197 | ASCONF Parameter #N | 198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 200 Serial Number : 32 bits (unsigned integer) 202 This value represents a Serial Number for the ASCONF Chunk. The 203 valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). 204 Serial Numbers wrap back to 0 after reaching 4294967295. 206 Address Parameter : 8 or 20 bytes (depending on type) 208 This field contains an address parameter, either IPv6 or IPv4, from 209 RFC2960 [RFC2960]. The address is an address of the sender of the 210 ASCONF chunk, the address MUST be considered part of the association 211 by the peer endpoint (the receiver of the ASCONF chunk). This field 212 may be used by the receiver of the ASCONF to help in finding the 213 association. If the address 0.0.0.0 or ::0 is provided the receiver 214 MAY lookup the association by other information provided in the 215 packet. This parameter MUST be present in every ASCONF message i.e. 216 it is a mandatory TLV parameter. 218 Note the host name address parameter is NOT allowed and MUST be 219 ignored if received in any ASCONF message. 221 ASCONF Parameter: TLV format 223 Each Address configuration change is represented by a TLV parameter 224 as defined in Section 3.2. One or more requests may be present in an 225 ASCONF Chunk. 227 3.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK) 229 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 230 the reception. It carries zero or more results for any ASCONF 231 Parameters that were processed by the receiver. This chunk MUST be 232 sent in an authenticated way by using the mechanism defined in SCTP- 233 AUTH [I-D.ietf-tsvwg-sctp-auth]. If this chunk is received 234 unauthenticated it MUST be silently discarded as described in SCTP- 235 AUTH [I-D.ietf-tsvwg-sctp-auth]. 237 0 1 2 3 238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | Type = 0x80 | Chunk Flags | Chunk Length | 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 | Serial Number | 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | ASCONF Parameter Response#1 | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 \ \ 247 / .... / 248 \ \ 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 | ASCONF Parameter Response#N | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 Serial Number : 32 bits (unsigned integer) 255 This value represents the Serial Number for the received ASCONF Chunk 256 that is acknowledged by this chunk. This value is copied from the 257 received ASCONF Chunk. 259 ASCONF Parameter Response : TLV format 261 The ASCONF Parameter Response is used in the ASCONF-ACK to report 262 status of ASCONF processing. By default, if a responding endpoint 263 does not include any Error Cause, a success is indicated. Thus a 264 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 265 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 266 (set to 8) and the Serial Number. 268 3.2. New Parameter Types 270 The seven new parameters added follow the format defined in section 271 3.2.1 of RFC2960 [RFC2960]. Table 2, 3 and 4 describes the 272 parameters. 274 Address Configuration Parameters Parameter Type 275 ------------------------------------------------- 276 Set Primary Address 0xC004 277 Adaptation Layer Indication 0xC006 278 Supported Extensions 0x8008 280 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 282 Address Configuration Parameters Parameter Type 283 ------------------------------------------------- 284 Add IP Address 0xC001 285 Delete IP Address 0xC002 286 Set Primary Address 0xC004 288 Table 3: Parameters used in ASCONF Parameter 290 Address Configuration Parameters Parameter Type 291 ------------------------------------------------- 292 Error Cause Indication 0xC003 293 Success Indication 0xC005 295 Table 4: Parameters used in ASCONF Parameter Response 297 Any parameter that appears where it is not allowed (for example a 298 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 299 responded to with an ABORT by the receiver of the invalid parameter. 301 3.2.1. Add IP Address 303 0 1 2 3 304 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 306 | Type = 0xC001 | Length = Variable | 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 308 | ASCONF-Request Correlation ID | 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | Address Parameter | 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 313 ASCONF-Request Correlation ID: 32 bits 315 This is an opaque integer assigned by the sender to identify each 316 request parameter. It is in host byte order and is only meaningful 317 to the sender. The receiver of the ASCONF Chunk will copy this 32 318 bit value into the ASCONF Response Correlation ID field of the 319 ASCONF-ACK response parameter. The sender of the ASCONF can use this 320 same value in the ASCONF-ACK to find which request the response is 321 for. 323 Address Parameter: TLV 325 This field contains an IPv4 or IPv6 address parameter as described in 326 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 327 this parameter. It informs the receiver that the address specified 328 is to be added to the existing association. This parameter MUST NOT 329 contain a broadcast or multicast address. If the address 0.0.0.0 or 330 ::0 is provided, the source address of the packet MUST be added. 332 An example TLV requesting that the IPv4 address 10.1.1.1 be added to 333 the association would look as follows: 335 +--------------------------------+ 336 | Type=0xC001 | Length = 16 | 337 +--------------------------------+ 338 | C-ID = 0x01023474 | 339 +--------------------------------+ 340 | Type=5 | Length = 8 | 341 +----------------+---------------+ 342 | Value=0x0a010101 | 343 +----------------+---------------+ 345 Valid Chunk Appearance 347 The Add IP Address parameter may only appear in the ASCONF Chunk 348 type. 350 3.2.2. Delete IP Address 352 0 1 2 3 353 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 354 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 355 | Type =0xC002 | Length = Variable | 356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 | ASCONF-Request Correlation ID | 358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 | Address Parameter | 360 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 ASCONF-Request Correlation ID: 32 bits 364 This is an opaque integer assigned by the sender to identify each 365 request parameter. It is in host byte order and is only meaningful 366 to the sender. The receiver of the ASCONF Chunk will copy this 32 367 bit value into the ASCONF Response Correlation ID field of the 368 ASCONF-ACK response parameter. The sender of the ASCONF can use this 369 same value in the ASCONF-ACK to find which request the response is 370 for. 372 Address Parameter: TLV 374 This field contains an IPv4 or IPv6 address parameter as described in 375 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 376 this parameter. It informs the receiver that the address specified 377 is to be removed from the existing association. This parameter MUST 378 NOT contain a broadcast or multicast address. If the address 0.0.0.0 379 or ::0 is provided, all addresses of the peer except the source 380 address of the packet MUST be deleted. 382 An example TLV deleting the IPv4 address 10.1.1.1 from an existing 383 association would look as follows: 385 +--------------------------------+ 386 | Type=0xC002 | Length = 16 | 387 +--------------------------------+ 388 | C-ID = 0x01023476 | 389 +--------------------------------+ 390 | Type=5 | Length = 8 | 391 +----------------+---------------+ 392 | Value=0x0a010101 | 393 +----------------+---------------+ 395 Valid Chunk Appearance 397 The Delete IP Address parameter may only appear in the ASCONF Chunk 398 type. 400 3.2.3. Error Cause Indication 402 0 1 2 3 403 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 405 | Type = 0xC003 | Length = Variable | 406 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 407 | ASCONF-Response Correlation ID | 408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 409 | Error Cause(s) or Return Info on Success | 410 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 412 ASCONF-Response Correlation ID: 32 bits 414 This is an opaque integer assigned by the sender to identify each 415 request parameter. The receiver of the ASCONF Chunk will copy this 416 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 417 Response Correlation ID field so the peer can easily correlate the 418 request to this response. 420 Error Cause(s): TLV(s) 422 When reporting an error this response parameter is used to wrap one 423 or more standard error causes normally found within an SCTP 424 Operational Error or SCTP Abort (as defined in RFC2960 [RFC2960]). 425 The Error Cause(s) follow the format defined in section 3.3.10 of 426 RFC2960 [RFC2960]. 428 Valid Chunk Appearance 430 The Error Cause Indication parameter may only appear in the ASCONF- 431 ACK chunk type. 433 3.2.4. Set Primary IP Address 435 0 1 2 3 436 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 437 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 438 | Type =0xC004 | Length = Variable | 439 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 440 | ASCONF-Request Correlation ID | 441 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 442 | Address Parameter | 443 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 445 ASCONF-Request Correlation ID: 32 bits 447 This is an opaque integer assigned by the sender to identify each 448 request parameter. It is in host byte order and is only meaningful 449 to the sender. The receiver of the ASCONF Chunk will copy this 32 450 bit value into the ASCONF Response Correlation ID field of the 451 ASCONF-ACK response parameter. The sender of the ASCONF can use this 452 same value in the ASCONF-ACK to find which request the response is 453 for. 455 Address Parameter: TLV 457 This field contains an IPv4 or IPv6 address parameter as described in 458 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 459 this parameter. It requests the receiver to mark the specified 460 address as the primary address to send data to (see section 5.1.2 of 461 RFC2960 [RFC2960]). The receiver MAY mark this as its primary upon 462 receiving this request. If the address 0.0.0.0 or ::0 is provided, 463 the receiver MAY mark the source address of the packet as its 464 primary. 466 An example TLV requesting that the IPv4 address 10.1.1.1 be made the 467 primary destination address would look as follows: 469 +--------------------------------+ 470 | Type=0xC004 | Length = 16 | 471 +--------------------------------+ 472 | C-ID = 0x01023479 | 473 +--------------------------------+ 474 | Type=5 | Length = 8 | 475 +----------------+---------------+ 476 | Value=0x0a010101 | 477 +----------------+---------------+ 479 Valid Chunk Appearance 481 The Set Primary IP Address parameter may appear in the ASCONF Chunk, 482 the INIT, or the INIT-ACK chunk type. The inclusion of this 483 parameter in the INIT or INIT-ACK can be used to indicate an initial 484 preference of primary address. 486 3.2.5. Success Indication 488 0 1 2 3 489 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 | Type = 0xC005 | Length = 8 | 492 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 493 | ASCONF-Response Correlation ID | 494 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 496 By default if a responding endpoint does not report an error for any 497 requested TLV, a success is implicitly indicated. Thus a sender of a 498 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 499 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 500 and the Serial Number. 502 The responding endpoint MAY also choose to explicitly report a 503 success for a requested TLV, by returning a success report ASCONF 504 Parameter Response. 506 ASCONF-Response Correlation ID: 32 bits 508 This is an opaque integer assigned by the sender to identify each 509 request parameter. The receiver of the ASCONF Chunk will copy this 510 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 511 Response Correlation ID field so the peer can easily correlate the 512 request to this response. 514 Valid Chunk Appearance 516 The Success Indication parameter may only appear in the ASCONF-ACK 517 chunk type. 519 3.2.6. Adaptation Layer Indication 521 0 1 2 3 522 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 524 | Type =0xC006 | Length = 8 | 525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 526 | Adaptation Code point | 527 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 529 This parameter is specified for the communication of peer upper layer 530 protocols. It is envisioned to be used for flow control and other 531 adaptation layers that require an indication to be carried in the 532 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 533 to use this parameter MUST specify a an adaptation code point in an 534 appropriate RFC defining its use and meaning. This parameter SHOULD 535 NOT be examined by the receiving SCTP implementation and should be 536 passed opaquely to the upper layer protocol. 538 Valid Chunk Appearance 540 The Adaptation Layer Indication parameter may appear in INIT or INIT- 541 ACK chunk and SHOULD be passed to the receivers upper layer protocol. 542 This parameter MUST NOT appear in a ASCONF chunk. 544 3.2.7. Supported Extensions Parameter 546 This parameter is used at startup to identify any additional 547 extensions that the sender supports. 549 0 1 2 3 550 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 552 | Parameter Type = 0x8008 | Parameter Length | 553 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 554 | CHUNK TYPE 1 | CHUNK TYPE 2 | CHUNK TYPE 3 | CHUNK TYPE 4 | 555 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 556 | .... | 557 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 558 | CHUNK TYPE N | PAD | PAD | PAD | 559 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 561 Parameter Type This field holds the IANA defined parameter type for 562 Supported Extensions Parameter. The suggested value of this field 563 for IANA is 0x8008. 564 Parameter Type Length This field holds the length of the parameter, 565 including the Parameter Type, Parameter Length and any addition 566 supported extensions. Note the length MUST NOT include any 567 padding. 568 CHUNK TYPE X This field(s) hold the chunk type of any SCTP 569 extension(s) that are currently supported by the sending SCTP. 570 Multiple chunk types may be defined listing each additional 571 feature that the sender supports. The sender MUST NOT include 572 multiple Supported Extensions Parameter within any chunk. 573 Parameter Appearence This parameter may appear in the INIT or INIT- 574 ACK chunk. This parameter MUST NOT appear in any other chunk. 576 3.3. New Error Causes 578 Five new Error Causes are added to the SCTP Operational Errors, 579 primarily for use in the ASCONF-ACK chunk. 581 Cause Code 582 Value Cause Code 583 --------- ---------------- 584 0x0100 Request to Delete Last Remaining IP Address. 585 0x0101 Operation Refused Due to Resource Shortage. 586 0x0102 Request to Delete Source IP Address. 587 0x0103 Association Aborted due to illegal ASCONF-ACK 588 0x0104 Request refused - no authorization. 590 Table 4: New Error Causes 592 3.3.1. Error Cause: Request to Delete Last Remaining IP Address 594 Cause of error 595 Request to Delete Last Remaining IP address: The receiver of this 596 error sent a request to delete the last IP address from its 597 association with its peer. This error indicates that the request is 598 rejected. 600 0 1 2 3 601 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 602 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 603 | Cause Code=0x0100 | Cause Length=Variable | 604 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 \ TLV-Copied-From-ASCONF / 606 / \ 607 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 609 An example of a failed delete in an Error Cause TLV would look as 610 follows in the response ASCONF-ACK message: 612 +--------------------------------+ 613 | Type = 0xC003 | Length = 28 | 614 +----------------+---------------+ 615 | C-ID = 0x01023476 | 616 +--------------------------------+ 617 | Cause=0x0100 | Length = 20 | 618 +----------------+---------------+ 619 | Type= 0xC002 | Length = 16 | 620 +----------------+---------------+ 621 | C-ID = 0x01023476 | 622 +--------------------------------+ 623 | Type=0x0005 | Length = 8 | 624 +----------------+---------------+ 625 | Value=0x0A010101 | 626 +----------------+---------------+ 628 3.3.2. Error Cause: Operation Refused Due to Resource Shortage 630 Cause of error 632 This error cause is used to report a failure by the receiver to 633 perform the requested operation due to a lack of resources. The 634 entire TLV that is refused is copied from the ASCONF into the error 635 cause. 637 0 1 2 3 638 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 639 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 640 | Cause Code=0x0101 | Cause Length=Variable | 641 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 642 \ TLV-Copied-From-ASCONF / 643 / \ 644 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 646 An example of a failed addition in an Error Cause TLV would look as 647 follows in the response ASCONF-ACK message: 649 +--------------------------------+ 650 | Type = 0xC003 | Length = 28 | 651 +--------------------------------+ 652 | C-ID = 0x01023474 | 653 +--------------------------------+ 654 | Cause=0x0101 | Length = 20 | 655 +----------------+---------------+ 656 | Type=0xC001 | Length = 16 | 657 +--------------------------------+ 658 | C-ID = 0x01023474 | 659 +--------------------------------+ 660 | Type=0x0005 | Length = 8 | 661 +----------------+---------------+ 662 | Value=0x0A010101 | 663 +----------------+---------------+ 665 3.3.3. Error Cause: Request to Delete Source IP Address 667 Cause of error 669 Request to Delete Source IP Address: The receiver of this error sent 670 a request to delete the source IP address of the ASCONF message. 671 This error indicates that the request is rejected. 673 0 1 2 3 674 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 675 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 676 | Cause Code=0x0102 | Cause Length=Variable | 677 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 678 \ TLV-Copied-From-ASCONF / 679 / \ 680 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 682 An example of a failed delete in an Error Cause TLV would look as 683 follows in the response ASCONF-ACK message: 685 +--------------------------------+ 686 | Type = 0xC003 | Length = 28 | 687 +--------------------------------+ 688 | C-ID = 0x01023476 | 689 +--------------------------------+ 690 | Cause=0x0102 | Length = 20 | 691 +----------------+---------------+ 692 | Type=0xC002 | Length = 16 | 693 +----------------+---------------+ 694 | C-ID = 0x01023476 | 695 +--------------------------------+ 696 | Type=0x0005 | Length = 8 | 697 +----------------+---------------+ 698 | Value=0x0A010101 | 699 +----------------+---------------+ 701 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 702 packet from the address being deleted, unless the endpoint does not 703 do proper source address selection. 705 3.3.4. Error Cause: Association Aborted due to illegal ASCONF-ACK 707 This error is to be included in an ABORT that is generated due to the 708 reception of an ASCONF-ACK that was not expected but is larger than 709 the current sequence number (see Section 4.3 Rule D0 ). Note that a 710 sequence number is larger than the last acked sequence number if it 711 is either the next sequence or no more than 2^^31-1 greater than the 712 current sequence number. 714 0 1 2 3 715 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 716 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 717 | Cause Code=0x0103 | Cause Length=4 | 718 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 720 3.3.5. Error Cause: Request refused - no authorization. 722 Cause of error 724 This error cause may be included to reject a request based on local 725 security policies. 727 0 1 2 3 728 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 729 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 730 | Cause Code=0x0104 | Cause Length=Variable | 731 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 732 \ TLV-Copied-From-ASCONF / 733 / \ 734 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 736 4. Procedures 738 This section will lay out the specific procedures for address 739 configuration change chunk type and its processing. 741 4.1. ASCONF Chunk Procedures 743 When an endpoint has an ASCONF signaled change to be sent to the 744 remote endpoint it should do the following: 746 A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk 747 should contain all of the TLV(s) of information necessary to be 748 sent to the remote endpoint, and unique correlation identities for 749 each request. 750 A2) A serial number should be assigned to the Chunk. The serial 751 number should be a monotonically increasing number. The serial 752 number MUST be initialized at the start of the association to the 753 same value as the Initial TSN and every time a new ASCONF chunk is 754 created it is incremented by one after assigning the serial number 755 to the newly created chunk . 756 A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the 757 remote peer, send the chunk. 758 A4) Start a T-4 RTO timer, using the RTO value of the selected 759 destination address (normally the primary path; see RFC2960 760 [RFC2960] section 6.4 for details). 761 A5) When the ASCONF-ACK that acknowledges the serial number last sent 762 arrives, stop the T-4 RTO timer, and clear the appropriate 763 association and destination error counters as defined in RFC2960 764 [RFC2960] section 8.1 and 8.2. 765 A6) Process all of the TLVs within the ASCONF-ACK to find out 766 particular status information returned to the various requests 767 that were sent. Use the Correlation IDs to correlate the request 768 and the responses. 769 A7) If an error response is received for a TLV parameter, all TLVs 770 with no response before the failed TLV are considered successful 771 if not reported. All TLVs after the failed response are 772 considered unsuccessful unless a specific success indication is 773 present for the parameter. 775 A8) If there is no response(s) to specific TLV parameter(s), and no 776 failures are indicated, then all request(s) are considered 777 successful. 778 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 779 that it did not recognize the ASCONF chunk type, the sender of the 780 ASCONF MUST NOT send any further ASCONF chunks and MUST stop its 781 T-4 timer. 783 If the T-4 RTO timer expires the endpoint should do the following: 785 B1) Increment the error counters and perform path failure detection 786 on the appropriate destination address as defined in RFC2960 787 [RFC2960] section 8.1 and 8.2. 788 B2) Increment the association error counters and perform endpoint 789 failure detection on the association as defined in RFC2960 790 [RFC2960] section 8.1 and 8.2. 791 B3) Back-off the destination address RTO value to which the ASCONF 792 chunk was sent by doubling the RTO timer value. 793 Note: The RTO value is used in the setting of all timer types for 794 SCTP. Each destination address has a single RTO estimate. 795 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 796 alternate destination address (please refer to RFC2960 [RFC2960] 797 section 6.4.1). An endpoint MUST NOT add new parameters to this 798 chunk, it MUST be the same (including its serial number) as the 799 last ASCONF sent. 800 B5) Restart the T-4 RTO timer. Note that if a different destination 801 is selected, then the RTO used will be that of the new destination 802 address. 804 Note: the total number of re-transmissions is limited by B2 above. 805 If the maximum is reached, the association will fail and enter into 806 the CLOSED state (see RFC2960 [RFC2960] section 6.4.1 for details). 808 4.1.1. Congestion Control of ASCONF Chunks 810 In defining the ASCONF Chunk transfer procedures, it is essential 811 that these transfers MUST NOT cause congestion within the network. 812 To achieve this, we place these restrictions on the transfer of 813 ASCONF Chunks: 815 R1) One and only one ASCONF Chunk MAY be in transit and 816 unacknowledged at any one time. If a sender, after sending an 817 ASCONF chunk, decides it needs to transfer another ASCONF Chunk, 818 it MUST wait until the ASCONF-ACK Chunk returns from the previous 819 ASCONF Chunk before sending a subsequent ASCONF. Note this 820 restriction binds each side, so at any time two ASCONF may be in- 821 transit on any given association (one sent from each endpoint). 823 R2) An ASCONF may be bundled with any other chunk type (except other 824 ASCONF Chunks). 825 R3) An ASCONF-ACK may be bundled with any other chunk type except 826 other ASCONF-ACKs. 827 R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP 828 state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and 829 SHUTDOWN-SENT. 830 R5) An ASCONF MUST NOT be larger than the path MTU of the 831 destination. 832 R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some 833 circumstances an ASCONF-ACK may exceed the path MTU and in such a 834 case IP fragmentation should be used to transmit the chunk. 836 If the sender of an ASCONF Chunk receives an Operational Error 837 indicating that the ASCONF chunk type is not understood, then the 838 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 839 endpoint should also inform the upper layer application that the peer 840 endpoint does not support any of the extensions detailed in this 841 document. 843 4.2. Upon reception of an ASCONF Chunk. 845 When an endpoint receives an ASCONF Chunk from the remote peer 846 special procedures MAY be needed to identify the association the 847 ASCONF Chunk is associated with. To properly find the association 848 the following procedures should be followed: 850 L1) Use the source address and port number of the sender to attempt 851 to identify the association (i.e. use the same method defined in 852 RFC2960 [RFC2960] used for all other SCTP chunks). If found 853 proceed to rule L4. 854 L2) If the association is not found, use the address found in the 855 Address Parameter TLV combined with the port number found in the 856 SCTP common header. If found proceed to rule L4. 857 L3) If neither L1 or L2 locates the association, treat the chunk as 858 an Out Of The Blue chunk as defined in RFC2960 [RFC2960]. 859 L4) Follow the normal rules to validate the SCTP verification tag 860 found in RFC2960 [RFC2960]. 862 After identification and verification of the association, the 863 following should be performed to properly process the ASCONF Chunk: 865 C1) Compare the value of the serial number to the value the endpoint 866 stored in a new association variable 'Peer-Serial-Number'. This 867 value MUST be initialized to the Initial TSN value minus 1. 869 C2) If the value found in the serial number is equal to the ('Peer- 870 Serial-Number' + 1), the endpoint MUST: 872 V1) Process the TLVs contained within the Chunk performing the 873 appropriate actions as indicated by each TLV type. The TLVs 874 MUST be processed in order within the Chunk. For example, if 875 the sender puts 3 TLVs in one chunk, the first TLV (the one 876 closest to the Chunk Header) in the Chunk MUST be processed 877 first. The next TLV in the chunk (the middle one) MUST be 878 processed second and finally the last TLV in the Chunk MUST be 879 processed last. 880 V2) In processing the chunk, the receiver should build a response 881 message with the appropriate error TLVs, as specified in the 882 Parameter type bits for any ASCONF Parameter it does not 883 understand. To indicate an unrecognized parameter, cause type 884 8 as defined in the ERROR in 3.3.10.8 of RFC2960 [RFC2960] 885 should be used. The endpoint may also use the response to 886 carry rejections for other reasons such as resource shortages 887 etc, using the Error Cause TLV and an appropriate error 888 condition. 889 Note: a positive response is implied if no error is indicated 890 by the sender. 891 V3) All responses MUST copy the ASCONF-Request Correlation ID 892 field received in the ASCONF parameter, from the TLV being 893 responded to, into the ASCONF-Request Correlation ID field in 894 the response parameter. 895 V4) After processing the entire Chunk, the receiver of the ASCONF 896 MUST send all TLVs for both unrecognized parameters and any 897 other status TLVs inside the ASCONF-ACK chunk that acknowledges 898 the arrival and processing of the ASCONF Chunk. 899 V5) Update the 'Peer-Serial-Number' to the value found in the 900 serial number field. 901 C3) If the value found in the serial number is equal to the value 902 stored in the 'Peer-Serial-Number', the endpoint should: 904 X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any 905 action on the TLVs parsed (since it has already performed these 906 actions). 907 X2) Build a response message with the appropriate response TLVs as 908 specified in the ASCONF Parameter type bits, for any parameter 909 it does not understand or could not process. 910 X3) After parsing the entire Chunk, it MUST send any response TLV 911 errors and status with an ASCONF-ACK chunk acknowledging the 912 arrival and processing of the ASCONF Chunk. 914 X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. 915 Note: the response to the retransmitted ASCONF MUST be the same as 916 the original response. This MAY mean an implementation must keep 917 state in order to respond with the same exact answer (including 918 resource considerations that may have made the implementation 919 refuse a request). 920 IMPLEMENTATION NOTE: As an optimization a receiver may wish to 921 save the last ASCONF-ACK for some predetermined period of time and 922 instead of re-processing the ASCONF (with the same serial number) 923 it may just re-transmit the ASCONF-ACK. It may wish to use the 924 arrival of a new serial number to discard the previously saved 925 ASCONF-ACK or any other means it may choose to expire the saved 926 ASCONF-ACK. 927 C4) Otherwise, the ASCONF Chunk is discarded since it must be either 928 a stale packet or from an attacker. A receiver of such a packet 929 MAY log the event for security purposes. 930 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the 931 source address contained in the IP header of the ASCONF being 932 responded to. 934 4.3. General rules for address manipulation 936 When building TLV parameters for the ASCONF Chunk that will add or 937 delete IP addresses the following rules should be applied: 939 D0) If an endpoint receives an ASCONF-ACK that is greater than or 940 equal to the next serial number to be used but no ASCONF chunk is 941 outstanding the endpoint MUST ABORT the association. Note that a 942 sequence number is greater than if it is no more than 2^^31-1 943 larger than the current sequence number (using serial arithmetic). 944 D1) When adding an IP address to an association, the IP address is 945 NOT considered fully added to the association until the ASCONF-ACK 946 arrives. This means that until such time as the ASCONF containing 947 the add is acknowledged the sender MUST NOT use the new IP address 948 as a source for ANY SCTP packet except on carrying an ASCONF 949 chunk. The receiver of the add IP address request may use the 950 address as a destination immediately. The receiver MUST use the 951 address verification procedure for the added address before using 952 that address. 953 D2) After the ASCONF-ACK of an IP address add arrives, the endpoint 954 MAY begin using the added IP address as a source address for any 955 type of SCTP chunk. 956 D3a) If an endpoint receives an Error Cause TLV indicating that the 957 IP address Add or IP address Deletion parameters was not 958 understood, the endpoint MUST consider the operation failed and 959 MUST NOT attempt to send any subsequent Add or Delete requests to 960 the peer. 962 D3b) If an endpoint receives an Error Cause TLV indicating that the 963 IP address Set Primary IP Address parameter was not understood, 964 the endpoint MUST consider the operation failed and MUST NOT 965 attempt to send any subsequent Set Primary IP Address requests to 966 the peer. 967 D4) When deleting an IP address from an association, the IP address 968 MUST be considered a valid destination address for the reception 969 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 970 as a source address for any subsequent packets. This means that 971 any datagrams that arrive before the ASCONF-ACK destined to the IP 972 address being deleted MUST be considered part of the current 973 association. One special consideration is that ABORT chunks 974 arriving destined to the IP address being deleted MUST be ignored 975 (see Section 4.3.1 for further details). 976 D5) An endpoint MUST NOT delete its last remaining IP address from an 977 association. In other words if an endpoint is NOT multi-homed it 978 MUST NOT use the delete IP address without an add IP address 979 preceding the delete parameter in the ASCONF chunk. Or if an 980 endpoint sends multiple requests to delete IP addresses it MUST 981 NOT delete all of the IP addresses that the peer has listed for 982 the requester. 983 D6) An endpoint MUST NOT set an IP header source address for an SCTP 984 packet holding the ASCONF Chunk to be the same as an address being 985 deleted by the ASCONF Chunk. 986 D7) If a request is received to delete the last remaining IP address 987 of a peer endpoint, the receiver MUST send an Error Cause TLV with 988 the error cause set to the new error code 'Request to Delete Last 989 Remaining IP Address'. The requested delete MUST NOT be performed 990 or acted upon, other than to send the ASCONF-ACK. 991 D8) If a request is received to delete an IP address which is also 992 the source address of the IP packet which contained the ASCONF 993 chunk, the receiver MUST reject this request. To reject the 994 request the receiver MUST send an Error Cause TLV set to the new 995 error code 'Request to Delete Source IP Address' (unless Rule D5 996 has also been violated, in which case the error code 'Request to 997 Delete Last Remaining IP Address' is sent). 998 D9) If an endpoint receives an ADD IP address request and does not 999 have the local resources to add this new address to the 1000 association, it MUST return an Error Cause TLV set to the new 1001 error code 'Operation Refused Due to Resource Shortage'. 1002 D10) If an endpoint receives an 'Out of Resource' error in response 1003 to its request to ADD an IP address to an association, it must 1004 either ABORT the association or not consider the address part of 1005 the association. In other words if the endpoint does not ABORT 1006 the association, it must consider the add attempt failed and NOT 1007 use this address since its peer will treat SCTP packets destined 1008 to the address as Out Of The Blue packets. 1010 D11) When an endpoint receiving an ASCONF to add an IP address sends 1011 an 'Out of Resource' in its response, it MUST also fail any 1012 subsequent add or delete requests bundled in the ASCONF. The 1013 receiver MUST NOT reject an ADD and then accept a subsequent 1014 DELETE of an IP address in the same ASCONF Chunk. In other words, 1015 once a receiver begins failing any ADD or DELETE request, it must 1016 fail all subsequent ADD or DELETE requests contained in that 1017 single ASCONF. 1018 D12) When an endpoint receives a request to delete an IP address that 1019 is the current primary address, it is an implementation decision 1020 as to how that endpoint chooses the new primary address. 1021 D13) When an endpoint receives a valid request to DELETE an IP 1022 address the endpoint MUST consider the address no longer as part 1023 of the association. It MUST NOT send SCTP packets for the 1024 association to that address and it MUST treat subsequent packets 1025 received from that address as Out Of The Blue. 1026 During the time interval between sending out the ASCONF and 1027 receiving the ASCONF-ACK it MAY be possible to receive DATA chunks 1028 out of order. The following examples illustrate these problems: 1030 Endpoint-A Endpoint-Z 1031 ---------- ---------- 1032 ASCONF[Add-IP:X]------------------------------> 1033 /--ASCONF-ACK 1034 / 1035 /--------/---New DATA: 1036 / / Destination 1037 <-------------------/ / IP:X 1038 / 1039 <--------------------------/ 1041 In the above example we see a new IP address (X) being added to the 1042 Endpoint-A. However due to packet re-ordering in the network a new 1043 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 1044 confirming the add of the address to the association. 1046 A similar problem exists with the deletion of an IP address as 1047 follows: 1049 Endpoint-A Endpoint-Z 1050 ---------- ---------- 1051 /------------New DATA: 1052 / Destination 1053 / IP:X 1054 ASCONF [DEL-IP:X]---------/----------------> 1055 <-----------------/------------------ASCONF-ACK 1056 / 1057 / 1058 <-------------/ 1060 In this example we see a DATA chunk destined to the IP:X (which is 1061 about to be deleted) arriving after the deletion is complete. For 1062 the ADD case an endpoint SHOULD consider the newly adding IP address 1063 valid for the association to receive data from during the interval 1064 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1065 this new address until the ASCONF-ACK arrives but it may receive out 1066 of order data as illustrated and MUST NOT treat this data as an OOTB 1067 datagram (please see RFC2960 [RFC2960] section 8.4). It MAY drop the 1068 data silently or it MAY consider it part of the association but it 1069 MUST NOT respond with an ABORT. 1071 For the DELETE case, an endpoint MAY respond to the late arriving 1072 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1073 address for a small period of time as still valid. If it treats the 1074 DATA packet as an OOTB the peer will silently discard the ABORT 1075 (since by the time the ABORT is sent the peer will have removed the 1076 IP address from this association). If the endpoint elects to hold 1077 the IP address valid for a period of time, it MUST NOT hold it valid 1078 longer than 2 RTO intervals for the destination being removed. 1080 4.3.1. A special case for OOTB ABORT chunks 1082 Another case worth mentioning is illustrated below: 1084 Endpoint-A Endpoint-Z 1085 ---------- ---------- 1087 New DATA:------------\ 1088 Source IP:X \ 1089 \ 1090 ASCONF-REQ[DEL-IP:X]----\------------------> 1091 \ /---------ASCONF-ACK 1092 \ / 1093 \----/-----------> OOTB 1094 (Ignored <---------------------/-------------ABORT 1095 by rule D4) / 1096 <---------------------/ 1098 For this case, during the deletion of an IP address, an Abort MUST be 1099 ignored if the destination address of the Abort message is that of a 1100 destination being deleted. 1102 4.3.2. A special case for changing an address. 1104 In some instances the sender may only have one IP address in an 1105 association that is being renumbered. When this occurs, the sender 1106 may not be able to send to the peer the appropriate ADD/DELETE pair 1107 and use the old address as a source in the IP header. For this 1108 reason the sender MUST fill in the Address Parameter field with an 1109 address that is part of the association (in this case the one being 1110 deleted). This will allow the receiver to locate the association 1111 without using the source address found in the IP header. 1113 The receiver of such a chunk MUST always first use the source address 1114 found in the IP header in looking up the association. The receiver 1115 should attempt to use the address found in the Address Bytes field 1116 only if the lookup fails using the source address from the IP header. 1117 The receiver MUST reply to the source address of the packet in this 1118 case which is the new address that was added by the ASCONF (since the 1119 old address is no longer a part of the association after processing). 1121 4.4. Setting of the primary address 1123 A sender of this option may elect to send this combined with a 1124 deletion or addition of an address. A sender SHOULD only send a set 1125 primary request to an address that is already considered part of the 1126 association. In other words if a sender combines a set primary with 1127 an add of a new IP address the set primary will be discarded unless 1128 the add request is to be processed BEFORE the set primary (i.e. it 1129 precedes the set primary). 1131 A request to set primary MAY also appear in an INIT or INIT-ACK 1132 chunk. This can give advice to the peer endpoint as to which of its 1133 addresses the sender of the INIT or INIT-ACK would prefer to be used 1134 as the primary address. 1136 The request to set an address as the primary path is an option the 1137 receiver SHOULD perform. It is considered advice to the receiver of 1138 the best destination address to use in sending SCTP packets (in the 1139 requesters view). If a request arrives that asks the receiver to set 1140 an address as primary that does not exist, the receiver should NOT 1141 honor the request, leaving its existing primary address unchanged. 1143 5. Security Considerations 1145 The ADD/DELETE of an IP address to an existing association does 1146 provide an additional mechanism by which existing associations can be 1147 hijacked. 1149 This document requires the use of the authentication mechanism 1150 defined in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth] to limit the ability 1151 of an attacker to hijack an association. Hijacking an association by 1152 using ADD/DELETE of an IP address is only possible for an attacker 1153 who is able to intercept the association setup. However, if a 1154 preconfigured shared end-point pair key is used this is not possible. 1155 For a more detailed analysis see SCTP-AUTH [I-D.ietf-tsvwg-sctp- 1156 auth]. 1158 6. IANA considerations 1160 This document defines the following new SCTP parameters, chunks and 1161 errors: 1163 o Two new chunk types, 1164 o Seven parameter types, and 1165 o Five new SCTP error causes. 1167 One of the two new chunk types must come from the range of chunk 1168 types where the upper two bits are one, we recommend 0xC1 but any 1169 other available code point with the upper bits set is also 1170 acceptable. 1172 The second chunk type must come from the range where only the upper 1173 bit is set to one. We recommend 0x80 but any other available code 1174 point with the upper bit set is also acceptable. 1176 All but one of the parameter types must come from the range of types 1177 where the upper two bits are set, we recommend 0xC001 - 0xC006, as 1178 specified in this document. The other parameter type must come from 1179 the 0x8000 range, we recommend 0x8008. Note that for any of these 1180 values a different unique parameter type may be assigned by IANA as 1181 long as the upper bits correspond to the ones specified in this 1182 document. 1184 The five new error causes can be any value, in this document we have 1185 used 0x0100-0x0104 in an attempt to seperate these from the common 1186 ranges of error codes. Any other unassigned values are also 1187 acceptable. 1189 This document also defines a Adaptation code point. The adaptation 1190 code point is a 32 bit integer that is assigned by IANA through an 1191 IETF Consensus action as defined in RFC2434 [RFC2434]. 1193 7. Acknowledgments 1195 The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter 1196 Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, 1197 Chip Sharp, and Irene Ruengeler for their invaluable comments. 1199 The authors would also like to give special mention to Maria-Carmen 1200 Belinchon and Ian Rytina for there early contributions to this 1201 document and their thoughtful comments. 1203 8. References 1205 [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 1206 3", BCP 9, RFC 2026, October 1996. 1208 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1209 Requirement Levels", BCP 14, RFC 2119, March 1997. 1211 [RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", 1212 RFC 2402, November 1998. 1214 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1215 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 1216 October 1998. 1218 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1219 June 1999. 1221 [RFC2960] Stewart, R., Xie, Q., Morneault, K., Sharp, C., 1222 Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., 1223 Zhang, L., and V. Paxson, "Stream Control Transmission 1224 Protocol", RFC 2960, October 2000. 1226 [I-D.ietf-tsvwg-sctp-auth] 1227 Tuexen, M., "Authenticated Chunks for Stream Control 1228 Transmission Protocol (SCTP)", 1229 draft-ietf-tsvwg-sctp-auth-01 (work in progress), 1230 October 2005. 1232 Appendix A. Abstract Address Handling 1233 A.1. General remarks 1235 The following text provides a working definition of the endpoint 1236 notion to discuss address reconfiguration. It is not intended to 1237 restrict implementations in any way, its goal is to provide as set of 1238 definitions only. Using these definitions should make a discussion 1239 about address issues easier. 1241 A.2. Generalized endpoints 1243 A generalized endpoint is a pair of a set of IP addresses and a port 1244 number at any given point of time. The precise definition is as 1245 follows: 1247 A generalized endpoint gE at time t is given by 1249 gE(t) = ({IP1, ..., IPn}, Port) 1251 where {IP1, ..., IPn} is a non empty set of IP addresses. 1253 Please note that the dynamic addition and deletion of IP-addresses 1254 described in this document allows the set of IP-addresses of a 1255 generalized endpoint to be changed at some point of time. The port 1256 number can never be changed. 1258 The set of IP addresses of a generalized endpoint gE at a time t is 1259 defined as 1261 Addr(gE)(t) = {IP1, ..., IPn} 1263 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1265 The port number of a generalized endpoint gE is defined as 1267 Port(gE) = Port 1269 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1271 There is one fundamental rule which restricts all generalized 1272 endpoints: 1274 For two different generalized endpoints gE' and gE'' with the same 1275 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1276 Addr(gE'')(t) must be disjoint at every point of time. 1278 A.3. Associations 1280 Associations consists of two generalized endpoints and the two 1281 address sets known by the peer at any time. The precise definition 1282 is as follows: 1284 An association A between to different generalized endpoints gE' and 1285 gE'' is given by 1287 A = (gE', S', gE'', S'') 1289 where S'(t) and S''(t) are set of addresses at any time t such that 1290 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1291 subset of Addr(gE'')(t). 1293 If A = (gE', S', gE'', S'') is an association between the generalized 1294 endpoints gE' and gE'' the following notion is used: 1296 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1298 If the dependency on time is important the notion Addr(A, gE')(t) = 1299 S'(t) will be used. 1301 If A is an association between gE' and gE'' then Addr(A, gE') is the 1302 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1304 Association establishment between gE' and gE'' can be seen as: 1306 1. gE' and gE'' do exist before the association. 1307 2. If an INIT has to be send from gE' to gE'' address scoping rules 1308 and other limitations are applied to calculate the subset S' from 1309 Addr(gE'). The addresses of S' are included in the INIT chunk. 1310 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1311 rules and other limitations are applied to calculate the subset 1312 S'' from Addr(gE''). The addresses of S'' are included in the 1313 INIT-ACK chunk. 1314 4. After the handshake the association A = (gE', S', gE'', S'') has 1315 been established. 1316 5. Right after the association establishment Addr(A, gE') and 1317 Addr(A, gE'') are the addresses which have been seen on the wire 1318 during the handshake. 1320 A.4. Relationship with RFC 2960 1322 RFC2960 [RFC2960] defines the notion of an endpoint. This subsection 1323 will show that these endpoints are also (special) generalized 1324 endpoints. 1326 RFC2960 [RFC2960] has no notion of address scoping or other address 1327 handling limitations and provides no mechanism to change the 1328 addresses of an endpoint. 1330 This means that an endpoint is simply a generalized endpoint which 1331 does not depend on the time. Neither the Port nor the address list 1332 changes. 1334 During association setup no address scoping rules or other 1335 limitations will be applied. This means that for an association A 1336 between two endpoints gE' and gE'' the following is true: 1338 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1340 A.5. Rules for address manipulation 1342 The rules for address manipulation can now be stated in a simple way: 1343 1. An address can be added to a generalized endpoint gE only if this 1344 address is not an address of a different generalized endpoint 1345 with the same port number. 1346 2. An address can be added to an association A with generalized 1347 endpoint gE if it has been added to the generalized endpoint gE 1348 first. This means that the address must be an element of 1349 Addr(gE) first and then it can become an element of Addr(A, gE). 1350 But this is not necessary. If the association does not allow the 1351 reconfiguration of the addresses only Addr(gE) can be modified. 1352 3. An address can be deleted from an association A with generalized 1353 endpoint gE as long as Addr(A, gE) stays non-empty. 1354 4. An address can be deleted from an generalized endpoint gE only if 1355 it has been removed from all associations having gE as a 1356 generalized endpoint. 1358 These rules simply make sure that the rules for the endpoints and 1359 associations given above are always fulfilled. 1361 Authors' Addresses 1363 Randall R. Stewart 1364 Cisco Systems, Inc. 1365 4875 Forest Drive 1366 Suite 200 1367 Columbia, SC 29206 1368 US 1370 Phone: 1371 Email: rrs@cisco.com 1373 Michael A. Ramalho 1374 Cisco Systems, Inc. 1375 1802 Rue de la Porte 1376 Wall Township, NJ 07719-3784 1377 USA 1379 Phone: +1.732.449.5762 1380 Email: mramalho@cisco.com 1382 Qiaobing Xie 1383 Motorola, Inc. 1384 1501 W. Shure Drive, #2309 1385 Arlington Heights, IL 60004 1386 USA 1388 Phone: +1-847-632-3028 1389 Email: qxie1@email.mot.com 1391 Michael Tuexen 1392 Univ. of Applied Sciences Muenster 1393 Stegerwaldstr. 39 1394 48565 Steinfurt 1395 Germany 1397 Email: tuexen@fh-muenster.de 1398 Phillip T. Conrad 1399 University of Delaware 1400 Department of Computer and Information Sciences 1401 Newark, DE 19716 1402 US 1404 Phone: +1 302 831 8622 1405 Email: conrad@acm.org 1406 URI: http://www.cis.udel.edu/~pconrad 1408 Intellectual Property Statement 1410 The IETF takes no position regarding the validity or scope of any 1411 Intellectual Property Rights or other rights that might be claimed to 1412 pertain to the implementation or use of the technology described in 1413 this document or the extent to which any license under such rights 1414 might or might not be available; nor does it represent that it has 1415 made any independent effort to identify any such rights. Information 1416 on the procedures with respect to rights in RFC documents can be 1417 found in BCP 78 and BCP 79. 1419 Copies of IPR disclosures made to the IETF Secretariat and any 1420 assurances of licenses to be made available, or the result of an 1421 attempt made to obtain a general license or permission for the use of 1422 such proprietary rights by implementers or users of this 1423 specification can be obtained from the IETF on-line IPR repository at 1424 http://www.ietf.org/ipr. 1426 The IETF invites any interested party to bring to its attention any 1427 copyrights, patents or patent applications, or other proprietary 1428 rights that may cover technology that may be required to implement 1429 this standard. Please address the information to the IETF at 1430 ietf-ipr@ietf.org. 1432 Disclaimer of Validity 1434 This document and the information contained herein are provided on an 1435 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1436 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1437 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1438 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1439 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1440 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1442 Copyright Statement 1444 Copyright (C) The Internet Society (2006). This document is subject 1445 to the rights, licenses and restrictions contained in BCP 78, and 1446 except as set forth therein, the authors retain all their rights. 1448 Acknowledgment 1450 Funding for the RFC Editor function is currently provided by the 1451 Internet Society.