idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1582. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1593. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1600. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1606. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC2960]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: It should be noted that the ASCONF Chunk format requires the receiver to report to the sender if it does not understand the ASCONF Chunk. This is accomplished by setting the upper bits in the chunk type as described in RFC2960 [RFC2960] section 3.2. Note: that the upper two bits in the ASCONF Chunk are set to one. As defined in RFC2960 [RFC2960] section 3.2, when setting these upper bits in this manner the receiver that does not understand this chunk MUST skip the chunk and continue processing, and report in an Operation Error Chunk using the 'Unrecognized Chunk Type' cause of error. This will NOT abort the association but indicates to the sender that it MUST not send any further ASCONF chunks. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: C5) An ASCONF Chunk and an ASCONF-ACK Chunk SHOULD not be larger than the path MTU. If the path MTU is unknown, then the path MTU should be set to a minimal path MTU. The minimum PMTU depends on the IP version used for transmission, and is the lesser of 576 octets and the first-hop MTU for IPv4 RFC1122 [RFC1122] and 1280 octets for IPv6 RFC2460 [RFC2460]. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 26, 2007) is 6241 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 2960 (Obsoleted by RFC 4960) == Outdated reference: A later version (-08) exists of draft-ietf-tsvwg-sctp-auth-07 Summary: 6 errors (**), 0 flaws (~~), 5 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Standards Track Q. Xie 5 Expires: August 30, 2007 Motorola, Inc. 6 M. Tuexen 7 Univ. of Applied Sciences Muenster 8 S. Maruyama 9 M. Kozuka 10 Kyoto University 11 February 26, 2007 13 Stream Control Transmission Protocol (SCTP) Dynamic Address 14 Reconfiguration 15 draft-ietf-tsvwg-addip-sctp-18.txt 17 Status of this Memo 19 By submitting this Internet-Draft, each author represents that any 20 applicable patent or other IPR claims of which he or she is aware 21 have been or will be disclosed, and any of which he or she becomes 22 aware will be disclosed, in accordance with Section 6 of BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on August 30, 2007. 42 Copyright Notice 44 Copyright (C) The IETF Trust (2007). 46 Abstract 48 This document describes extensions to the Stream Control Transmission 49 Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP 50 address information on an existing association. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 3. Serial Number Arithmetic . . . . . . . . . . . . . . . . . . . 5 57 4. Additional Chunks and Parameters . . . . . . . . . . . . . . . 5 58 4.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 5 59 4.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 6 60 4.1.2. Address Configuration Acknowledgment Chunk 61 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 7 62 4.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 8 63 4.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 9 64 4.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 10 65 4.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 11 66 4.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 12 67 4.2.5. Success Indication . . . . . . . . . . . . . . . . . . 13 68 4.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 14 69 4.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 14 70 4.3.1. Error Cause: Request to Delete Last Remaining IP 71 Address . . . . . . . . . . . . . . . . . . . . . . . 15 72 4.3.2. Error Cause: Operation Refused Due to Resource 73 Shortage . . . . . . . . . . . . . . . . . . . . . . . 15 74 4.3.3. Error Cause: Request to Delete Source IP Address . . . 16 75 4.3.4. Error Cause: Association Aborted due to illegal 76 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 17 77 4.3.5. Error Cause: Request refused - no authorization. . . . 17 78 5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 18 79 5.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 18 80 5.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 20 81 5.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 21 82 5.3. General rules for address manipulation . . . . . . . . . . 23 83 5.3.1. A special case for OOTB ABORT Chunks . . . . . . . . . 27 84 5.3.2. A special case for changing an address. . . . . . . . 27 85 5.4. Setting of the primary address . . . . . . . . . . . . . . 28 86 5.5. Bundling of multiple ASCONFs . . . . . . . . . . . . . . . 28 87 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 88 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 29 89 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 90 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 91 Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 32 92 A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 32 93 A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 32 94 A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 33 95 A.4. Relationship with RFC 2960 . . . . . . . . . . . . . . . . 34 96 A.5. Rules for address manipulation . . . . . . . . . . . . . . 34 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 98 Intellectual Property and Copyright Statements . . . . . . . . . . 37 100 1. Introduction 102 A local host may have multiple points of attachment to the Internet, 103 giving it a degree of fault tolerance from hardware failures. SCTP 104 was developed to take full advantage of such a multi-homed host to 105 provide a fast failover and association survivability in the face of 106 such hardware failures. However, many modern computers allow for the 107 dynamic addition and deletion of network cards (sometimes termed a 108 hot-pluggable interface). Complicate this with the ability of a 109 provider, in IPv6, to dynamically renumber a network, and there still 110 is a gap between full fault tolerance and the currently defined SCTP 111 protocol. No matter if a card is added or an interface is 112 renumbered, in order to take advantage of this new configuration, the 113 transport association must be restarted. For many fault tolerant 114 applications this restart is considered an outage and is undesirable. 116 This document describes an extension to SCTP to attempt to correct 117 this problem for the more demanding fault tolerant application. This 118 extension will allow an SCTP stack to: 120 o Dynamically add an IP Addresses to an association. 121 o Dynamically delete an IP Addresses from an association. 122 o Request to set the primary address the peer will use when sending 123 to an endpoint. 125 The dynamic addition and subtraction of IP addresses allows an SCTP 126 association to continue to function through host and network 127 reconfigurations. These changes, brought on by provider or user 128 action, may mean that the peer would be better served by using the 129 newly added address, however this information may only be known by 130 the endpoint that had the reconfiguration occur. In such a case this 131 extension allows the local endpoint to advise the peer as to what it 132 thinks is the better primary address that the peer should be using. 134 One last thing this extension adds is a small 32 bit integer, called 135 an adaptation indication, that can be exchanged at startup. This is 136 useful for applications where there is one or more specific layers 137 below the application, yet still above SCTP. In such a case the 138 exchange of this indication can allow the proper layer to be enabled 139 below the application. 141 2. Conventions 143 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 144 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 145 document are to be interpreted as described in RFC2119 [RFC2119]. 147 3. Serial Number Arithmetic 149 It is essential to remember that the actual ASCONF Sequence Number 150 space is finite, though very large. This space ranges from 0 to 151 2**32 - 1. Since the space is finite, all arithmetic dealing with 152 ASCONF Sequence Numbers MUST be performed modulo 2**32. This 153 unsigned arithmetic preserves the relationship of sequence numbers as 154 they cycle from 2**32 - 1 to 0 again. There are some subtleties to 155 computer modulo arithmetic, so great care should be taken in 156 programming the comparison of such values. When referring to ASCONF 157 Sequence Numbers, the symbol "=<" means "less than or equal"(modulo 158 2**32). 160 Comparisons and arithmetic on ASCONF sequence numbers in this 161 document SHOULD use Serial Number Arithmetic as defined in [RFC1982] 162 where SERIAL_BITS = 32. 164 ASCONF Sequence Numbers wrap around when they reach 2**32 - 1. That 165 is, the next ASCONF Sequence Number an ASCONF chunk MUST use after 166 transmitting ASCONF Sequence Number = 2*32 - 1 is TSN = 0. 168 Any arithmetic done on Stream Sequence Numbers SHOULD use Serial 169 Number Arithmetic as defined in [RFC1982] where SERIAL_BITS = 16. 170 All other arithmetic and comparisons in this document uses normal 171 arithmetic. 173 4. Additional Chunks and Parameters 175 This section describes the addition of two new chunks and, seven new 176 parameters to allow: 178 o Dynamic addition of IP Addresses to an association. 179 o Dynamic deletion of IP Addresses from an association. 180 o A request to set the primary address the peer will use when 181 sending to an endpoint. 183 Additionally, this section describes three new error causes that 184 support these new chunks and parameters. 186 4.1. New Chunk Types 188 This section defines two new chunk types that will be used to 189 transfer the control information reliably. Table 1 illustrates the 190 two new chunk types. 192 Chunk Type Chunk Name 193 -------------------------------------------------------------- 194 0xC1 Address Configuration Change Chunk (ASCONF) 195 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 197 Table 1: Address Configuration Chunks 199 4.1.1. Address Configuration Change Chunk (ASCONF) 201 This chunk is used to communicate to the remote endpoint one of the 202 configuration change requests that MUST be acknowledged. The 203 information carried in the ASCONF Chunk uses the form of a Type- 204 Length-Value (TLV), as described in "3.2.1 Optional/Variable-length 205 Parameter Format" in RFC2960 [RFC2960], for all variable parameters. 206 This chunk MUST be sent in an authenticated way by using the 207 mechanism defined in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. If this 208 chunk is received unauthenticated it MUST be silently discarded as 209 described in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. 211 0 1 2 3 212 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 | Type = 0xC1 | Chunk Flags | Chunk Length | 215 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 216 | Serial Number | 217 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 | Address Parameter | 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | ASCONF Parameter #1 | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 \ \ 223 / .... / 224 \ \ 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | ASCONF Parameter #N | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 Serial Number : 32 bits (unsigned integer) 231 This value represents a Serial Number for the ASCONF Chunk. The 232 valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). 233 Serial Numbers wrap back to 0 after reaching 4294967295. 235 Address Parameter : 8 or 20 bytes (depending on the address type) 237 This field contains an address parameter, either IPv6 or IPv4, from 238 RFC2960 [RFC2960]. The address is an address of the sender of the 239 ASCONF Chunk, the address MUST be considered part of the association 240 by the peer endpoint (the receiver of the ASCONF Chunk). This field 241 may be used by the receiver of the ASCONF to help in finding the 242 association. If the address 0.0.0.0 or ::0 is provided the receiver 243 MAY lookup the association by other information provided in the 244 packet. This parameter MUST be present in every ASCONF message i.e. 245 it is a mandatory TLV parameter. 247 Note: the host name address MUST NOT be sent and MUST be ignored if 248 received in any ASCONF message. 250 It should be noted that the ASCONF Chunk format requires the receiver 251 to report to the sender if it does not understand the ASCONF Chunk. 252 This is accomplished by setting the upper bits in the chunk type as 253 described in RFC2960 [RFC2960] section 3.2. Note: that the upper two 254 bits in the ASCONF Chunk are set to one. As defined in RFC2960 255 [RFC2960] section 3.2, when setting these upper bits in this manner 256 the receiver that does not understand this chunk MUST skip the chunk 257 and continue processing, and report in an Operation Error Chunk using 258 the 'Unrecognized Chunk Type' cause of error. This will NOT abort 259 the association but indicates to the sender that it MUST not send any 260 further ASCONF chunks. 262 ASCONF Parameter: TLV format 264 Each Address configuration change is represented by a TLV parameter 265 as defined in Section 4.2. One or more requests may be present in an 266 ASCONF Chunk. 268 4.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK) 270 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 271 the reception. It carries zero or more results for any ASCONF 272 Parameters that were processed by the receiver. This chunk MUST be 273 sent in an authenticated way by using the mechanism defined in SCTP- 274 AUTH [I-D.ietf-tsvwg-sctp-auth]. If this chunk is received 275 unauthenticated it MUST be silently discarded as described in SCTP- 276 AUTH [I-D.ietf-tsvwg-sctp-auth]. 278 0 1 2 3 279 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 | Type = 0x80 | Chunk Flags | Chunk Length | 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 | Serial Number | 284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 285 | ASCONF Parameter Response#1 | 286 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 287 \ \ 288 / .... / 289 \ \ 290 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 291 | ASCONF Parameter Response#N | 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 Serial Number : 32 bits (unsigned integer) 296 This value represents the Serial Number for the received ASCONF Chunk 297 that is acknowledged by this chunk. This value is copied from the 298 received ASCONF Chunk. 300 ASCONF Parameter Response : TLV format 302 The ASCONF Parameter Response is used in the ASCONF-ACK to report 303 status of ASCONF processing. By default, if a responding endpoint 304 does not include any Error Cause, a success is indicated. Thus a 305 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 306 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 307 (set to 8) and the Serial Number. 309 4.2. New Parameter Types 311 The seven new parameters added follow the format defined in section 312 3.2.1 of RFC2960 [RFC2960]. Table 2, 3 and 4 describes the 313 parameters. 315 Address Configuration Parameters Parameter Type 316 ------------------------------------------------- 317 Set Primary Address 0xC004 318 Adaptation Layer Indication 0xC006 320 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 321 Address Configuration Parameters Parameter Type 322 ------------------------------------------------- 323 Add IP Address 0xC001 324 Delete IP Address 0xC002 325 Set Primary Address 0xC004 327 Table 3: Parameters used in ASCONF Parameter 329 Address Configuration Parameters Parameter Type 330 ------------------------------------------------- 331 Error Cause Indication 0xC003 332 Success Indication 0xC005 334 Table 4: Parameters used in ASCONF Parameter Response 336 Any parameter that appears where it is not allowed (for example a 337 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 338 responded to with an ABORT by the receiver of the invalid parameter. 339 If the receiver chooses NOT to abort, the parameter MUST be ignored. 340 A robust implementation SHOULD ignore the parameter and leave the 341 association intact. 343 4.2.1. Add IP Address 345 0 1 2 3 346 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 347 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 348 | Type = 0xC001 | Length = Variable | 349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 350 | ASCONF-Request Correlation ID | 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 | Address Parameter | 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 355 ASCONF-Request Correlation ID: 32 bits 357 This is an opaque integer assigned by the sender to identify each 358 request parameter. The receiver of the ASCONF Chunk will copy this 359 32 bit value into the ASCONF Response Correlation ID field of the 360 ASCONF-ACK response parameter. The sender of the ASCONF can use this 361 same value in the ASCONF-ACK to find which request the response is 362 for. Note that the receiver MUST NOT change this 32 bit value. 364 Address Parameter: TLV 366 This field contains an IPv4 or IPv6 address parameter as described in 367 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 368 this parameter. It informs the receiver that the address specified 369 is to be added to the existing association. This parameter MUST NOT 370 contain a broadcast or multicast address. If the address 0.0.0.0 or 371 ::0 is provided, the source address of the packet MUST be added. 373 An example TLV requesting that the IPv4 address 192.0.2.1 be added to 374 the association would look as follows: 376 +--------------------------------+ 377 | Type=0xC001 | Length = 16 | 378 +--------------------------------+ 379 | C-ID = 0x01023474 | 380 +--------------------------------+ 381 | Type=5 | Length = 8 | 382 +----------------+---------------+ 383 | Value=0xC0000201 | 384 +----------------+---------------+ 386 Valid Chunk Appearance 388 The Add IP Address parameter may only appear in the ASCONF Chunk 389 type. 391 4.2.2. Delete IP Address 393 0 1 2 3 394 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 396 | Type =0xC002 | Length = Variable | 397 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 398 | ASCONF-Request Correlation ID | 399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 400 | Address Parameter | 401 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 403 ASCONF-Request Correlation ID: 32 bits 405 This is an opaque integer assigned by the sender to identify each 406 request parameter. The receiver of the ASCONF Chunk will copy this 407 32 bit value into the ASCONF Response Correlation ID field of the 408 ASCONF-ACK response parameter. The sender of the ASCONF can use this 409 same value in the ASCONF-ACK to find which request the response is 410 for. Note that the receiver MUST NOT change this 32 bit value. 412 Address Parameter: TLV 414 This field contains an IPv4 or IPv6 address parameter as described in 415 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 416 this parameter. It informs the receiver that the address specified 417 is to be removed from the existing association. This parameter MUST 418 NOT contain a broadcast or multicast address. If the address 0.0.0.0 419 or ::0 is provided, all addresses of the peer except the source 420 address of the packet MUST be deleted. 422 An example TLV deleting the IPv4 address 192.0.2.1 from an existing 423 association would look as follows: 425 +--------------------------------+ 426 | Type=0xC002 | Length = 16 | 427 +--------------------------------+ 428 | C-ID = 0x01023476 | 429 +--------------------------------+ 430 | Type=5 | Length = 8 | 431 +----------------+---------------+ 432 | Value=0xC0000201 | 433 +----------------+---------------+ 435 Valid Chunk Appearance 437 The Delete IP Address parameter may only appear in the ASCONF Chunk 438 type. 440 4.2.3. Error Cause Indication 442 0 1 2 3 443 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 444 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 445 | Type = 0xC003 | Length = Variable | 446 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 447 | ASCONF-Response Correlation ID | 448 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 449 | Error Cause(s) or Return Info on Success | 450 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 452 ASCONF-Response Correlation ID: 32 bits 454 This is an opaque integer assigned by the sender to identify each 455 request parameter. The receiver of the ASCONF Chunk will copy this 456 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 457 Response Correlation ID field so the peer can easily correlate the 458 request to this response. Note that the receiver MUST NOT change 459 this 32 bit value. 461 Error Cause(s): TLV(s) 462 When reporting an error this response parameter is used to wrap one 463 or more standard error causes normally found within an SCTP 464 Operational Error or SCTP Abort (as defined in RFC2960 [RFC2960]). 465 The Error Cause(s) follow the format defined in section 3.3.10 of 466 RFC2960 [RFC2960]. 468 Valid Chunk Appearance 470 The Error Cause Indication parameter may only appear in the ASCONF- 471 ACK Chunk type. 473 4.2.4. Set Primary IP Address 475 0 1 2 3 476 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 477 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 | Type =0xC004 | Length = Variable | 479 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 | ASCONF-Request Correlation ID | 481 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 | Address Parameter | 483 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 ASCONF-Request Correlation ID: 32 bits 487 This is an opaque integer assigned by the sender to identify each 488 request parameter. The receiver of the ASCONF Chunk will copy this 489 32 bit value into the ASCONF Response Correlation ID field of the 490 ASCONF-ACK response parameter. The sender of the ASCONF can use this 491 same value in the ASCONF-ACK to find which request the response is 492 for. Note that the receiver MUST NOT change this 32 bit value. 494 Address Parameter: TLV 496 This field contains an IPv4 or IPv6 address parameter as described in 497 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within 498 this parameter. It requests the receiver to mark the specified 499 address as the primary address to send data to (see section 5.1.2 of 500 RFC2960 [RFC2960]). The receiver MAY mark this as its primary upon 501 receiving this request. If the address 0.0.0.0 or ::0 is provided, 502 the receiver MAY mark the source address of the packet as its 503 primary. 505 An example TLV requesting that the IPv4 address 192.0.2.1 be made the 506 primary destination address would look as follows: 508 +--------------------------------+ 509 | Type=0xC004 | Length = 16 | 510 +--------------------------------+ 511 | C-ID = 0x01023479 | 512 +--------------------------------+ 513 | Type=5 | Length = 8 | 514 +----------------+---------------+ 515 | Value=0xC0000201 | 516 +----------------+---------------+ 518 Valid Chunk Appearance 520 The Set Primary IP Address parameter may appear in the ASCONF Chunk, 521 the INIT, or the INIT-ACK chunk type. The inclusion of this 522 parameter in the INIT or INIT-ACK can be used to indicate an initial 523 preference of primary address. 525 4.2.5. Success Indication 527 0 1 2 3 528 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 529 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 530 | Type = 0xC005 | Length = 8 | 531 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 532 | ASCONF-Response Correlation ID | 533 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 535 By default if a responding endpoint does not report an error for any 536 requested TLV, a success is implicitly indicated. Thus a sender of a 537 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 538 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 539 and the Serial Number. 541 The responding endpoint MAY also choose to explicitly report a 542 success for a requested TLV, by returning a success report ASCONF 543 Parameter Response. 545 ASCONF-Response Correlation ID: 32 bits 547 This is an opaque integer assigned by the sender to identify each 548 request parameter. The receiver of the ASCONF Chunk will copy this 549 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 550 Response Correlation ID field so the peer can easily correlate the 551 request to this response. 553 Valid Chunk Appearance 555 The Success Indication parameter may only appear in the ASCONF-ACK 556 chunk type. 558 4.2.6. Adaptation Layer Indication 560 0 1 2 3 561 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 562 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 563 | Type =0xC006 | Length = 8 | 564 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 565 | Adaptation Code point | 566 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 568 This parameter is specified for the communication of peer upper layer 569 protocols. It is envisioned to be used for flow control and other 570 adaptation layers that require an indication to be carried in the 571 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 572 to use this parameter MUST specify a an adaptation code point in an 573 appropriate RFC defining its use and meaning. This parameter SHOULD 574 NOT be examined by the receiving SCTP implementation and should be 575 passed opaquely to the upper layer protocol. 577 Note: that this parameter is not used in either the addition or 578 deletion of addresses but is for the convience of the upper layer. 579 This document includes this parameter to minimize the number of SCTP 580 documents. 582 Valid Chunk Appearance 584 The Adaptation Layer Indication parameter may appear in INIT or INIT- 585 ACK chunk and SHOULD be passed to the receivers upper layer protocol 586 based upon the upper layer protocol configuration of the SCTP stack. 587 This parameter MUST NOT be sent in any other chunks and if it is 588 received in another chunk it MUST be ignored. 590 4.3. New Error Causes 592 Five new Error Causes are added to the SCTP Operational Errors, 593 primarily for use in the ASCONF-ACK Chunk. 595 Cause Code 596 Value Cause Code 597 --------- ---------------- 598 0x0100 Request to Delete Last Remaining IP Address. 599 0x0101 Operation Refused Due to Resource Shortage. 600 0x0102 Request to Delete Source IP Address. 601 0x0103 Association Aborted due to illegal ASCONF-ACK 602 0x0104 Request refused - no authorization. 604 Table 5: New Error Causes 606 4.3.1. Error Cause: Request to Delete Last Remaining IP Address 608 Cause of error 610 Request to Delete Last Remaining IP address: The receiver of this 611 error sent a request to delete the last IP address from its 612 association with its peer. This error indicates that the request is 613 rejected. 615 0 1 2 3 616 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 617 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 618 | Cause Code=0x0100 | Cause Length=Variable | 619 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 620 \ TLV-Copied-From-ASCONF / 621 / \ 622 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 624 An example of a failed delete in an Error Cause TLV would look as 625 follows in the response ASCONF-ACK message: 627 +--------------------------------+ 628 | Type = 0xC003 | Length = 28 | 629 +----------------+---------------+ 630 | C-ID = 0x01023476 | 631 +--------------------------------+ 632 | Cause=0x0100 | Length = 20 | 633 +----------------+---------------+ 634 | Type= 0xC002 | Length = 16 | 635 +----------------+---------------+ 636 | C-ID = 0x01023476 | 637 +--------------------------------+ 638 | Type=0x0005 | Length = 8 | 639 +----------------+---------------+ 640 | Value=0xC0000201 | 641 +----------------+---------------+ 643 4.3.2. Error Cause: Operation Refused Due to Resource Shortage 645 Cause of error 647 This error cause is used to report a failure by the receiver to 648 perform the requested operation due to a lack of resources. The 649 entire TLV that is refused is copied from the ASCONF into the error 650 cause. 652 0 1 2 3 653 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 654 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 655 | Cause Code=0x0101 | Cause Length=Variable | 656 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 \ TLV-Copied-From-ASCONF / 658 / \ 659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 661 An example of a failed addition in an Error Cause TLV would look as 662 follows in the response ASCONF-ACK message: 664 +--------------------------------+ 665 | Type = 0xC003 | Length = 28 | 666 +--------------------------------+ 667 | C-ID = 0x01023474 | 668 +--------------------------------+ 669 | Cause=0x0101 | Length = 20 | 670 +----------------+---------------+ 671 | Type=0xC001 | Length = 16 | 672 +--------------------------------+ 673 | C-ID = 0x01023474 | 674 +--------------------------------+ 675 | Type=0x0005 | Length = 8 | 676 +----------------+---------------+ 677 | Value=0xC0000201 | 678 +----------------+---------------+ 680 4.3.3. Error Cause: Request to Delete Source IP Address 682 Cause of error 684 Request to Delete Source IP Address: The receiver of this error sent 685 a request to delete the source IP address of the ASCONF message. 686 This error indicates that the request is rejected. 688 0 1 2 3 689 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 690 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 691 | Cause Code=0x0102 | Cause Length=Variable | 692 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 693 \ TLV-Copied-From-ASCONF / 694 / \ 695 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 697 An example of a failed delete in an Error Cause TLV would look as 698 follows in the response ASCONF-ACK message: 700 +--------------------------------+ 701 | Type = 0xC003 | Length = 28 | 702 +--------------------------------+ 703 | C-ID = 0x01023476 | 704 +--------------------------------+ 705 | Cause=0x0102 | Length = 20 | 706 +----------------+---------------+ 707 | Type=0xC002 | Length = 16 | 708 +----------------+---------------+ 709 | C-ID = 0x01023476 | 710 +--------------------------------+ 711 | Type=0x0005 | Length = 8 | 712 +----------------+---------------+ 713 | Value=0xC0000201 | 714 +----------------+---------------+ 716 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 717 packet from the address being deleted, unless the endpoint does not 718 do proper source address selection. 720 4.3.4. Error Cause: Association Aborted due to illegal ASCONF-ACK 722 This error is to be included in an ABORT that is generated due to the 723 reception of an ASCONF-ACK that was not expected but is larger than 724 the current sequence number (see Section 5.3 Rule F0 ). Note: that a 725 sequence number is larger than the last ACKed sequence number if it 726 is either the next sequence or no more than 2^^31-1 greater than the 727 current sequence number. Sequence numbers smaller than the last 728 acked sequence number are silently ignored. 730 0 1 2 3 731 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 732 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 733 | Cause Code=0x0103 | Cause Length=4 | 734 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 736 4.3.5. Error Cause: Request refused - no authorization. 738 Cause of error 740 This error cause may be included to reject a request based on local 741 security policies. 743 0 1 2 3 744 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 745 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 746 | Cause Code=0x0104 | Cause Length=Variable | 747 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 748 \ TLV-Copied-From-ASCONF / 749 / \ 750 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 752 5. Procedures 754 This section will lay out the specific procedures for address 755 configuration change chunk type and its processing. 757 5.1. ASCONF Chunk Procedures 759 When an endpoint has an ASCONF signaled change to be sent to the 760 remote endpoint it MUST do the following: 762 A1) Create an ASCONF Chunk as defined in Section 4.1.1. The chunk 763 MUST contain all of the TLV(s) of information necessary to be sent 764 to the remote endpoint, and unique correlation identities for each 765 request. 767 A2) A serial number MUST be assigned to the Chunk. The serial 768 number MUST be larger by one. The serial number MUST be 769 initialized at the start of the association to the same value as 770 the Initial TSN and every time a new ASCONF Chunk is created it 771 MUST be incremented by one after assigning the serial number to 772 the newly created chunk . 774 A3) If no SCTP packet with one or more ASCONF Chunk(s) is 775 outstanding (un-acknowledged) with the remote peer, send the 776 chunk. 778 A4) The sender MUST Start a T-4 RTO timer, using the RTO value of 779 the selected destination address (normally the primary path; see 780 RFC2960 [RFC2960] section 6.4 for details). 782 A5) When the ASCONF-ACK that acknowledges the serial number last 783 sent arrives, the sender MUST stop the T-4 RTO timer, and clear 784 the appropriate association and destination error counters as 785 defined in RFC2960 [RFC2960] section 8.1 and 8.2. 787 A6) The endpoint MUST process all of the TLVs within the ASCONF- 788 ACK(s) to find out particular status information returned to the 789 various requests that were sent. Use the Correlation IDs to 790 correlate the request and the responses. 792 A7) If an error response is received for a TLV parameter, all TLVs 793 with no response before the failed TLV are considered successful 794 if not reported. All TLVs after the failed response are 795 considered unsuccessful unless a specific success indication is 796 present for the parameter. 798 A8) If there is no response(s) to specific TLV parameter(s), and no 799 failures are indicated, then all request(s) are considered 800 successful. 802 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 803 that it did not recognize the ASCONF Chunk type, the sender of the 804 ASCONF MUST NOT send any further ASCONF Chunks and MUST stop its 805 T-4 timer. 807 If the T-4 RTO timer expires the endpoint MUST do the following: 809 B1) Increment the error counters and perform path failure detection 810 on the appropriate destination address as defined in RFC2960 811 [RFC2960] section 8.1 and 8.2. 813 B2) Increment the association error counters and perform endpoint 814 failure detection on the association as defined in RFC2960 815 [RFC2960] section 8.1 and 8.2. 817 B3) Back-off the destination address RTO value to which the ASCONF 818 chunk was sent by doubling the RTO timer value. 820 Note: The RTO value is used in the setting of all timer types for 821 SCTP. Each destination address has a single RTO estimate. 823 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 824 alternate destination address (please refer to RFC2960 [RFC2960] 825 section 6.4.1). An endpoint MUST NOT add new parameters to this 826 chunk, it MUST be the same (including its serial number) as the 827 last ASCONF sent. An endpoint MAY, however, bundle an additional 828 ASCONF with new ASCONF parameters with the next sequence number. 829 For details see Section 5.5 831 B5) Restart the T-4 RTO timer. Note: that if a different 832 destination is selected, then the RTO used will be that of the new 833 destination address. 835 Note: the total number of re-transmissions is limited by B2 above. 836 If the maximum is reached, the association will fail and enter into 837 the CLOSED state (see RFC2960 [RFC2960] section 6.4.1 for details). 839 5.1.1. Congestion Control of ASCONF Chunks 841 In defining the ASCONF Chunk transfer procedures, it is essential 842 that these transfers MUST NOT cause congestion within the network. 843 To achieve this, we place these restrictions on the transfer of 844 ASCONF Chunks: 846 C1) One and only one SCTP packet holding ASCONF Chunk(s) MAY be in 847 transit and unacknowledged at any one time. If a sender, after 848 sending an ASCONF chunk, decides it needs to transfer another 849 ASCONF Chunk, it MUST wait until the ASCONF-ACK Chunk returns from 850 the previous ASCONF Chunk before sending a subsequent ASCONF. 851 Note: this restriction binds each side, so at any time two ASCONF 852 may be in-transit on any given association (one sent from each 853 endpoint). However when an ASCONF Chunk is retransmitted due to a 854 time-out, the additional held ASCONF Chunks can be bundled into 855 the retransmission packet as described in Section 5.5. 857 C2) An ASCONF Chunk may be bundled with any other chunk type 858 including other ASCONF Chunks. If bundled with other ASCONF 859 Chunks, the chunks MUST appear in sequential order with respect to 860 their Serial Number. 862 C3) An ASCONF-ACK Chunk may be bundled with any other chunk type 863 including other ASCONF-ACK Chunks. If bundled with other ASCONF- 864 ACK Chunks, the chunks MUST appear in sequential order with 865 respect to their Serial Number. 867 C4) Both ASCONF and ASCONF-ACK Chunks MUST NOT be sent in any SCTP 868 state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and 869 SHUTDOWN-SENT. 871 C5) An ASCONF Chunk and an ASCONF-ACK Chunk SHOULD not be larger 872 than the path MTU. If the path MTU is unknown, then the path MTU 873 should be set to a minimal path MTU. The minimum PMTU depends on 874 the IP version used for transmission, and is the lesser of 576 875 octets and the first-hop MTU for IPv4 RFC1122 [RFC1122] and 1280 876 octets for IPv6 RFC2460 [RFC2460]. 878 A ASCONF sender without these restrictions could possibly flood the 879 network with a large number of seperate address change operations 880 thus causing network congestion. 882 If the sender of an ASCONF Chunk receives an Operational Error 883 indicating that the ASCONF Chunk type is not understood, then the 884 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 885 endpoint should also inform the upper layer application that the peer 886 endpoint does not support any of the extensions detailed in this 887 document. 889 5.2. Upon reception of an ASCONF Chunk. 891 When an endpoint receives an ASCONF Chunk from the remote peer 892 special procedures may be needed to identify the association the 893 ASCONF Chunk is associated with. To properly find the association 894 the following procedures SHOULD be followed: 896 D1) Use the source address and port number of the sender to attempt 897 to identify the association (i.e. use the same method defined in 898 RFC2960 [RFC2960] used for all other SCTP Chunks). If found 899 proceed to rule D4. 901 D2) If the association is not found, use the address found in the 902 Address Parameter TLV combined with the port number found in the 903 SCTP common header. If found proceed to rule D4. 905 D2-ext) If more than one ASCONF Chunks are packed together, use the 906 address found in the ASCONF Address Parameter TLV of the each of 907 the subsequent ASCONF Chunks. If found, proceed to rule D4. 909 D3) If neither D1, D2 nor D2-ext locates the association, treat the 910 chunk as an Out Of The Blue packet as defined in RFC2960 911 [RFC2960]. 913 D4) Follow the normal rules to validate the SCTP verification tag 914 found in RFC2960 [RFC2960]. 916 After identification and verification of the association, the 917 following should be performed to properly process the ASCONF Chunk: 918 E1) If the value found in the serial number of the ASCONF Chunk is 919 equal to the ('Peer-Serial-Number' + 1) and the Serial Number of 920 the ASCONF Chunk is the first in the SCTP Packet, the endpoint MAY 921 clean any old cached ASCONF-ACK up to the 'Peer-Serial-Number' and 922 then proceed to rule E4. 924 E1-ext If the value found in the serial number of the ASCONF Chunk 925 is equal to the ('Peer-Serial-Number' + 1) and the ASCONF chunk is 926 NOT the first Serial Number in the SCTP packet proceed to rule E4 927 but do NOT clear any cached ASCONF-ACK or state information. 928 E2) If the value found in the serial number is less than the ('Peer- 929 Serial-Number' + 1), simply skip to the next ASCONF, and include 930 in the outbound response packet any previously cached ASCONF-ACK 931 response that was sent and saved that matches the serial number of 932 the ASCONF. Note: it is possible that no cached ASCONF-ACK Chunk 933 exists. This will occur when an older ASCONF arrives out of 934 order. In such a case the receiver should skip the ASCONF Chunk 935 and not include ASCONF-ACK Chunk for that chunk. 937 E3) Then, process each ASCONF one by one as above while the Serial 938 Number of the ASCONF is less than the ('Peer-Serial-Number' + 1). 940 E4) When the serial number matches the next one expected, process 941 the ASCONF as described below and after processing the ASCONF 942 Chunk, append an ASCONF-ACK Chunk to the response packet and cache 943 a copy of it (in the event it later needs to be retransmitted). 945 V1) Process the TLVs contained within the Chunk performing the 946 appropriate actions as indicated by each TLV type. The TLVs 947 MUST be processed in order within the Chunk. For example, if 948 the sender puts 3 TLVs in one chunk, the first TLV (the one 949 closest to the Chunk Header) in the Chunk MUST be processed 950 first. The next TLV in the chunk (the middle one) MUST be 951 processed second and finally the last TLV in the Chunk MUST be 952 processed last. 954 V2) In processing the chunk, the receiver should build a response 955 message with the appropriate error TLVs, as specified in the 956 Parameter type bits for any ASCONF Parameter it does not 957 understand. To indicate an unrecognized parameter, cause type 958 8 as defined in the ERROR in 3.3.10.8 of RFC2960 [RFC2960] 959 should be used. The endpoint may also use the response to 960 carry rejections for other reasons such as resource shortages 961 etc, using the Error Cause TLV and an appropriate error 962 condition. 964 Note: a positive response is implied if no error is indicated 965 by the sender. 966 V3) All responses MUST copy the ASCONF-Request Correlation ID 967 field received in the ASCONF parameter, from the TLV being 968 responded to, into the ASCONF-Request Correlation ID field in 969 the response parameter. 971 V4) After processing the entire Chunk, the receiver of the ASCONF 972 MUST queue the response ASCONF-ACK Chunk for transmission after 973 the rest of the SCTP packet has been processed. This allows 974 the ASCONF-ACK Chunk to be bundled with other ASCONF-ACK Chunks 975 as well as any additional responses e.g. a SACK Chunk. 977 V5) Update the 'Peer-Serial-Number' to the value found in the 978 serial number field. 980 E5) Otherwise, the ASCONF Chunk is discarded since it must be either 981 a stale packet or from an attacker. A receiver of such a packet 982 MAY log the event for security purposes. 984 E6) When all ASCONF Chunks are processed for this SCTP packet, send 985 back the accumulated single response packet with all of the 986 ASCONF-ACK Chunks. The destination address of the SCTP packet 987 containing the ASCONF-ACK Chunks MUST be the source address of the 988 SCTP packet that held the ASCONF Chunks. 990 E7) While processing the ASCONF Chunks in the SCTP packet, if the 991 response packet will exceed the PMTU of the return path, the 992 receiver MUST stop adding additional ASCONF-ACKs into the response 993 packet but MUST continue to process all of the ASCONF Chunks, 994 saving ASCONF-ACK Chunk responses in its cached copy. The sender 995 of the ASCONF Chunk will later retransmit the ASCONF Chunks that 996 were not responded to, at which time the cached copies of the 997 responses that would NOT fit in the PMTU can be sent to the peer. 999 Note: These rules have been presented with the assumption that the 1000 implementation is caching old ASCONF-ACKs in case of loss of SCTP 1001 packets in the ACK path. It is allowable for an implementation to 1002 maintain this state in another form it deems appropriate, as long as 1003 that form results in the same ASCONF-ACK sequences being returned to 1004 the peer as outlined above. 1006 5.3. General rules for address manipulation 1008 When building TLV parameters for the ASCONF Chunk that will add or 1009 delete IP addresses the following rules MUST be applied: 1011 F0) If an endpoint receives an ASCONF-ACK that is greater than or 1012 equal to the next serial number to be used but no ASCONF Chunk is 1013 outstanding the endpoint MUST ABORT the association. Note: that a 1014 sequence number is greater than if it is no more than 2^^31-1 1015 larger than the current sequence number (using serial arithmetic). 1017 F1) When adding an IP address to an association, the IP address is 1018 NOT considered fully added to the association until the ASCONF-ACK 1019 arrives. This means that until such time as the ASCONF containing 1020 the add is acknowledged the sender MUST NOT use the new IP address 1021 as a source for ANY SCTP packet except on carrying an ASCONF 1022 Chunk. The receiver of the add IP address request may use the 1023 address as a destination immediately. The receiver MUST use the 1024 path verification procedure for the added address before using 1025 that address. The receiver MUST NOT send packets to the new 1026 address except for the corresponding ASCONF-ACK Chunk or HEARTBEAT 1027 Chunks for path verification before the new path is verified. If 1028 the ASCONF-ACK is sent to the new address it MAY be bundled with 1029 the HEARTBEAT chunk for path verification. 1031 F2) After the ASCONF-ACK of an IP address add arrives, the endpoint 1032 MAY begin using the added IP address as a source address for any 1033 type of SCTP chunk. 1035 F3a) If an endpoint receives an Error Cause TLV indicating that the 1036 IP address Add or IP address Deletion parameters was not 1037 understood, the endpoint MUST consider the operation failed and 1038 MUST NOT attempt to send any subsequent Add or Delete requests to 1039 the peer. 1041 F3b) If an endpoint receives an Error Cause TLV indicating that the 1042 IP address Set Primary IP Address parameter was not understood, 1043 the endpoint MUST consider the operation failed and MUST NOT 1044 attempt to send any subsequent Set Primary IP Address requests to 1045 the peer. 1047 F4) When deleting an IP address from an association, the IP address 1048 MUST be considered a valid destination address for the reception 1049 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 1050 as a source address for any subsequent packets. This means that 1051 any datagrams that arrive before the ASCONF-ACK destined to the IP 1052 address being deleted MUST be considered part of the current 1053 association. One special consideration is that ABORT Chunks 1054 arriving destined to the IP address being deleted MUST be ignored 1055 (see Section 5.3.1 for further details). 1057 F5) An endpoint MUST NOT delete its last remaining IP address from 1058 an association. In other words if an endpoint is NOT multi-homed 1059 it MUST NOT use the delete IP address without an add IP address 1060 preceding the delete parameter in the ASCONF Chunk. Or if an 1061 endpoint sends multiple requests to delete IP addresses it MUST 1062 NOT delete all of the IP addresses that the peer has listed for 1063 the requester. 1065 F6) An endpoint MUST NOT set an IP header source address for an SCTP 1066 packet holding the ASCONF Chunk to be the same as an address being 1067 deleted by the ASCONF Chunk. 1069 F7) If a request is received to delete the last remaining IP address 1070 of a peer endpoint, the receiver MUST send an Error Cause TLV with 1071 the error cause set to the new error code 'Request to Delete Last 1072 Remaining IP Address'. The requested delete MUST NOT be performed 1073 or acted upon, other than to send the ASCONF-ACK. 1075 F8) If a request is received to delete an IP address which is also 1076 the source address of the IP packet which contained the ASCONF 1077 chunk, the receiver MUST reject this request. To reject the 1078 request the receiver MUST send an Error Cause TLV set to the new 1079 error code 'Request to Delete Source IP Address' (unless Rule F5 1080 has also been violated, in which case the error code 'Request to 1081 Delete Last Remaining IP Address' is sent). 1083 F9) If an endpoint receives an ADD IP address request and does not 1084 have the local resources to add this new address to the 1085 association, it MUST return an Error Cause TLV set to the new 1086 error code 'Operation Refused Due to Resource Shortage'. 1088 F10) If an endpoint receives an 'Out of Resource' error in response 1089 to its request to ADD an IP address to an association, it must 1090 either ABORT the association or not consider the address part of 1091 the association. In other words if the endpoint does not ABORT 1092 the association, it must consider the add attempt failed and NOT 1093 use this address since its peer will treat SCTP packets destined 1094 to the address as Out Of The Blue packets. 1096 F11) When an endpoint receiving an ASCONF to add an IP address sends 1097 an 'Out of Resource' in its response, it MUST also fail any 1098 subsequent add or delete requests bundled in the ASCONF. The 1099 receiver MUST NOT reject an ADD and then accept a subsequent 1100 DELETE of an IP address in the same ASCONF Chunk. In other words, 1101 once a receiver begins failing any ADD or DELETE request, it must 1102 fail all subsequent ADD or DELETE requests contained in that 1103 single ASCONF. 1105 F12) When an endpoint receives a request to delete an IP address 1106 that is the current primary address, it is an implementation 1107 decision as to how that endpoint chooses the new primary address. 1109 F13) When an endpoint receives a valid request to DELETE an IP 1110 address the endpoint MUST consider the address no longer as part 1111 of the association. It MUST NOT send SCTP packets for the 1112 association to that address and it MUST treat subsequent packets 1113 received from that address as Out Of The Blue. 1115 During the time interval between sending out the ASCONF and 1116 receiving the ASCONF-ACK it MAY be possible to receive DATA Chunks 1117 out of order. The following examples illustrate these problems: 1119 Endpoint-A Endpoint-Z 1120 ---------- ---------- 1121 ASCONF[Add-IP:X]------------------------------> 1122 /--ASCONF-ACK 1123 / 1124 /--------/---New DATA: 1125 / / Destination 1126 <-------------------/ / IP:X 1127 / 1128 <--------------------------/ 1130 In the above example we see a new IP address (X) being added to the 1131 Endpoint-A. However due to packet re-ordering in the network a new 1132 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 1133 confirming the add of the address to the association. 1135 A similar problem exists with the deletion of an IP address as 1136 follows: 1138 Endpoint-A Endpoint-Z 1139 ---------- ---------- 1140 /------------New DATA: 1141 / Destination 1142 / IP:X 1143 ASCONF [DEL-IP:X]---------/----------------> 1144 <-----------------/------------------ASCONF-ACK 1145 / 1146 / 1147 <-------------/ 1149 In this example we see a DATA chunk destined to the IP:X (which is 1150 about to be deleted) arriving after the deletion is complete. For 1151 the ADD case an endpoint SHOULD consider the newly adding IP address 1152 valid for the association to receive data from during the interval 1153 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1154 this new address until the ASCONF-ACK arrives but it may receive out 1155 of order data as illustrated and MUST NOT treat this data as an OOTB 1156 datagram (please see RFC2960 [RFC2960] section 8.4). It MAY drop the 1157 data silently or it MAY consider it part of the association but it 1158 MUST NOT respond with an ABORT. 1160 For the DELETE case, an endpoint MAY respond to the late arriving 1161 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1162 address for a small period of time as still valid. If it treats the 1163 DATA packet as an OOTB the peer will silently discard the ABORT 1164 (since by the time the ABORT is sent the peer will have removed the 1165 IP address from this association). If the endpoint elects to hold 1166 the IP address valid for a period of time, it MUST NOT hold it valid 1167 longer than 2 RTO intervals for the destination being removed. 1169 5.3.1. A special case for OOTB ABORT Chunks 1171 Another case worth mentioning is illustrated below: 1173 Endpoint-A Endpoint-Z 1174 ---------- ---------- 1176 New DATA:------------\ 1177 Source IP:X \ 1178 \ 1179 ASCONF-REQ[DEL-IP:X]----\------------------> 1180 \ /---------ASCONF-ACK 1181 \ / 1182 \----/-----------> OOTB 1183 (Ignored <---------------------/-------------ABORT 1184 by rule D4) / 1185 <---------------------/ 1187 For this case, during the deletion of an IP address, an Abort MUST be 1188 ignored if the destination address of the Abort message is that of a 1189 destination being deleted. 1191 5.3.2. A special case for changing an address. 1193 In some instances the sender may only have one IP address in an 1194 association that is being renumbered. When this occurs, the sender 1195 may not be able to send to the peer the appropriate ADD/DELETE pair 1196 and use the old address as a source in the IP header. For this 1197 reason the sender MUST fill in the Address Parameter field with an 1198 address that is part of the association (in this case the one being 1199 deleted). This will allow the receiver to locate the association 1200 without using the source address found in the IP header. 1202 The receiver of such a chunk MUST always first use the source address 1203 found in the IP header in looking up the association. The receiver 1204 should attempt to use the address found in the Address Bytes field 1205 only if the lookup fails using the source address from the IP header. 1206 The receiver MUST reply to the source address of the packet in this 1207 case which is the new address that was added by the ASCONF (since the 1208 old address is no longer a part of the association after processing). 1210 5.4. Setting of the primary address 1212 A sender of this option may elect to send this combined with a 1213 deletion or addition of an address. A sender SHOULD only send a set 1214 primary request to an address that is already considered part of the 1215 association. In other words if a sender combines a set primary with 1216 an add of a new IP address the set primary will be discarded unless 1217 the add request is to be processed BEFORE the set primary (i.e. it 1218 precedes the set primary). 1220 A request to set primary MAY also appear in an INIT or INIT-ACK 1221 chunk. This can give advice to the peer endpoint as to which of its 1222 addresses the sender of the INIT or INIT-ACK would prefer to be used 1223 as the primary address. 1225 The request to set an address as the primary path is an option the 1226 receiver SHOULD perform. It is considered advice to the receiver of 1227 the best destination address to use in sending SCTP packets (in the 1228 requester's view). If a request arrives that asks the receiver to 1229 set an address as primary that does not exist, the receiver should 1230 NOT honor the request, leaving its existing primary address 1231 unchanged. 1233 5.5. Bundling of multiple ASCONFs 1235 In the normal case a single ASCONF is sent in a packet and a single 1236 reply ASCONF-ACK is received. However, in the event of the loss of 1237 an SCTP packet containing either an ASCONF or ASCONF-ACK it is 1238 allowable for a sender to bundle additional ASCONFs in the 1239 retransmission. In bundling multiple ASCONFs the following rules 1240 MUST be followed: 1241 1. Previously transmitted ASCONF Chunks MUST be left unchanged. 1242 2. Each SCTP packet containing ASCONF Chunks MUST be bundled 1243 starting with the smallest ASCONF Serial Number first in the 1244 packet (closest to the Chunk header) and preceding in sequential 1245 order from lowest to highest ASCONF Serial Number. 1247 3. All ASCONFs within the packet MUST be adjacent to each other i.e. 1248 no other chunk type must separate the ASCONFs. 1249 4. Each new ASCONFs lookup address MUST be populated as if the 1250 previous ASCONFs had been processed and accepted. 1252 6. Security Considerations 1254 The addition and or deletion of an IP address to an existing 1255 association does provide an additional mechanism by which existing 1256 associations can be hijacked. Therefore this document requires the 1257 use of the authentication mechanism defined in SCTP-AUTH 1258 [I-D.ietf-tsvwg-sctp-auth] to limit the ability of an attacker to 1259 hijack an association. 1261 Hijacking an association by using the addition and deletion of an IP 1262 address is only possible for an attacker who is able to intercept the 1263 initial two packets of the association setup when the SCTP-AUTH 1264 extension is used without pre-shared keys.. If such a threat is 1265 considered a possibility, then the SCTP-AUTH 1266 [I-D.ietf-tsvwg-sctp-auth] extension MUST be used with a 1267 preconfigured shared end-point pair key to mitigate this threat. For 1268 a more detailed analysis see SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. 1270 If an SCTP endpoint that supports this extension receives an INIT 1271 that indicates that the peer supports the ASCONF extension but does 1272 NOT support the SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth] extension, the 1273 receiver of such an INIT MUST send an ABORT in response to such an 1274 INIT. Note: that an implementation is allowed to silently discard 1275 such an INIT as an option as well but under NO circumstance is an 1276 implementation allowed to proceed with the association setup by 1277 sending an INIT-ACK in response. 1279 An implementation that receives an INIT-ACK that indicates that the 1280 peer does not support the SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth] 1281 extension MUST NOT send the COOKIE-ECHO to establish the association. 1282 Instead the implementation MUST discard the INIT-ACK and report to 1283 the upper layer user that an association cannot be established 1284 destroying the TCB. 1286 7. IANA considerations 1288 This document defines the following new SCTP parameters, chunks and 1289 errors (http://www.iana.org/assignments/sctp-parameters): 1291 o Two new chunk types, 1292 o Six parameter types, and 1293 o Five new SCTP error causes. 1295 One of the two new chunk types must come from the range of chunk 1296 types where the upper two bits are one, we recommend 0xC1 but any 1297 other available code point with the upper bits set is also 1298 acceptable. The second chunk type must come from the range where 1299 only the upper bit is set to one. We recommend 0x80 but any other 1300 available code point with the upper bit set is also acceptable. The 1301 chunk types with there suggested values are shown below. 1303 Chunk Type Chunk Name 1304 -------------------------------------------------------------- 1305 0xC1 Address Configuration Change Chunk (ASCONF) 1306 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 1308 All of the parameter types must come from the range of types where 1309 the upper two bits are set, we recommend 0xC001 - 0xC006, as shown 1310 below. Note: that for any of these values a different unique 1311 parameter type may be assigned by IANA as long as the upper bits 1312 correspond to the ones specified in this document. The suggested 1313 parameter types are listed below: 1315 Parameter Type Parameter Name 1316 ------------------------------------------------- 1317 0xC001 Add IP Address 1318 0xC002 Delete IP Address 1319 0xC003 Error Cause Indication 1320 0xC004 Set Primary Address 1321 0xC005 Success Indication 1322 0xC006 Adaptation Layer Indication 1324 The five new error causes can be any value, in this document we have 1325 used 0x0100-0x0104 in an attempt to separate these from the common 1326 ranges of error codes. Any other unassigned values are also 1327 acceptable. The suggested error causes are listed below:. 1329 Cause Code 1330 Value Cause Code 1331 --------- ---------------- 1332 0x0100 Request to Delete Last Remaining IP Address. 1333 0x0101 Operation Refused Due to Resource Shortage. 1334 0x0102 Request to Delete Source IP Address. 1335 0x0103 Association Aborted due to illegal ASCONF-ACK 1336 0x0104 Request refused - no authorization. 1338 This document also defines an Adaptation code point. The adaptation 1339 code point is a 32 bit integer that is assigned by IANA through an 1340 IETF Consensus action as defined in RFC2434 [RFC2434]. For this new 1341 registry no initial values are being added by this document, however 1342 draft-ietf-rddp-sctp will add the first entry. 1344 8. Acknowledgments 1346 The authors would like to express a special note of thanks to Michael 1347 Ramahlo and Phillip Conrad for there extreme efforts in the early 1348 formation of this draft. 1350 The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter 1351 Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, 1352 Chip Sharp, and Irene Ruengeler for their invaluable comments. 1354 The authors would also like to give special mention to Maria-Carmen 1355 Belinchon and Ian Rytina for there early contributions to this 1356 document and their thoughtful comments. 1358 9. References 1360 [RFC1122] Braden, R., "Requirements for Internet Hosts - 1361 Communication Layers", STD 3, RFC 1122, October 1989. 1363 [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, 1364 August 1996. 1366 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1367 Requirement Levels", BCP 14, RFC 2119, March 1997. 1369 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1370 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 1371 October 1998. 1373 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1374 (IPv6) Specification", RFC 2460, December 1998. 1376 [RFC2960] Stewart, R., Xie, Q., Morneault, K., Sharp, C., 1377 Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., 1378 Zhang, L., and V. Paxson, "Stream Control Transmission 1379 Protocol", RFC 2960, October 2000. 1381 [I-D.ietf-tsvwg-sctp-auth] 1382 Tuexen, M., "Authenticated Chunks for Stream Control 1383 Transmission Protocol (SCTP)", 1384 draft-ietf-tsvwg-sctp-auth-07 (work in progress), 1385 January 2007. 1387 Appendix A. Abstract Address Handling 1389 A.1. General remarks 1391 This appendix is non-normative. It is present to give the reader a 1392 concise mathematical definition of an SCTP endpoint. The following 1393 text provides a working definition of the endpoint notion to discuss 1394 address reconfiguration. It is not intended to restrict 1395 implementations in any way, its goal is to provide a set of 1396 definitions only. Using these definitions should make a discussion 1397 about address issues easier. 1399 A.2. Generalized endpoints 1401 A generalized endpoint is a pair of a set of IP addresses and a port 1402 number at any given point of time. The precise definition is as 1403 follows: 1405 A generalized endpoint gE at time t is given by 1407 gE(t) = ({IP1, ..., IPn}, Port) 1409 where {IP1, ..., IPn} is a non empty set of IP addresses. 1411 Please note that the dynamic addition and deletion of IP-addresses 1412 described in this document allows the set of IP-addresses of a 1413 generalized endpoint to be changed at some point of time. The port 1414 number can never be changed. 1416 The set of IP addresses of a generalized endpoint gE at a time t is 1417 defined as 1419 Addr(gE)(t) = {IP1, ..., IPn} 1421 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1423 The port number of a generalized endpoint gE is defined as 1425 Port(gE) = Port 1427 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1429 There is one fundamental rule which restricts all generalized 1430 endpoints: 1432 For two different generalized endpoints gE' and gE'' with the same 1433 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1434 Addr(gE'')(t) must be disjoint at every point of time. 1436 A.3. Associations 1438 Associations consists of two generalized endpoints and the two 1439 address sets known by the peer at any time. The precise definition 1440 is as follows: 1442 An association A between to different generalized endpoints gE' and 1443 gE'' is given by 1445 A = (gE', S', gE'', S'') 1447 where S'(t) and S''(t) are set of addresses at any time t such that 1448 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1449 subset of Addr(gE'')(t). 1451 If A = (gE', S', gE'', S'') is an association between the generalized 1452 endpoints gE' and gE'' the following notion is used: 1454 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1456 If the dependency on time is important the notion Addr(A, gE')(t) = 1457 S'(t) will be used. 1459 If A is an association between gE' and gE'' then Addr(A, gE') is the 1460 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1462 Association establishment between gE' and gE'' can be seen as: 1464 1. gE' and gE'' do exist before the association. 1465 2. If an INIT has to be send from gE' to gE'' address scoping rules 1466 and other limitations are applied to calculate the subset S' from 1467 Addr(gE'). The addresses of S' are included in the INIT chunk. 1469 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1470 rules and other limitations are applied to calculate the subset 1471 S'' from Addr(gE''). The addresses of S'' are included in the 1472 INIT-ACK chunk. 1473 4. After the handshake the association A = (gE', S', gE'', S'') has 1474 been established. 1475 5. Right after the association establishment Addr(A, gE') and 1476 Addr(A, gE'') are the addresses which have been seen on the wire 1477 during the handshake. 1479 A.4. Relationship with RFC 2960 1481 RFC2960 [RFC2960] defines the notion of an endpoint. This subsection 1482 will show that these endpoints are also (special) generalized 1483 endpoints. 1485 RFC2960 [RFC2960] has no notion of address scoping or other address 1486 handling limitations and provides no mechanism to change the 1487 addresses of an endpoint. 1489 This means that an endpoint is simply a generalized endpoint which 1490 does not depend on the time. Neither the Port nor the address list 1491 changes. 1493 During association setup no address scoping rules or other 1494 limitations will be applied. This means that for an association A 1495 between two endpoints gE' and gE'' the following is true: 1497 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1499 A.5. Rules for address manipulation 1501 The rules for address manipulation can now be stated in a simple way: 1502 1. An address can be added to a generalized endpoint gE only if this 1503 address is not an address of a different generalized endpoint 1504 with the same port number. 1505 2. An address can be added to an association A with generalized 1506 endpoint gE if it has been added to the generalized endpoint gE 1507 first. This means that the address must be an element of 1508 Addr(gE) first and then it can become an element of Addr(A, gE). 1509 But this is not necessary. If the association does not allow the 1510 reconfiguration of the addresses only Addr(gE) can be modified. 1511 3. An address can be deleted from an association A with generalized 1512 endpoint gE as long as Addr(A, gE) stays non-empty. 1513 4. An address can be deleted from an generalized endpoint gE only if 1514 it has been removed from all associations having gE as a 1515 generalized endpoint. 1517 These rules simply make sure that the rules for the endpoints and 1518 associations given above are always fulfilled. 1520 Authors' Addresses 1522 Randall R. Stewart 1523 Cisco Systems, Inc. 1524 4875 Forest Drive 1525 Suite 200 1526 Columbia, SC 29206 1527 US 1529 Phone: 1530 Email: rrs@cisco.com 1532 Qiaobing Xie 1533 Motorola, Inc. 1534 1501 W. Shure Drive, #2309 1535 Arlington Heights, IL 60004 1536 USA 1538 Phone: +1-847-632-3028 1539 Email: qxie1@email.mot.com 1541 Michael Tuexen 1542 Univ. of Applied Sciences Muenster 1543 Stegerwaldstr. 39 1544 48565 Steinfurt 1545 Germany 1547 Email: tuexen@fh-muenster.de 1549 Shin Maruyama 1550 Kyoto University 1551 Yoshida-Honmachi 1552 Sakyo-ku 1553 Kyoto, Kyoto 606-8501 1554 JAPAN 1556 Phone: +81-75-753-7468 1557 Email: mail@marushin.gr.jp 1558 Masahiro Kozuka 1559 Kyoto University 1560 Yoshida-Honmachi 1561 Sakyo-ku 1562 Kyoto, Kyoto 606-8501 1563 JAPAN 1565 Phone: +81-75-753-7468 1566 Email: ma-kun@kozuka.jp 1568 Full Copyright Statement 1570 Copyright (C) The IETF Trust (2007). 1572 This document is subject to the rights, licenses and restrictions 1573 contained in BCP 78, and except as set forth therein, the authors 1574 retain all their rights. 1576 This document and the information contained herein are provided on an 1577 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1578 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1579 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1580 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1581 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1582 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1584 Intellectual Property 1586 The IETF takes no position regarding the validity or scope of any 1587 Intellectual Property Rights or other rights that might be claimed to 1588 pertain to the implementation or use of the technology described in 1589 this document or the extent to which any license under such rights 1590 might or might not be available; nor does it represent that it has 1591 made any independent effort to identify any such rights. Information 1592 on the procedures with respect to rights in RFC documents can be 1593 found in BCP 78 and BCP 79. 1595 Copies of IPR disclosures made to the IETF Secretariat and any 1596 assurances of licenses to be made available, or the result of an 1597 attempt made to obtain a general license or permission for the use of 1598 such proprietary rights by implementers or users of this 1599 specification can be obtained from the IETF on-line IPR repository at 1600 http://www.ietf.org/ipr. 1602 The IETF invites any interested party to bring to its attention any 1603 copyrights, patents or patent applications, or other proprietary 1604 rights that may cover technology that may be required to implement 1605 this standard. Please address the information to the IETF at 1606 ietf-ipr@ietf.org. 1608 Acknowledgment 1610 Funding for the RFC Editor function is provided by the IETF 1611 Administrative Support Activity (IASA).