idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-22.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1773. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1784. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1791. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1797. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([I-D.ietf-tsvwg-2960bis]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: It should be noted that the ASCONF Chunk format requires the receiver to report to the sender if it does not understand the ASCONF Chunk. This is accomplished by setting the upper bits in the chunk type as described in [I-D.ietf-tsvwg-2960bis]. section 3.2. Note that the upper two bits in the ASCONF Chunk are set to one. As defined in [I-D.ietf-tsvwg-2960bis] section 3.2, when setting these upper bits in this manner the receiver that does not understand this chunk MUST skip the chunk and continue processing, and report in an Operation Error Chunk using the 'Unrecognized Chunk Type' cause of error. This will NOT abort the association but indicates to the sender that it MUST not send any further ASCONF chunks. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: C5) An ASCONF Chunk and an ASCONF-ACK Chunk SHOULD not be larger than the PMTU. If the PMTU is unknown, then the PMTU should be set to the minimum PMTU. The minimum PMTU depends on the IP version used for transmission, and is the lesser of 576 octets and the first-hop MTU for IPv4 [RFC1122] and 1280 octets for IPv6 [RFC2460]. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 19, 2007) is 6146 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Standards Track Q. Xie 5 Expires: December 21, 2007 Motorola, Inc. 6 M. Tuexen 7 Univ. of Applied Sciences Muenster 8 S. Maruyama 9 M. Kozuka 10 Kyoto University 11 June 19, 2007 13 Stream Control Transmission Protocol (SCTP) Dynamic Address 14 Reconfiguration 15 draft-ietf-tsvwg-addip-sctp-22.txt 17 Status of this Memo 19 By submitting this Internet-Draft, each author represents that any 20 applicable patent or other IPR claims of which he or she is aware 21 have been or will be disclosed, and any of which he or she becomes 22 aware will be disclosed, in accordance with Section 6 of BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on December 21, 2007. 42 Copyright Notice 44 Copyright (C) The IETF Trust (2007). 46 Abstract 48 A local host may have multiple points of attachment to the Internet, 49 giving it a degree of fault tolerance from hardware failures. Stream 50 Control Transmission Protocol (SCTP) [I-D.ietf-tsvwg-2960bis] was 51 developed to take full advantage of such a multi-homed host to 52 provide a fast failover and association survivability in the face of 53 such hardware failures. This document describes an extension to SCTP 54 that will allow an SCTP stack to dynamically add an IP Addresses to 55 an SCTP association, dynamically delete an IP addresses from an SCTP 56 association, and to request to set the primary address the peer will 57 use when sending to an endpoint. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 62 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 3. Serial Number Arithmetic . . . . . . . . . . . . . . . . . . . 6 64 4. Additional Chunks and Parameters . . . . . . . . . . . . . . . 6 65 4.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 6 66 4.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 7 67 4.1.2. Address Configuration Acknowledgment Chunk 68 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 8 69 4.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 9 70 4.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 10 71 4.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 11 72 4.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 12 73 4.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 13 74 4.2.5. Success Indication . . . . . . . . . . . . . . . . . . 14 75 4.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 15 76 4.2.7. Supported Extensions Parameter . . . . . . . . . . . . 15 77 4.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 16 78 4.3.1. Error Cause: Request to Delete Last Remaining IP 79 Address . . . . . . . . . . . . . . . . . . . . . . . 17 80 4.3.2. Error Cause: Operation Refused Due to Resource 81 Shortage . . . . . . . . . . . . . . . . . . . . . . . 17 82 4.3.3. Error Cause: Request to Delete Source IP Address . . . 18 83 4.3.4. Error Cause: Association Aborted due to illegal 84 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 19 85 4.3.5. Error Cause: Request refused - no authorization. . . . 19 86 5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 20 87 5.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 20 88 5.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 22 89 5.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 23 90 5.3. General rules for address manipulation . . . . . . . . . . 26 91 5.3.1. A special case for OOTB ABORT Chunks . . . . . . . . . 29 92 5.3.2. A special case for changing an address. . . . . . . . 30 93 5.4. Setting of the primary address . . . . . . . . . . . . . . 30 94 5.5. Bundling of multiple ASCONFs . . . . . . . . . . . . . . . 31 95 6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 96 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 34 97 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 35 98 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 36 99 9.1. Normative References . . . . . . . . . . . . . . . . . . . 36 100 9.2. Informative References . . . . . . . . . . . . . . . . . . 36 101 Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 37 102 A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 37 103 A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 37 104 A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 38 105 A.4. Relationship with RFC 4960 . . . . . . . . . . . . . . . . 38 106 A.5. Rules for address manipulation . . . . . . . . . . . . . . 39 108 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 39 109 Intellectual Property and Copyright Statements . . . . . . . . . . 41 111 1. Introduction 113 A local host may have multiple points of attachment to the Internet, 114 giving it a degree of fault tolerance from hardware failures. SCTP 115 was developed to take full advantage of such a multi-homed host to 116 provide a fast failover and association survivability in the face of 117 such hardware failures. However, many modern computers allow for the 118 dynamic addition and deletion of network cards (sometimes termed a 119 hot-pluggable interface). Complicate this with the ability of a 120 provider, in IPv6, to dynamically renumber a network, and there still 121 is a gap between full fault tolerance and the currently defined SCTP 122 protocol. No matter if a card is added or an interface is 123 renumbered, in order to take advantage of this new configuration, the 124 transport association must be restarted. For many fault tolerant 125 applications this restart is considered an outage and is undesirable. 127 This document describes an extension to SCTP to attempt to correct 128 this problem for the more demanding fault tolerant application. This 129 extension will allow an SCTP stack to: 131 o Dynamically add an IP Addresses to an association. 132 o Dynamically delete an IP Addresses from an association. 133 o Request to set the primary address the peer will use when sending 134 to an endpoint. 136 The dynamic addition and subtraction of IP addresses allows an SCTP 137 association to continue to function through host and network 138 reconfigurations. These changes, brought on by provider or user 139 action, may mean that the peer would be better served by using the 140 newly added address, however this information may only be known by 141 the endpoint that had the reconfiguration occur. In such a case this 142 extension allows the local endpoint to advise the peer as to what it 143 thinks is the better primary address that the peer should be using. 145 One last thing this extension adds is a small 32 bit integer, called 146 an adaptation indication, that can be exchanged at startup. This is 147 useful for applications where there is one or more specific layers 148 below the application, yet still above SCTP. In such a case the 149 exchange of this indication can allow the proper layer to be enabled 150 below the application. 152 2. Conventions 154 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 155 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 156 document are to be interpreted as described in [RFC2119]. 158 3. Serial Number Arithmetic 160 It is essential to remember that the actual ASCONF Sequence Number 161 space is finite, though very large. This space ranges from 0 to 162 2**32 - 1. Since the space is finite, all arithmetic dealing with 163 ASCONF Sequence Numbers MUST be performed modulo 2**32. This 164 unsigned arithmetic preserves the relationship of sequence numbers as 165 they cycle from 2**32 - 1 to 0 again. There are some subtleties to 166 computer modulo arithmetic, so great care should be taken in 167 programming the comparison of such values. When referring to ASCONF 168 Sequence Numbers, the symbol "=<" means "less than or equal"(modulo 169 2**32). 171 Comparisons and arithmetic on ASCONF sequence numbers in this 172 document SHOULD use Serial Number Arithmetic as defined in [RFC1982] 173 where SERIAL_BITS = 32. 175 ASCONF Sequence Numbers wrap around when they reach 2**32 - 1. That 176 is, the next ASCONF Sequence Number an ASCONF chunk MUST use after 177 transmitting ASCONF Sequence Number = 2**32 - 1 is 0. 179 Any arithmetic done on Stream Sequence Numbers SHOULD use Serial 180 Number Arithmetic as defined in [RFC1982] where SERIAL_BITS = 16. 181 All other arithmetic and comparisons in this document uses normal 182 arithmetic. 184 4. Additional Chunks and Parameters 186 This section describes the addition of two new chunks and, seven new 187 parameters to allow: 189 o Dynamic addition of IP Addresses to an association. 190 o Dynamic deletion of IP Addresses from an association. 191 o A request to set the primary address the peer will use when 192 sending to an endpoint. 194 Additionally, this section describes three new error causes that 195 support these new chunks and parameters. 197 4.1. New Chunk Types 199 This section defines two new chunk types that will be used to 200 transfer the control information reliably. Table 1 illustrates the 201 two new chunk types. 203 Chunk Type Chunk Name 204 -------------------------------------------------------------- 205 0xC1 Address Configuration Change Chunk (ASCONF) 206 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 208 Table 1: Address Configuration Chunks 210 4.1.1. Address Configuration Change Chunk (ASCONF) 212 This chunk is used to communicate to the remote endpoint one of the 213 configuration change requests that MUST be acknowledged. The 214 information carried in the ASCONF Chunk uses the form of a Type- 215 Length-Value (TLV), as described in "3.2.1 Optional/Variable-length 216 Parameter Format" in [I-D.ietf-tsvwg-2960bis] for all variable 217 parameters. This chunk MUST be sent in an authenticated way by using 218 the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk 219 is received unauthenticated it MUST be silently discarded as 220 described in [I-D.ietf-tsvwg-sctp-auth]. 222 0 1 2 3 223 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 224 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 225 | Type = 0xC1 | Chunk Flags | Chunk Length | 226 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 227 | Sequence Number | 228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 | Address Parameter | 230 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 231 | ASCONF Parameter #1 | 232 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 233 \ \ 234 / .... / 235 \ \ 236 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 | ASCONF Parameter #N | 238 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 Sequence Number : 32 bits (unsigned integer) 242 This value represents a Sequence Number for the ASCONF Chunk. The 243 valid range of Sequence Number is from 0 to 4294967295 (2**32 - 1). 244 Sequence Numbers wrap back to 0 after reaching 4294967295. 246 Address Parameter : 8 or 20 bytes (depending on the address type) 248 This field contains an address parameter, either IPv6 or IPv4, from 249 [I-D.ietf-tsvwg-2960bis]. The address is an address of the sender of 250 the ASCONF Chunk, the address MUST be considered part of the 251 association by the peer endpoint (the receiver of the ASCONF Chunk). 252 This field may be used by the receiver of the ASCONF to help in 253 finding the association. If the address 0.0.0.0 or ::0 is provided 254 the receiver MAY lookup the association by other information provided 255 in the packet. This parameter MUST be present in every ASCONF 256 message, i.e. it is a mandatory TLV parameter. 258 Note: the host name address MUST NOT be sent and MUST be ignored if 259 received in any ASCONF message. 261 It should be noted that the ASCONF Chunk format requires the receiver 262 to report to the sender if it does not understand the ASCONF Chunk. 263 This is accomplished by setting the upper bits in the chunk type as 264 described in [I-D.ietf-tsvwg-2960bis]. section 3.2. Note that the 265 upper two bits in the ASCONF Chunk are set to one. As defined in 266 [I-D.ietf-tsvwg-2960bis] section 3.2, when setting these upper bits 267 in this manner the receiver that does not understand this chunk MUST 268 skip the chunk and continue processing, and report in an Operation 269 Error Chunk using the 'Unrecognized Chunk Type' cause of error. This 270 will NOT abort the association but indicates to the sender that it 271 MUST not send any further ASCONF chunks. 273 ASCONF Parameter: TLV format 275 Each Address configuration change is represented by a TLV parameter 276 as defined in Section 4.2. One or more requests may be present in an 277 ASCONF Chunk. 279 4.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK) 281 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 282 the reception. It carries zero or more results for any ASCONF 283 Parameters that were processed by the receiver. This chunk MUST be 284 sent in an authenticated way by using the mechanism defined in 285 [I-D.ietf-tsvwg-sctp-auth]. If this chunk is received 286 unauthenticated it MUST be silently discarded as described in 287 [I-D.ietf-tsvwg-sctp-auth]. 289 0 1 2 3 290 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 292 | Type = 0x80 | Chunk Flags | Chunk Length | 293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 | Sequence Number | 295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 296 | ASCONF Parameter Response#1 | 297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 298 \ \ 299 / .... / 300 \ \ 301 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 302 | ASCONF Parameter Response#N | 303 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 305 Sequence Number : 32 bits (unsigned integer) 307 This value represents the Sequence Number for the received ASCONF 308 Chunk that is acknowledged by this chunk. This value is copied from 309 the received ASCONF Chunk. 311 ASCONF Parameter Response : TLV format 313 The ASCONF Parameter Response is used in the ASCONF-ACK to report 314 status of ASCONF processing. By default, if a responding endpoint 315 does not include any Error Cause, a success is indicated. Thus a 316 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 317 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 318 (set to 8) and the Sequence Number. 320 4.2. New Parameter Types 322 The seven new parameters added follow the format defined in section 323 3.2.1 of [I-D.ietf-tsvwg-2960bis]. Tables 2, 3 and 4 describe the 324 parameters. 326 Address Configuration Parameters Parameter Type 327 ------------------------------------------------- 328 Set Primary Address 0xC004 329 Adaptation Layer Indication 0xC006 330 Supported Extensions 0x8008 332 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 333 Address Configuration Parameters Parameter Type 334 ------------------------------------------------- 335 Add IP Address 0xC001 336 Delete IP Address 0xC002 337 Set Primary Address 0xC004 339 Table 3: Parameters used in ASCONF Parameter 341 Address Configuration Parameters Parameter Type 342 ------------------------------------------------- 343 Error Cause Indication 0xC003 344 Success Indication 0xC005 346 Table 4: Parameters used in ASCONF Parameter Response 348 Any parameter that appears where it is not allowed (for example a 349 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 350 responded to with an ABORT by the receiver of the invalid parameter. 351 If the receiver chooses NOT to abort, the parameter MUST be ignored. 352 A robust implementation SHOULD ignore the parameter and leave the 353 association intact. 355 4.2.1. Add IP Address 357 0 1 2 3 358 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 360 | Type = 0xC001 | Length = Variable | 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 | ASCONF-Request Correlation ID | 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 | Address Parameter | 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 ASCONF-Request Correlation ID: 32 bits 369 This is an opaque integer assigned by the sender to identify each 370 request parameter. The receiver of the ASCONF Chunk will copy this 371 32 bit value into the ASCONF Response Correlation ID field of the 372 ASCONF-ACK response parameter. The sender of the ASCONF can use this 373 same value in the ASCONF-ACK to find which request the response is 374 for. Note that the receiver MUST NOT change this 32 bit value. 376 Address Parameter: TLV 378 This field contains an IPv4 or IPv6 address parameter as described in 379 3.3.2.1 of [I-D.ietf-tsvwg-2960bis]. The complete TLV is wrapped 380 within this parameter. It informs the receiver that the address 381 specified is to be added to the existing association. This parameter 382 MUST NOT contain a broadcast or multicast address. If the address 383 0.0.0.0 or ::0 is provided, the source address of the packet MUST be 384 added. 386 An example TLV requesting that the IPv4 address 192.0.2.1 be added to 387 the association would look as follows: 389 +--------------------------------+ 390 | Type=0xC001 | Length = 16 | 391 +--------------------------------+ 392 | C-ID = 0x01023474 | 393 +--------------------------------+ 394 | Type=5 | Length = 8 | 395 +----------------+---------------+ 396 | Value=0xC0000201 | 397 +----------------+---------------+ 399 Valid Chunk Appearance 401 The Add IP Address parameter may only appear in the ASCONF Chunk 402 type. 404 4.2.2. Delete IP Address 406 0 1 2 3 407 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 409 | Type =0xC002 | Length = Variable | 410 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 411 | ASCONF-Request Correlation ID | 412 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 413 | Address Parameter | 414 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 416 ASCONF-Request Correlation ID: 32 bits 418 This is an opaque integer assigned by the sender to identify each 419 request parameter. The receiver of the ASCONF Chunk will copy this 420 32 bit value into the ASCONF Response Correlation ID field of the 421 ASCONF-ACK response parameter. The sender of the ASCONF can use this 422 same value in the ASCONF-ACK to find which request the response is 423 for. Note that the receiver MUST NOT change this 32 bit value. 425 Address Parameter: TLV 426 This field contains an IPv4 or IPv6 address parameter as described in 427 3.3.2.1 of [I-D.ietf-tsvwg-2960bis]. The complete TLV is wrapped 428 within this parameter. It informs the receiver that the address 429 specified is to be removed from the existing association. This 430 parameter MUST NOT contain a broadcast or multicast address. If the 431 address 0.0.0.0 or ::0 is provided, all addresses of the peer except 432 the source address of the packet MUST be deleted. 434 An example TLV deleting the IPv4 address 192.0.2.1 from an existing 435 association would look as follows: 437 +--------------------------------+ 438 | Type=0xC002 | Length = 16 | 439 +--------------------------------+ 440 | C-ID = 0x01023476 | 441 +--------------------------------+ 442 | Type=5 | Length = 8 | 443 +----------------+---------------+ 444 | Value=0xC0000201 | 445 +----------------+---------------+ 447 Valid Chunk Appearance 449 The Delete IP Address parameter may only appear in the ASCONF Chunk 450 type. 452 4.2.3. Error Cause Indication 454 0 1 2 3 455 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 456 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 457 | Type = 0xC003 | Length = Variable | 458 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 459 | ASCONF-Response Correlation ID | 460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 461 | Error Cause(s) or Success Indication | 462 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 464 ASCONF-Response Correlation ID: 32 bits 466 This is an opaque integer assigned by the sender to identify each 467 request parameter. The receiver of the ASCONF Chunk will copy this 468 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 469 Response Correlation ID field so the peer can easily correlate the 470 request to this response. Note that the receiver MUST NOT change 471 this 32 bit value. 473 Error Cause(s): TLV(s) 474 When reporting an error this response parameter is used to wrap one 475 or more standard error causes normally found within an SCTP 476 Operational Error or SCTP Abort (as defined in 477 [I-D.ietf-tsvwg-2960bis]). The Error Cause(s) follow the format 478 defined in section 3.3.10 of [I-D.ietf-tsvwg-2960bis]. 480 Valid Chunk Appearance 482 The Error Cause Indication parameter may only appear in the ASCONF- 483 ACK Chunk type. 485 4.2.4. Set Primary IP Address 487 0 1 2 3 488 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 490 | Type =0xC004 | Length = Variable | 491 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 492 | ASCONF-Request Correlation ID | 493 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 494 | Address Parameter | 495 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 497 ASCONF-Request Correlation ID: 32 bits 499 This is an opaque integer assigned by the sender to identify each 500 request parameter. The receiver of the ASCONF Chunk will copy this 501 32 bit value into the ASCONF Response Correlation ID field of the 502 ASCONF-ACK response parameter. The sender of the ASCONF can use this 503 same value in the ASCONF-ACK to find which request the response is 504 for. Note that the receiver MUST NOT change this 32 bit value. 506 Address Parameter: TLV 508 This field contains an IPv4 or IPv6 address parameter as described in 509 3.3.2.1 of [I-D.ietf-tsvwg-2960bis]. The complete TLV is wrapped 510 within this parameter. It requests the receiver to mark the 511 specified address as the primary address to send data to (see section 512 5.1.2 of [I-D.ietf-tsvwg-2960bis]). The receiver MAY mark this as 513 its primary upon receiving this request. If the address 0.0.0.0 or 514 ::0 is provided, the receiver MAY mark the source address of the 515 packet as its primary. 517 An example TLV requesting that the IPv4 address 192.0.2.1 be made the 518 primary destination address would look as follows: 520 +--------------------------------+ 521 | Type=0xC004 | Length = 16 | 522 +--------------------------------+ 523 | C-ID = 0x01023479 | 524 +--------------------------------+ 525 | Type=5 | Length = 8 | 526 +----------------+---------------+ 527 | Value=0xC0000201 | 528 +----------------+---------------+ 530 Valid Chunk Appearance 532 The Set Primary IP Address parameter may appear in the ASCONF, the 533 INIT, or the INIT-ACK chunk type. The inclusion of this parameter in 534 the INIT or INIT-ACK can be used to indicate an initial preference of 535 primary address. 537 4.2.5. Success Indication 539 0 1 2 3 540 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 542 | Type = 0xC005 | Length = 8 | 543 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 | ASCONF-Response Correlation ID | 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 547 By default if a responding endpoint does not report an error for any 548 requested TLV, a success is implicitly indicated. Thus a sender of a 549 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 550 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 551 and the Sequence Number. 553 The responding endpoint MAY also choose to explicitly report a 554 success for a requested TLV, by returning a success report ASCONF 555 Parameter Response. 557 ASCONF-Response Correlation ID: 32 bits 559 This is an opaque integer assigned by the sender to identify each 560 request parameter. The receiver of the ASCONF Chunk will copy this 561 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 562 Response Correlation ID field so the peer can easily correlate the 563 request to this response. 565 Valid Chunk Appearance 567 The Success Indication parameter may only appear in the ASCONF-ACK 568 chunk type. 570 4.2.6. Adaptation Layer Indication 572 0 1 2 3 573 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 575 | Type =0xC006 | Length = 8 | 576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 577 | Adaptation Code point | 578 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 580 This parameter is specified for the communication of peer upper layer 581 protocols. It is envisioned to be used for flow control and other 582 adaptation layers that require an indication to be carried in the 583 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 584 to use this parameter MUST specify an adaptation code point in an 585 appropriate RFC defining its use and meaning. This parameter SHOULD 586 NOT be examined by the receiving SCTP implementation and should be 587 passed opaquely to the upper layer protocol. 589 Note: this parameter is not used in either the addition or deletion 590 of addresses but is for the convenience of the upper layer. This 591 document includes this parameter to minimize the number of SCTP 592 documents. 594 Valid Chunk Appearance 596 The Adaptation Layer Indication parameter may appear in INIT or INIT- 597 ACK chunk and SHOULD be passed to the receivers upper layer protocol 598 based upon the upper layer protocol configuration of the SCTP stack. 599 This parameter MUST NOT be sent in any other chunks and if it is 600 received in another chunk it MUST be ignored. 602 4.2.7. Supported Extensions Parameter 604 This parameter is used at startup to identify any additional 605 extensions that the sender supports. The sender MUST support both 606 the sending and the receiving of any chunk types listed within the 607 Supported Extensions Parameter. An implementation supporting this 608 extension MUST list the ASCONF,the ASCONF-ACK, and the AUTH chunks in 609 its INIT and INIT-ACK parameters. 611 0 1 2 3 612 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 613 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 614 | Parameter Type = 0x8008 | Parameter Length | 615 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 616 | CHUNK TYPE 1 | CHUNK TYPE 2 | CHUNK TYPE 3 | CHUNK TYPE 4 | 617 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 618 | .... | 619 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 620 | CHUNK TYPE N | PAD | PAD | PAD | 621 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 623 Parameter Type This field holds the IANA defined parameter type for 624 Supported Extensions Parameter. The suggested value of this field 625 for IANA is 0x8008. 627 Parameter Type Length This field holds the length of the parameter, 628 including the Parameter Type, Parameter Length and any addition 629 supported extensions. Note: the length MUST NOT include any padding. 631 CHUNK TYPE X This field(s) hold the chunk type of any SCTP 632 extension(s) that are currently supported by the sending SCTP. 633 Multiple chunk types may be defined listing each additional feature 634 that the sender supports. The sender MUST NOT include multiple 635 Supported Extensions Parameter within any chunk. 637 Parameter Appearance This parameter may appear in the INIT or INIT- 638 ACK chunk. This parameter MUST NOT appear in any other chunk. 640 4.3. New Error Causes 642 Five new Error Causes are added to the SCTP Operational Errors, 643 primarily for use in the ASCONF-ACK Chunk. 645 Cause Code 646 Value Cause Code 647 --------- ---------------- 648 0x0100 Request to Delete Last Remaining IP Address. 649 0x0101 Operation Refused Due to Resource Shortage. 650 0x0102 Request to Delete Source IP Address. 651 0x0103 Association Aborted due to illegal ASCONF-ACK. 652 0x0104 Request refused - no authorization. 654 Table 5: New Error Causes 656 4.3.1. Error Cause: Request to Delete Last Remaining IP Address 658 Cause of error 660 Request to Delete Last Remaining IP address: The receiver of this 661 error sent a request to delete the last IP address from its 662 association with its peer. This error indicates that the request is 663 rejected. 665 0 1 2 3 666 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 667 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 668 | Cause Code=0x0100 | Cause Length=Variable | 669 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 670 \ TLV-Copied-From-ASCONF / 671 / \ 672 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 674 An example of a failed delete in an Error Cause TLV would look as 675 follows in the response ASCONF-ACK message: 677 +--------------------------------+ 678 | Type = 0xC003 | Length = 28 | 679 +----------------+---------------+ 680 | C-ID = 0x01023476 | 681 +--------------------------------+ 682 | Cause=0x0100 | Length = 20 | 683 +----------------+---------------+ 684 | Type= 0xC002 | Length = 16 | 685 +----------------+---------------+ 686 | C-ID = 0x01023476 | 687 +--------------------------------+ 688 | Type=0x0005 | Length = 8 | 689 +----------------+---------------+ 690 | Value=0xC0000201 | 691 +----------------+---------------+ 693 4.3.2. Error Cause: Operation Refused Due to Resource Shortage 695 Cause of error 697 This error cause is used to report a failure by the receiver to 698 perform the requested operation due to a lack of resources. The 699 entire TLV that is refused is copied from the ASCONF into the error 700 cause. 702 0 1 2 3 703 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 704 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 705 | Cause Code=0x0101 | Cause Length=Variable | 706 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 707 \ TLV-Copied-From-ASCONF / 708 / \ 709 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 711 An example of a failed addition in an Error Cause TLV would look as 712 follows in the response ASCONF-ACK message: 714 +--------------------------------+ 715 | Type = 0xC003 | Length = 28 | 716 +--------------------------------+ 717 | C-ID = 0x01023474 | 718 +--------------------------------+ 719 | Cause=0x0101 | Length = 20 | 720 +----------------+---------------+ 721 | Type=0xC001 | Length = 16 | 722 +--------------------------------+ 723 | C-ID = 0x01023474 | 724 +--------------------------------+ 725 | Type=0x0005 | Length = 8 | 726 +----------------+---------------+ 727 | Value=0xC0000201 | 728 +----------------+---------------+ 730 4.3.3. Error Cause: Request to Delete Source IP Address 732 Cause of error 734 Request to Delete Source IP Address: The receiver of this error sent 735 a request to delete the source IP address of the ASCONF message. 736 This error indicates that the request is rejected. 738 0 1 2 3 739 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 740 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 741 | Cause Code=0x0102 | Cause Length=Variable | 742 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 743 \ TLV-Copied-From-ASCONF / 744 / \ 745 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 747 An example of a failed delete in an Error Cause TLV would look as 748 follows in the response ASCONF-ACK message: 750 +--------------------------------+ 751 | Type = 0xC003 | Length = 28 | 752 +--------------------------------+ 753 | C-ID = 0x01023476 | 754 +--------------------------------+ 755 | Cause=0x0102 | Length = 20 | 756 +----------------+---------------+ 757 | Type=0xC002 | Length = 16 | 758 +----------------+---------------+ 759 | C-ID = 0x01023476 | 760 +--------------------------------+ 761 | Type=0x0005 | Length = 8 | 762 +----------------+---------------+ 763 | Value=0xC0000201 | 764 +----------------+---------------+ 766 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 767 packet from the address being deleted, unless the endpoint does not 768 do proper source address selection. 770 4.3.4. Error Cause: Association Aborted due to illegal ASCONF-ACK 772 This error is to be included in an ABORT that is generated due to the 773 reception of an ASCONF-ACK that was not expected but is larger than 774 the current sequence number (see Section 5.3 Rule F0 ). Note: that a 775 sequence number is larger than the last ACKed sequence number if it 776 is either the next sequence or no more than 2**31-1 greater than the 777 current sequence number. Sequence numbers smaller than the last 778 acked sequence number are silently ignored. 780 0 1 2 3 781 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 782 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 783 | Cause Code=0x0103 | Cause Length=4 | 784 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 786 4.3.5. Error Cause: Request refused - no authorization. 788 Cause of error 790 This error cause may be included to reject a request based on local 791 security policies. 793 0 1 2 3 794 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 795 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 796 | Cause Code=0x0104 | Cause Length=Variable | 797 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 798 \ TLV-Copied-From-ASCONF / 799 / \ 800 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 802 5. Procedures 804 This section will lay out the specific procedures for address 805 configuration change chunk type and its processing. 807 5.1. ASCONF Chunk Procedures 809 When an endpoint has an ASCONF signaled change to be sent to the 810 remote endpoint it MUST do the following: 812 A1) Create an ASCONF Chunk as defined in Section 4.1.1. The chunk 813 MUST contain all of the TLV(s) of information necessary to be sent 814 to the remote endpoint, and unique correlation identities for each 815 request. 817 A2) A sequence number MUST be assigned to the Chunk. The sequence 818 number MUST be larger by one. The sequence number MUST be 819 initialized at the start of the association to the same value as 820 the Initial TSN and every time a new ASCONF Chunk is created it 821 MUST be incremented by one after assigning the sequence number to 822 the newly created chunk . 824 A3) If no SCTP packet with one or more ASCONF Chunk(s) is 825 outstanding (un-acknowledged) with the remote peer, send the chunk 826 and proceed to step A4. If an ASCONF chunk is outstanding, then 827 the ASCONF chunk should be queued for later transmission and no 828 further action should be taken until the previous ASCONF is 829 acknowledged or a time out occurs. 831 A4) The sender MUST Start a T-4 RTO timer, using the RTO value of 832 the selected destination address (normally the primary path; see 833 [I-D.ietf-tsvwg-2960bis] section 6.4 for details). 835 A5) When the ASCONF-ACK that acknowledges the sequence number last 836 sent arrives, the sender MUST stop the T-4 RTO timer, and clear 837 the appropriate association and destination error counters as 838 defined in [I-D.ietf-tsvwg-2960bis] section 8.1 and 8.2. 840 A6) The endpoint MUST process all of the TLVs within the ASCONF- 841 ACK(s) to find out particular status information returned to the 842 various requests that were sent. Use the Correlation IDs to 843 correlate the request and the responses. 845 A7) If an error response is received for a TLV parameter, all TLVs 846 with no response before the failed TLV are considered successful 847 if not reported. All TLVs after the failed response are 848 considered unsuccessful unless a specific success indication is 849 present for the parameter. 851 A8) If there is no response(s) to specific TLV parameter(s), and no 852 failures are indicated, then all request(s) are considered 853 successful. 855 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 856 that it did not recognize the ASCONF Chunk type, the sender of the 857 ASCONF MUST NOT send any further ASCONF Chunks and MUST stop its 858 T-4 timer. 860 If the T-4 RTO timer expires the endpoint MUST do the following: 862 B1) Increment the error counters and perform path failure detection 863 on the appropriate destination address as defined in 864 [I-D.ietf-tsvwg-2960bis] section 8.1 and 8.2. 866 B2) Increment the association error counters and perform endpoint 867 failure detection on the association as defined in 868 [I-D.ietf-tsvwg-2960bis] section 8.1 and 8.2. 870 B3) Back-off the destination address RTO value to which the ASCONF 871 chunk was sent by doubling the RTO timer value. 873 Note: The RTO value is used in the setting of all timer types for 874 SCTP. Each destination address has a single RTO estimate. 876 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 877 alternate destination address (please refer to 878 [I-D.ietf-tsvwg-2960bis] section 6.4.1). An endpoint MUST NOT add 879 new parameters to this chunk, it MUST be the same (including its 880 sequence number) as the last ASCONF sent. An endpoint MAY, 881 however, bundle an additional ASCONF with new ASCONF parameters 882 with the next sequence number. For details see Section 5.5 884 B5) Restart the T-4 RTO timer. Note: that if a different 885 destination is selected, then the RTO used will be that of the new 886 destination address. 888 Note: the total number of re-transmissions is limited by B2 above. 889 If the maximum is reached, the association will fail and enter into 890 the CLOSED state (see [I-D.ietf-tsvwg-2960bis] section 6.4.1 for 891 details). 893 5.1.1. Congestion Control of ASCONF Chunks 895 In defining the ASCONF Chunk transfer procedures, it is essential 896 that these transfers MUST NOT cause congestion within the network. 897 To achieve this, we place these restrictions on the transfer of 898 ASCONF Chunks: 900 C1) One and only one SCTP packet holding ASCONF Chunk(s) MAY be in 901 transit and unacknowledged at any one time. If a sender, after 902 sending an ASCONF chunk, decides it needs to transfer another 903 ASCONF Chunk, it MUST wait until the ASCONF-ACK Chunk returns from 904 the previous ASCONF Chunk before sending a subsequent ASCONF. 905 Note: this restriction binds each side, so at any time two ASCONF 906 may be in-transit on any given association (one sent from each 907 endpoint). However when an ASCONF Chunk is retransmitted due to a 908 time-out, the additional held ASCONF Chunks can be bundled into 909 the retransmission packet as described in Section 5.5. 911 C2) An ASCONF Chunk may be bundled with any other chunk type 912 including other ASCONF Chunks. If bundled with other ASCONF 913 Chunks, the chunks MUST appear in sequential order with respect to 914 their Sequence Number. 916 C3) An ASCONF-ACK Chunk may be bundled with any other chunk type 917 including other ASCONF-ACK Chunks. If bundled with other ASCONF- 918 ACK Chunks, the chunks MUST appear in sequential order with 919 respect to their Sequence Number. 921 C4) Both ASCONF and ASCONF-ACK Chunks MUST NOT be sent in any SCTP 922 state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and 923 SHUTDOWN-SENT. 925 C5) An ASCONF Chunk and an ASCONF-ACK Chunk SHOULD not be larger 926 than the PMTU. If the PMTU is unknown, then the PMTU should be 927 set to the minimum PMTU. The minimum PMTU depends on the IP 928 version used for transmission, and is the lesser of 576 octets and 929 the first-hop MTU for IPv4 [RFC1122] and 1280 octets for IPv6 930 [RFC2460]. 932 An ASCONF sender without these restrictions could possibly flood the 933 network with a large number of separate address change operations 934 thus causing network congestion. 936 If the sender of an ASCONF Chunk receives an Operational Error 937 indicating that the ASCONF Chunk type is not understood, then the 938 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 939 endpoint should also inform the upper layer application that the peer 940 endpoint does not support any of the extensions detailed in this 941 document. 943 5.2. Upon reception of an ASCONF Chunk. 945 When an endpoint receives an ASCONF Chunk from the remote peer 946 special procedures may be needed to identify the association the 947 ASCONF Chunk is associated with. To properly find the association 948 the following procedures SHOULD be followed: 950 D1) Use the source address and port number of the sender to attempt 951 to identify the association (i.e., use the same method defined in 952 [I-D.ietf-tsvwg-2960bis] used for all other SCTP Chunks). If 953 found proceed to rule D4. 955 D2) If the association is not found, use the address found in the 956 Address Parameter TLV combined with the port number found in the 957 SCTP common header. If found proceed to rule D4. 959 D2-ext) If more than one ASCONF Chunks are packed together, use the 960 address found in the ASCONF Address Parameter TLV of each of the 961 subsequent ASCONF Chunks. If found, proceed to rule D4. 963 D3) If neither D1, D2 nor D2-ext locates the association, treat the 964 chunk as an Out Of The Blue packet as defined in 965 [I-D.ietf-tsvwg-2960bis]. 967 D4) Follow the normal rules to validate the SCTP verification tag 968 found in [I-D.ietf-tsvwg-2960bis]. 970 D5) After the verification tag has been validated, normal chunk 971 processing should occur. Prior to finding the ASCONF chunk the 972 receiver MUST encounter an AUTH chunk as described in 973 [I-D.ietf-tsvwg-sctp-auth]. If either authentication fails, or 974 the AUTH chunk is missing, the receiver MUST silently discard this 975 chunk and the rest of the packet. 977 After identification and verification of the association, the 978 following should be performed to properly process the ASCONF Chunk: 980 E1) 982 If the value found in the sequence number of the ASCONF Chunk is 983 equal to the ('Peer-Sequence-Number' + 1) and the Sequence Number 984 of the ASCONF Chunk is the first in the SCTP Packet, the endpoint 985 MAY clean any old cached ASCONF-ACK up to the 'Peer-Sequence- 986 Number' and then proceed to rule E4. 988 E1-ext If the value found in the sequence number of the ASCONF Chunk 989 is equal to the ('Peer-Sequence-Number' + 1) and the ASCONF chunk 990 is NOT the first Sequence Number in the SCTP packet proceed to 991 rule E4 but do NOT clear any cached ASCONF-ACK or state 992 information. 993 E2) 995 If the value found in the sequence number is less than the ('Peer- 996 Sequence-Number' + 1), simply skip to the next ASCONF, and include 997 in the outbound response packet any previously cached ASCONF-ACK 998 response that was sent and saved that matches the sequence number 999 of the ASCONF. Note: it is possible that no cached ASCONF-ACK 1000 Chunk exists. This will occur when an older ASCONF arrives out of 1001 order. In such a case the receiver should skip the ASCONF Chunk 1002 and not include ASCONF-ACK Chunk for that chunk. 1004 E3) 1006 Then, process each ASCONF one by one as above while the Sequence 1007 Number of the ASCONF is less than the ('Peer-Sequence-Number' + 1008 1). 1010 E4) When the sequence number matches the next one expected, process 1011 the ASCONF as described below and after processing the ASCONF 1012 Chunk, append an ASCONF-ACK Chunk to the response packet and cache 1013 a copy of it (in the event it later needs to be retransmitted). 1015 V1) Process the TLVs contained within the Chunk performing the 1016 appropriate actions as indicated by each TLV type. The TLVs 1017 MUST be processed in order within the Chunk. For example, if 1018 the sender puts 3 TLVs in one chunk, the first TLV (the one 1019 closest to the Chunk Header) in the Chunk MUST be processed 1020 first. The next TLV in the chunk (the middle one) MUST be 1021 processed second and finally the last TLV in the Chunk MUST be 1022 processed last. 1024 V2) In processing the chunk, the receiver should build a response 1025 message with the appropriate error TLVs, as specified in the 1026 Parameter type bits for any ASCONF Parameter it does not 1027 understand. To indicate an unrecognized parameter, cause type 1028 8 as defined in the ERROR in 3.3.10.8 of 1029 [I-D.ietf-tsvwg-2960bis] should be used. The endpoint may also 1030 use the response to carry rejections for other reasons such as 1031 resource shortages etc, using the Error Cause TLV and an 1032 appropriate error condition. 1034 Note: a positive response is implied if no error is indicated 1035 by the sender. 1036 V3) 1038 All responses MUST copy the ASCONF-Request Correlation ID field 1039 received in the ASCONF parameter, from the TLV being responded 1040 to, into the ASCONF-Request Correlation ID field in the 1041 response parameter. 1043 V4) After processing the entire Chunk, the receiver of the ASCONF 1044 MUST queue the response ASCONF-ACK Chunk for transmission after 1045 the rest of the SCTP packet has been processed. This allows 1046 the ASCONF-ACK Chunk to be bundled with other ASCONF-ACK Chunks 1047 as well as any additional responses e.g. a SACK Chunk. 1049 V5) Update the 'Peer-Sequence-Number' to the value found in the 1050 sequence number field. 1052 E5) Otherwise, the ASCONF Chunk is discarded since it must be either 1053 a stale packet or from an attacker. A receiver of such a packet 1054 MAY log the event for security purposes. 1056 E6) When all ASCONF Chunks are processed for this SCTP packet, send 1057 back the accumulated single response packet with all of the 1058 ASCONF-ACK Chunks. The destination address of the SCTP packet 1059 containing the ASCONF-ACK Chunks MUST be the source address of the 1060 SCTP packet that held the ASCONF Chunks. 1062 E7) While processing the ASCONF Chunks in the SCTP packet, if the 1063 response packet will exceed the PMTU of the return path, the 1064 receiver MUST stop adding additional ASCONF-ACKs into the response 1065 packet but MUST continue to process all of the ASCONF Chunks, 1066 saving ASCONF-ACK Chunk responses in its cached copy. The sender 1067 of the ASCONF Chunk will later retransmit the ASCONF Chunks that 1068 were not responded to, at which time the cached copies of the 1069 responses that would NOT fit in the PMTU can be sent to the peer. 1071 Note: These rules have been presented with the assumption that the 1072 implementation is caching old ASCONF-ACKs in case of loss of SCTP 1073 packets in the ACK path. It is allowable for an implementation to 1074 maintain this state in another form it deems appropriate, as long as 1075 that form results in the same ASCONF-ACK sequences being returned to 1076 the peer as outlined above. 1078 5.3. General rules for address manipulation 1080 When building TLV parameters for the ASCONF Chunk that will add or 1081 delete IP addresses the following rules MUST be applied: 1083 F0) If an endpoint receives an ASCONF-ACK that is greater than or 1084 equal to the next sequence number to be used but no ASCONF Chunk 1085 is outstanding the endpoint MUST ABORT the association. Note: 1086 that a sequence number is greater than if it is no more than 1087 2^^31-1 larger than the current sequence number (using serial 1088 arithmetic). 1090 F1) When adding an IP address to an association, the IP address is 1091 NOT considered fully added to the association until the ASCONF-ACK 1092 arrives. This means that until such time as the ASCONF containing 1093 the add is acknowledged the sender MUST NOT use the new IP address 1094 as a source for ANY SCTP packet except on carrying an ASCONF 1095 Chunk. The receiver of the add IP address request may use the 1096 address as a destination immediately. The receiver MUST use the 1097 path verification procedure for the added address before using 1098 that address. The receiver MUST NOT send packets to the new 1099 address except for the corresponding ASCONF-ACK Chunk or HEARTBEAT 1100 Chunks for path verification before the new path is verified. If 1101 the ASCONF-ACK is sent to the new address it MAY be bundled with 1102 the HEARTBEAT chunk for path verification. 1104 F2) After the ASCONF-ACK of an IP address add arrives, the endpoint 1105 MAY begin using the added IP address as a source address for any 1106 type of SCTP chunk. 1108 F3a) If an endpoint receives an Error Cause TLV indicating that the 1109 IP address Add or IP address Deletion parameters was not 1110 understood, the endpoint MUST consider the operation failed and 1111 MUST NOT attempt to send any subsequent Add or Delete requests to 1112 the peer. 1114 F3b) If an endpoint receives an Error Cause TLV indicating that the 1115 IP address Set Primary IP Address parameter was not understood, 1116 the endpoint MUST consider the operation failed and MUST NOT 1117 attempt to send any subsequent Set Primary IP Address requests to 1118 the peer. 1120 F4) When deleting an IP address from an association, the IP address 1121 MUST be considered a valid destination address for the reception 1122 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 1123 as a source address for any subsequent packets. This means that 1124 any datagrams that arrive before the ASCONF-ACK destined to the IP 1125 address being deleted MUST be considered part of the current 1126 association. One special consideration is that ABORT Chunks 1127 arriving destined to the IP address being deleted MUST be ignored 1128 (see Section 5.3.1 for further details). 1130 F5) An endpoint MUST NOT delete its last remaining IP address from 1131 an association. In other words if an endpoint is NOT multi-homed 1132 it MUST NOT use the delete IP address without an add IP address 1133 preceding the delete parameter in the ASCONF Chunk. Or if an 1134 endpoint sends multiple requests to delete IP addresses it MUST 1135 NOT delete all of the IP addresses that the peer has listed for 1136 the requester. 1138 F6) An endpoint MUST NOT set an IP header source address for an SCTP 1139 packet holding the ASCONF Chunk to be the same as an address being 1140 deleted by the ASCONF Chunk. 1142 F7) If a request is received to delete the last remaining IP address 1143 of a peer endpoint, the receiver MUST send an Error Cause TLV with 1144 the error cause set to the new error code 'Request to Delete Last 1145 Remaining IP Address'. The requested delete MUST NOT be performed 1146 or acted upon, other than to send the ASCONF-ACK. 1148 F8) If a request is received to delete an IP address which is also 1149 the source address of the IP packet which contained the ASCONF 1150 chunk, the receiver MUST reject this request. To reject the 1151 request the receiver MUST send an Error Cause TLV set to the new 1152 error code 'Request to Delete Source IP Address' (unless Rule F5 1153 has also been violated, in which case the error code 'Request to 1154 Delete Last Remaining IP Address' is sent). 1156 F9) If an endpoint receives an ADD IP address request and does not 1157 have the local resources to add this new address to the 1158 association, it MUST return an Error Cause TLV set to the new 1159 error code 'Operation Refused Due to Resource Shortage'. 1161 F10) If an endpoint receives an 'Out of Resource' error in response 1162 to its request to ADD an IP address to an association, it must 1163 either ABORT the association or not consider the address part of 1164 the association. In other words if the endpoint does not ABORT 1165 the association, it must consider the add attempt failed and NOT 1166 use this address since its peer will treat SCTP packets destined 1167 to the address as Out Of The Blue packets. 1169 F11) When an endpoint receiving an ASCONF to add an IP address sends 1170 an 'Out of Resource' in its response, it MUST also fail any 1171 subsequent add or delete requests bundled in the ASCONF. The 1172 receiver MUST NOT reject an ADD and then accept a subsequent 1173 DELETE of an IP address in the same ASCONF Chunk. In other words, 1174 once a receiver begins failing any ADD or DELETE request, it must 1175 fail all subsequent ADD or DELETE requests contained in that 1176 single ASCONF. 1178 F12) When an endpoint receives a request to delete an IP address 1179 that is the current primary address, it is an implementation 1180 decision as to how that endpoint chooses the new primary address. 1182 F13) When an endpoint receives a valid request to DELETE an IP 1183 address the endpoint MUST consider the address no longer as part 1184 of the association. It MUST NOT send SCTP packets for the 1185 association to that address and it MUST treat subsequent packets 1186 received from that address as Out Of The Blue. 1188 During the time interval between sending out the ASCONF and 1189 receiving the ASCONF-ACK it MAY be possible to receive DATA Chunks 1190 out of order. The following examples illustrate these problems: 1192 F14) All addresses added by the reception of an ASCONF chunk MUST be 1193 put into the unconfirmed state and MUST have path verification 1194 performed on them before the address can be used as described in 1195 [I-D.ietf-tsvwg-2960bis] section 5.4. 1197 Endpoint-A Endpoint-Z 1198 ---------- ---------- 1199 ASCONF[Add-IP:X]------------------------------> 1200 /--ASCONF-ACK 1201 / 1202 /--------/---New DATA: 1203 / / Destination 1204 <-------------------/ / IP:X 1205 / 1206 <--------------------------/ 1208 In the above example we see a new IP address (X) being added to the 1209 Endpoint-A. However due to packet re-ordering in the network a new 1210 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 1211 confirming the add of the address to the association. 1213 A similar problem exists with the deletion of an IP address as 1214 follows: 1216 Endpoint-A Endpoint-Z 1217 ---------- ---------- 1218 /------------New DATA: 1219 / Destination 1220 / IP:X 1221 ASCONF [DEL-IP:X]---------/----------------> 1222 <-----------------/------------------ASCONF-ACK 1223 / 1224 / 1225 <-------------/ 1227 In this example we see a DATA chunk destined to the IP:X (which is 1228 about to be deleted) arriving after the deletion is complete. For 1229 the ADD case an endpoint SHOULD consider the newly adding IP address 1230 valid for the association to receive data from during the interval 1231 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1232 this new address until the ASCONF-ACK arrives but it may receive out 1233 of order data as illustrated and MUST NOT treat this data as an OOTB 1234 datagram (please see [I-D.ietf-tsvwg-2960bis] section 8.4). It MAY 1235 drop the data silently or it MAY consider it part of the association 1236 but it MUST NOT respond with an ABORT. 1238 For the DELETE case, an endpoint MAY respond to the late arriving 1239 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1240 address for a small period of time as still valid. If it treats the 1241 DATA packet as an OOTB the peer will silently discard the ABORT 1242 (since by the time the ABORT is sent the peer will have removed the 1243 IP address from this association). If the endpoint elects to hold 1244 the IP address valid for a period of time, it MUST NOT hold it valid 1245 longer than 2 RTO intervals for the destination being removed. 1247 5.3.1. A special case for OOTB ABORT Chunks 1249 Another case worth mentioning is illustrated below: 1251 Endpoint-A Endpoint-Z 1252 ---------- ---------- 1254 New DATA:------------\ 1255 Source IP:X \ 1256 \ 1257 ASCONF-REQ[DEL-IP:X]----\------------------> 1258 \ /---------ASCONF-ACK 1259 \ / 1260 \----/-----------> OOTB 1261 (Ignored <---------------------/-------------ABORT 1262 by rule F4) / 1263 <---------------------/ 1265 For this case, during the deletion of an IP address, an Abort MUST be 1266 ignored if the destination address of the Abort message is that of a 1267 destination being deleted. 1269 5.3.2. A special case for changing an address. 1271 In some instances the sender may only have one IP address in an 1272 association that is being renumbered. When this occurs, the sender 1273 may not be able to send to the peer the appropriate ADD/DELETE pair 1274 and use the old address as a source in the IP header. For this 1275 reason the sender MUST fill in the Address Parameter field with an 1276 address that is part of the association (in this case the one being 1277 deleted). This will allow the receiver to locate the association 1278 without using the source address found in the IP header. 1280 The receiver of such a chunk MUST always first use the source address 1281 found in the IP header in looking up the association. The receiver 1282 should attempt to use the address found in the Address Parameter 1283 field only if the lookup fails using the source address from the IP 1284 header. The receiver MUST reply to the source address of the packet 1285 in this case which is the new address that was added by the ASCONF 1286 (since the old address is no longer a part of the association after 1287 processing). 1289 5.4. Setting of the primary address 1291 A sender of this option MAY elect to send this combined with a 1292 deletion or addition of an address. A sender MUST only send a set 1293 primary request to an address that is already considered part of the 1294 association. In other words if a sender combines a set primary with 1295 an add of a new IP address the set primary will be discarded unless 1296 the add request is to be processed BEFORE the set primary (i.e., it 1297 precedes the set primary). 1299 A request to set primary MAY also appear in an INIT or INIT-ACK 1300 chunk. This can give advice to the peer endpoint as to which of its 1301 addresses the sender of the INIT or INIT-ACK would prefer to be used 1302 as the primary address. 1304 The request to set an address as the primary path is an option the 1305 receiver SHOULD perform. It is considered advice to the receiver of 1306 the best destination address to use in sending SCTP packets (in the 1307 requester's view). If a request arrives that asks the receiver to 1308 set an address as primary that does not exist, the receiver SHOULD 1309 NOT honor the request, leaving its existing primary address 1310 unchanged. 1312 5.5. Bundling of multiple ASCONFs 1314 In the normal case a single ASCONF is sent in a packet and a single 1315 reply ASCONF-ACK is received. However, in the event of the loss of 1316 an SCTP packet containing either an ASCONF or ASCONF-ACK it is 1317 allowable for a sender to bundle additional ASCONFs in the 1318 retransmission. In bundling multiple ASCONFs the following rules 1319 MUST be followed: 1320 1. Previously transmitted ASCONF Chunks MUST be left unchanged. 1321 2. Each SCTP packet containing ASCONF Chunks MUST be bundled 1322 starting with the smallest ASCONF Sequence Number first in the 1323 packet (closest to the Chunk header) and preceding in sequential 1324 order from lowest to highest ASCONF Sequence Number. 1325 3. All ASCONFs within the packet MUST be adjacent to each other 1326 i.e., no other chunk type must separate the ASCONFs. 1327 4. Each new ASCONF lookup address MUST be populated as if the 1328 previous ASCONFs had been processed and accepted. 1330 6. Security Considerations 1332 The addition and or deletion of an IP address to an existing 1333 association does provide an additional mechanism by which existing 1334 associations can be hijacked. Therefore this document requires the 1335 use of the authentication mechanism defined in 1336 [I-D.ietf-tsvwg-sctp-auth] to limit the ability of an attacker to 1337 hijack an association. 1339 Hijacking an association by using the addition and deletion of an IP 1340 address is only possible for an attacker who is able to intercept the 1341 initial two packets of the association setup when the SCTP-AUTH 1342 extension is used without pre-shared keys. If such a threat is 1343 considered a possibility, then the [I-D.ietf-tsvwg-sctp-auth] 1344 extension MUST be used with a preconfigured shared end-point pair key 1345 to mitigate this threat. For a more detailed analysis see 1347 [I-D.ietf-tsvwg-sctp-auth]. 1349 When the address parameter in ASCONF chunks with Add, IP Delete IP, 1350 or Set Primary IP parameters is a wildcard, the source address of the 1351 packet is used. This address is not protected by SCTP-AUTH 1352 [I-D.ietf-tsvwg-sctp-auth] and an attacker can therefore intercept 1353 such a packet and modify the source address. Even if the source 1354 address is not one presently an alternate for the association, the 1355 identification of the association may rely on the other information 1356 in the packet (perhaps the verification tag, for example). An on- 1357 path attacker can therefore modify the source address to its liking. 1359 If the ASCONF includes an Add IP with a wildcard address, the 1360 attacker can add an address of its liking, which provides little 1361 immediate damage but can set up later attacks. 1363 If the ASCONF includes a Delete IP with a wildcard address, the 1364 attacker can cause all addresses but one of its choosing to be 1365 deleted from an association. The address supplied by the attacker 1366 must already belong to the association, which makes this more 1367 difficult for the attacker. However, the sole remaining address 1368 might be one that the attacker controls, for example, or can monitor, 1369 etc. The least result is the sender and the deceived receiver would 1370 have different ideas of what that sole remaining address would be. 1371 This will eventually cause the association to fail, but in the 1372 meantime, the deceived receiver could be transmitting packets to an 1373 address the sender did not intend. 1375 If the ASCONF includes a Set Primary IP with a wildcard address, then 1376 the attacker can cause an address to be used as a primary address. 1377 This is limited to an address that already belongs to the 1378 association, so the damage is limited. At least, the result would be 1379 that the recipient is using a primary address that the sender did not 1380 intend. However, if both a wildcard Add IP and a wildcard Set 1381 Primary IP are used, then the attacker can modify the source address 1382 to both add an address to its liking to the association and make it 1383 the primary address. Such a combination would present the attacker 1384 with opportunity for more damage. 1386 Note that all these attacks are from an on-path attacker. Endpoints 1387 that believe they face a threat from on-path attackers SHOULD NOT use 1388 wildcard addresses in ASCONF Add IP, Delete IP or Set Primary IP 1389 parameters. 1391 If an SCTP endpoint that supports this extension receives an INIT 1392 that indicates that the peer supports the ASCONF extension but does 1393 NOT support the [I-D.ietf-tsvwg-sctp-auth] extension, the receiver of 1394 such an INIT MUST send an ABORT in response to such an INIT. Note: 1396 that an implementation is allowed to silently discard such an INIT as 1397 an option as well but under NO circumstance is an implementation 1398 allowed to proceed with the association setup by sending an INIT-ACK 1399 in response. 1401 An implementation that receives an INIT-ACK that indicates that the 1402 peer does not support the [I-D.ietf-tsvwg-sctp-auth] extension MUST 1403 NOT send the COOKIE-ECHO to establish the association. Instead the 1404 implementation MUST discard the INIT-ACK and report to the upper 1405 layer user that an association cannot be established destroying the 1406 TCB. 1408 Other types of attacks, e.g. bombing, are discussed in detail in 1409 [I-D.ietf-tsvwg-sctpthreat]. The bombing attack, in particular, is 1410 countered by the use of a random nonce and is required by 1411 [I-D.ietf-tsvwg-2960bis]. 1413 An on-path attacker can modify the INIT and INIT-ACK Supported 1414 Extensions parameter (and authentication related parameters) to 1415 produce a denial of service. If the on-path attacker removes the 1416 [I-D.ietf-tsvwg-sctp-auth] related parameters from an INIT that 1417 indicates it supports the ASCONF extension, the association will not 1418 be established. If the on-path attacker adds a Supported Extensions 1419 parameter mentioning the ASCONF type to an INIT or INIT-ACK that does 1420 not carry any AUTH related parameters, the association will not be 1421 established. If the on-path attacker removes the Supported 1422 Extensions parameter (or removes the ASCONF type from that parameter) 1423 from the INIT or the INIT-ACK, then the association will not be able 1424 to use the ADD-IP feature. If the on-path attacker adds the 1425 Supported Extensions parameter listing the ASCONF type to an INIT-ACK 1426 that did not carry one (but did carry AUTH related parameters), then 1427 the INIT sender may use ASCONF where the INIT-ACK sender does not 1428 support it. This would be discovered later if the INIT sender 1429 transmitted an ASCONF, but the INIT sender could have made 1430 configuration choices at that point. As the INIT and INIT-ACK are 1431 not protected by the AUTH feature, there is no way to counter such 1432 attacks. Note however that an on-path attacker capable of modifying 1433 the INIT and INIT-ACK would almost certainly also be able to prevent 1434 the INIT and INIT-ACK from being delivered or modify the verification 1435 tags or checksum to cause the packet to be discarded, so the 1436 Supported Extensions adds little additional vulnerability (with 1437 respect to preventing association formation) to the SCTP protocol. 1438 The ability to prevent the use of this new feature is an additional 1439 vulnerability to SCTP but only for this new feature. 1441 The Adaptation Layer Indication is subject to corruption, insertion 1442 or deletion from the INIT and INIT-ACK chunks by an on-path attacker. 1443 This parameter SHOULD be opaque to the SCTP protocol (see section 1444 4.2.6), and so changes to the parameter will likely not affect the 1445 SCTP protocol. However, any adaptation layer that is defined SHOULD 1446 consider its own vulnerabilities in the security considerations 1447 section of the RFC that defines its adaptation code point. 1449 The Set Primary IP Address parameter is subject to corruption, 1450 insertion or deletion by an on-path attacker when included in the 1451 INIT and INIT-ACK chunks. The attacker could use this to influence 1452 the receiver to choose an address to its own purposes (one over which 1453 it has control, one that would be less desirable for the sender, 1454 etc.). An on-path attacker would also have the ability to include or 1455 remove addresses for the association from the INIT or INIT-ACK, so it 1456 is not limited in the address it can specify in the Set Primary IP 1457 Address. Endpoints that wish to avoid this possible threat MAY defer 1458 sending the initial Set Primary request and wait until the 1459 association is fully established before sending a fully protected 1460 ASCONF with the Set Primary as its single parameter. 1462 7. IANA considerations 1464 This document defines the following new SCTP parameters, chunks and 1465 errors (http://www.iana.org/assignments/sctp-parameters): 1467 o Two new chunk types, 1468 o Six parameter types, and 1469 o Five new SCTP error causes. 1471 One of the two new chunk types must come from the range of chunk 1472 types where the upper two bits are one, we recommend 0xC1 but any 1473 other available code point with the upper bits set is also 1474 acceptable. The second chunk type must come from the range where 1475 only the upper bit is set to one. We recommend 0x80 but any other 1476 available code point with the upper bit set is also acceptable. The 1477 chunk types with there suggested values are shown below. 1479 Chunk Type Chunk Name 1480 -------------------------------------------------------------- 1481 0xC1 Address Configuration Change Chunk (ASCONF) 1482 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 1484 All of the parameter types, with the exception of the supported 1485 parameters extension, must come from the range of types where the 1486 upper two bits are set, we recommend 0xC001 - 0xC006, as shown below. 1487 The supported parameters type extension must come from the range 1488 where only the upper bit is set, we recommend 0x8008. Note: that for 1489 any of these values a different unique parameter type may be assigned 1490 by IANA as long as the upper bits correspond to the ones specified in 1491 this document. The suggested parameter types are listed below: 1493 Parameter Type Parameter Name 1494 ------------------------------------------------- 1495 0x8008 Supported Extensions 1496 0xC001 Add IP Address 1497 0xC002 Delete IP Address 1498 0xC003 Error Cause Indication 1499 0xC004 Set Primary Address 1500 0xC005 Success Indication 1501 0xC006 Adaptation Layer Indication 1503 The five new error causes can be any value, in this document we have 1504 used 0x0100-0x0104 in an attempt to separate these from the common 1505 ranges of error codes. Any other unassigned values are also 1506 acceptable. The suggested error causes are listed below:. 1508 Cause Code 1509 Value Cause Code 1510 --------- ---------------- 1511 0x0100 Request to Delete Last Remaining IP Address. 1512 0x0101 Operation Refused Due to Resource Shortage. 1513 0x0102 Request to Delete Source IP Address. 1514 0x0103 Association Aborted due to illegal ASCONF-ACK 1515 0x0104 Request refused - no authorization. 1517 This document also defines an Adaptation code point. The adaptation 1518 code point is a 32 bit integer that is assigned by IANA through an 1519 IETF Consensus action as defined in [RFC2434]. For this new registry 1520 no initial values are being added by this document, however 1521 draft-ietf-rddp-sctp will add the first entry. 1523 8. Acknowledgments 1525 The authors would like to express a special note of thanks to Michael 1526 Ramahlo and Phillip Conrad for their extreme efforts in the early 1527 formation of this draft. 1529 The authors wish to thank Jon Berger, Mark Butler, Lars Eggert, 1530 Janardhan Iyengar, Greg Kendall, Seok Koh, Salvatore Loreto, Peter 1531 Lei, John Loughney, Sandy Murphy, Ivan Arias Rodriguez, Renee Revis, 1532 Marshall Rose, Ronnie Sellars, Chip Sharp, and Irene Ruengeler for 1533 their invaluable comments. 1535 The authors would also like to give special mention to Maria-Carmen 1536 Belinchon and Ian Rytina for there early contributions to this 1537 document and their thoughtful comments. 1539 And a special thanks to James Polk, abstract writer to the few but 1540 lucky. 1542 9. References 1544 9.1. Normative References 1546 [RFC1122] Braden, R., "Requirements for Internet Hosts - 1547 Communication Layers", STD 3, RFC 1122, October 1989. 1549 [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, 1550 August 1996. 1552 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1553 Requirement Levels", BCP 14, RFC 2119, March 1997. 1555 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1556 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 1557 October 1998. 1559 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1560 (IPv6) Specification", RFC 2460, December 1998. 1562 [I-D.ietf-tsvwg-2960bis] 1563 Stewart, R., "Stream Control Transmission Protocol", 1564 draft-ietf-tsvwg-2960bis-05 (work in progress), June 2007. 1566 [I-D.ietf-tsvwg-sctp-auth] 1567 Tuexen, M., "Authenticated Chunks for Stream Control 1568 Transmission Protocol (SCTP)", 1569 draft-ietf-tsvwg-sctp-auth-08 (work in progress), 1570 February 2007. 1572 9.2. Informative References 1574 [I-D.ietf-tsvwg-sctpthreat] 1575 Stewart, R., "Security Attacks Found Against SCTP and 1576 Current Countermeasures", draft-ietf-tsvwg-sctpthreat-05 1577 (work in progress), June 2007. 1579 Appendix A. Abstract Address Handling 1581 A.1. General remarks 1583 This appendix is non-normative. It is present to give the reader a 1584 concise mathematical definition of an SCTP endpoint. The following 1585 text provides a working definition of the endpoint notion to discuss 1586 address reconfiguration. It is not intended to restrict 1587 implementations in any way, its goal is to provide a set of 1588 definitions only. Using these definitions should make a discussion 1589 about address issues easier. 1591 A.2. Generalized endpoints 1593 A generalized endpoint is a pair of a set of IP addresses and a port 1594 number at any given point of time. The precise definition is as 1595 follows: 1597 A generalized endpoint gE at time t is given by 1599 gE(t) = ({IP1, ..., IPn}, Port) 1601 where {IP1, ..., IPn} is a non empty set of IP addresses. 1603 Please note that the dynamic addition and deletion of IP-addresses 1604 described in this document allows the set of IP-addresses of a 1605 generalized endpoint to be changed at some point of time. The port 1606 number can never be changed. 1608 The set of IP addresses of a generalized endpoint gE at a time t is 1609 defined as 1611 Addr(gE)(t) = {IP1, ..., IPn} 1613 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1615 The port number of a generalized endpoint gE is defined as 1617 Port(gE) = Port 1619 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1621 There is one fundamental rule which restricts all generalized 1622 endpoints: 1624 For two different generalized endpoints gE' and gE'' with the same 1625 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1626 Addr(gE'')(t) must be disjoint at every point of time. 1628 A.3. Associations 1630 Associations consists of two generalized endpoints and the two 1631 address sets known by the peer at any time. The precise definition 1632 is as follows: 1634 An association A between to different generalized endpoints gE' and 1635 gE'' is given by 1637 A = (gE', S', gE'', S'') 1639 where S'(t) and S''(t) are set of addresses at any time t such that 1640 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1641 subset of Addr(gE'')(t). 1643 If A = (gE', S', gE'', S'') is an association between the generalized 1644 endpoints gE' and gE'' the following notion is used: 1646 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1648 If the dependency on time is important the notion Addr(A, gE')(t) = 1649 S'(t) will be used. 1651 If A is an association between gE' and gE'' then Addr(A, gE') is the 1652 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1654 Association establishment between gE' and gE'' can be seen as: 1656 1. gE' and gE'' do exist before the association. 1657 2. If an INIT has to be send from gE' to gE'' address scoping rules 1658 and other limitations are applied to calculate the subset S' from 1659 Addr(gE'). The addresses of S' are included in the INIT chunk. 1660 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1661 rules and other limitations are applied to calculate the subset 1662 S'' from Addr(gE''). The addresses of S'' are included in the 1663 INIT-ACK chunk. 1664 4. After the handshake the association A = (gE', S', gE'', S'') has 1665 been established. 1666 5. Right after the association establishment Addr(A, gE') and 1667 Addr(A, gE'') are the addresses which have been seen on the wire 1668 during the handshake. 1670 A.4. Relationship with RFC 4960 1672 [I-D.ietf-tsvwg-2960bis] defines the notion of an endpoint. This 1673 subsection will show that these endpoints are also (special) 1674 generalized endpoints. 1676 [I-D.ietf-tsvwg-2960bis] has no notion of address scoping or other 1677 address handling limitations and provides no mechanism to change the 1678 addresses of an endpoint. 1680 This means that an endpoint is simply a generalized endpoint which 1681 does not depend on the time. Neither the Port nor the address list 1682 changes. 1684 During association setup no address scoping rules or other 1685 limitations will be applied. This means that for an association A 1686 between two endpoints gE' and gE'' the following is true: 1688 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1690 A.5. Rules for address manipulation 1692 The rules for address manipulation can now be stated in a simple way: 1693 1. An address can be added to a generalized endpoint gE only if this 1694 address is not an address of a different generalized endpoint 1695 with the same port number. 1696 2. An address can be added to an association A with generalized 1697 endpoint gE if it has been added to the generalized endpoint gE 1698 first. This means that the address must be an element of 1699 Addr(gE) first and then it can become an element of Addr(A, gE). 1700 But this is not necessary. If the association does not allow the 1701 reconfiguration of the addresses only Addr(gE) can be modified. 1702 3. An address can be deleted from an association A with generalized 1703 endpoint gE as long as Addr(A, gE) stays non-empty. 1704 4. An address can be deleted from an generalized endpoint gE only if 1705 it has been removed from all associations having gE as a 1706 generalized endpoint. 1708 These rules simply make sure that the rules for the endpoints and 1709 associations given above are always fulfilled. 1711 Authors' Addresses 1713 Randall R. Stewart 1714 Cisco Systems, Inc. 1715 4875 Forest Drive 1716 Suite 200 1717 Columbia, SC 29206 1718 US 1720 Phone: 1721 Email: rrs@cisco.com 1722 Qiaobing Xie 1723 Motorola, Inc. 1724 1501 W. Shure Drive, #2309 1725 Arlington Heights, IL 60004 1726 USA 1728 Phone: +1-847-632-3028 1729 Email: qxie1@email.mot.com 1731 Michael Tuexen 1732 Univ. of Applied Sciences Muenster 1733 Stegerwaldstr. 39 1734 48565 Steinfurt 1735 Germany 1737 Email: tuexen@fh-muenster.de 1739 Shin Maruyama 1740 Kyoto University 1741 Yoshida-Honmachi 1742 Sakyo-ku 1743 Kyoto, Kyoto 606-8501 1744 JAPAN 1746 Phone: +81-75-753-7468 1747 Email: mail@marushin.gr.jp 1749 Masahiro Kozuka 1750 Kyoto University 1751 Yoshida-Honmachi 1752 Sakyo-ku 1753 Kyoto, Kyoto 606-8501 1754 JAPAN 1756 Phone: +81-75-753-7468 1757 Email: ma-kun@kozuka.jp 1759 Full Copyright Statement 1761 Copyright (C) The IETF Trust (2007). 1763 This document is subject to the rights, licenses and restrictions 1764 contained in BCP 78, and except as set forth therein, the authors 1765 retain all their rights. 1767 This document and the information contained herein are provided on an 1768 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1769 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1770 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1771 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1772 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1773 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1775 Intellectual Property 1777 The IETF takes no position regarding the validity or scope of any 1778 Intellectual Property Rights or other rights that might be claimed to 1779 pertain to the implementation or use of the technology described in 1780 this document or the extent to which any license under such rights 1781 might or might not be available; nor does it represent that it has 1782 made any independent effort to identify any such rights. Information 1783 on the procedures with respect to rights in RFC documents can be 1784 found in BCP 78 and BCP 79. 1786 Copies of IPR disclosures made to the IETF Secretariat and any 1787 assurances of licenses to be made available, or the result of an 1788 attempt made to obtain a general license or permission for the use of 1789 such proprietary rights by implementers or users of this 1790 specification can be obtained from the IETF on-line IPR repository at 1791 http://www.ietf.org/ipr. 1793 The IETF invites any interested party to bring to its attention any 1794 copyrights, patents or patent applications, or other proprietary 1795 rights that may cover technology that may be required to implement 1796 this standard. Please address the information to the IETF at 1797 ietf-ipr@ietf.org. 1799 Acknowledgment 1801 Funding for the RFC Editor function is provided by the IETF 1802 Administrative Support Activity (IASA).