This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
TCP and UDP are the most popular protocols used at the transport layer. These protocols are however not always adequate for present application needs. Stream Control Transport Protocol (SCTP) is another transport layer protocol that was primarily developed to transport telephone (PSTN) signalling messages over IP Networks, but later emerged as a transport layer protocol. Transport layer protocols provide end to end data transportation to applications in the host. On the internet they are built upon the IP layer and use the services offered by it to transport data to the application layer . The transport layer protocols provides services like reliability, connection oriented data transportation, congestion control etc.
1.2 Problems Studied
TCP is becoming inadequate to support requirements of modern networks. SCTP is proposed to be a next generation transport protocol which satisfies requirements of present modern networks which are unavailable with TCP . The Goal of this thesis is to identify main features of SCTP and in particular to check how SCTP can perform well as next generation transport protocol. This report evaluates and addresses the limitations and poor performance issues of TCP with respect to SCTP. In this thesis project we considered two important features to be evaluated by doing a practical implementation and then also comparing the results with our literature references. Other problems are intended to be studied mainly by doing literature studies about the operation mechanisms involved in cookie handling and load balancing in Multi-homed host, present limitations and the available solutions.
Below mentioned are the research questions which we try to find out by using our research methodology
- TCP has no built in support for Multi-homing and unstable for network failures . SCTP supports multi homing and provides better Network redundancy.
- TCP vs. SCTP transport performance in terms of throughput over wireless communication links.
- Three-way hand shake mechanism is not good enough for providing security in a TCP enabled network (TCP SYN attacks). SCTP can solve the security issues up to certain extent by introducing four-way Handshake mechanism.
- Simply providing support to multi-homing is not good enough by wasting the bandwidth of an idle link. CMT-SCTP is an extension to SCTP to achieve load balancing in a multi-homed host. What is the state of art of CMT-SCTP?
1.3 Approach Chosen to Solve the Problem
We have run experimental tests using real network to produce results for first two tasks and theoretical study to evaluate next two tasks. Our network topology consists of two computers connected, operating on Ubuntu desktop edition 10.10. Tools that we used in our experiments are Sctp_darn , Iperf and wireshark (detailed information is presented in section 5).
The methodology involves inspecting the failover mechanism of a multi-homed host implemented in LKSCTP (kernel implementation of SCTP protocol and libraries for Linux environment) in a real-time network. Sctp_darn is a simple tool to establish client server connection using SCTP protocol. To simulate a multi-homing connection hosts must be reached by more than one transport addresses, generally laptops are equipped with one Ethernet card and a wireless adapter. So using laptops will create a heterogeneous network and establish an association by using two transport addresses.
And we described our theoretical analysis about SCTP four way handshake mechanisms, the role of cookie in mitigating SYN attacks during association establishment. This literature study also involves studying what is CMT-SCTP and presenting current challenges involved in improving throughput.
1.4 Structure of the thesis
This thesis report is divided in to 7 important sections. It starts with the Introduction of the thesis and in the second section gives a brief view about the background and terminology related to SCTP. In section 3 we explained about the Transmission Control Protocol and some of its limitations and how SCTP can overcome those limitations. Section 4 gives a detailed explanation about SCTP and its unique features. Section 5 is about the topology, hardware and software configuration that we used in our experiments. Section 6 gives the descriptions of the test results and analysis of the tasks that we have done in our thesis. This report ends with conclusion and suggestions to future work.
SCTP association is similar to connection in TCP. SCTP supports Multi-homing and an SCTP association can be uniquely identified by a transport address or set of transport addresses.
Chunk is a small unit in SCTP Packet. A SCTP packet contains number of chunks containing information including data, control information (INIT, ABORT, SHUTDOWN etc).
Multi-homed host is an end device which can be addressed by more than one IP address.
Transmission Sequence Number which is used to identify the order of the packet (same in TCP).
T3_rtx is the Value of the Retransmission Time Out (RTO).
Used to specify the TSN of the last received chunk in sequence.
Sender needs to maintain copies data transmitted in its retransmission queue in case of retransmissions.
Sender has no responsibly of data which is acknowledged as Non-revocable. It can remove the data from its retransmission queue.
Performance of the Transport Protocols plays a key role in providing better communication between two end devices. TCP is treated as major transport protocol because of its valuable features such as reliability, flow control, congestion control. Many enhancements and new implementations has been done to improve its efficiency and also to meet current modern network needs. But the core operation (defined in RFC 793) remained the same and with no support to multi-homing (which became very common in current modern devices) TCP failed in using full potential of modern networks. Some of its features like Strict order and Byte-oriented delivery mechanisms became as limitations to some applications, example VOIP applications.
SCTP is a general purpose transport protocol similar to TCP and UDP. Since the standardization of SCTP it has undergone to numerous improvements. Some extra features were added as protocol extensions like SCTP partial reliability extension (RFC 3758), SCTP dynamic address reconfiguration (RFC 5061). It offers similar services like TCP and some other additional features which are intended to support enhanced requirements of modern IP networks, where TCP is in adequate such as Multi-homing , Message-oriented data transmission, mitigating security attacks and few more[1,2]. As SCTP is designed for PSTN signalling over IP networks, it is a mandatory protocol for SS7 based PSTN signalling and Reliable Server Pooling Protocol Frame work 
Many research works has been done on the performance of SCTP in different areas like as satellite communications, broadband networks, for multimedia traffic and web applications etc most of them were done using simulators like ns2, OMNET++. Few works has been done using real networks. Currently few applications are available in the market which uses SCTP. SCTP protocol implementations are in developing stage in various operating systems. Our work also has done using real network in lab environment.
3. Transmission Control Protocol
Transmission Control Protocol (TCP) is an end-to-end reliable transport protocol between two hosts in packet-switched networks. Many applications in this internet world rely on TCP especially World Wide Web. TCP offers full-duplex, connection-oriented, guaranteed delivery of data in end- end communications. Two end points need to establish connection via three-way handshake mechanism before they can exchange data (see Section 6.3.1). It also implements flow control mechanisms to limit the sender not to overrun the receiver with data and congestion control to avoid negative effects of congestion.
3.1 TCP header
TCP receives data from the application layer and then encapsulates it into a TCP segment, by adding TCP header. A TCP header follows the internet Protocol header providing specific information related to TCP protocol . Fig 3.1 shows the layout of the TCP header.
The size of the TCP header varies from 20 bytes to the variable size of the Options field (optional) plus padding zero to 4-byte multiple. Source port and Destination port with each of size 16 bits specifies the corresponding port number. Sequence number is the number of first data octet in the segment, in case if it is a SYN segment this will be the initial sequence number. Acknowledgement number is the next sequence number that is expected receive by the sender of the segment. Data offset (4 bits) specifies the beginning of the data. Reserved field (6 bits) is for future use supplied with zeros. Control bits (6 bits) used to control connection. Window (16 bits) is the size of data that the sender of the segment is willing or able to receive. Checksum (16 bits) is used to check errors or misrouted segments. Urgent Pointer indicates the sequence of last urgent data byte .
3.2 Flow control
TCP uses the sliding window mechanism to control the flow of data between sender and receiver . By using the window field in the TCP header the sender of the packet specifies the amount of data that it is willing to receive. A sender cannot send segments which are larger than window size, it needs to wait for updates from the receiver before it transmits any new data.
3.3 Congestion control algorithms
3.3.1 Slow start &Congestion Avoidance
Slow start uses two window variables, one is congestion window (cwnd) maintained by sender, and the other one is advertised window advertised buffer space available at the receiver. A TCP sender can transmit segments up to the window size of the connection. The value of the window size is set to the minimum of cwnd and advertised window. When a connection is established then the cwnd is initialized to one segment. Each time an ACK is received from the receiver cwnd will be doubled, i.e. cwnd will be incremented from one to two, two to four and four to eight like this until it reaches maximum network capacity .
Congestion avoidance uses another variable called slow start threshold (ssthresh) with an initial value assigned to 65535 bytes . When a TCP sender detects packet loss in the network, it enters in to congestion avoidance state and changes the ssthresh value to one half of the current window size . A packet loss can be detected either by time out or by DUPACK. If it is because of time out then the TCP sender moves to slow start state otherwise it remains in congestion avoidance state. Slow start state continues until it reaches ssthresh value and then congestion avoidance takes over. In congestion avoidance sate the value of the cwnd is incremented by one for each round trip time .
3.3.3 Fast Retransmit & Fast Recovery
A TCP receiver notifies the sender by sending an immediate DUP ACK when an out of order segment is received. At the sender a segment is marked for fast retransmit if it receives three or more DUPACKs and retransmits without waiting for the transmission timer to expire. Like in slow start and congestion avoidance the value of ssthresh is changed to one half of the current window size. After the retransmission of the segment fast recovery sets the value of cwnd to ssthresh plus three times of the segment size. This increases the cwnd value for the segments which acknowledged with DUPACK by the receiver .
3.4 Limitations of TCP
TCP uses Byte oriented data transmission mechanism where it cannot provide message boundaries. It treats all data as an unstructured stream of data and applications need to maintain message boundaries explicitly. It introduces some processing delay for applications which need message oriented data transmission .
TCP has no Built in Support for multi-homed host . It only binds a single IP address to the connection. Most of the today's networks are designed with path level redundancy and TCP cannot take the advantage of this to provide fault tolerance and improve performance of the network.
Every packet is assigned with a unique TSN number which are used to reorder data at the receiving end. Packets that are received at the receiver will not be processed if any of the packets transmitted before are lost. These packets are buffered at the receiver until the lost packets are retransmitted. This reliable data delivery mechanism makes it's difficult to deliver time sensitive and high priority data.
The strict order mechanism of TCP delivers messages to upper layer in the order that they are sent from the sender.HOL blocking is a serious problem in TCP especially in the hosts with small receiver window size . Consider fig 3.1 host A is transmitting packets from 10-17 to host B. But during the transmission packet 11 was lost, then at host B packet 10 is processed and passed to upper layer. Packets from 12-17 will be in receiver buffer until packets 11 is retransmitted. After the receiver buffer is full and it cannot accept any new packets so, all the new coming packets will be dropped. This behaviour results in blocking of entire connection. The multi streaming feature of SCTP can eliminate this problem up to some extent by using number of logical streams in a single association.
TCP is vulnerable to Denial of service attacks. An attacker can flood SYN requests by forging IP address. The receiving host replies with a SYN_ACK by allocating resources to the false request .
4. Stream Control Transmission Protocol
The Internet Engineering Task Force (IETF) and SIGTRAN Group started to design new transport protocol when they identified that the existing dominant transport protocols like TCP and UDP are inadequate to transport PSTN signalling messages over IP networks. This group designed SCTP as a general purpose transport protocol and proposed standard RFC 2960 in October 2000 . And in the other hand new inventions in internet communication found many limitations with TCP. SCTP inherits some features of TCP and designed some new techniques to address TCP limitations. It is a Connection oriented reliable transport protocol and maintains congestion and flow control mechanisms. SCTP provides message oriented transmission service and also indicates receiver with the beginning and end of the messages by keeping message boundaries. SCTP also provides some new features like Multi-homing, Multi-streaming and Dynamic Address reconfiguration, Partial reliable data transferÂ and many other which areÂ not possible with either TCP, orÂ UDPÂ Â [1, 7].
4.1 SCTP packet structure:
SCTP packet is completely different from TCP which consist of two parts. One is SCTP common header and the other one is SCTP chunks. SCTP common header starts with source port and destination port, used to identify the association by combing with source and destination IP address (check SCTP endpoint in Section 2) . Verification tag is used to validate the SCTP packet, this value is negotiated between the hosts during the association establishment. Checksum contains the checksum value of the packet, calculated by using CRC32 algorithm. SCTP chunks are of two types one is control chunk and other one is Data chunk. In TCP control information is included in header only and all the data bits in one field. In fig 4.1 we can see the common lay out of an SCTP packet. The first part is SCTP common header followed by number of SCTP chunks which may contain control information or actual application data in data chunks. Control chunks carry information required to maintain and control the association . Type field (8 bits) in the chunk identifies the type of message in the chunk. Flags (8bits) will be used depending upon the type of the chunk. Length specifies the size of the chunk along with the type, flags, and length and chunk data. If the message is larger than MTU of the path then the message will be segmented and transmitted in multiple packets. Smaller SCTP messages are multiplexed in to one SCTP packet. There is no limited size for an SCTP packet except it should not exceed the MTU of the path .
Both control and data chunks may coexist with in a single SCTP Packet but control chunks must be always ahead of data chunks. The least header size of an SCTP packet is 16 bytes and for TCP packet it is 20bytes.
4.2 SCTP End point
The functionality of an Endpoint in SCTP and in other protocols is different especially when Multi-homing is considered. The transport address of an SCTP end point is defined as combination of its IP address (set of IP address in case of multi-homed) followed by the port number of the application . For example in fig 4.2 host A transport address can be written as [IP1, IP2:150] where 150 is the port number of application. It's not mandatory to include all the IP address available in one SCTP association. Different applications may use different IP address to communicate with their peers. But One IP address can be included in only one end point. On host A there are two applications running with port numbers 150 and 160 and can be reached through three IP address. The valid end points for host A can be represented like [IP1, IP2:150] and [IP3:160] or [IP1, IP2, IP3:160]. It is not allowed to have end point like [IP1, IP2:150] and [1P2, IP3:160]. One more important rule is, at any point of time there must be only one association between two SCTP end points .
4.3 Features of SCTP
Multi-homing can be achieved with multiple network interface cards to improve reliability and fault tolerance on a network. When a SCTP association is established between two multi-homed hosts it automatically selects one destination address as primary and others as secondary or backup. If the connection with primary destination address is failed, SCTP automatically switch to other available paths (backup destination address) and when the primary destination address is operational again SCTP switches back to primary destination address.Â Multi-homing can provide redundancy, high availability, fault-tolerance, and load balancing in any SCTP enabled network [7, 8, 9].
The most common Multi-homing setup is like as shown in the fig 4.3.a. In a client/server environment to maintain high availability and to improve throughput, servers are equipped with multiple interfaces (in most cases) and clients with single interface. We can call it as asymmetric Multi-homing . There is another type of Multi-homing setup is possible as shown fig 4.2.b. Here in this cases both server and client is configured with multiple IP address (2 in our example), we can call this as symmetric Multi-homing . From the fig 4.3.b host A can be reached through IP1, IP2 and let us assume host B selected IP2 as primary address. Host B is configured with IP3, IP4 and Host A selected IP3 as primary address to reach Host B. Host A is unaware of the Primary address selected by Host B and same with Host B.Â
Data transmission between two SCTP end points is carried out using multiple logical streams within a single association as shown in Fig 4.4. The messages that are carried in different streams are independent of each other. Each logical stream is assigned with unique stream number and messages are delivered in sequential order to the application layer with respect to the corresponding stream only. So loss of messages in one stream does not affect the transmission of messages to the application in other streams except only when unordered delivery method is used. Multi-streaming solves the problem of HOL (Head of Line) by segmenting data stream into number of logical streams. It gives the flexibility to transfer messages of different applications on different streams.
When un-ordered delivery method is used messages are delivered to the upper-layer protocol as soon as they arrived at the receiver.
According to previous research on multi-streaming the possibility of higher throughput, minimum buffer requirements at the receiver also observed. The quality of multimedia applications can be improved to a greater extent by making use of SCTP Multi-streaming technique. SCTP allows an association to have multiple inputs or output streams up to a maximum of 65536 [7, 8].
4.3.3 Dynamic Address Reconfiguration (DAR)
Dynamic address reconfiguration (RFC 5061) is an extension to SCTP.It gives the flexibility to add or delete IP address dynamically to an ongoing SCTP association and can also change primary address to backup address if it is needed, vice versa. Many of recent devices are equipped with hot pluggable interfaces when the non-functional network interface is replaced with functional interface DAR allows to add or change primary destination [10, 11].
4.3.4 Partial Reliable SCTP (PR-SCTP)
Partial reliability gives the flexibility to the application to specify the persistency of the data on per message basis . Let's consider an online gaming application and think some objects are changing their co-ordinates very frequently. If a packet carrying the information about the position of an object is lost or delayed due to congestion in the network, by the time this packet is retransmitted the object will be in a new position. In this case the retransmission is unnecessary. By using PR-SCTP an application can set the validity of the packets, and the packets are dropped if the validity is expired at the receiver.
Fig 4.5 gives a brief overview of the features comparison between SCTP, TCP and UDP. SCTP have many other features like full duplex data transmission and supports both ordered and unordered data delivery mechanisms. Use of Selective ACK (SACK) is mandatory in SCTP which solves the retransmission of duplicates. Some extensions to SCTP are in experimental stage which provides great advantages of using SCTP, few of them are Partial-reliable data transfer and Concurrent multipath transfer (CMT).
5. Experimental Setup
Our experimental network consists of two notebook computers both connected via two alternate network paths .The idea is to setup multi-homing network and notebook computers comes readily equipped with two means of network connection (in most cases) and no other extra configurations are needed. It also creates a heterogeneous environment with one wireless and one wired connection.
Intel Dual core CPU T3200 @ 2.00 GHz
Intel Atom CPU N270 @ 1.60GHz
2 GB RAM
1 GB RAM
Both hosts are configured with Ubuntu desktop edition 10.10. We used sctp_darn ,Iperf and wireshark tools in our experiments.
SCTP is configured in Ubuntu using the library developed by Linux Kernel Stream Control Transmission Protocol (LKSCTP) project team. Current version is lksctp-tools-1.0.11. It provides libraries to develop user level applications with support to one-to-one and one-to-many socket style . The socket API of SCTP makes it easier for developers to adopt sctp in their existing applications, as well as to develop new applications. Currently it supports some of the features of SCTP (RFC 2960, RFC 3758, RFC 4960, RFC 5061, RFC 5062 etc) .
TCP functionality is provided with the kernel level implementation by TCPPROTOCOL. It provides the functions defined in RFC 793, RFC 1122 and RFC 2011. It also includes some changes for improved throughput with the functionality of explicit congestion notification Duplicate SACK extensions etc .
Sctp_darn is a simple tool developed by LKSCTP project team. Sctp_darn can be used to establish client/server connection by command line options. In our experiment setup we executed commands to establish SCTP association between two hosts .
Iperf is a widely used network performance measurement tool which transmits a stream of data over the network by using TCP and UDP transport protocols. It gives the output of the timestamp and total data transmitted during that time and the throughput achieved for that transmission. Openss7 organization modified the original version of Iperf to provide support for SCTP. By using this openss7Iperf we measured throughput for both TCP and SCTP at different signal strengths .
Wireshark is a most popular network protocol analysing tool. It can capture all the packets transmitted on a specific network interface or on all network interfaces. On sctpclient.local in the fig 5.1 wireshark was configured, packets that transmitted on both interfaces were captured .
6 Test results and Analysis
6.1 Examining Fail-over mechanisms in LKSCTPÂ Â Â Â Â Â Â Â Â Â Â Â Â
The support of Multi-homing in SCTP is one of the key features, which made it popular and created interest for many research works. SCTP provides higher redundancy through alternate paths in case of network failures. A better performance in IP networks can also be achieved using SCTP retransmission timers.
The main objective of this task is to verify SCTP multi-homing support, fault tolerance functions implemented in LKSCTP along with some test results in the lab environment. The test bed consists of two hosts, in which one acts like a server and the other as a client. The naming convention is as follows, host1: sctpserver and host2: sctpclient. The multihoming feature configured in the given topology using wired as well as wireless connections as shown in fig 5.1.
After establishing the sctp association with sctp_darn, wireshark is used to capture and analyse the packets. The following commands will establish connection between the hosts and enters in to client server mode, where a client can send messages from the terminal.
sctpserver:~# sctp_darn -H 0 -P 3000 -l
sctpclient:~# sctp_darn -H 0 -P 2000 -h sctpserver.local -p -3000 -s
First command on sctpserver endpoint makes it ready to accept INIT packets to establish SCTP association from any active interface on port number 3000. Second command on sctpclient sends a request to host sctpserver.local from any active interface on port number 3000 and accepts association request on port number 2000. Once all the required information is exchanged between two endpoints an association will be established with the following peer addresses 192.168.0.131:3000, 188.8.131.52:3000 on client.
The connectivity between the hosts are monitored using hear beat chunks. These hear beat chunks are generated at regular intervals. After the establishment of an association between two end points, heartbeat packets are exchanged immediately to confirm the reachabilty of secondary path. It is not possible to verify the secondary path during association setup. When a shutdown chunk has been sent by either of the hosts, heart beat chunks are immediately stopped .
Each endpoint maintains error counters for number of consecutive retransmission attempts for every path and association separately. These counters are incremented every time when T3-rtx timer expires. Based on the error counters the status of the association is defined. When the error counter of a particular path exceedspath_max_retrans (default is 5) then the transport address is marked as inactive . If association error counter exceeds association_max_retrans(default is 10)then the association enters in to closed state .Â
In our experiment first message was transmitted through 192.168.0.131:3000, which is considered as primary. The secondary path can also be identified by heart beat chunks which immediately starts once the primary path is established.
According to the fig 6.1.2 from wireshark analyzer it is observed that the heart beat chunks are exchanged at frequent intervals to verify status of the path. The interval between the heartbeat chunks changes dynamically according to the changes in the network by using following formulae.
Interval=RTO+ (+-50%RTO) +hb_interval 
The default value of hb_interval is 30 secs , when connection is established RTO value is assigned with the value of RTO_initial (default 3 sec). So under idle conditions the value of the interval is approximately equal to 31.5. The value of RTO is updated every time when a new RTT measurement has been made, for a packet sent to the given destination . Fig 6.1.2 shows the heartbeat packets captured in wireshark.
Fig 6.1.2 Heartbeat packets captured in wire shark and interval between each packet.
In this association setup sctpclient selected 192.168.0.131:300 as primary address and 184.108.40.206:3000 as secondary.
Now we manually turned off the primary address interface as shown in fig 6.1.3 and then sent messages to sctpserver.local. In this case message was delivered with a little delay. The reason for the delay is initially data is transmitted through primary path. Since primary path is unavailable and data is not delivered to sctpserver.local , no SACK will be received within T3-rtx timer. When the retransmission timer is expired data is retransmitted through the secondary address. The same behaviour was observed until five consecutive retransmission timers expiry. As explained in section 4.2.1 data transmission is carried through primary path and retransmissions through secondary path until the primary path is marked as inactive.Â A path is marked as inactive only after five consecutive retransmissions. Internet is a best effort network packets may be lost during the congestion in the network. After simulating failover mechanism on 192.168.0.131:300/24, primary is marked as inactive and data transmission is diverted to 220.127.116.11:3000 changing it as primary path from secondary path. The status of every inactive path is also monitored through periodic heartbeat chunks. When it receives heartbeat acknowledgement from any inactive transport address then the status of that address is changed to active. The selection of path from primary to secondary, as well as secondary to primary is done automatically in case of link failures. The same behaviour was observed in our experiment, after re-enabling the 192.168.0.131:300 interface.
The following experiment presents how better we can achieve efficient performance through failover mechanism as well as multihoming features.
6.2 Performance evaluation of TCP and SCTP in wireless network
The objective of this test is to evaluate the performance of TCP and SCTP protocol implementations in Linux kernel (2.6.35-28), over wireless network. Many performance comparisons are done between TCP, SCTP and most of them are in simulation environment. But simulation environment ignores many of real-world complexities. As SCTP is designed to be friendly towards TCP, it equally shares the available resources with TCP. So, throughput will be a suitable parameter to compare the performance .
We run our tests to measure throughput for varying signal level. Traffic was generated in client-server environment for duration of 10 seconds with a fixed window size of 256Kbytes. Window size is the amount of data that can exist in the network. We measured throughput for both SCTP and TCP in five trails and calculated the average.Â
Since TCP doesn't support Multi-homing, while measuring throughput between two hosts for TCP and SCTP we used only wireless link. No optimizations were done to tune the performance of both protocol implementations, reason for that is considering that normal user uses his system with the default configuration. By using Iperf (see section 5) we generated traffic between two hosts. Fig 6.6.2, fig 6.6.3 shows the graph for the throughput achieved at the both server and client.
From the above results we can observe that TCP has achieved better throughput in all signal strengths. Only in second case (signal strength -59 dBm) SCTP achieved throughput closer to TCP when compared to other cases. We believe this is mainly because of maturity levels of both implementations. TCP is being used from many years and it has undergone many improvements. It uses sysctl values very efficiently . The widely used TCP is well aware of using services from software and hardware components. SCTP is been fairly new protocol and most of the systems are not completely aware of SCTP. Lksctp ignores sysctloptions and not completely optimized to give better performance.Â
6.3 TCP 3-way handshake vs. SCTP 4-way handshake.
Connection oriented transport protocol needs to establish a connection between the two hosts before they exchange data with each other. One of the two hosts will be in passive mode ready to accept connection request and other will be in active mode by sending connection request.TCP uses Three-way handshake mechanism to establish connection, and is vulnerable to SYN attacks. SCTP uses four way hand shake mechanism to establish association between the hosts. The special socket initiation in SCTP is able to provide reliable security features using cookie mechanism. The denial of service attacks are most common in TCP environment because of SYN flooding and lead the server to go out of order for future services. After this attack server is not in a position to respond to client requests .
6.3.1 TCP 3-way handshake
The communication process in TCP is initiated by sending SYN request from client to server. Server responds to SYN request by sending SYN_ACK. And then it enters to SYN_RCVD state waits for an ACK from the client to complete connection setup. After receiving SYN_ACK from server client sends back an ACK confirming the completion of connection. Fig 6.3.1 shows the state diagram of TCP three-way handshake.
6.3.2 What is TCP SYN attack?
The potential to launch an attack on any TCP host lies in the design of TCP 3-way hand shake .TCP maintains a connection queue of finite size (Transmission Control Block) which holds all the information about status of the connection. The size of each entry depends on the options and the features enabled for a particular connection. Normally this size will be at least 280 bytes and in some operating systems it is more than 1300 bytes . On reception of the SYN request the receiver creates an entry in TCB and moves to SYN-RCVD state, and waits for ACK as a response. In a sense that TCB memory is occupied with entries based on reception of the SYN requests. If the TCB memory is filled up then it doesn't accept new connections any more. Making use of this an attacker can flood with SYN requests by forging random source address. This SYN requests to the server and exhaust the queue making it unavailable to any type of service. The Association establishment in SCTP designed to mitigate this attacks by introducing a state cookie in the four-way hand shake mechanism.
6.3.3 SCTP four-way handshake:
SCTP is a uni-cast Protocol and the association between two end devices is established by using four-way handshake mechanism . Fig 6.3.3 shows the state diagram of Four-way handshake and the SCTP association start-up procedure is explained below in step by step order.
- An SCTP client initiates the association process by sending INIT chunk to the receiver.
- After receiving INIT chunk the server replies with an INIT-ACK chunk. Along with the INIT-ACK it also sends a state cookie containing the information necessary to establish association, timestamp, lifespan, Message Authentication Code (MAC).
- On receipt of INIT-ACK from server client sends COOKIE-ECHO as a response to complete the association start-up.
- Server verifies the authenticity of the cookie received in COOKIE-ECHO chunk. Now server allocates the resources for the association and acknowledges with a COOKE-ACK and moves in to established state.
This Four-way handshake introduces some delay. To minimize that delay client can actually send data which is waiting to transmit in the outbound queue with the COOKIE-ECHO. But it always must be placed after cookie echo chunk. If server receives any data in COOKIE-ECHO it should acknowledge data by sending a SACK in COOKIE-ACK.
Role of SCTP State cookie in mitigating service attacks:
As explained above on receipt of INIT from client, Server generates a state cookie which contains MAC, time stamp of the cookie and life and the necessary information needed to establish association. The entries in State cookie are created from the following actions
- Create entries for the association in Transmission Control Block (TCB) using the chunks INIT and INIT_ACK.
- Set the life span of the cookie to 60 seconds (recommended) and timestamp to the current time of day.
- Generate a MAC by using a secret key which is only known to the receiver and minimal amount of information from TCB to re-create the TCB entry.
- Generate State cookie with the information created from the above 3 steps.
The generated state cookie is placed in state cookie field of INIT_ACK and transmitted to the sender. After sending INIT_ACK the sender must delete the TCB Entry and release if any resources are allocated. When a rouge client sends INIT chunks to the server by forging to some random addresses, server only responds with INIT-ACK. These responses always sent back to the source IP address received in the INIT chunk where a rouge client can never get. Therefore, in this case only valid sender will get INIT_ACK and can reply with a cookie echo. In the server side no resources are allotted for the association until a valid Cookie echo is received from the sender. When a cookie echo is received from the client it verifies the validity of the packet from the MAC, timestamp, life span of cookie and verification tag, if any of these values does not match then the packet is dropped silently. It prevents an attacker sending old cookie echo and trying to establish association. Unlike TCP in SCTP TCB entries and resource allocation is done only on the basis of COOKIE-ECHO not on initial request.
According to RFC 4960, the normal data transfer always takes on primary path and the remaining paths used as backup. Simply using only one path and keeping the other available routes idle does not give better utilization of network resources. The problem of underutilization in any network can be solved by efficient utilization of resources, load sharing. So, load sharing of data is desired on all the available paths to achieve the benefits of better usage of network bandwidth, increased application throughput in a great manner.
Concurrent Multipath Transfer (CMT) is one of the extensions to SCTP, which was proposed to achieve end-to-end load balancing using multiple paths available. Though CMT provides better utilization of network resources but fails regarding performance issue. So the more and more optimization techniques are needed to get optimal performance in any network. Such techniques include network-tuning, modification in operation mechanism. CMT approach resulted in improved performance on similar links, whereas dissimilar links does not guarantee the minimum expected performance. Poor performance observed due to differences in bandwidth, different link capacities, and aggressiveness in loss detection and recovery mechanisms [15, 16, 22].
ISPs adopt various techniques to provide communication, different network conditions exist on different paths like varying bandwidth and packet loss so similar paths are unlikely on internet. Here we gave brief overview on SCTP data transmission techniques to get better understanding of problems and optimizations of CMT-SCTP.
6.4.1 Data Transmission in SCTP
Application data will be transmitted in chunks. Number of SCTP chunks may be encapsulated in to one IP packet depending on the MTU. SCTP guarantees message-oriented, in order and guaranteed data delivery. Each data chunk is assigned with a Transmission Sequence number (TSN) to provide reliable data delivery.
All the received data is acknowledged by using a technique called SACK. A SACK contains different parameters, which include Cumulative TSN Ack specifies highest TSN received In order, Number of gap ACK blocks reports all the TSNS received between Cumulative TSN and highest TSN. It also advertises receiver window space (a_rwnd) tells the current available space in the receive buffer. This buffer is used to store all the data chunks received out-of-order and only delivered to application when the missing data chunks are received.
When packets are received in order SCTP uses delayed acknowledgements (default a SACK for every two data packets received in order) like TCP. It does not send SACK immediately to acknowledge the received data, this reduces overhead traffic.Â When packets are received out of order, it sends SACK immediately to the sender reporting the missing TSNs.
At the sender side, when a TSN is reported as missing through acknowledgement (SACK) three times (default) then the data is marked for fast retransmit. All the marked data is retransmitted to the receiver without waiting for the T3_rtx timer to expire.
6.4.2 Current trends in CMT-SCTP
Currently few problems were found while using CMT-SCTP for load sharing over asymmetric path, which results in reduced throughput. In [15, 17, 21] authors proposed solutions for problems they observed and provided results behind those optimization techniques to improve the throughput. The below sections are explained in detail about the optimization techniques of CMT and their implementation methods.
Split Fast retransmissions:
Delivery of data always depends on factors like bandwidth, latency, congestion. So, load balancing of data over asymmetric paths causes the delivery of data over high-speed paths prior to the data sent on slow-speed paths. Let's assume a scenario of sender/receiver connected via two paths, path3 and path3 with bandwidths of 1mbps, 100 mbps respectively, as shown in fig 6.4.1. Data chunks 3 and 4 are sent over path 1 and 5, 6, 7 through path 2. Since Path3 is having high bandwidth than Path3 packets 5, 6, 7 are delivered to the receiver earlier than 3, 4. As explained in Section 6.4.1 this triggers the fast retransmission of 3, 4 considering them as lost in the network. But in these scenario packets 3, 4 are not lost and just took longer time to reach receiver because of low bandwidth. After receiving 3, 4 the receiver sends an SACK with Cum_AckTSN of packet 2 to the sender, acknowledging the reception of data. The retransmitted packets are dropped. The above behaviour causes to reduce the congestion window, unnecessary retransmissions and addition of overhead traffic. To avoid these problems authors in  proposed an optimization technique called Split Fast Retransmissions (SFR).
SFR considers the existence of multiple paths unlike Standard CMT-SCTP. While sending packets, the path on which it is transmitted is noted. It processes the received SACK separately based on the path that they received on . If any missing packet is reported via SACK then the received packet is compared with the TSN of the packet which is acknowledged as successfully transmitted on that path. If the TSN of the missing packet is smaller than the TSN of the successfully transmitted packet then only packet is considered as missing. After three consecutive notifications of the missing TSN via SACKS the packet is marked for fast retransmit. This technique avoids fast retransmissions caused by SACK of missing TSN which is transmitted on different path. Authors of , proved from their simulation results about CMT-SCTP module in OMNET++/INET Framework. Applying the above technique will improve the throughput up to certain extent..
Non-Revocable Selective Acknowledgements (NR-SACK):
NR-SACK is an optimization technique to address sender buffer blocking problem caused in both in SCTP and TCP. In any host, sender buffer is divided in to two parts. one part holds the new data and the other holds the data which is already transmitted and not yet acknowledged by the receiver, also referred as retransmission queue. Sender maintains a copy of data in the retransmission queue until the data is acknowledged by a cumulative TSN.Â TCP uses in-order delivery and never deliver out-of-order packets to the application layer. But SCTP uses multi-streaming, unordered delivery, If TSN is in sequence to the corresponding logical stream or unordered delivery, then the packets are delivered to the application layer at receiver end.
For example in fig 6.4.2 the sender buffer is allocated with a capacity of 4 packets. Assuming during transmission if packet 3 is lost, and packets 4 to 6 are successfully delivered to the receiver, thenÂ receiver only sends SACK's with CUM_ACK 2 and with gap reports 4, 5, 6. Sender considers all the out of order packets acknowledged by gap SACK are revocable, now the sender needs to maintain packets with TSN 3 to 6 in its send buffer. As the capacity of send buffer is occupied by the copies of data there will be no space for new packets. Sender cannot transmit any new data until its buffer space is freed. This situation can be called as sender buffer blocking, forcing sender to stop sending data until the buffer space is emptied .
To avoid sender buffer blocking, standard SACK chunks are modified by adding new fields to specify Non-revocable TSNs. The functionality of NR-SACK is similar to SACK, only the extra fields are processed by sender or receiver to identify non-revocable chunks. The field Number of NR Gap Ack blocks specifies the number of NR gap blocks presented in the NR-SACK. The NR Gap Ack block start and NR Gap Block END reports the block of data chunks that are received out of order and non-revocable. The regular fields of an SACK chunk reports the revocable data chunks so, NR-SCTP chunk is capable of specifying both revocable and non-revocable data chunks. SCTP endpoints exchange the information about the supported extension during the association establishment, if both end points support NR-SCTP then only the receiver acknowledges the data with NR-SACKS. Since sender has no responsibility of non-revocable data and the receiver explicitly reports the non-revocable data and revocable data by using NR-SACK chunks. The sender deletes the copies of non-revocable data from the send buffer and uses the space to transfer new data, this eliminates the sender buffer blocking problem. Fig 6.4.3 shows the packet format of both SACK and NRSACK chunks.
Send and receive buffer splitting:
NR-SACK can only solve the send buffer blocking problem caused by non-revocable packets, unnecessary fast retransmissions can be blocked by using SFR .Both these techniques cannot solve the problems of finite buffer space and prevent transfer of new data in other routes. In  authors proposed a mechanism by splitting send and receive buffers into per path sections. Send and receive buffer splitting can manage buffer space between different paths instead of occupying too much buffer space by packets transmitted through certain path. The same situation may occur at the receiver end also since receiver also saves the packets in its buffer until all the gaps are filled with the missing packets.
The send buffer of an endpoint with size B is divided into n subsections where n is the number of paths. On any available path new data may be sent only if the buffer share of the path allows buffering another MTU-sized packet . Considering the size of the outstanding data ( buffered in send buffer) as the size of the buffer occupied at the receiver and using the value of r_wnd received in the SACK the receiver buffer also divided into per path section.
Applying the above optimization techniques to the standard CMT-SCTP, they improved the throughput up to the expected level [16, Figure 4]. Currently CMT-SCTP is supported by few SCTP implementations and not used widely. Many research works are done in simulation environment and proposed approaches to improve performance but these needs to be studied in real network environment also.
7. Conclusion & Suggestions to future work
In this thesis we described why SCTP is required while TCP is being widely used, this by explaining the limitations of TCP and advanced features of SCTP. We also showed how SCTP can do fail-over to an alternate path in case of network failures. We made performance comparisons (in terms of throughput achieved) between TCP and SCTP protocol implementations over wireless networks. In our results TCP showed slightly better performance than SCTP.Â We also explained SCTP four-way handshake mechanism and the role of cookie implementation in mitigating denial of service attacks. Finally we discussed different problems associated with CMT-SCTP and some solutions available. SCTP has a great potential to support a wide range of applications. In general, applications which need reliable transport are presently using TCP and applications which doesn't require reliable transport use UDP. But all kinds of applications can use SCTP with its support of reliable, unreliable and partially reliable transmission. On the other hand more research need to be done in related to SCTP and to improve its performance.
There are other implementations for SCTP and as a future work extending to our thesis, performance comparison tests can be done using other variants of SCTP. We recommend SCTPDRV , it is a kernel driver for Microsoft windows and it supports almost all the features of SCTP.