Network Working Group                                    R. R. Stewart
INTERNET-DRAFT                                           M. A. Ramalho
                                                         Cisco Systems
                                                                Q. Xie
                                                              Motorola
                                                             M. Tuexen
                                                            Siemens AG
                                                             I. Rytina
                                                              Ericsson
                                                             P. Conrad
                                                     Temple University

expires in six months                                      May 7,                                     June 6, 2001

     SCTP Extensions for Dynamic Addition Reconfiguration of IP addresses
                   <draft-ietf-tsvwg-addip-sctp-00.txt> Addresses
	      and Enforcement of Flow and Message Limits

                   <draft-ietf-tsvwg-addip-sctp-01.txt>

    Status of This Memo

    This document is an Internet-Draft and is in full conformance with
    all provisions of Section 10 of RFC 2026 [RFC2026]. Internet-Drafts
    are working documents of the Internet Engineering Task Force (IETF),
    its areas, and its working groups. Note that other groups may also
    distribute working documents as Internet-Drafts.

    The list of current Internet-Drafts can be accessed at
    http://www.ietf.org/ietf/1id-abstracts.txt

    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.

   Abstract

    This document describes extensions to the Stream Control
    Transmission Protocol (SCTP) [RFC2960] that provide a method methods to (1)
    reconfigure IP address information on an existing association or
    to and
    (2) request that a peer set a stream flow limit. limits in units of bytes or
    messages, either on a per-stream or per-association basis.

                        TABLE OF CONTENTS
    1. Introduction............................................... 2
    2. Conventions................................................ 3
    3. Additional Chunks and Parameters........................... 3
    3.1 New Chunk Types........................................... 3 4
    3.1.1  Address Configuration Change Chunk (ASCONF)............ 3 4
    3.1.2 Address Configuration Acknowledgment Chunk (ASCONF-ACK) (ASCONF-ACK). 5
    3.2 New Parameter Types....................................... 4 6
    3.2.1 Add IP Address.......................................... 6 7
    3.2.2 Delete IP Address....................................... 6 7
    3.2.3 Stream Flow Limit Change................................ 7 8
    3.2.4 Error Cause Indication.................................. 7 9
    3.2.5 Set Primary IP Address.................................. 8 9
    3.2.6 Success Indication...................................... 8 Indication......................................10
    3.2.7 Stream Message Limit Change.............................10
    3.2.8 Association Message Limit Change........................11
    3.3 New Error Causes.......................................... 9 Causes..........................................11
    3.3.1 Error Cause: Request to Delete Last remaining Remaining
          IP Address 9 Address..............................................12
    3.3.2 Error Cause: Operation Refused due Due to Resource Shortage.10 Shortage.12
    3.3.3 Error Cause: Request to Delete Source IP Address........10 Address........13
    4. Procedures.................................................11 Procedures.................................................13
    4.1 ASCONF Chunk Procedures...................................11 Procedures...................................14
    4.1.1 Congestion Control of ASCONF Chunks.....................12 Chunks.....................15
    4.2 Upon reception of a an ASCONF Chunk..........................13 Chunk.........................16
    4.3 General rules for address manipulation....................15 manipulation....................18
    4.3.1 A special case for OOTB ABORT chunks....................17 chunks....................20
    4.3.2 A special case for changing an address..................21
    4.4 Setting of the primary address............................18 address............................21
    4.5 Steam Flow Stream Flow/Message Limit Procedures...............................18 Procedures......................21
    4.5.1 Stream Receiver receiver side procedures.........................19 procedures.........................22
    4.5.2 Stream Sender sender side procedures...........................19 procedures...........................23
    4.5.3 ULP considerations on the use of SCTP flow limit
          facility................................................20
          facility................................................24
    4.6 Association Message Limit Procedures......................24
    4.6.1 Receiver side procedures................................25
    4.6.2 Sender side procedures..................................25
    5. Security Considerations....................................20 Considerations....................................25
    6. IANA considerations........................................20 considerations........................................26
    7. Authors' Addresses.........................................20 Addresses.........................................26
    8. References.................................................21 References.................................................27

    1. Introduction

    To extend the utility and application senarios scenarios of SCTP, this
    document introduces optional extensions that provide SCTP with the
    ability to reconfigure IP address information on an existing
    association or to request that the peer set a stream flow limit. limits in units
    of bytes or messages, either on a per-stream or per-association
    basis.

    These extensions enable SCTP to be utilized in the following
    applications:

    - Dynamic IP addresses added and subtracted address reconfiguration extension: For
    computational or networking platforms that allow addition/removal of
    physical interface cards this feature can provide:

     A) a graceful method to add to the interfaces of an existing
        association. For the multi-homed IPv6 case this feature will
        allow allows renumbering
        of existing associations.

     B) provides a method for an endpoint to request that its peer set
        its primary destination address: address.  This can be useful
        when an address is about to be deleted. Or deleted, or when an endpoint
        has some predetermined knowledge about which is the
        preferred address to receive SCTP packets upon.

    - The SCTP flow limit extension: This extension enables the
      ability
      a receiver to request that a sender to set impose a byte limit to on the
      outstanding data sent to each stream. This in turn will
      provide: present on a per-stream basis.

      The SCTP flow limit extension provides:

     A) The ability to minimize the occurrence of a single stream
        monopolizing all transport level resources (e.g. a_rwnd
       "deadlock").

     B) The ability to dynamically change the stream buffering
	limits as the application deems appropriate at any particular
        instant.

    - The SCTP message limit extension: This extension enables a
      receiver to request that a sender impose a limit on the number
      of outstanding messages present on:

     A) each stream, and/or

     B) the whole association.

     The SCTP message limit extension provides a method for minimizing
     the occurrence of a lack of resources needed for messages even
     when resources for payload data are still available. This can
     become important when handling a large number of short messages.

    2. Conventions

    The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
    SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when
    they appear in this document, are to be interpreted as described in
    RFC 2119 [RFC2119].

    3. Additional Chunks and Parameters

    This section describes the addition of two new chunks and, six eight
    new parameters to allow:

         - Dynamic addition of IP Addresses to an association.
	 - Dynamic deletion of IP Addresses to an association.
	 - A request to set the primary address the peer will
           use when sending to an endpoint.
         - The setting of stream flow byte limits.
         - The setting of stream message limits.
         - The setting of association message limits.

    Additionally, this section describes three new error causes that
    support these new chunks and parameters.

    3.1 New Chunk Types

    This section defines two new Chunk chunk types that will be used to
    transfer the control information reliably. Table 1 illustrates the
    two new chunk types.

    Chunk Type  Chunk Name
    --------------------------------------------------------------
    11000001
     0xC1    Address/Stream Configuration Change Chunk (ASCONF)
    10000000
     0x80    Address Configuration Acknowledgment      (ASCONF-ACK)

          Table 1: Address/Stream Configuration Chunks

    It should be noted that the ASCONF Chunk format requires the
    receiver to report to the sender if it does not understand the
    ASCONF chunk. Chunk. This is accomplished by setting the upper bits in the
    Chunk
    chunk type as described in [RFC2960] section 3.2. Note that the
    upper two bits in the ASCONF chunk Chunk are set to one.  As defined in
    [RFC2960] section 3.2, setting these upper bits in this manner will
    cause the receiver that does not understand this chunk to skip the
    chunk and continue processing, but report in an Operation Error
    Chunk using the 'Unrecognized Chunk Type' cause of error.

    3.1.1  Address Configuration Change Chunk (ASCONF)

    This chunk is used to communicate to the remote endpoint one of the
    configuration change requests that MUST be acknowledged.  The
    information carried in the ASCONF chunk is always in Chunk uses the form of a
    Tag-Length-Value (TLV) (TLV), as described in "3.2.1
    Optional/Variable-length Parameter Format" in [RFC2960]. [RFC2960], for
    all variable parameters.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Type = 0xC1   |  Chunk Flags  |      Chunk Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Serial Number                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |               Reserved                        |   Addr Type   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                   Address Bytes 0-3                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                   Address Bytes 4-7                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                   Address Bytes 8-11                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                   Address Bytes 12-15                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |               ASCONF-Request Correlation ID #1                |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     ASCONF Parameter #1                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                                                               \
    /                             ....                              /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |               ASCONF-Request Correlation ID #N                |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     ASCONF Parameter #N                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Serial Number : 32 bits (unsigned integer)

    This value represents a Serial Number for the ASCONF Chunk. The
    valid range of Serial Number is from 0 to 4294967295 (2**32 - 1).
    Serial Numbers wrap back to 0 after reaching 4294967295.

    ASCONF-Request Correlation ID: 32

    Reserved: 24 bits (unsigned integer)

    This is an opaque integer assigned

    Reserved, set to 0 by the sender and ignored by the
    receiver.

    Address Type :  8 bits (unsigned char)

    This value determines the type of address found in the
    Address Bytes field. If the value is 5 then the first
    4 bytes of the Address Bytes field contain an IPv4 address,
    in network byte order. If the value is 6 then the first
    16 bytes of the Address Bytes field contain an IPv6 address,
    in network byte order.

    Address Bytes: 16 bytes (unsigned chars)

    This field contains an address which is part of the association.
    This field may be used by the receiver of the ASCONF to help
    in finding the association.

    ASCONF-Request Correlation ID: 32 bits (unsigned integer)

    This is an opaque integer assigned by the sender to identify each
    request parameter. It is in host byte order and is only meaningful
    to the sender. The receiver of the ASCONF chunk Chunk will copy this 32
    bit value into the ASCONF Correlation ID field of the
    ASCONF-ACK. The sender of the ASCONF can use this same value in the
    ASCONF-ACK to find which request the response is for.

    ASCONF Parameter: TLV format

    Each Address configuration change is represented by a TLV
    parameter has as defined in Section 3.2. One or more request requests
    may be present in a an ASCONF chunk. Chunk.

    3.1.2 Address Configuration Acknowledgment Chunk (ASCONF-ACK)

    This chunk is used by the receiver of an ASCONF chunk Chunk to acknowledge
    its
    the reception. It carries zero or more results for any ASCONF
    Parameters that were processed by the receiver.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Type = 0x80   |  Chunk Flags  |      Chunk Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Serial Number                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |               ASCONF-Request Correlation ID #1                |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                 ASCONF Parameter Response#1                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                                                               \
    /                             ....                              /
    \                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |               ASCONF-Request Correlation ID #N                |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                 ASCONF Parameter Response#N                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Serial Number : 32 bits (unsigned integer)

    This value represents the Serial Number for the ASCONF chunk that
    was received to which this ASCONF Chunk
    that is acknowledgment of. acknowledged by this chunk. This value is
    copied from the received ASCONF chunk. Chunk.

    ASCONF-Request Correlation ID: 32 bits (unsigned integer)

    This value is copied from the ASCONF Correlation ID received in the
    ASCONF chunk. Chunk. It is used by the receiver of the ASCONF-ACK to identify
    which ASCONF parameter this response is associated with.

    ASCONF Parameter Response : TLV format

    The ASCONF Parameter Response is used in the ASCONF-ACK to report
    status of ASCONF processing. By default, if a responding endpoint
    does not include any Error cause Cause, a success is indicated. Thus a
    sender of a an ASCONF-ACK MAY indicate complete success of all TLV's TLVs in
    a
    an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length
    (set to 8) and the Serial Number.

    3.2 New Parameter Types

    The six eight new parameters added follow the format defined in section
    3.2.1 of [RFC2960]. Table 2 describes the Parameters. parameters.

    Address Configuration Parameters   Parameter Type
    -------------------------------------------------
    Add IP Address                     49153 (0xC001)                       0xC001
    Delete IP Address                  49154 (0xC002)                    0xC002
    Stream Flow limit Byte Limit Request          49155 (0xC003)            0xC003
    Error Cause Indication             49156 (0xC004)               0xC004
    Set Primary Address                49157 (0xC005)                  0xC005
    Success report                     49158 (0xC006)                       0xC006
    Stream Message Limit Request         0xC007
    Association Message Limit Request    0xC008

          Table 2: Address Configuration Parameters

    3.2.1 Add IP Address

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Type = 0xC001          |    Length = Variable          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Address Parameter                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Address Parameter: TLV

    This field contains an IPv4 or IPv6 address parameter as described
    in 3.3.2.1 of RFC2960. The complete TLV is wrapped within this
    parameter.  It informs the receiver that the Address address specified is to
    be added to the existing association.

    An example TLV requesting that the IPv4 address 10.1.1.1 should be
    made
    added to the primary destination address association would look as follows:

        +--------------------------------+
        |  Type=0xC001   | Length = 12   |
        +--------------------------------+
        |  Type=5        | Length = 8    |
        +----------------+---------------+
        |       Value=0x0a010101         |
        +----------------+---------------+

    Valid Chunk Appearance

    The Add IP Address parameter may only appear in the ASCONF chunk Chunk
    type.

    3.2.2 Delete IP Address

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Type =0xC002           |    Length = Variable          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Address Parameter                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Address Parameter: TLV

    This field contains an IPv4 or IPv6 address parameter as described in
    3.3.2.1 of [RFC2960]. The complete TLV is wrapped within this
    parameter.  It informs the receiver that the Address address specified is to
    be removed from the existing association.

    An example TLV deleting the IPv4 address 10.1.1.1 from an existing
    association would look as follows:

        +--------------------------------+
        |  Type=0xC002   | Length = 12   |
        +--------------------------------+
        |  Type=5        | Length = 8    |
        +----------------+---------------+
        |       Value=0x0a010101         |
        +----------------+---------------+

    Valid Chunk Appearance

    The Delete IP Address parameter may only appear in the ASCONF chunk Chunk
    type.

    3.2.3 Stream Flow Limit Change

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Type =0xC003           |    Length = Variable          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Stream Number 1        |    Flow    Byte Limit 1               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                                                               /
    /                                                               \
    \                                                               /
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Stream Number N        |    Flow    Byte Limit N               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Stream Number n :  16 bits (unsigned integer)

    This is the stream number that is requesting for which a limit is to be placed
    on the sender based on the applications receive buffer sizes.

    Flow enforced.

    Byte Limit n :  16 bits (unsigned integer)

    This is the limit (in bytes) that the receiver (sending the chunk)
    is requesting (in bytes) that the sender (receiver of the chunk) enforce as to
    the maximum amount of outstanding data that permitted at any time on
    this stream, as per the receiver may accept. rules in Section 4.5.  Note that the value 0
    '0' holds a special meaning described in Section 4.5. 4.5.1

    Valid Chunk Appearance

    The Stream Flow Limit Change parameter may only appear in the ASCONF
    chunk, the INIT, or the INIT-ACK chunk type. The inclusion of this
    parameter in the INIT or INIT-ACK can be used to indicate initial
    byte limits.

    3.2.4 Error Cause Indication

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Type = 0xC004              |      Length = Variable        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |             Error Cause(s) or Return Info on Success          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    When reporting an error this response parameter is used to wrap
    one or more standard error causes normally found within an SCTP
    Operational Error or SCTP Abort (as defined in [RFC2960]). The
    Error Cause(s) follow the format defined in section 3.3.10 of
    [RFC2960].

    Valid Chunk Appearance

    The Error Cause Indication parameter may only appear in the
    ASCONF-ACK chunk type.

    3.2.5 Set Primary IP Address

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Type =0xC005           |    Length = Variable          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Address Parameter                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Address Parameter: TLV

    This field contains an IPv4 or IPv6 address parameter as described in
    3.3.2.1 of [RFC2960]. The complete TLV is wrapped within this
    parameter.  It requests the receiver to mark the specified address
    as the primary address to send data to (see section 5.1.2 of
    [RFC2960]). The receiver MAY mark this as its primary upon
    receiving this request.

    An example TLV requesting that the IPv4 address 10.1.1.1 be made the
    primary destination address would look as follows:

        +--------------------------------+
        |  Type=0xC005   | Length = 12   |
        +--------------------------------+
        |  Type=5        | Length = 8    |
        +----------------+---------------+
        |       Value=0x0a010101         |
        +----------------+---------------+

    Valid Chunk Appearance
    The Set Primary IP Address parameter may appear in the ASCONF chunk, Chunk,
    the INIT, or the INIT-ACK chunk type. The inclusion of this parameter
    in the INIT or INIT-ACK can be used to indicate an initial preference
    of primary address.

    3.2.6 Success Indication

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Type = 0xC006          |      Length = 4               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    By default if a responding endpoint does not report an error for any
    requested TLV, a success is implicitly indicated. Thus a sender of a
    ASCONF-ACK MAY indicate complete success of all TLV's TLVs in a an ASCONF by
    returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8)
    and the Serial Number.

    The responding endpoint MAY also choose to explicitly report a
    success for a requested TLV, by returning a success report ASCONF
    Parameter Response.

    Valid Chunk Appearance

    The Success Indication parameter may only appear in the ASCONF-ACK
    chunk type.

    3.3  New Error Causes

    Three new Error Causes are added to the SCTP Operational Errors,
    primarily for use in the ASCONF-ACK chunk.

    Cause Code
    Value          Cause Code
    ---------      ----------------
    12             Request to delete last remaining IP address.
    13             Operation Refused due to resource shortage.
    14             Request to delete source IP address.

          Table 3: New Error Causes

    3.3.1 Error Cause: Request to Delete Last remaining IP Address

    Cause of error
    ---------------
    Request to delete last remaining IP address: The receiver of this
    error sent a request to delete the last IP address from its
    association with its peer. This error indicates that the request is
    rejected.

    3.2.7 Stream Message Limit Change

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Cause Code=12        Type =0xC007           |      Cause Length=Variable    Length = Variable          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |        Stream Number 1        |    Message Limit 1            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                     TLV-Copied-From-ASCONF                                                               /
    /                                                               \
    \                                                               /
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    An example of a failed delete in an Error Cause TLV would look as
    follows in the response ASCONF-ACK message:

        +--------------------------------+
        | Type = 0xC004  | Length = 20
    |
        +--------------------------------+        Stream Number N        |  Cause=12    Message Limit N            | Length =
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Stream Number n :  16   |
        +----------------+---------------+
        |  Type= 0xC002  | Length = 12   |
        +----------------+---------------+
        |   Type=5       | Length = 8    |
        +----------------+---------------+
        |       Value=0x0a010101         |
        +----------------+---------------+

    3.3.2 Error Cause: Operation Refused due to Resource Shortage

    Cause of error
    --------------- bits (unsigned integer)

    This error cause is used to report a failure by the receiver to
    perform the requested operation due to stream number for which a lack of resources.  The
    entire TLV that limit is refused to be enforced.

    Message Limit n :  16 bits (unsigned integer)

    This is copied from the ASCONF-REQ into limit (in messages) that the
    error cause. receiver (sending the
    chunk) is requesting that the sender (receiver of the chunk)
    enforce as the maximum number of outstanding messages permitted at
    any time on this stream, as per the rules in Section 4.5.  Note
    that the value '0' holds a special meaning described in Section
    4.5.1.

    Valid Chunk Appearance

    The Stream Message Limit Change parameter may appear in the ASCONF
    chunk, the INIT, or the INIT-ACK chunk type. The inclusion of this
    parameter in the INIT or INIT-ACK can be used to indicate initial
    stream message limits.

    3.2.8 Association Message Limit Change

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Cause Code=13             |      Cause Length=Variable    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                  TLV-Copied-From-ASCONF                      /
    /                                                              \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    An example of a failed addition in an Error Cause TLV would look as
    follows in the response ASCONF-ACK message:

        +--------------------------------+
        |        Type = 0xC004  | Length = 20   |
        +--------------------------------+
        |  Cause=13      | Length = 16   |
        +----------------+---------------+
        |  Type=0xC001   | Length = 12   |
        +--------------------------------+
        |  Type=5 =0xC008           |    Length = 8                 |
        +----------------+---------------+
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Value=0x0a010101                   Association Message Limit                   |
        +----------------+---------------+

    3.3.3 Error Cause: Request to Delete Source IP Address

    Cause of error
    ---------------
    Request to delete source IP address: The
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Association Message Limit n :  32 bits (unsigned integer)

    This is the limit (in messages) that the receiver (sending the
    chunk) is requesting that the sender (receiver of this error sent
    a request to delete the source IP address chunk)
    enforce as the maximum number of outstanding messages permitted at
    any time on the ASCONF
    message. This error indicates association, as per the rules in Section 4.6.
    Note that the request is rejected.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 value 0 1 2 3 4 5 holds a special meaning described in Section
    4.5.1

    Valid Chunk Appearance

    The Association Message Limit Change parameter may appear in the
    ASCONF Chunk, the INIT, or the INIT-ACK chunk type. The inclusion
    of this parameter in the INIT or INIT-ACK can be used to indicate
    an initial association message limit.

    3.3  New Error Causes

    Three new Error Causes are added to the SCTP Operational Errors,
    primarily for use in the ASCONF-ACK chunk.

    Cause Code
    Value          Cause Code
    ---------      ----------------
    0xC             Request to Delete Last Remaining IP Address.
    0xD             Operation Refused Due to Resource Shortage.
    0xE             Request to Delete Source IP Address.

          Table 3: New Error Causes
    3.3.1 Error Cause: Request to Delete Last Remaining IP Address

    Cause of error
    ---------------
    Request to Delete Last Remaining IP address: The receiver of this
    error sent a request to delete the last IP address from its
    association with its peer. This error indicates that the request is
    rejected.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Cause Code=14 Code=0x000C         |      Cause Length=Variable    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                     TLV-Copied-From-ASCONF                    /
    /                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    An example of a failed delete in an Error Cause TLV would look as
    follows in the response ASCONF-ACK message:

        +--------------------------------+
        | Type = 0xC004  | Length = 20   |
        +--------------------------------+
        |  Cause=14  Cause=0x000C  | Length = 16   |
        +----------------+---------------+
        |  Type=0xC002  Type= 0xC002  | Length = 12   |
        +----------------+---------------+
        |   Type=5   Type=0x0005  | Length = 8    |
        +----------------+---------------+
        |       Value=0x0a010101       Value=0x0A010101         |
        +----------------+---------------+

    IMPLEMENTATION NOTE: It

    3.3.2 Error Cause: Operation Refused Due to Resource Shortage

    Cause of error
    ---------------
    This error cause is unlikely that an endpoint would source used to report a packet from failure by the address being deleted, unless receiver to
    perform the endpoint
    does not do proper source address selection.

    4. Procedures

    This section will lay out requested operation due to a lack of resources.  The
    entire TLV that is refused is copied from the specific procedures for address/stream
    configuration change chunk type ASCONF-REQ into the
    error cause.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Cause Code=0x000D         |      Cause Length=Variable    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                  TLV-Copied-From-ASCONF                      /
    /                                                              \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    An example of a failed addition in an Error Cause TLV would look as
    follows in the response ASCONF-ACK message:

        +--------------------------------+
        | Type = 0xC004  | Length = 20   |
        +--------------------------------+
        |  Cause=0x000D  | Length = 16   |
        +----------------+---------------+
        |  Type=0xC001   | Length = 12   |
        +--------------------------------+
        |  Type=0x0005   | Length = 8    |
        +----------------+---------------+
        |       Value=0x0A010101         |
        +----------------+---------------+

    3.3.3 Error Cause: Request to Delete Source IP Address

    Cause of error
    ---------------
    Request to Delete Source IP Address: The receiver of this error sent
    a request to delete the source IP address of the ASCONF
    message. This error indicates that the request is rejected.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Cause Code=0x000E         |      Cause Length=Variable    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    \                    TLV-Copied-From-ASCONF                     /
    /                                                               \
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    An example of a failed delete in an Error Cause TLV would look as
    follows in the response ASCONF-ACK message:

        +--------------------------------+
        | Type = 0xC004  | Length = 20   |
        +--------------------------------+
        |  Cause=0x000E  | Length = 16   |
        +----------------+---------------+
        |  Type=0xC002   | Length = 12   |
        +----------------+---------------+
        |   Type=0x0005  | Length = 8    |
        +----------------+---------------+
        |       Value=0x0A010101         |
        +----------------+---------------+

    IMPLEMENTATION NOTE: It is unlikely that an endpoint would source
    a packet from the address being deleted, unless the endpoint
    does not do proper source address selection.

    4. Procedures

    This section will lay out the specific procedures for address/stream
    configuration change chunk type and its processing.

    4.1 ASCONF Chunk Procedures

    When an endpoint has an ASCONF signaled change to be sent to the
    remote endpoint it should do the following:

    A1) Create an ASCONF Chunk as defined in section 3.1.1. The chunk
    should contain all of the TLV(s) of information necessary to be
    sent to the remote endpoint, and unique correlation identities for
    each request.

    A2) A serial number should be assigned to the Chunk. The serial
    number should be a monotonically increasing number. All serial
    numbers are defined to be initialized at the start of the
    association to the same value as the Initial TSN.

    A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the
    remote peer, AND there is less than cwnd bytes of user data
    outstanding, send the chunk.

    A4) Start a T-4 RTO timer, using the RTO value of the selected
    destination address (normally the primary path; see [RFC2960] section
    6.4 for details).

    A5) When the ASCONF-ACK that acknowledges the serial number last
    sent arrives, stop the T-4 RTO timer, and clear the appropriate
    association and destination error counters as defined in [RFC2960]
    section 8.1 and 8.2.

    A6) Process all of the TLVs within the ASCONF-ACK to find out
    particular status information returned to the various requests that
    were sent. Use the Correlation IDs to correlate the request and the
    responses.

    A7) If an error response is received for a TLV parameter,
    all TLVs with no response before the failed TLV are considered
    successful if not reported.  All TLVs after the failed response are
    considered unsuccessful unless a specific success indication is
    present for the parameter.

    A8) If there is no response(s) to specific TLV parameter(s), and no
    failures are indicated, then all request(s) are considered
    successful.

    If the T-4 RTO timer expires the endpoint should do the following:

    B1) Increment the error counter and perform path failure detection
    on the appropriate destination address as defined in [RFC2960]
    section 8.2.

    B2) Increment the association error counter and perform endpoint
    failure detection on the association as defined in [RFC2960] section
    8.1.

    B3) Back-off the destination address RTO timer to which the ASCONF
    chunk was sent by doubling the RTO timer value.

    B4) Re-transmit the ASCONF Chunk last sent and if possible choose an
    alternate destination address (please refer to [RFC2960] section
    6.4.1). An endpoint MUST NOT add new parameters to this chunk, it
    MUST be the same (including its serial number) as the last ASCONF
    sent.

    B5) Restart the T-4 RTO timer. Note that if a different destination is
    selected, then the RTO used will be that of the new destination
    address.

    Note: the total number of re-transmissions is limited by B2
    above. If the maximum is reached, the association will fail and enter
    a CLOSED state (see [RFC2960] section 6.4.1 for details).

    4.1.1 Congestion Control of ASCONF Chunks

    In defining the ASCONF Chunk transfer procedures, it is essential
    that these transfers MUST NOT cause congestion within the network.
    To achieve this, we place these restrictions on the transfer of
    ASCONF Chunks:

    R1) One and only one ASCONF Chunk MAY be in transit and
    unacknowledged at any one time.  If a sender, after sending an ASCONF
    chunk, decides it needs to transfer another ASCONF Chunk, it MUST
    wait until the ASCONF-ACK Chunk returns from the previous ASCONF
    Chunk before sending a subsequent ASCONF. Note this restriction
    binds each side, so at any time two ASCONF may be in-transit on any
    given association (one sent from each endpoint).

    R2) A ASCONF MUST NOT be sent if there is no room in the current
    cwnd. If there is room in the cwnd of the destination network, the
    Chunk may be sent regardless of the value of rwnd.

    R3) A ASCONF may be bundled with any other chunk type (except other
    ASCONF Chunks) as long as the source address in the IP header of
    the packet is already a part of the association. If the ASCONF
    chunk is using an alternate source address as the source in
    the IP header, then NO other chunks may be bundled with the ASCONF
    chunk.

    R4) A ASCONF-ACK may be bundled with any other chunk type except
    other ASCONF-ACKs.

    R5) Both ASCONF and its processing.

    4.1 ASCONF-ACK chunks MUST NOT be sent in any SCTP
    state except ESTABLISHED.

    R6) An ASCONF and respective ASCONF-ACK MUST NOT be larger than the
    path MTU of the destination.

    If the sender of an ASCONF Chunk receives a Operational Error
    indicating that the ASCONF chunk type is not understood, then the
    sender MUST not send subsequent ASCONF Chunks to the peer. The
    endpoint should also inform the upper layer application that the
    peer endpoint does not support any of the extensions detailed in this
    document.

    4.2 Upon reception of an ASCONF Chunk.

    When an endpoint receives an ASCONF Chunk from the remote peer
    special procedures MAY be needed to identify the association
    the ASCONF Chunk is associated with. To properly find the
    association the following procedures should be followed:

    L1) Use the source address and port number of the sender to
    attempt to identify the association (i.e. use the same method
    defined in [RFC2960] used for all other SCTP chunks ). If found
    proceed to rule L5.

    L2) If the association is not found, use the address found
    in the Address Bytes field combined with the port number
    found in the SCTP common header. If found proceed to rule
    L4.

    L3) If neither L1 or L2 locates the association, treat
    the chunk as an Out Of The Blue chunk as defined in
    [RFC2960].

    L4) Verify that no other chunk is bundled with the ASCONF
    chunk. If other chunks are bundled with the ASCONF Chunk Procedures

    When an endpoint has an
    then the receiver MUST silently discard the ASCONF signaled change to be sent chunk.

    L5) Follow the normal rules to validate the
    remote endpoint it SCTP verification
    tag found in [RFC2960].

    After identification and verification of the association,
    the following should do be performed to properly process the following:

    A1) Create a ASCONF Chunk as defined in section 3.1.1. The chunk
    should contain all of Chunk:

    C1) Compare the TLV('s) value of information necessary the serial number to the value the endpoint
    stored in a new association variable 'Peer-Serial-Number'.  This
    value MUST be
    sent initialized to the remote endpoint, and unique correlation identities for
    each request.

    A2) A Initial TSN value minus 1.

    C2) If the value found in the serial number should be assigned is equal to the the
    ('Peer-Serial-Number' + 1), the endpoint should:

      V1) Process the TLVs contained within the Chunk performing the
      appropriate actions as indicated by each TLV type.  The TLVs MUST
      be processed in order within the Chunk. For example, if the sender
      puts 3 TLVs in one chunk, the first TLV (the one closest to the
      Chunk Header) in the Chunk MUST be processed first. The serial
    number should next TLV in
      the chunk (the middle one) MUST be processed second and finally the
      last TLV in the Chunk MUST be processed last.

      V2) In processing the chunk, the receiver should build a monotonically increasing number. All serial
    numbers are response
      message with the appropriate error TLVs, as specified in the
      Parameter type bits for any ASCONF Parameter it does not understand.
      To indicate an unrecognized parameter, parameter type 8 as defined to be initialized at
      in in the start INIT-ACK in 3.3.3 of [RFC2960] should be used. The
      endpoint may also use the
    association response to the same value carry rejections for other
      reasons such as resource shortages etc using the Initial TSN.

    A3) If Error Cause TLV and
      an appropriate error condition.

      Note: a positive response is implied if no ASCONF chunk error is outstanding (un-acknowledged) with indicated by the
    remote peer AND there is less than cwnd bytes of user data
    outstanding send
      sender.

      V3) All error responses MUST copy the chunk.

    A4) Start a T-4 RTO timer, using ASCONF-Request Correlation ID
      field received in the RTO value of ASCONF, from the selected
    destination address (normally TLV being responded to, into
      the primary path see [RFC2960] section
    6.4 ASCONF-Request Correlation ID field. The ASCONF-Request
      Correlation ID always precedes the request TLV.

      V4) After processing the entire Chunk, it MUST send all TLVs for details).

    A5) When
      both unrecognized parameters and any other status TLVs inside the
      ASCONF-ACK which chunk that acknowledges the serial number last
    sent arrives, stop the T-4 RTO timer and clear the appropriate
    association and destination error counters as defined in [RFC2960]
    section 8.1 arrival and 8.2.

    A6) Process all processing of the TLV's within
      ASCONF Chunk.

      V5) Update the ASCONF-ACK to find out
    particular status information returned 'Peer-Serial-Number' to the various requests that
    were sent. Use value found in the Correlation IDs to correlate serial
      number field.

    C3) If the request and value found in the
    responses.

    A7) If an error response serial number is received equal to a TLV whose parameter type
    all the value
    stored in the 'Peer-Serial-Number', the endpoint should:

      X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any
      action on the TLVs parsed (since it has already performed these
      actions).

      X2) Build a response message with no the appropriate response before TLVs
      as specified in the failed TLV are considered
    successful if ASCONF Parameter type bits, for any
      parameter it does not reported.  All TLVs after understand or could not process.

      X3) After parsing the failed entire Chunk, it MUST send any response are
    considered unsuccessful unless
      TLV errors and status with an ASCONF-ACK chunk acknowledging the
      arrival and processing of the ASCONF Chunk.

      X4) The endpoint MUST NOT update its 'Peer-Serial-Number'.

    IMPLEMENTATION NOTE: As an optimization a specific success indication is
    present receiver may wish to save
    the last ASCONF-ACK for some predetermined period of time and
    instead of re-processing the parameter.

    A8) If there are no responses to TLVs whose parameter type begins
    all TLVs not responded to are considered successful.

If ASCONF (with the T-4 RTO timer expires same serial number) it
    may just re-transmit the endpoint should do ASCONF-ACK. It may wish to use the following:

    B1) Increment arrival
    of a new serial number to discard the error counter and perform path failure detection
    on previously saved ASCONF-ACK or
    any other means it may choose to expire the appropriate destination address as defined in [RFC2960]
    section 8.2.

    B2) Increment saved ASCONF-ACK.

    C4) Otherwise, the association error counter ASCONF Chunk is discarded since it must be either
    a stale packet or from an attacker. A receiver of such a packet MAY
    log the event for security purposes.

    C5) In both cases C2 and perform endpoint
    failure detection on C3 the association as defined in [RFC2960] section
    8.1.

    B3) Back-off ASCONF-ACK MUST be sent back to the destination
    source address RTO timer to which contained in the IP header of the ASCONF
    chunk was sent.

    B4) Re-transmit being
    responded to.

    4.3 General rules for address manipulation

    When building TLV parameters for the ASCONF chunk last sent and if possible choose Chunk that
    will add or delete IP addresses the following rules should be
    applied:

    D1) When adding an
    alternate destination IP address (please refer to [RFC2960] section
    6.4.1). An endpoint MUST an association, the IP address is
    NOT add new parameters considered fully added to this chunk, it
    MUST be the same (including its serial number) association until the ASCONF-ACK
    arrives. This means that until such time as the last ASCONF
    sent.

    B5) Restart containing
    the T-4 RTO timer. Note if a different destination add is
    selected, then acknowledged the RTO used will be that of sender MUST NOT use the new destination
    address.

    Note: That IP address
    as a source for ANY SCTP chunks besides an ASCONF Chunk.
    The receiver of the add IP address request may use the total number
    address as a destination immediately.

    D2) After the ASCONF-ACK of re-transmissions is limited by B2
    above. If an IP address add arrives, the maximum is reached
    endpoint MAY begin using the association will fail and enter added IP address as a CLOSED state (see [RFC2960] section 6.4.1 source
    address for details).

    4.1.1 Congestion Control any type of ASCONF Chunks
    In defining the ASCONF chunk transfer procedures it is essential SCTP chunk.

    D3) If an endpoint receives an Error Cause TLV indicating that these transfers MUST NOT cause congestion within the network.
    To achieve this we place these restrictions on
    IP address Add, IP address Deletion, or Set Primary IP Address
    parameters was not understood, the transfer of
    ASCONF chunks:

    R1) One and only one ASCONF Chunk MAY be in transit endpoint MUST consider the
    operation failed and
    unacknowledged at MUST NOT attempt to send any one time.  If a sender, after sending a ASCONF
    chunk, decides it needs subsequent Add,
    Delete or Set Primary requests to transfer another ASCONF Chunk, it the peer.

    D4) When deleting an IP address from an association, the IP address
    MUST
    wait be considered a valid destination address for the reception of
    SCTP packets until the ASCONF-ACK Chunk returns from the previous ASCONF
    Chunk before sending arrives and MUST NOT be used as a subsequent ASCONF. Note this restriction
    binds each side, so at
    source address for any time two ASCONF may be in-transit on subsequent packets. This means that any
    given association (one sent from each endpoint).

    R2) A ASCONF
    datagrams that arrive before the ASCONF-ACK destined to the IP address
    being deleted MUST NOT be sent if there is no room in considered part of the current
    cwnd. If there
    association. One special consideration is room in the cwnd of the destination network the
    Chunk may be sent regardless of that ABORT chunks arriving
    destined to the value of rwnd.

    R3) A ASCONF may be bundled with any other Chunk type except other
    ASCONF chunks.

    R4) A ASCONF-ACK may IP address being deleted MUST be bundled with any other Chunk type except ignored (see
    Section 4.3.1 for further details).

    D5) An endpoint MUST NOT delete its last remaining IP address from an
    association. In other ASCONF-ACK's.

    R5) Both ASCONF and ASCONF-ACK chunks words if an endpoint is NOT multi-homed it
    MUST NOT use the delete IP address. Or if an endpoint sends multiple
    requests to delete IP addresses it MUST NOT be sent in any SCTP
    state except ESTABLISHED.

    R6) delete all of the IP
    addresses that the peer has listed for the requester.

    D6) An ASCONF and respective ASCONF-ACK endpoint MUST NOT set a IP header source address for an SCTP
    packet holding the ASCONF Chunk to be larger than the
    path MTU of same as an address being
    deleted by the destination. ASCONF Chunk.

    D7) If a request is received to delete the sender last remaining IP address
    of a ASCONF chunk receives a Operational Error
    indicating that the ASCONF chunk type is not understood, then peer endpoint, the
    sender receiver MUST not send subsequent ASCONF chunks an Error Cause TLV with
    the error cause set to the peer. new error code 'Request to Delete Last
    Remaining IP Address'. The
    endpoint should also inform requested delete MUST NOT be performed or
    acted upon, other than to send the upper level application that ASCONF-ACK.

    D8) If a request is received to delete an IP address which is also
    the
    peer endpoint does not support any source address of the extensions detailed in this
    document.

    4.2 Upon reception of a ASCONF Chunk.

    When an endpoint receives a IP packet which contained the ASCONF chunk from
    chunk, the remote peer it
    should perform receiver MUST reject this request.  To reject the following:

    C1) Compare request
    the value of receiver MUST send an Error Cause TLV set to the new error code
    'Request to Delete Source IP Address' (unless Rule D5 has also been
    violated, in which case the error code 'Request to Delete Last
    Remaining IP Address' is sent).

    D9) If an endpoint receives an ADD IP address request and does not
    have the serial number local resources to the value the endpoint
    stored in a add this new association variable 'Peer-Serial-Number'.  This
    value address to the association,
    it MUST be initialized return an Error Cause TLV set to the Initial TSN value minus 1.

    C2) new error code
    'Operation Refused Due to Resource Shortage'.

    D10) If the value found an endpoint receives an 'Out of Resource' error in the serial number is equal response
    to its request to ADD an IP address to an association, it must
    either ABORT the association or not consider the
    ('Peer-Serial-Number' + 1), the endpoint should:

      V1) Process the TLV's contained within the Chunk performing the
      appropriate actions as indicated by each TLV type.  The TLV's MUST
      be processed in order within address part of the Chunk.
    association. In other words if the sender
      puts 3 TLV's in one chunk endpoint does not ABORT the first TLV (the one closest to
    association, it must consider the
      Chunk Header) in add attempt failed and NOT use
    this address and treat SCTP packets destined to the Chunk MUST be processed first. address as Out
    Of The next TLV Blue packets.

    D11) When an endpoint receiving an ASCONF to add an IP address sends
    an 'Out of Resource' in
      the chunk (the middle one) would be processed second and finally the
      last TLV its response, it MUST also fail any
    subsequent add or delete requests bundled in the Chunk would be processed last.

      V2) In processing the chunk, the ASCONF.  The
    receiver should build MUST NOT reject an ADD and then accept a response
      message with the appropriate error TLV's, as specified subsequent DELETE
    of an IP address in the
      Parameter type bits for any same ASCONF Parameter Chunk. In other words, once a
    receiver begins failing any ADD or DELETE request, it does not understand.
      To indicate an unrecognized parameter, parameter type 8 as defined
      in in the INIT-ACK must fail all
    subsequent ADD or DELETE requests contained in 3.3.3 of [RFC2960] should be used. It may also
      use the response that single ASCONF.

    D12) When an endpoint receives a request to carry rejections for other reasons such delete an IP address
    that is the current primary address, it is an implementation
    decision as
      resource shortages etc using to how that endpoint chooses the Error Cause TLV and new primary address.

    D13) When an appropriate
      error condition.

      Note: endpoint receives a positive response is implied if valid request to DELETE an IP
    address the endpoint MUST consider the address no error is indicated by longer as part of
    the
      sender.

      V3) All error responses must copy association. It MUST NOT send SCTP packets for the ASCONF-Request Correlation ID
      field association
    to that address and it MUST treat subsequent packets received in the ASCONF, from
    that address as Out Of The Blue.

    During the TLV being responded to, into time interval between sending out the ASCONF-Request Correlation ID field. ASCONF and
    receiving the ASCONF-ACK it MAY be possible to receive DATA chunks
    out of order. The ASCONF-Request
      Correlation ID always precedes following examples illustrate these problems:

    Endpoint-A                                     Endpoint-Z
    ----------                                     ----------
    ASCONF[Add-IP:X]------------------------------>
                                            /--ASCONF-ACK
                                           /
                                 /--------/---New DATA:
                                /        /    Destination
           <-------------------/        /     IP:X
                                       /
           <--------------------------/

    In the request TLV.

      V4) After processing above example we see a new IP address (X) being added to
    the entire Chunk, it MUST send all TLV's for
      both unrecognized parameters Endpoint-A. However due to packet re-ordering in the network
    a new DATA chunk is sent and any other status TLV's inside arrives at Endpoint-A before
    the ASCONF-ACK chunk that acknowledges confirming the arrival and processing add of the
      ASCONF Chunk.

      V5) Update the 'Peer-Serial-Number' address to the value found in the serial
      number field.

    C3) If association.

    A similar problem exists with the value found in deletion of an IP address as
    follows:

    Endpoint-A                                     Endpoint-Z
    ----------                                     ----------
                                 /------------New DATA:
                                /             Destination
                               /              IP:X
    ASCONF [DEL-IP:X]---------/---------------->
           <-----------------/------------------ASCONF-ACK
                            /
                           /
            <-------------/

    In this example we see a DATA chunk destined to the serial number IP:X (which is equal
    about to be deleted) arriving after the value
    stored in the 'Peer-Serial-Number', deletion is complete.
    For the ADD case an endpoint should:

      X1) Parse SHOULD consider the ASCONF Chunk TLV's but newly adding IP
    address valid for the association to receive data from during the
    interval when awaiting the ASCONF-ACK. The endpoint MUST not take any
      action on NOT source
    data from this new address until the TLV's parsed (since ASCONF-ACK arrives but it has already performed these
      actions).

      X2) Build a response message with the appropriate response TLV's may
    receive out of order data as specified in illustrated and MUST NOT treat this
    data as an OOTB datagram (please see [RFC2960] section 8.4). It MAY
    drop the ASCONF Parameter type bits, for any
      parameter it does not understand data silently or could not process.

      X3) After parsing the entire Chunk, it MUST send any response
      TLV errors and status with a ASCONF-ACK chunk acknowledging the
      arrival and processing of the ASCONF Chunk.

      X4) The endpoint MAY consider it part of the association
    but it MUST NOT update its 'Peer-Serial-Number'.

    IMPLEMENTATION NOTE: As respond with an optimization a receiver may wish ABORT.

    For the DELETE case, an endpoint MAY respond to save the last ASCONF-ACK late arriving DATA
    packet as an OOTB datagram or it MAY hold the deleting IP address for some predetermined a
    small period of time and
    instead of re-processing the ASCONF (with the same serial number) as still valid. If it
    may just re-transmit treats the ASCONF-ACK. It may wish to use DATA packet as
    an OOTB the arrival
    of a new serial number to peer will silently discard the previously saved ASCONF-ACK or
    any other means it may choose to expire ABORT (since by the saved ASCONF-ACK.

    C4) Otherwise, time
    the ASCONF chunk ABORT is discarded since it must be either
    a stale packet or from an attacker. A receiver of such a packet MAY
    log the event for security purposes.

    C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the
    source peer will have removed the IP address contained in from this
    association). If the endpoint elects to hold the IP header address valid for
    a period of time, it MUST NOT hold it valid longer than 2 RTO
    intervals for the ASCONF destination being
    responded to.

    4.3 General rules for address manipulation

    When building TLV parameters removed.

    4.3.1 A special case for OOTB ABORT chunks

    Another case worth mentioning is illustrated below:

    Endpoint-A                                     Endpoint-Z
    ----------                                     ----------

    New DATA:------------\
    Source IP:X           \
                           \
    ASCONF-REQ[DEL-IP:X]----\------------------>
                             \        /---------ASCONF-ACK
                              \      /
                               \----/-----------> OOTB
    (Ignored <---------------------/-------------ABORT
     by rule D4)                  /
           <---------------------/

    For this case, during the ASCONF Chunk that
    will add or delete IP addresses the following rules should be
    applied:

    D1) When adding deletion of an IP address to address, an association,
    Abort MUST be ignored if the IP destination address of the
    Abort message is
    NOT considered fully added to that of a destination being deleted.

    4.3.2 A special case for changing an address.

    In some instances the sender may only have one IP address in an
    association until the ASCONF-ACK
    arrives. This means that until such time as the ASCONF containing
    the add is acknowledged being renumbered. When this occurs, the sender MUST NOT
    may not be able to send to the peer the appropriate ADD/DELETE pair
    and use the new IP old address as a source for ANY SCTP packet. The receiver of in the add IP address
    request may use header. For this
    reason the address has a destination immediately.

    D2) After sender MUST fill in the ASCONF-ACK of Address Bytes field with an IP
    address add arrives, that is part of the endpoint
    MAY begin association (in this case the one being
    deleted). This will allow the receiver to locate the association
    without using the added IP address as a source address.

    D3) If address found in the IP header. Such
    an endpoint receives SCTP packet MUST NOT be bundled with any other chunk.

    The receiver of such an Error Cause TLV indicating that ASCONF chunk MUST NOT process the
    IP address Add, IP address Deletion, or Set Primary IP Address
    parameters was not understood,
    SCTP packet if any other chunks are contained inside the endpoint SCTP
    packet. The receiver MUST consider always first use the
    operation failed and MUST NOT source address
    found in the IP header in looking up the association.  The
    receiver should attempt to send any subsequent Add,
    Delete or Set Primary requests to use the address found in the Address
    Bytes field only if the peer.

    D4) When deleting an IP lookup fails using the source address from an association,
    the IP address header.  The receiver MUST be considered a valid destination address for NOT reply to the reception source address
    of
    SCTP packets until the ASCONF-ACK arrives and MUST NOT be used has a
    source packet in this special case, but to the new address for any subsequent packets. This means that any
    datagrams that arrive before
    was added by the ASCONF-ACK destined to ASCONF (since the IP old address
    being deleted MUST be considered is no longer a part
    of the current
    association. One special consideration is that ABORT chunks arriving
    destined to association after processing).

    4.4 Setting of the IP address being deleted MUST be ignored (see
    Section 4.3.1 for further details).

    D5) An endpoint MUST NOT delete its last remaining IP primary address from

    A sender of this option may elect to send this combined with
    a deletion or addition of an address. A sender SHOULD only send
    a set primary request to an address that is already considered
    part of the association. In other words if a sender combines
    a set primary with an endpoint is NOT multi-homed it
    MUST NOT use the delete add of a new IP address. Or if an endpoint sends multiple
    requests address the set primary
    will be discarded unless the add request is to delete IP addresses be processed
    BEFORE the set primary (i.e. it MUST NOT delete all of precedes the IP
    addresses that set primary).

    A request to set primary MAY also appear in a INIT or INIT-ACK
    chunk. This can give advice to the peer has listed for the requester.

    D6) An endpoint MUST NOT set a source address for an SCTP packet
    holding as to which
    of its addresses the ASCONF chunk sender of the INIT or INIT-ACK would like
    to be the same used as an address being deleted
    by the ASCONF chunk.

    D7) If a primary address.

    The request is received to delete the last remaining IP set an address
    of a peer endpoint, as the receiver MUST send primary path is an Error Cause TLV with option the error cause set
    receiver SHOULD perform. It is considered advice to the new error code 'Request to delete last IP
    remaingin address'. The requested delete MUST NOT be performed or
    acted upon, other than receiver of
    the best destination address to send use in sending SCTP packets (in the ASCONF-ACK.

    D8)
    requester's view). If a request is received arrives that asks the receiver to delete
    set an IP address which is also as primary that does not exist, the source receiver should
    NOT honor the request, leaving its existing primary address of
    unchanged.

    4.5 Stream Flow Limit and Message Limit Procedures

    A stream in SCTP is an uni-directional logical channel established
    from one to another associated SCTP endpoint, within which all user
    messages are delivered in sequence except for those submitted to the IP packet
    un-ordered delivery service which contained may arrive out of sequence. Since
    each stream is uni-directional and no feedback mechanism exists to
    limit a sender, it is possible for one unique stream to monopolize
    all of the transport level receiver window space. The mechanism
    defined here attempts to alleviate this problem by allowing the
    receiver side to communicate to the sender a limit on how much
    outstanding data may be sent within a particular stream.

    The procedures defined here are broken down into two sides:

    o The stream receiver side or peer requesting the ASCONF
    chunk, limit. And,

    o the receiver stream sender side or peer that MUST reject this honor the limit request.  To reject

    The receiver's side is mainly involved with sending the request
    the receiver MUST send an Error Cause TLV set to
    the new error code
    "Request to Delete Source IP Address" (unless Rule D5 has also been
    violated, in which case peer. The sender's side is where the error code 'Request to delete last
    remaining IP address' actual flow or message
    limit will be enforced.  Note that the stream receiver is sent).

    D9) If an the
    endpoint receives an ADD IP address request and does not
    have that sends the local resources to add this new address to ASCONF, INIT or INIT-ACK message (see
    Section 4.5.1), whereas the association,
    it MUST return an Error Cause TLV set to stream sender is the new error code
    "Operation Refused due to Resource Shortage".

    D10) If an endpoint that
    receives an 'Out of Resource' error the ASCONF, INIT or INIT-ACK message (see Section 4.5.2).

    4.5.1 Stream receiver side procedures

    The receiver side SCTP requests byte or message limits in response
    to its request to ADD an IP address to upper layer request. An upper layer may request, via an association, it must
    either ABORT the association API
    interface, that a byte or not consider the address part message limit be imposed on all or a
    subset of the active streams that send data to the upper layer
    receiver, or that a message limit be imposed on the association. In other words if
    The basis on which the upper layer determines these limits is
    outside the scope of this document.

    Any time during an association that limits are requested of the SCTP
    endpoint does not ABORT the
    association, it must consider by the add attempt failed and NOT use
    this address and treat SCTP packets destined to upper layer, the address as Out
    Of The Blue packets.

    D11) When receiver side SHOULD create an endpoint receiving a
    ASCONF Chunk and attach to add an IP address sends
    an 'Out of Resource' in its response, it MUST also fail any
    subsequent add a Stream Flow Limit Change, Stream
    Message Limit Change, or delete requests bundled Association Message Limit Change parameter
    as appropriate.  These parameter types MAY also be placed in an INIT
    or INIT-ACK chunk at the ASCONF.  The
    receiver MUST NOT reject beginning of an ADD association to request
    initial values for the appropriate limits.

    The Stream Flow Limit Change and then accept Stream Message Limit Changes
    parameters contain a subsequent DELETE sequence of an IP address in the same ASCONF chunk. In other words, once one or more pairs, each of which
    consists of a specific stream number, and a byte or message limit
    to be applied to that stream.

    If the receiver begins failing any ADD wishes to remove the flow limit or DELETE request, message limit
    for a specific stream, it must fail all
    subsequent ADD or DELETE requests contained may do so by placing the special value
    '0' in that single ASCONF.

    D12) When an the Flow Limit or Message Limit field.  Once acknowledged
    by the peer endpoint receives a request to delete the receiver should consider the limit in
    place.

    In the case of flow or message limits contained within an IP address
    that INIT
    chunk, any such limit is considered acknowledged with the current primary address, it is an implementation
    decision as to how arrival of
    the INIT-ACK, provided that the peer indicates that endpoint chooses it understands
    the new primary address.

    D13) When an endpoint receives a valid request to DELETE requested limit by NOT placing an IP
    address 'unrecognized parameter' error
    in the endpoint MUST consider INIT-ACK.

    Similarly, for flow or message limits contained within an INIT-ACK
    chunk, any such limit is considered acknowledged with the address no longer as part arrival of
    the association. It MUST cookie, provided that the peer indicates that it understands the
    requested limit by NOT placing an 'unrecognized parameter' error in
    the cookie.

    To send SCTP packets for initial limits, ASCONF chunks are NOT bundled with the association INIT
    or INIT-ACK. Instead the TLV is added to the variable parameters
    section of the INIT or INIT-ACK.

    Note that address the parameter type field upper two bits dictates that any
    parameter not understood should be skipped and it MUST treat subsequent packets reported to the
    sender with an Operational Error. If an Operational Error is
    received from that address as Out Of The Blue.

    During the time interval between sending out indicates that the ASCONF and
    receiving 'Stream Byte Limit Request' or
    'Stream Message Limit Request' is not understood, the ASCONF-ACK it MAY be possible to receive DATA chunks
    out sender of order. the
    limit request MUST not send subsequent limit requests. The following examples illustrate these problems:

    Endpoint-A                                     Endpoint-Z
    ----------                                     ----------
    ASCONF[Add-IP:X]------------------------------>
                                            /--ASCONF-ACK
                                           /
                                 /--------/---New DATA:
                                /        /    Destination
           <-------------------/        /     IP:X
                                       /
           <--------------------------/
    In endpoint
    SHOULD also inform the above example we see a new IP address (X) being added to upper layer application that the Endpoint-A. However due to packet re-ordering in peer
    endpoint does not support this feature.

    4.5.2 Stream Sender side procedures

    When a 'Stream Byte Limit Request' or 'Stream Message Limit
    Request' is received the network sender MUST record each limit with its
    appropriate stream.

    After a new DATA chunk limit is sent and arrives at Endpoint-A before set on a stream the ASCONF-ACK confirming sender MUST obey the add of following
    rules when sending to the address peer on that stream:

    S1) When the upper layer application attempts to send to the association.

    A similar problem exists with peer on
    a stream, check
    -  the deletion number of an IP address as
    follows:

    Endpoint-A                                     Endpoint-Z
    ----------                                     ----------
                                 /------------New DATA:
                                /             Destination
                               /              IP:X
    ASCONF [DEL-IP:X]---------/---------------->
           <-----------------/------------------ASCONF-ACK
                            /
                           /
            <-------------/

    In this example we see a DATA chunk destined outstanding bytes sent to the IP:X (which is
    about that stream
       (those TSNs in queue to be deleted) arriving after sent, which the deletion Cumulative TSN
       Acknowledgment has not passed, on this stream) versus the limit set
       for that stream (The last received limit for this stream is complete.
    For
       henceforth termed the ADD case an endpoint SHOULD consider current limit).
    -  the newly adding IP
    address valid number of outstanding messages sent on that stream (for which
       not all TSNs are passed by the Cumulative TSN Acknowledgment)
       versus the limit for this stream.

    S2a) If the association number of outstanding bytes is greater than or equal to receive data from during
    the
    interval when awaiting current limit, the ASCONF-ACK. The SCTP endpoint MUST NOT source
    data from this new address until reject the ASCONF-ACK arrives but it may
    receive out of order data as illustrated request and MUST NOT treat this
    data as an OOTB datagram (please see [RFC2960] section 8.4). It MAY
    drop
    queue the data silently or it MAY consider for transmit. Instead it part SHOULD return an error
    to the sending application.

    S2b) If the number of outstanding messages is greater or equal to
    the association
    but it current limit, the SCTP endpoint MUST reject the request and NOT respond with an ABORT.

    For
    queue the DELETE case, data for transmit. Instead it SHOULD return an endpoint MAY respond error
    to the late arriving DATA
    packet as an OOTB datagram or it MAY hold sending application.

    S3a) If the deleting IP address for a
    small period number of time as still valid. If it treats outstanding bytes is less than the DATA packet as
    an OOTB current
    limit, validate that the peer will silently discard data to be sent plus the ABORT (since by number of
    outstanding bytes is smaller than or equal to this limit. If the time
    user data plus the ABORT number of outstanding bytes is sent smaller than or
    equal to the peer will have removed current limit accept the IP address from data for transmit and queue
    the user data (increasing the number of outstanding data bytes on
    this
    association). stream). If the endpoint elects to hold user data plus the IP address valid for
    a period number of time, it MUST NOT hold it valid longer outstanding bytes
    is larger than 2 RTO
    intervals for the destination being removed.

    4.3.1 A special case current limit for OOTB ABORT chunks

    Another case worth mentioning is illustrated below:

    Endpoint-A                                     Endpoint-Z
    ----------                                     ----------

    New DATA:------------\
    Source IP:X           \
                           \
    ASCONF-REQ[DEL-IP:X]----\------------------>
                             \        /---------ASCONF-ACK
                              \      /
                               \----/-----------> OOTB
    (Ignored <---------------------/-------------ABORT
     by rule D4)                  /
           <---------------------/

    For this case, during stream, the deletion of an IP address, an
    Abort SCTP endpoint
    MUST be ignored if reject the request and NOT queue the data for transmit and
    instead SHOULD return an error to the destination address of application.

    S3b) If the
    Abort message is that number of outstanding messages is less than the destination being deleted.

    4.4 Setting of current
    limit, accept the primary address

    A sender data for transmit and queue the user data
    (increasing the number of outstanding messages on this option may elect to send this combined with
    a deletion or addition of an address. A sender SHOULD only send stream).

    S4) Any time a set primary request to an address that stream limit is already considered
    part of updated to the association. In other words if a sender combines
    a set primary with an add value of a new IP address the set primary
    will be discarded unless the add request is 0, consider
    this indication to be processed
    BEFORE the set primary (i.e. it preceeds mean no limit is in effect for this stream.

    NOTE: Stream limits do NOT change the set primary).

    A request to set primary MAY also appear underlying SCTP rwnd and
    its usage as defined in a INIT or INIT-ACK
    chunk. This can give a hint [RFC2960]. The association MUST still
    honor the rwnd when sending to the peer endpoint as to which
    of its addresses defined in
    [RFC2960].

    4.5.3 ULP considerations on the sender use of the INIT or INIT-ACK would like
    to be used as the primary address.

    The request to set an address as the primary path SCTP flow limit facility

    A side-effect of rule S3 in section 4.5.2 is that an option the
    receiver MAY perform. It upper limit
    is considered a hint to imposed on the receiver size of the
    best destination address messages that may be sent to use any stream
    where a flow limit is in place.  Once a flow limit is in sending SCTP packets (in effect,
    if the
    requester's view). It sending Upper Layer Protocol (ULP) wishes to send a message
    that is possible larger than that permitted by the receiver may have other
    knowledge that it may act upon and NOT set imposed stream limit,
    the specified address as
    primary.  If ULP will need to provide a request arrives mechanism for fragmentation and
    re-assembly.

    This ULP mechanism is in addition to any fragmentation and
    re-assembly that asks may be provided by SCTP. It is the receiver sole
    responsibility of the ULP to set an
    address as primary that does not exist, handle the receiver should NOT
    honor case of a single user
    message being larger than the request, leaving its existing primary address unchanged.

    4.5 Steam Flow stream byte limit, if applicable.

    4.6 Association Message Limit Procedures

    A stream in SCTP is an uni-directional logical channel established
    from one to another associated SCTP endpoint, within which all user
    messages are delivered in sequence except for those submitted to

    Using the
    un-ordered delivery service which may arrive out of sequence. Since
    each stream is uni-directional and no feedback mechanism exists to flow/message limit a sender, functionality described
    in 4.5 it is possible for one unique stream a receiver to monopolize
    all of limit the sender in
    a way the transport level receiver window space. The mechanism
    defined here attempts to alleviate this problem by allowing thinks is appropriate. For an overall
    (per association) byte based limit the receiver side to communicate to can make use
    of the sender a rwnd field in SACK-chunks.

    An overall message based limit on how much
    outstanding data may is provided by the 'Association
    Message Limit Request'. This can be sent within a particular stream. useful to make better use of
    message oriented pools (e.g. mbufs) and to limit the delivery time
    for messages.

    The procedures defined here are broken down into two sides:

    o The stream receiver side or peer requesting the limit. And,

    o the stream sender side or peer that MUST honor the limit request.

    The receivers receiver's side is mainly involved with sending the request to
    the peer. The senders sender's side is where the actual limitations and flow
    message limit will occur. Note in section 4.5.1 4.6.1 the stream receiver
    is the endpoint that sends the ASCONF ASCONF, INIT or INIT-ACK  message, in
    section 4.5.2 4.6.2 the sender side is the endpoint that receives
    the ASCONF ASCONF, INIT or INIT-ACK message.

    4.5.1 Stream

    4.6.1 Receiver side procedures

    The receiver side SCTP makes decisions on stream flow limit based on
    upper layer input. Normally the upper layer makes a request to limit
    all or a subset of the active streams that send data to it via an
    API interface. How this decision is made is outside the scope of
    this document.

    Anytime flow limits are made known to the SCTP endpoint by the
    application, same rules as given in 4.5.1 for the receiver side SHOULD create a ASCONF Chunk and
    attach to it one or more stream flow limits with there respective stream number. If the receiver wishes to remove all limits
    (previously placed on a particular stream) it may do so by placing
    the special value '0' in the 'Flow Limit' field. Once acknowledged
    by the peer endpoint the receiver should consider the limit in
    place.

    Note that the parameter type field upper two bits dictates that any
    parameter not understood should be skipped and reported apply to the
    sender with an Operational Error. If an Operational Error is
    received that indicates that the 'Stream Flow Limit Request' is not
    understood, the sender of the limit request MUST not send subsequent
    limit requests. The endpoint SHOULD also inform the upper level
    application that the peer endpoint does not support this feature.

    4.5.2 Stream
    association limit.

    4.6.2 Sender side procedures

    When a 'Stream Flow an 'Association Message Limit Request' is received the sender MUST
    record each flow this limit with its appropriate stream. for the association.

    After a limit is set on a stream for the association the sender MUST obey the
    following rules when sending to the peer on that stream:

    S1) When the upper layer application attempts to send to the peer on
    a stream, check the number of outstanding bytes sent to that stream
    (those TSN's in queue to be sent, check the number of outstanding messages sent on the
    association (for which not all TSNs are passed by the cumulative Cumulative TSN
    Acknowledgment has not passed, on this stream)
    Acknowledgment) versus the limit set
    for that stream (The last received limit for this stream is
    henceforth termed the current limit). association.

    S2) If the number of outstanding bytes messages is greater than or equal to
    the current limit, the SCTP endpoint MUST reject the request and NOT
    queue the data for transmit. Instead it SHOULD return an error
    to the sending application.

    S3) If the number of outstanding bytes messages is less than the current
    limit, validate that the data to be sent plus the number of
    outstanding bytes is smaller than or equal to this limit. If the
    user data plus the number of outstanding bytes is smaller than or
    equal to the current limit accept the data for transmit and queue the user data
    (increasing the number of outstanding data bytes messages on this stream). If the user data plus the number of outstanding bytes
    is larger than the current limit for this stream, the SCTP endpoint
    MUST reject the request and NOT queue the data for transmit and
    instead SHOULD return an error to the application. association).

    S4) Any time a stream the association limit is updated to the value of 0,
    consider this indication to mean no limit is in effect for this stream.

    4.5.3 ULP considerations on the use of SCTP flow limit facility

    The effect of rule S3 in section 4.5.2 places a maximum size upon a
    sender. Once a limit is in effect, if the sending Upper Layer
    Protocol (ULP) wishes to send a message that is larger than that
    permitted by the imposed stream limit, the ULP will need to provide
    a mechanism for fragmentation and re-assembly.

    This ULP mechanism is in addition to any fragmentation and
    re-assembly that may be provided by SCTP. It is the sole
    responsibility of the ULP to handle the case of a single
    user message being larger than the stream flow limit, if
    applicable.
    Association.

    5. Security Considerations

    The ADD/DELETE of an IP address to an existing association does
    provide an additional mechanism by which existing associations can
    be hijacked.  Where the attacker is able to intercept and or alter
    the packets sent and received in an association association, the use of this
    feature MAY increase the ease at with which an association may be
    overtaken. This threat SHOULD be considered when deploying a version
    of SCTP that makes use of this feature. The IP Authentication Header
    [RFC2402] SHOULD be used when the threat environment requires
    stronger integrity protections, but does not require
    confidentiality. It should be noted that in the base SCTP
    specification [RFC2960], if an attacker is able to intercept and or
    alter packets, even without this feature it is possible to hijack an
    existing association, association; please refer to Section 11 of RFC2960.

    6. IANA considerations

    This document defines the following new SCTP parameters, chunks
    and errors:

	- Two new Chunk Types, chunk types,
	- Six Parameter Types, Eight parameter types, and
	- Three new SCTP Error Causes. error causes.

    7.  Acknowledgements  Acknowledgments

    The authors wish to thank Jon Berger, John Loughney, Ivan Arias
    Rodriguez, Marshall Rose, and Chip Sharp for their invaluable
    comments.

    8. Authors' Addresses

    Randall R. Stewart                      Tel: +1-815-477-2127
    Cisco Systems, Inc.                     EMail: rrs@cisco.com
    8745 W. Higgins Road, Suite 200
    Chicago, Ill  60631
    USA

    Micheal A. Ramalho                      Tel: +1-732-809-0188
    Cisco Systems, Inc.                EMail: mramalho@cisco.com
    1802 Rue de la Porte
    Wall Township, NJ 0719-3784

    Qiaobing Xie                            Tel: +1-847-632-3028
    Motorola, Inc.                    EMail: qxie1@email.mot.com
    1501 W. Shure Drive, #2309
    Arlington Heights, IL 60004
    USA

    Michael Tuexen                          Tel: +49-89-722-47210
    SIEMENS AG               EMail: Michael.Tuexen@icn.siemens.de
    Hofmannstr. 51
    81359 Munich
    Germany

    Ian Rytina                              Tel: +61-3-9301-6164
    Ericsson Australia             EMail:ian.rytina@ericsson.com
    37/360 Elizabeth Street
    Melbourne, Victoria 3000
    Australia

    Phil Conrad                            Tel: +1-XXX-XXX-XXXX +1-215-204-7910
    Netlab Research Group                  Email conrad@joda.cis.temple.edu conrad@acm.org
    Dept. Of Computer &
    Information Sciences
    Temple University
    1805 N Broad St.
    Philadelphia, PA 19122
    USA

    9. References

    [RFC2960] R. R. Stewart, Q. Xie, K. Morneault, C. Sharp,
        H. J. Schwarzbauer, T. Taylor, I. Rytina, M. Kalla, L. Zhang,
        and, V. Paxson, "Stream Control Transmission Protocol," RFC
        2960, October 2000.

    [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
        3", RFC 2026, October 1996.

    [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate
        Requirement Levels", BCP 14, RFC 2119, March 1997.

    [RFC2402] S. Kent, R. Atkinson., "IP Authentication Header.", RFC
        2402, November 1998.

      This Internet Draft expires in 6 months from May, 2001