draft-ietf-tsvwg-addip-sctp-13.txt   draft-ietf-tsvwg-addip-sctp-14.txt 
Network Working Group R. Stewart Network Working Group R. Stewart
Internet-Draft M. Ramalho Internet-Draft M. Ramalho
Expires: May 26, 2006 Cisco Systems, Inc. Expires: September 7, 2006 Cisco Systems, Inc.
Q. Xie Q. Xie
Motorola, Inc. Motorola, Inc.
M. Tuexen M. Tuexen
Univ. of Applied Sciences Muenster Univ. of Applied Sciences Muenster
P. Conrad P. Conrad
University of Delaware University of Delaware
November 22, 2005 March 6, 2006
Stream Control Transmission Protocol (SCTP) Dynamic Address Stream Control Transmission Protocol (SCTP) Dynamic Address
Reconfiguration Reconfiguration
draft-ietf-tsvwg-addip-sctp-13.txt draft-ietf-tsvwg-addip-sctp-14.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 41 skipping to change at page 1, line 41
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 26, 2006. This Internet-Draft will expire on September 7, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document describes extensions to the Stream Control Transmission This document describes extensions to the Stream Control Transmission
Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP
address information on an existing association. address information on an existing association.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Additional Chunks and Parameters . . . . . . . . . . . . . . . 6 3. Additional Chunks and Parameters . . . . . . . . . . . . . . . 4
3.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 6 3.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 5
3.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 6 3.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 5
3.1.2. Address Configuration Acknowledgment Chunk 3.1.2. Address Configuration Acknowledgment Chunk
(ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 7 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 6
3.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 8 3.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 7
3.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 9 3.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 8
3.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 10 3.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 9
3.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 11 3.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 10
3.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 12 3.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 11
3.2.5. Success Indication . . . . . . . . . . . . . . . . . . 13 3.2.5. Success Indication . . . . . . . . . . . . . . . . . . 12
3.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 14 3.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 13
3.2.7. Supported Extensions Parameter . . . . . . . . . . . . 14 3.2.7. Supported Extensions Parameter . . . . . . . . . . . . 13
3.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 15 3.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 14
3.3.1. Error Cause: Request to Delete Last Remaining IP 3.3.1. Error Cause: Request to Delete Last Remaining IP
Address . . . . . . . . . . . . . . . . . . . . . . . 15 Address . . . . . . . . . . . . . . . . . . . . . . . 14
3.3.2. Error Cause: Operation Refused Due to Resource 3.3.2. Error Cause: Operation Refused Due to Resource
Shortage . . . . . . . . . . . . . . . . . . . . . . . 16 Shortage . . . . . . . . . . . . . . . . . . . . . . . 15
3.3.3. Error Cause: Request to Delete Source IP Address . . . 17 3.3.3. Error Cause: Request to Delete Source IP Address . . . 16
3.3.4. Error Cause: Association Aborted due to illegal 3.3.4. Error Cause: Association Aborted due to illegal
ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 18 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 17
3.3.5. Error Cause: Request refused - no authorization. . . . 18 3.3.5. Error Cause: Request refused - no authorization. . . . 17
4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 20 4.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 18
4.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 21 4.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 19
4.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 22 4.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 20
4.3. General rules for address manipulation . . . . . . . . . . 24 4.3. General rules for address manipulation . . . . . . . . . . 22
4.3.1. A special case for OOTB ABORT chunks . . . . . . . . . 28 4.3.1. A special case for OOTB ABORT chunks . . . . . . . . . 25
4.3.2. A special case for changing an address. . . . . . . . 28 4.3.2. A special case for changing an address. . . . . . . . 26
4.4. Setting of the primary address . . . . . . . . . . . . . . 29 4.4. Setting of the primary address . . . . . . . . . . . . . . 26
5. Security Considerations . . . . . . . . . . . . . . . . . . . 30 5. Security Considerations . . . . . . . . . . . . . . . . . . . 27
6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 31 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 27
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 28
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 33 Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 28
A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 33 A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 29
A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 33 A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 29
A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 34 A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 29
A.4. Relationship with RFC 2960 . . . . . . . . . . . . . . . . 35 A.4. Relationship with RFC 2960 . . . . . . . . . . . . . . . . 30
A.5. Rules for address manipulation . . . . . . . . . . . . . . 35 A.5. Rules for address manipulation . . . . . . . . . . . . . . 31
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 32
Intellectual Property and Copyright Statements . . . . . . . . . . 38 Intellectual Property and Copyright Statements . . . . . . . . . . 34
1. Introduction 1. Introduction
To extend the utility and application scenarios of SCTP, this To extend the utility and application scenarios of SCTP, this
document introduces optional extensions that provide SCTP with the document introduces optional extensions that provide SCTP with the
ability to: ability to:
1. reconfigure IP address information on an existing association. 1. reconfigure IP address information on an existing association.
2. set the remote primary path. 2. set the remote primary path.
3. exchange adaptation layer information during association setup. 3. exchange adaptation layer information during association setup.
These extensions enable SCTP to be utilized in the following These extensions enable SCTP to be utilized in the following
applications: applications:
1. For computational or networking platforms that allow addition/ 1. For computational or networking platforms that allow addition/
removal of physical interface cards this feature can provide a removal of physical interface cards this feature can provide a
graceful method to add to the interfaces of an existing graceful method to add to the interfaces of an existing
association. For IPv6 this feature allows renumbering of association. For IPv6 this feature allows renumbering of
existing associations. existing associations.
skipping to change at page 4, line 25 skipping to change at page 4, line 23
3. exchange adaptation layer information during association setup. 3. exchange adaptation layer information during association setup.
These extensions enable SCTP to be utilized in the following These extensions enable SCTP to be utilized in the following
applications: applications:
1. For computational or networking platforms that allow addition/ 1. For computational or networking platforms that allow addition/
removal of physical interface cards this feature can provide a removal of physical interface cards this feature can provide a
graceful method to add to the interfaces of an existing graceful method to add to the interfaces of an existing
association. For IPv6 this feature allows renumbering of association. For IPv6 this feature allows renumbering of
existing associations. existing associations.
2. This provides a method for an endpoint to request that its peer 2. This provides a method for an endpoint to request that its peer
set its primary destination address. This can be useful when an set its primary destination address. This can be useful when an
address is about to be deleted, or when an endpoint has some address is about to be deleted, or when an endpoint has some
predetermined knowledge about which is the preferred address to predetermined knowledge about which is the preferred address to
receive SCTP packets upon. receive SCTP packets upon.
3. This feature can be used to extend the usability of SCTP without 3. This feature can be used to extend the usability of SCTP without
modifying it by allowing endpoints to exchange some information modifying it by allowing endpoints to exchange some information
during association setup. during association setup.
2. Conventions 2. Conventions
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when
they appear in this document, are to be interpreted as described in they appear in this document, are to be interpreted as described in
RFC2119 [2]. RFC2119 [RFC2119].
3. Additional Chunks and Parameters 3. Additional Chunks and Parameters
This section describes the addition of two new chunks and, seven new This section describes the addition of two new chunks and, seven new
parameters to allow: parameters to allow:
o Dynamic addition of IP Addresses to an association. o Dynamic addition of IP Addresses to an association.
o Dynamic deletion of IP Addresses from an association. o Dynamic deletion of IP Addresses from an association.
o A request to set the primary address the peer will use when o A request to set the primary address the peer will use when
sending to an endpoint. sending to an endpoint.
Additionally, this section describes three new error causes that Additionally, this section describes three new error causes that
support these new chunks and parameters. support these new chunks and parameters.
3.1. New Chunk Types 3.1. New Chunk Types
This section defines two new chunk types that will be used to This section defines two new chunk types that will be used to
transfer the control information reliably. Table 1 illustrates the transfer the control information reliably. Table 1 illustrates the
skipping to change at page 6, line 36 skipping to change at page 5, line 21
Chunk Type Chunk Name Chunk Type Chunk Name
-------------------------------------------------------------- --------------------------------------------------------------
0xC1 Address Configuration Change Chunk (ASCONF) 0xC1 Address Configuration Change Chunk (ASCONF)
0x80 Address Configuration Acknowledgment (ASCONF-ACK) 0x80 Address Configuration Acknowledgment (ASCONF-ACK)
Table 1: Address Configuration Chunks Table 1: Address Configuration Chunks
It should be noted that the ASCONF Chunk format requires the receiver It should be noted that the ASCONF Chunk format requires the receiver
to report to the sender if it does not understand the ASCONF Chunk. to report to the sender if it does not understand the ASCONF Chunk.
This is accomplished by setting the upper bits in the chunk type as This is accomplished by setting the upper bits in the chunk type as
described in RFC2960 [6] section 3.2. Note that the upper two bits described in RFC2960 [RFC2960] section 3.2. Note that the upper two
in the ASCONF Chunk are set to one. As defined in RFC2960 [6] bits in the ASCONF Chunk are set to one. As defined in RFC2960
section 3.2, setting these upper bits in this manner will cause the [RFC2960] section 3.2, setting these upper bits in this manner will
receiver that does not understand this chunk to skip the chunk and cause the receiver that does not understand this chunk to skip the
continue processing, but report in an Operation Error Chunk using the chunk and continue processing, but report in an Operation Error Chunk
'Unrecognized Chunk Type' cause of error. using the 'Unrecognized Chunk Type' cause of error.
3.1.1. Address Configuration Change Chunk (ASCONF) 3.1.1. Address Configuration Change Chunk (ASCONF)
This chunk is used to communicate to the remote endpoint one of the This chunk is used to communicate to the remote endpoint one of the
configuration change requests that MUST be acknowledged. The configuration change requests that MUST be acknowledged. The
information carried in the ASCONF Chunk uses the form of a Type- information carried in the ASCONF Chunk uses the form of a Type-
Length-Value (TLV), as described in "3.2.1 Optional/Variable-length Length-Value (TLV), as described in "3.2.1 Optional/Variable-length
Parameter Format" in RFC2960 [6], for all variable parameters. This Parameter Format" in RFC2960 [RFC2960], for all variable parameters.
chunk MUST be sent in an authenticated way by using the mechanism This chunk MUST be sent in an authenticated way by using the
defined in SCTP-AUTH [7]. If this chunk is received unauthenticated mechanism defined in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth]. If this
it MUST be silently discarded as described in SCTP-AUTH [7]. chunk is received unauthenticated it MUST be silently discarded as
described in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth].
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0xC1 | Chunk Flags | Chunk Length | | Type = 0xC1 | Chunk Flags | Chunk Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Serial Number | | Serial Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Parameter | | Address Parameter |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 7, line 32 skipping to change at page 6, line 32
Serial Number : 32 bits (unsigned integer) Serial Number : 32 bits (unsigned integer)
This value represents a Serial Number for the ASCONF Chunk. The This value represents a Serial Number for the ASCONF Chunk. The
valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). valid range of Serial Number is from 0 to 4294967295 (2**32 - 1).
Serial Numbers wrap back to 0 after reaching 4294967295. Serial Numbers wrap back to 0 after reaching 4294967295.
Address Parameter : 8 or 20 bytes (depending on type) Address Parameter : 8 or 20 bytes (depending on type)
This field contains an address parameter, either IPv6 or IPv4, from This field contains an address parameter, either IPv6 or IPv4, from
RFC2960 [6]. The address is an address of the sender of the ASCONF RFC2960 [RFC2960]. The address is an address of the sender of the
chunk, the address MUST be considered part of the association by the ASCONF chunk, the address MUST be considered part of the association
peer endpoint (the receiver of the ASCONF chunk). This field may be by the peer endpoint (the receiver of the ASCONF chunk). This field
used by the receiver of the ASCONF to help in finding the may be used by the receiver of the ASCONF to help in finding the
association. If the address 0.0.0.0 or ::0 is provided the receiver association. If the address 0.0.0.0 or ::0 is provided the receiver
MAY lookup the association by other information provided in the MAY lookup the association by other information provided in the
packet. This parameter MUST be present in every ASCONF message i.e. packet. This parameter MUST be present in every ASCONF message i.e.
it is a mandatory TLV parameter. it is a mandatory TLV parameter.
Note the host name address parameter is NOT allowed and MUST be Note the host name address parameter is NOT allowed and MUST be
ignored if received in any ASCONF message. ignored if received in any ASCONF message.
ASCONF Parameter: TLV format ASCONF Parameter: TLV format
Each Address configuration change is represented by a TLV parameter Each Address configuration change is represented by a TLV parameter
as defined in Section 3.2. One or more requests may be present in an as defined in Section 3.2. One or more requests may be present in an
ASCONF Chunk. ASCONF Chunk.
3.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK) 3.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK)
This chunk is used by the receiver of an ASCONF Chunk to acknowledge This chunk is used by the receiver of an ASCONF Chunk to acknowledge
the reception. It carries zero or more results for any ASCONF the reception. It carries zero or more results for any ASCONF
Parameters that were processed by the receiver. This chunk MUST be Parameters that were processed by the receiver. This chunk MUST be
sent in an authenticated way by using the mechanism defined in SCTP- sent in an authenticated way by using the mechanism defined in SCTP-
AUTH [7]. If this chunk is received unauthenticated it MUST be AUTH [I-D.ietf-tsvwg-sctp-auth]. If this chunk is received
silently discarded as described in SCTP-AUTH [7]. unauthenticated it MUST be silently discarded as described in SCTP-
AUTH [I-D.ietf-tsvwg-sctp-auth].
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x80 | Chunk Flags | Chunk Length | | Type = 0x80 | Chunk Flags | Chunk Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Serial Number | | Serial Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF Parameter Response#1 | | ASCONF Parameter Response#1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 8, line 44 skipping to change at page 7, line 45
The ASCONF Parameter Response is used in the ASCONF-ACK to report The ASCONF Parameter Response is used in the ASCONF-ACK to report
status of ASCONF processing. By default, if a responding endpoint status of ASCONF processing. By default, if a responding endpoint
does not include any Error Cause, a success is indicated. Thus a does not include any Error Cause, a success is indicated. Thus a
sender of an ASCONF-ACK MAY indicate complete success of all TLVs in sender of an ASCONF-ACK MAY indicate complete success of all TLVs in
an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length
(set to 8) and the Serial Number. (set to 8) and the Serial Number.
3.2. New Parameter Types 3.2. New Parameter Types
The seven new parameters added follow the format defined in section The seven new parameters added follow the format defined in section
3.2.1 of RFC2960 [6]. Table 2, 3 and 4 describes the parameters. 3.2.1 of RFC2960 [RFC2960]. Table 2, 3 and 4 describes the
parameters.
Address Configuration Parameters Parameter Type Address Configuration Parameters Parameter Type
------------------------------------------------- -------------------------------------------------
Set Primary Address 0xC004 Set Primary Address 0xC004
Adaption Layer Indication 0xC006 Adaptation Layer Indication 0xC006
Supported Extensions 0x8008 Supported Extensions 0x8008
Table 2: Parameters that can be used in INIT/INIT-ACK chunk Table 2: Parameters that can be used in INIT/INIT-ACK chunk
Address Configuration Parameters Parameter Type Address Configuration Parameters Parameter Type
------------------------------------------------- -------------------------------------------------
Add IP Address 0xC001 Add IP Address 0xC001
Delete IP Address 0xC002 Delete IP Address 0xC002
Set Primary Address 0xC004 Set Primary Address 0xC004
Table 3: Parameters used in ASCONF Parameter Table 3: Parameters used in ASCONF Parameter
skipping to change at page 10, line 4 skipping to change at page 9, line 9
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. It is in host byte order and is only meaningful request parameter. It is in host byte order and is only meaningful
to the sender. The receiver of the ASCONF Chunk will copy this 32 to the sender. The receiver of the ASCONF Chunk will copy this 32
bit value into the ASCONF Response Correlation ID field of the bit value into the ASCONF Response Correlation ID field of the
ASCONF-ACK response parameter. The sender of the ASCONF can use this ASCONF-ACK response parameter. The sender of the ASCONF can use this
same value in the ASCONF-ACK to find which request the response is same value in the ASCONF-ACK to find which request the response is
for. for.
Address Parameter: TLV Address Parameter: TLV
This field contains an IPv4 or IPv6 address parameter as described in This field contains an IPv4 or IPv6 address parameter as described in
3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within
parameter. It informs the receiver that the address specified is to this parameter. It informs the receiver that the address specified
be added to the existing association. This parameter MUST NOT is to be added to the existing association. This parameter MUST NOT
contain a broadcast or multicast address. If the address 0.0.0.0 or contain a broadcast or multicast address. If the address 0.0.0.0 or
::0 is provided, the source address of the packet MUST be added. ::0 is provided, the source address of the packet MUST be added.
An example TLV requesting that the IPv4 address 10.1.1.1 be added to An example TLV requesting that the IPv4 address 10.1.1.1 be added to
the association would look as follows: the association would look as follows:
+--------------------------------+ +--------------------------------+
| Type=0xC001 | Length = 16 | | Type=0xC001 | Length = 16 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023474 | | C-ID = 0x01023474 |
skipping to change at page 11, line 4 skipping to change at page 10, line 10
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. It is in host byte order and is only meaningful request parameter. It is in host byte order and is only meaningful
to the sender. The receiver of the ASCONF Chunk will copy this 32 to the sender. The receiver of the ASCONF Chunk will copy this 32
bit value into the ASCONF Response Correlation ID field of the bit value into the ASCONF Response Correlation ID field of the
ASCONF-ACK response parameter. The sender of the ASCONF can use this ASCONF-ACK response parameter. The sender of the ASCONF can use this
same value in the ASCONF-ACK to find which request the response is same value in the ASCONF-ACK to find which request the response is
for. for.
Address Parameter: TLV Address Parameter: TLV
This field contains an IPv4 or IPv6 address parameter as described in This field contains an IPv4 or IPv6 address parameter as described in
3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within
parameter. It informs the receiver that the address specified is to this parameter. It informs the receiver that the address specified
be removed from the existing association. This parameter MUST NOT is to be removed from the existing association. This parameter MUST
contain a broadcast or multicast address. If the address 0.0.0.0 or NOT contain a broadcast or multicast address. If the address 0.0.0.0
::0 is provided, the source address of the packet MUST be deleted. or ::0 is provided, all addresses of the peer except the source
address of the packet MUST be deleted.
An example TLV deleting the IPv4 address 10.1.1.1 from an existing An example TLV deleting the IPv4 address 10.1.1.1 from an existing
association would look as follows: association would look as follows:
+--------------------------------+ +--------------------------------+
| Type=0xC002 | Length = 16 | | Type=0xC002 | Length = 16 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023476 | | C-ID = 0x01023476 |
+--------------------------------+ +--------------------------------+
| Type=5 | Length = 8 | | Type=5 | Length = 8 |
skipping to change at page 12, line 5 skipping to change at page 11, line 13
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. The receiver of the ASCONF Chunk will copy this request parameter. The receiver of the ASCONF Chunk will copy this
32 bit value from the ASCONF-Request Correlation ID into the ASCONF 32 bit value from the ASCONF-Request Correlation ID into the ASCONF
Response Correlation ID field so the peer can easily correlate the Response Correlation ID field so the peer can easily correlate the
request to this response. request to this response.
Error Cause(s): TLV(s) Error Cause(s): TLV(s)
When reporting an error this response parameter is used to wrap one When reporting an error this response parameter is used to wrap one
or more standard error causes normally found within an SCTP or more standard error causes normally found within an SCTP
Operational Error or SCTP Abort (as defined in RFC2960 [6]). The Operational Error or SCTP Abort (as defined in RFC2960 [RFC2960]).
Error Cause(s) follow the format defined in section 3.3.10 of RFC2960 The Error Cause(s) follow the format defined in section 3.3.10 of
[6]. RFC2960 [RFC2960].
Valid Chunk Appearance Valid Chunk Appearance
The Error Cause Indication parameter may only appear in the ASCONF- The Error Cause Indication parameter may only appear in the ASCONF-
ACK chunk type. ACK chunk type.
3.2.4. Set Primary IP Address 3.2.4. Set Primary IP Address
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 12, line 39 skipping to change at page 11, line 47
request parameter. It is in host byte order and is only meaningful request parameter. It is in host byte order and is only meaningful
to the sender. The receiver of the ASCONF Chunk will copy this 32 to the sender. The receiver of the ASCONF Chunk will copy this 32
bit value into the ASCONF Response Correlation ID field of the bit value into the ASCONF Response Correlation ID field of the
ASCONF-ACK response parameter. The sender of the ASCONF can use this ASCONF-ACK response parameter. The sender of the ASCONF can use this
same value in the ASCONF-ACK to find which request the response is same value in the ASCONF-ACK to find which request the response is
for. for.
Address Parameter: TLV Address Parameter: TLV
This field contains an IPv4 or IPv6 address parameter as described in This field contains an IPv4 or IPv6 address parameter as described in
3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 3.3.2.1 of RFC2960 [RFC2960]. The complete TLV is wrapped within
parameter. It requests the receiver to mark the specified address as this parameter. It requests the receiver to mark the specified
the primary address to send data to (see section 5.1.2 of RFC2960 address as the primary address to send data to (see section 5.1.2 of
[6]). The receiver MAY mark this as its primary upon receiving this RFC2960 [RFC2960]). The receiver MAY mark this as its primary upon
request. If the address 0.0.0.0 or ::0 is provided, the receiver MAY receiving this request. If the address 0.0.0.0 or ::0 is provided,
mark the source address of the packet as its primary. the receiver MAY mark the source address of the packet as its
primary.
An example TLV requesting that the IPv4 address 10.1.1.1 be made the An example TLV requesting that the IPv4 address 10.1.1.1 be made the
primary destination address would look as follows: primary destination address would look as follows:
+--------------------------------+ +--------------------------------+
| Type=0xC004 | Length = 16 | | Type=0xC004 | Length = 16 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023479 | | C-ID = 0x01023479 |
+--------------------------------+ +--------------------------------+
| Type=5 | Length = 8 | | Type=5 | Length = 8 |
skipping to change at page 14, line 13 skipping to change at page 13, line 19
The Success Indication parameter may only appear in the ASCONF-ACK The Success Indication parameter may only appear in the ASCONF-ACK
chunk type. chunk type.
3.2.6. Adaptation Layer Indication 3.2.6. Adaptation Layer Indication
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type =0xC006 | Length = 8 | | Type =0xC006 | Length = 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Adaption Code point | | Adaptation Code point |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This parameter is specified for the communication of peer upper layer This parameter is specified for the communication of peer upper layer
protocols. It is envisioned to be used for flow control and other protocols. It is envisioned to be used for flow control and other
adaptation layers that require an indication to be carried in the adaptation layers that require an indication to be carried in the
INIT and INIT-ACK. Each adaptation layer that is defined that wishes INIT and INIT-ACK. Each adaptation layer that is defined that wishes
to use this parameter MUST specify a an adaption code point in an to use this parameter MUST specify a an adaptation code point in an
appropriate RFC defining its use and meaning. This parameter SHOULD appropriate RFC defining its use and meaning. This parameter SHOULD
NOT be examined by the receiving SCTP implementation and should be NOT be examined by the receiving SCTP implementation and should be
passed opaquely to the upper layer protocol. passed opaquely to the upper layer protocol.
Valid Chunk Appearance Valid Chunk Appearance
The Adaptation Layer Indication parameter may appear in INIT or INIT- The Adaptation Layer Indication parameter may appear in INIT or INIT-
ACK chunk and SHOULD be passed to the receivers upper layer protocol. ACK chunk and SHOULD be passed to the receivers upper layer protocol.
This parameter MUST NOT appear in a ASCONF chunk. This parameter MUST NOT appear in a ASCONF chunk.
skipping to change at page 20, line 19 skipping to change at page 18, line 28
4.1. ASCONF Chunk Procedures 4.1. ASCONF Chunk Procedures
When an endpoint has an ASCONF signaled change to be sent to the When an endpoint has an ASCONF signaled change to be sent to the
remote endpoint it should do the following: remote endpoint it should do the following:
A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk
should contain all of the TLV(s) of information necessary to be should contain all of the TLV(s) of information necessary to be
sent to the remote endpoint, and unique correlation identities for sent to the remote endpoint, and unique correlation identities for
each request. each request.
A2) A serial number should be assigned to the Chunk. The serial A2) A serial number should be assigned to the Chunk. The serial
number should be a monotonically increasing number. The serial number should be a monotonically increasing number. The serial
number MUST be initialized at the start of the association to the number MUST be initialized at the start of the association to the
same value as the Initial TSN and every time a new ASCONF chunk is same value as the Initial TSN and every time a new ASCONF chunk is
created it is incremented by one after assigning the serial number created it is incremented by one after assigning the serial number
to the newly created chunk . to the newly created chunk .
A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the
remote peer, send the chunk. remote peer, send the chunk.
A4) Start a T-4 RTO timer, using the RTO value of the selected A4) Start a T-4 RTO timer, using the RTO value of the selected
destination address (normally the primary path; see RFC2960 [6] destination address (normally the primary path; see RFC2960
section 6.4 for details). [RFC2960] section 6.4 for details).
A5) When the ASCONF-ACK that acknowledges the serial number last sent A5) When the ASCONF-ACK that acknowledges the serial number last sent
arrives, stop the T-4 RTO timer, and clear the appropriate arrives, stop the T-4 RTO timer, and clear the appropriate
association and destination error counters as defined in RFC2960 association and destination error counters as defined in RFC2960
[6] section 8.1 and 8.2. [RFC2960] section 8.1 and 8.2.
A6) Process all of the TLVs within the ASCONF-ACK to find out A6) Process all of the TLVs within the ASCONF-ACK to find out
particular status information returned to the various requests particular status information returned to the various requests
that were sent. Use the Correlation IDs to correlate the request that were sent. Use the Correlation IDs to correlate the request
and the responses. and the responses.
A7) If an error response is received for a TLV parameter, all TLVs A7) If an error response is received for a TLV parameter, all TLVs
with no response before the failed TLV are considered successful with no response before the failed TLV are considered successful
if not reported. All TLVs after the failed response are if not reported. All TLVs after the failed response are
considered unsuccessful unless a specific success indication is considered unsuccessful unless a specific success indication is
present for the parameter. present for the parameter.
A8) If there is no response(s) to specific TLV parameter(s), and no A8) If there is no response(s) to specific TLV parameter(s), and no
failures are indicated, then all request(s) are considered failures are indicated, then all request(s) are considered
successful. successful.
A9) If the peer responds to an ASCONF with an ERROR chunk reporting A9) If the peer responds to an ASCONF with an ERROR chunk reporting
that it did not recognize the ASCONF chunk type, the sender of the that it did not recognize the ASCONF chunk type, the sender of the
ASCONF MUST NOT send any further ASCONF chunks and MUST stop its ASCONF MUST NOT send any further ASCONF chunks and MUST stop its
T-4 timer. T-4 timer.
If the T-4 RTO timer expires the endpoint should do the following: If the T-4 RTO timer expires the endpoint should do the following:
B1) Increment the error counters and perform path failure detection B1) Increment the error counters and perform path failure detection
on the appropriate destination address as defined in RFC2960 [6] on the appropriate destination address as defined in RFC2960
section 8.1 and 8.2. [RFC2960] section 8.1 and 8.2.
B2) Increment the association error counters and perform endpoint B2) Increment the association error counters and perform endpoint
failure detection on the association as defined in RFC2960 [6] failure detection on the association as defined in RFC2960
section 8.1 and 8.2. [RFC2960] section 8.1 and 8.2.
B3) Back-off the destination address RTO value to which the ASCONF B3) Back-off the destination address RTO value to which the ASCONF
chunk was sent by doubling the RTO timer value. chunk was sent by doubling the RTO timer value.
Note: The RTO value is used in the setting of all timer types for Note: The RTO value is used in the setting of all timer types for
SCTP. Each destination address has a single RTO estimate. SCTP. Each destination address has a single RTO estimate.
B4) Re-transmit the ASCONF Chunk last sent and if possible choose an B4) Re-transmit the ASCONF Chunk last sent and if possible choose an
alternate destination address (please refer to RFC2960 [6] section alternate destination address (please refer to RFC2960 [RFC2960]
6.4.1). An endpoint MUST NOT add new parameters to this chunk, it section 6.4.1). An endpoint MUST NOT add new parameters to this
MUST be the same (including its serial number) as the last ASCONF chunk, it MUST be the same (including its serial number) as the
sent. last ASCONF sent.
B5) Restart the T-4 RTO timer. Note that if a different destination B5) Restart the T-4 RTO timer. Note that if a different destination
is selected, then the RTO used will be that of the new destination is selected, then the RTO used will be that of the new destination
address. address.
Note: the total number of re-transmissions is limited by B2 above. Note: the total number of re-transmissions is limited by B2 above.
If the maximum is reached, the association will fail and enter into If the maximum is reached, the association will fail and enter into
the CLOSED state (see RFC2960 [6] section 6.4.1 for details). the CLOSED state (see RFC2960 [RFC2960] section 6.4.1 for details).
4.1.1. Congestion Control of ASCONF Chunks 4.1.1. Congestion Control of ASCONF Chunks
In defining the ASCONF Chunk transfer procedures, it is essential In defining the ASCONF Chunk transfer procedures, it is essential
that these transfers MUST NOT cause congestion within the network. that these transfers MUST NOT cause congestion within the network.
To achieve this, we place these restrictions on the transfer of To achieve this, we place these restrictions on the transfer of
ASCONF Chunks: ASCONF Chunks:
R1) One and only one ASCONF Chunk MAY be in transit and R1) One and only one ASCONF Chunk MAY be in transit and
unacknowledged at any one time. If a sender, after sending an unacknowledged at any one time. If a sender, after sending an
skipping to change at page 22, line 46 skipping to change at page 20, line 34
4.2. Upon reception of an ASCONF Chunk. 4.2. Upon reception of an ASCONF Chunk.
When an endpoint receives an ASCONF Chunk from the remote peer When an endpoint receives an ASCONF Chunk from the remote peer
special procedures MAY be needed to identify the association the special procedures MAY be needed to identify the association the
ASCONF Chunk is associated with. To properly find the association ASCONF Chunk is associated with. To properly find the association
the following procedures should be followed: the following procedures should be followed:
L1) Use the source address and port number of the sender to attempt L1) Use the source address and port number of the sender to attempt
to identify the association (i.e. use the same method defined in to identify the association (i.e. use the same method defined in
RFC2960 [6] used for all other SCTP chunks). If found proceed to RFC2960 [RFC2960] used for all other SCTP chunks). If found
rule L4. proceed to rule L4.
L2) If the association is not found, use the address found in the L2) If the association is not found, use the address found in the
Address Parameter TLV combined with the port number found in the Address Parameter TLV combined with the port number found in the
SCTP common header. If found proceed to rule L4. SCTP common header. If found proceed to rule L4.
L3) If neither L1 or L2 locates the association, treat the chunk as L3) If neither L1 or L2 locates the association, treat the chunk as
an Out Of The Blue chunk as defined in RFC2960 [6]. an Out Of The Blue chunk as defined in RFC2960 [RFC2960].
L4) Follow the normal rules to validate the SCTP verification tag L4) Follow the normal rules to validate the SCTP verification tag
found in RFC2960 [6]. found in RFC2960 [RFC2960].
After identification and verification of the association, the After identification and verification of the association, the
following should be performed to properly process the ASCONF Chunk: following should be performed to properly process the ASCONF Chunk:
C1) Compare the value of the serial number to the value the endpoint C1) Compare the value of the serial number to the value the endpoint
stored in a new association variable 'Peer-Serial-Number'. This stored in a new association variable 'Peer-Serial-Number'. This
value MUST be initialized to the Initial TSN value minus 1. value MUST be initialized to the Initial TSN value minus 1.
C2) If the value found in the serial number is equal to the ('Peer- C2) If the value found in the serial number is equal to the ('Peer-
Serial-Number' + 1), the endpoint MUST: Serial-Number' + 1), the endpoint MUST:
skipping to change at page 23, line 29 skipping to change at page 21, line 16
Serial-Number' + 1), the endpoint MUST: Serial-Number' + 1), the endpoint MUST:
V1) Process the TLVs contained within the Chunk performing the V1) Process the TLVs contained within the Chunk performing the
appropriate actions as indicated by each TLV type. The TLVs appropriate actions as indicated by each TLV type. The TLVs
MUST be processed in order within the Chunk. For example, if MUST be processed in order within the Chunk. For example, if
the sender puts 3 TLVs in one chunk, the first TLV (the one the sender puts 3 TLVs in one chunk, the first TLV (the one
closest to the Chunk Header) in the Chunk MUST be processed closest to the Chunk Header) in the Chunk MUST be processed
first. The next TLV in the chunk (the middle one) MUST be first. The next TLV in the chunk (the middle one) MUST be
processed second and finally the last TLV in the Chunk MUST be processed second and finally the last TLV in the Chunk MUST be
processed last. processed last.
V2) In processing the chunk, the receiver should build a response V2) In processing the chunk, the receiver should build a response
message with the appropriate error TLVs, as specified in the message with the appropriate error TLVs, as specified in the
Parameter type bits for any ASCONF Parameter it does not Parameter type bits for any ASCONF Parameter it does not
understand. To indicate an unrecognized parameter, cause type understand. To indicate an unrecognized parameter, cause type
8 as defined in the ERROR in 3.3.10.8 of RFC2960 [6] should be 8 as defined in the ERROR in 3.3.10.8 of RFC2960 [RFC2960]
used. The endpoint may also use the response to carry should be used. The endpoint may also use the response to
rejections for other reasons such as resource shortages etc, carry rejections for other reasons such as resource shortages
using the Error Cause TLV and an appropriate error condition. etc, using the Error Cause TLV and an appropriate error
condition.
Note: a positive response is implied if no error is indicated Note: a positive response is implied if no error is indicated
by the sender. by the sender.
V3) All responses MUST copy the ASCONF-Request Correlation ID V3) All responses MUST copy the ASCONF-Request Correlation ID
field received in the ASCONF parameter, from the TLV being field received in the ASCONF parameter, from the TLV being
responded to, into the ASCONF-Request Correlation ID field in responded to, into the ASCONF-Request Correlation ID field in
the response parameter. the response parameter.
V4) After processing the entire Chunk, the receiver of the ASCONF V4) After processing the entire Chunk, the receiver of the ASCONF
MUST send all TLVs for both unrecognized parameters and any MUST send all TLVs for both unrecognized parameters and any
other status TLVs inside the ASCONF-ACK chunk that acknowledges other status TLVs inside the ASCONF-ACK chunk that acknowledges
the arrival and processing of the ASCONF Chunk. the arrival and processing of the ASCONF Chunk.
V5) Update the 'Peer-Serial-Number' to the value found in the V5) Update the 'Peer-Serial-Number' to the value found in the
serial number field. serial number field.
C3) If the value found in the serial number is equal to the value C3) If the value found in the serial number is equal to the value
stored in the 'Peer-Serial-Number', the endpoint should: stored in the 'Peer-Serial-Number', the endpoint should:
X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any
action on the TLVs parsed (since it has already performed these action on the TLVs parsed (since it has already performed these
actions). actions).
X2) Build a response message with the appropriate response TLVs as X2) Build a response message with the appropriate response TLVs as
specified in the ASCONF Parameter type bits, for any parameter specified in the ASCONF Parameter type bits, for any parameter
it does not understand or could not process. it does not understand or could not process.
X3) After parsing the entire Chunk, it MUST send any response TLV X3) After parsing the entire Chunk, it MUST send any response TLV
errors and status with an ASCONF-ACK chunk acknowledging the errors and status with an ASCONF-ACK chunk acknowledging the
arrival and processing of the ASCONF Chunk. arrival and processing of the ASCONF Chunk.
X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. X4) The endpoint MUST NOT update its 'Peer-Serial-Number'.
Note: the response to the retransmitted ASCONF MUST be the same as Note: the response to the retransmitted ASCONF MUST be the same as
the original response. This MAY mean an implementation must keep the original response. This MAY mean an implementation must keep
state in order to respond with the same exact answer (including state in order to respond with the same exact answer (including
resource considerations that may have made the implementation resource considerations that may have made the implementation
refuse a request). refuse a request).
IMPLEMENTATION NOTE: As an optimization a receiver may wish to IMPLEMENTATION NOTE: As an optimization a receiver may wish to
save the last ASCONF-ACK for some predetermined period of time and save the last ASCONF-ACK for some predetermined period of time and
instead of re-processing the ASCONF (with the same serial number) instead of re-processing the ASCONF (with the same serial number)
it may just re-transmit the ASCONF-ACK. It may wish to use the it may just re-transmit the ASCONF-ACK. It may wish to use the
arrival of a new serial number to discard the previously saved arrival of a new serial number to discard the previously saved
ASCONF-ACK or any other means it may choose to expire the saved ASCONF-ACK or any other means it may choose to expire the saved
ASCONF-ACK. ASCONF-ACK.
C4) Otherwise, the ASCONF Chunk is discarded since it must be either C4) Otherwise, the ASCONF Chunk is discarded since it must be either
a stale packet or from an attacker. A receiver of such a packet a stale packet or from an attacker. A receiver of such a packet
MAY log the event for security purposes. MAY log the event for security purposes.
C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the
source address contained in the IP header of the ASCONF being source address contained in the IP header of the ASCONF being
responded to. responded to.
4.3. General rules for address manipulation 4.3. General rules for address manipulation
When building TLV parameters for the ASCONF Chunk that will add or When building TLV parameters for the ASCONF Chunk that will add or
delete IP addresses the following rules should be applied: delete IP addresses the following rules should be applied:
D0) If an endpoint receives an ASCONF-ACK that is greater than or D0) If an endpoint receives an ASCONF-ACK that is greater than or
skipping to change at page 25, line 10 skipping to change at page 22, line 35
4.3. General rules for address manipulation 4.3. General rules for address manipulation
When building TLV parameters for the ASCONF Chunk that will add or When building TLV parameters for the ASCONF Chunk that will add or
delete IP addresses the following rules should be applied: delete IP addresses the following rules should be applied:
D0) If an endpoint receives an ASCONF-ACK that is greater than or D0) If an endpoint receives an ASCONF-ACK that is greater than or
equal to the next serial number to be used but no ASCONF chunk is equal to the next serial number to be used but no ASCONF chunk is
outstanding the endpoint MUST ABORT the association. Note that a outstanding the endpoint MUST ABORT the association. Note that a
sequence number is greater than if it is no more than 2^^31-1 sequence number is greater than if it is no more than 2^^31-1
larger than the current sequence number (using serial arithmetic). larger than the current sequence number (using serial arithmetic).
D1) When adding an IP address to an association, the IP address is D1) When adding an IP address to an association, the IP address is
NOT considered fully added to the association until the ASCONF-ACK NOT considered fully added to the association until the ASCONF-ACK
arrives. This means that until such time as the ASCONF containing arrives. This means that until such time as the ASCONF containing
the add is acknowledged the sender MUST NOT use the new IP address the add is acknowledged the sender MUST NOT use the new IP address
as a source for ANY SCTP packet except on carrying an ASCONF as a source for ANY SCTP packet except on carrying an ASCONF
chunk. The receiver of the add IP address request may use the chunk. The receiver of the add IP address request may use the
address as a destination immediately. address as a destination immediately. The receiver MUST use the
address verification procedure for the added address before using
that address.
D2) After the ASCONF-ACK of an IP address add arrives, the endpoint D2) After the ASCONF-ACK of an IP address add arrives, the endpoint
MAY begin using the added IP address as a source address for any MAY begin using the added IP address as a source address for any
type of SCTP chunk. type of SCTP chunk.
D3a) If an endpoint receives an Error Cause TLV indicating that the D3a) If an endpoint receives an Error Cause TLV indicating that the
IP address Add or IP address Deletion parameters was not IP address Add or IP address Deletion parameters was not
understood, the endpoint MUST consider the operation failed and understood, the endpoint MUST consider the operation failed and
MUST NOT attempt to send any subsequent Add or Delete requests to MUST NOT attempt to send any subsequent Add or Delete requests to
the peer. the peer.
D3b) If an endpoint receives an Error Cause TLV indicating that the D3b) If an endpoint receives an Error Cause TLV indicating that the
IP address Set Primary IP Address parameter was not understood, IP address Set Primary IP Address parameter was not understood,
the endpoint MUST consider the operation failed and MUST NOT the endpoint MUST consider the operation failed and MUST NOT
attempt to send any subsequent Set Primary IP Address requests to attempt to send any subsequent Set Primary IP Address requests to
skipping to change at page 27, line 47 skipping to change at page 25, line 23
/ /
<-------------/ <-------------/
In this example we see a DATA chunk destined to the IP:X (which is In this example we see a DATA chunk destined to the IP:X (which is
about to be deleted) arriving after the deletion is complete. For about to be deleted) arriving after the deletion is complete. For
the ADD case an endpoint SHOULD consider the newly adding IP address the ADD case an endpoint SHOULD consider the newly adding IP address
valid for the association to receive data from during the interval valid for the association to receive data from during the interval
when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from
this new address until the ASCONF-ACK arrives but it may receive out this new address until the ASCONF-ACK arrives but it may receive out
of order data as illustrated and MUST NOT treat this data as an OOTB of order data as illustrated and MUST NOT treat this data as an OOTB
datagram (please see RFC2960 [6] section 8.4). It MAY drop the data datagram (please see RFC2960 [RFC2960] section 8.4). It MAY drop the
silently or it MAY consider it part of the association but it MUST data silently or it MAY consider it part of the association but it
NOT respond with an ABORT. MUST NOT respond with an ABORT.
For the DELETE case, an endpoint MAY respond to the late arriving For the DELETE case, an endpoint MAY respond to the late arriving
DATA packet as an OOTB datagram or it MAY hold the deleting IP DATA packet as an OOTB datagram or it MAY hold the deleting IP
address for a small period of time as still valid. If it treats the address for a small period of time as still valid. If it treats the
DATA packet as an OOTB the peer will silently discard the ABORT DATA packet as an OOTB the peer will silently discard the ABORT
(since by the time the ABORT is sent the peer will have removed the (since by the time the ABORT is sent the peer will have removed the
IP address from this association). If the endpoint elects to hold IP address from this association). If the endpoint elects to hold
the IP address valid for a period of time, it MUST NOT hold it valid the IP address valid for a period of time, it MUST NOT hold it valid
longer than 2 RTO intervals for the destination being removed. longer than 2 RTO intervals for the destination being removed.
skipping to change at page 30, line 12 skipping to change at page 27, line 12
an address as primary that does not exist, the receiver should NOT an address as primary that does not exist, the receiver should NOT
honor the request, leaving its existing primary address unchanged. honor the request, leaving its existing primary address unchanged.
5. Security Considerations 5. Security Considerations
The ADD/DELETE of an IP address to an existing association does The ADD/DELETE of an IP address to an existing association does
provide an additional mechanism by which existing associations can be provide an additional mechanism by which existing associations can be
hijacked. hijacked.
This document requires the use of the authentication mechanism This document requires the use of the authentication mechanism
defined in SCTP-AUTH [7] to limit the ability of an attacker to defined in SCTP-AUTH [I-D.ietf-tsvwg-sctp-auth] to limit the ability
hijack an association. Hijacking an association by using ADD/DELETE of an attacker to hijack an association. Hijacking an association by
of an IP address is only possible for an attacker who is able to using ADD/DELETE of an IP address is only possible for an attacker
intercept the association setup. However, if a preconfigured shared who is able to intercept the association setup. However, if a
end-point pair key is used this is not possible. For a more detailed preconfigured shared end-point pair key is used this is not possible.
analysis see SCTP-AUTH [7]. For a more detailed analysis see SCTP-AUTH [I-D.ietf-tsvwg-sctp-
auth].
6. IANA considerations 6. IANA considerations
This document defines the following new SCTP parameters, chunks and This document defines the following new SCTP parameters, chunks and
errors: errors:
o Two new chunk types, o Two new chunk types,
o Seven parameter types, and o Seven parameter types, and
o Five new SCTP error causes. o Five new SCTP error causes.
One of the two new chunk types must come from the range of chunk One of the two new chunk types must come from the range of chunk
types where the upper two bits are one, we recommend 0xC1 but any types where the upper two bits are one, we recommend 0xC1 but any
other available code point with the upper bits set is also other available code point with the upper bits set is also
acceptable. acceptable.
The second chunk type must come from the range where only the upper The second chunk type must come from the range where only the upper
bit is set to one. We recommend 0x80 but any other available code bit is set to one. We recommend 0x80 but any other available code
point with the upper bit set is also acceptable. point with the upper bit set is also acceptable.
skipping to change at page 31, line 38 skipping to change at page 27, line 51
the 0x8000 range, we recommend 0x8008. Note that for any of these the 0x8000 range, we recommend 0x8008. Note that for any of these
values a different unique parameter type may be assigned by IANA as values a different unique parameter type may be assigned by IANA as
long as the upper bits correspond to the ones specified in this long as the upper bits correspond to the ones specified in this
document. document.
The five new error causes can be any value, in this document we have The five new error causes can be any value, in this document we have
used 0x0100-0x0104 in an attempt to seperate these from the common used 0x0100-0x0104 in an attempt to seperate these from the common
ranges of error codes. Any other unassigned values are also ranges of error codes. Any other unassigned values are also
acceptable. acceptable.
This document also defines a Adaption code point. The adaption code This document also defines a Adaptation code point. The adaptation
point is a 32 bit integer that is assigned by IANA through an IETF code point is a 32 bit integer that is assigned by IANA through an
Consensus action as defined in RFC2434 [4]. IETF Consensus action as defined in RFC2434 [RFC2434].
7. Acknowledgments 7. Acknowledgments
The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter
Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose,
and Chip Sharp for their invaluable comments. Chip Sharp, and Irene Ruengeler for their invaluable comments.
The authors would also like to give special mention to Maria-Carmen The authors would also like to give special mention to Maria-Carmen
Belinchon and Ian Rytina for there early contributions to this Belinchon and Ian Rytina for there early contributions to this
document and their thoughtful comments. document and their thoughtful comments.
8. References 8. References
[1] Bradner, S., "The Internet Standards Process -- Revision 3", [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
BCP 9, RFC 2026, October 1996. 3", BCP 9, RFC 2026, October 1996.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[3] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, [RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header",
November 1998. RFC 2402, November 1998.
[4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.
[5] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999. June 1999.
[6] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, [RFC2960] Stewart, R., Xie, Q., Morneault, K., Sharp, C.,
H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., and V. Paxson, Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M.,
"Stream Control Transmission Protocol", RFC 2960, October 2000. Zhang, L., and V. Paxson, "Stream Control Transmission
Protocol", RFC 2960, October 2000.
[7] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla, [I-D.ietf-tsvwg-sctp-auth]
"Authenticated Chunks for Stream Control Transmission Protocol Tuexen, M., "Authenticated Chunks for Stream Control
(SCTP)", draft-tuexen-sctp-auth-chunk-03 (work in progress), Transmission Protocol (SCTP)",
February 2005. draft-ietf-tsvwg-sctp-auth-01 (work in progress),
October 2005.
Appendix A. Abstract Address Handling Appendix A. Abstract Address Handling
A.1. General remarks A.1. General remarks
The following text provides a working definition of the endpoint The following text provides a working definition of the endpoint
notion to discuss address reconfiguration. It is not intended to notion to discuss address reconfiguration. It is not intended to
restrict implementations in any way, its goal is to provide as set of restrict implementations in any way, its goal is to provide as set of
definitions only. Using these definitions should make a discussion definitions only. Using these definitions should make a discussion
about address issues easier. about address issues easier.
skipping to change at page 34, line 34 skipping to change at page 30, line 30
If the dependency on time is important the notion Addr(A, gE')(t) = If the dependency on time is important the notion Addr(A, gE')(t) =
S'(t) will be used. S'(t) will be used.
If A is an association between gE' and gE'' then Addr(A, gE') is the If A is an association between gE' and gE'' then Addr(A, gE') is the
subset of IP addresses of gE' which is known by gE'' and used by gE'. subset of IP addresses of gE' which is known by gE'' and used by gE'.
Association establishment between gE' and gE'' can be seen as: Association establishment between gE' and gE'' can be seen as:
1. gE' and gE'' do exist before the association. 1. gE' and gE'' do exist before the association.
2. If an INIT has to be send from gE' to gE'' address scoping rules 2. If an INIT has to be send from gE' to gE'' address scoping rules
and other limitations are applied to calculate the subset S' from and other limitations are applied to calculate the subset S' from
Addr(gE'). The addresses of S' are included in the INIT chunk. Addr(gE'). The addresses of S' are included in the INIT chunk.
3. If an INIT-ACK has to be send from gE'' to gE' address scoping 3. If an INIT-ACK has to be send from gE'' to gE' address scoping
rules and other limitations are applied to calculate the subset rules and other limitations are applied to calculate the subset
S'' from Addr(gE''). The addresses of S'' are included in the S'' from Addr(gE''). The addresses of S'' are included in the
INIT-ACK chunk. INIT-ACK chunk.
4. After the handshake the association A = (gE', S', gE'', S'') has 4. After the handshake the association A = (gE', S', gE'', S'') has
been established. been established.
5. Right after the association establishment Addr(A, gE') and 5. Right after the association establishment Addr(A, gE') and
Addr(A, gE'') are the addresses which have been seen on the wire Addr(A, gE'') are the addresses which have been seen on the wire
during the handshake. during the handshake.
A.4. Relationship with RFC 2960 A.4. Relationship with RFC 2960
RFC2960 [6] defines the notion of an endpoint. This subsection will RFC2960 [RFC2960] defines the notion of an endpoint. This subsection
show that these endpoints are also (special) generalized endpoints. will show that these endpoints are also (special) generalized
endpoints.
RFC2960 [6] has no notion of address scoping or other address RFC2960 [RFC2960] has no notion of address scoping or other address
handling limitations and provides no mechanism to change the handling limitations and provides no mechanism to change the
addresses of an endpoint. addresses of an endpoint.
This means that an endpoint is simply a generalized endpoint which This means that an endpoint is simply a generalized endpoint which
does not depend on the time. Neither the Port nor the address list does not depend on the time. Neither the Port nor the address list
changes. changes.
During association setup no address scoping rules or other During association setup no address scoping rules or other
limitations will be applied. This means that for an association A limitations will be applied. This means that for an association A
between two endpoints gE' and gE'' the following is true: between two endpoints gE' and gE'' the following is true:
skipping to change at page 36, line 12 skipping to change at page 32, line 12
These rules simply make sure that the rules for the endpoints and These rules simply make sure that the rules for the endpoints and
associations given above are always fulfilled. associations given above are always fulfilled.
Authors' Addresses Authors' Addresses
Randall R. Stewart Randall R. Stewart
Cisco Systems, Inc. Cisco Systems, Inc.
4875 Forest Drive 4875 Forest Drive
Suite 200 Suite 200
Columbia, SC 29206 Columbia, SC 29206
USA US
Phone: Phone:
Email: rrs@cisco.com Email: rrs@cisco.com
Michael A. Ramalho Michael A. Ramalho
Cisco Systems, Inc. Cisco Systems, Inc.
1802 Rue de la Porte 1802 Rue de la Porte
Wall Township, NJ 07719-3784 Wall Township, NJ 07719-3784
USA USA
skipping to change at page 38, line 41 skipping to change at page 34, line 41
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 85 change blocks. 
179 lines changed or deleted 153 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/