draft-ietf-tsvwg-addip-sctp-22.txt   rfc5061.txt 
Network Working Group R. Stewart Network Working Group R. Stewart
Internet-Draft Cisco Systems, Inc. Request for Comments: 5061 Cisco Systems, Inc.
Intended status: Standards Track Q. Xie Category: Standards Track Q. Xie
Expires: December 21, 2007 Motorola, Inc. Motorola, Inc.
M. Tuexen M. Tuexen
Univ. of Applied Sciences Muenster Univ. of Applied Sciences Muenster
S. Maruyama S. Maruyama
M. Kozuka M. Kozuka
Kyoto University Kyoto University
June 19, 2007 September 2007
Stream Control Transmission Protocol (SCTP) Dynamic Address
Reconfiguration
draft-ietf-tsvwg-addip-sctp-22.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 21, 2007. Stream Control Transmission Protocol (SCTP)
Dynamic Address Reconfiguration
Copyright Notice Status of This Memo
Copyright (C) The IETF Trust (2007). This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract Abstract
A local host may have multiple points of attachment to the Internet, A local host may have multiple points of attachment to the Internet,
giving it a degree of fault tolerance from hardware failures. Stream giving it a degree of fault tolerance from hardware failures. Stream
Control Transmission Protocol (SCTP) [I-D.ietf-tsvwg-2960bis] was Control Transmission Protocol (SCTP) (RFC 4960) was developed to take
developed to take full advantage of such a multi-homed host to full advantage of such a multi-homed host to provide a fast failover
provide a fast failover and association survivability in the face of and association survivability in the face of such hardware failures.
such hardware failures. This document describes an extension to SCTP This document describes an extension to SCTP that will allow an SCTP
that will allow an SCTP stack to dynamically add an IP Addresses to stack to dynamically add an IP address to an SCTP association,
an SCTP association, dynamically delete an IP addresses from an SCTP dynamically delete an IP address from an SCTP association, and to
association, and to request to set the primary address the peer will request to set the primary address the peer will use when sending to
use when sending to an endpoint. an endpoint.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Serial Number Arithmetic . . . . . . . . . . . . . . . . . . . 6 3. Serial Number Arithmetic . . . . . . . . . . . . . . . . . . . 4
4. Additional Chunks and Parameters . . . . . . . . . . . . . . . 6 4. Additional Chunks and Parameters . . . . . . . . . . . . . . . 4
4.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 6 4.1. New Chunk Types . . . . . . . . . . . . . . . . . . . . . 4
4.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 7 4.1.1. Address Configuration Change Chunk (ASCONF) . . . . . 5
4.1.2. Address Configuration Acknowledgment Chunk 4.1.2. Address Configuration Acknowledgment Chunk
(ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 8 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 6
4.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 9 4.2. New Parameter Types . . . . . . . . . . . . . . . . . . . 7
4.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 10 4.2.1. Add IP Address . . . . . . . . . . . . . . . . . . . . 8
4.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 11 4.2.2. Delete IP Address . . . . . . . . . . . . . . . . . . 9
4.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 12 4.2.3. Error Cause Indication . . . . . . . . . . . . . . . . 10
4.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 13 4.2.4. Set Primary IP Address . . . . . . . . . . . . . . . . 11
4.2.5. Success Indication . . . . . . . . . . . . . . . . . . 14 4.2.5. Success Indication . . . . . . . . . . . . . . . . . . 12
4.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 15 4.2.6. Adaptation Layer Indication . . . . . . . . . . . . . 13
4.2.7. Supported Extensions Parameter . . . . . . . . . . . . 15 4.2.7. Supported Extensions Parameter . . . . . . . . . . . . 13
4.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 16 4.3. New Error Causes . . . . . . . . . . . . . . . . . . . . . 14
4.3.1. Error Cause: Request to Delete Last Remaining IP 4.3.1. Error Cause: Request to Delete Last Remaining IP
Address . . . . . . . . . . . . . . . . . . . . . . . 17 Address . . . . . . . . . . . . . . . . . . . . . . . 15
4.3.2. Error Cause: Operation Refused Due to Resource 4.3.2. Error Cause: Operation Refused Due to Resource
Shortage . . . . . . . . . . . . . . . . . . . . . . . 17 Shortage . . . . . . . . . . . . . . . . . . . . . . . 15
4.3.3. Error Cause: Request to Delete Source IP Address . . . 18 4.3.3. Error Cause: Request to Delete Source IP Address . . . 16
4.3.4. Error Cause: Association Aborted due to illegal 4.3.4. Error Cause: Association Aborted Due to Illegal
ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 19 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 17
4.3.5. Error Cause: Request refused - no authorization. . . . 19 4.3.5. Error Cause: Request Refused - No Authorization. . . . 17
5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 20 5.1. ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 18
5.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 22 5.1.1. Congestion Control of ASCONF Chunks . . . . . . . . . 20
5.2. Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 23 5.2. Upon Reception of an ASCONF Chunk . . . . . . . . . . . . 21
5.3. General rules for address manipulation . . . . . . . . . . 26 5.3. General Rules for Address Manipulation . . . . . . . . . . 24
5.3.1. A special case for OOTB ABORT Chunks . . . . . . . . . 29 5.3.1. A Special Case for OOTB ABORT Chunks . . . . . . . . . 29
5.3.2. A special case for changing an address. . . . . . . . 30 5.3.2. A Special Case for Changing an Address . . . . . . . . 29
5.4. Setting of the primary address . . . . . . . . . . . . . . 30 5.4. Setting of the Primary Address . . . . . . . . . . . . . . 29
5.5. Bundling of multiple ASCONFs . . . . . . . . . . . . . . . 31 5.5. Bundling of Multiple ASCONFs . . . . . . . . . . . . . . . 30
6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 6. Security Considerations . . . . . . . . . . . . . . . . . . . 30
7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 34 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 35 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 36 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35
9.1. Normative References . . . . . . . . . . . . . . . . . . . 36 9.1. Normative References . . . . . . . . . . . . . . . . . . . 35
9.2. Informative References . . . . . . . . . . . . . . . . . . 36 9.2. Informative References . . . . . . . . . . . . . . . . . . 35
Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 37 Appendix A. Abstract Address Handling . . . . . . . . . . . . . . 36
A.1. General remarks . . . . . . . . . . . . . . . . . . . . . 37 A.1. General Remarks . . . . . . . . . . . . . . . . . . . . . 36
A.2. Generalized endpoints . . . . . . . . . . . . . . . . . . 37 A.2. Generalized Endpoints . . . . . . . . . . . . . . . . . . 36
A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 38 A.3. Associations . . . . . . . . . . . . . . . . . . . . . . . 37
A.4. Relationship with RFC 4960 . . . . . . . . . . . . . . . . 38 A.4. Relationship with RFC 4960 . . . . . . . . . . . . . . . . 38
A.5. Rules for address manipulation . . . . . . . . . . . . . . 39 A.5. Rules for Address Manipulation . . . . . . . . . . . . . . 38
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 39
Intellectual Property and Copyright Statements . . . . . . . . . . 41
1. Introduction 1. Introduction
A local host may have multiple points of attachment to the Internet, A local host may have multiple points of attachment to the Internet,
giving it a degree of fault tolerance from hardware failures. SCTP giving it a degree of fault tolerance from hardware failures. SCTP
was developed to take full advantage of such a multi-homed host to was developed to take full advantage of such a multi-homed host to
provide a fast failover and association survivability in the face of provide a fast failover and association survivability in the face of
such hardware failures. However, many modern computers allow for the such hardware failures. However, many modern computers allow for the
dynamic addition and deletion of network cards (sometimes termed a dynamic addition and deletion of network cards (sometimes termed a
hot-pluggable interface). Complicate this with the ability of a hot-pluggable interface). Complicate this with the ability of a
provider, in IPv6, to dynamically renumber a network, and there still provider, in IPv6, to dynamically renumber a network, and there still
is a gap between full fault tolerance and the currently defined SCTP is a gap between full-fault tolerance and the currently defined SCTP
protocol. No matter if a card is added or an interface is protocol. No matter if a card is added or an interface is
renumbered, in order to take advantage of this new configuration, the renumbered, in order to take advantage of this new configuration, the
transport association must be restarted. For many fault tolerant transport association must be restarted. For many fault-tolerant
applications this restart is considered an outage and is undesirable. applications this restart is considered an outage and is undesirable.
This document describes an extension to SCTP to attempt to correct This document describes an extension to SCTP to attempt to correct
this problem for the more demanding fault tolerant application. This this problem for the more demanding fault-tolerant application. This
extension will allow an SCTP stack to: extension will allow an SCTP stack to:
o Dynamically add an IP Addresses to an association. o Dynamically add an IP address to an association.
o Dynamically delete an IP Addresses from an association.
o Dynamically delete an IP address from an association.
o Request to set the primary address the peer will use when sending o Request to set the primary address the peer will use when sending
to an endpoint. to an endpoint.
The dynamic addition and subtraction of IP addresses allows an SCTP The dynamic addition and subtraction of IP addresses allows an SCTP
association to continue to function through host and network association to continue to function through host and network
reconfigurations. These changes, brought on by provider or user reconfigurations. These changes, brought on by provider or user
action, may mean that the peer would be better served by using the action, may mean that the peer would be better served by using the
newly added address, however this information may only be known by newly added address; however, this information may only be known by
the endpoint that had the reconfiguration occur. In such a case this the endpoint that had the reconfiguration occur. In such a case this
extension allows the local endpoint to advise the peer as to what it extension allows the local endpoint to advise the peer as to what it
thinks is the better primary address that the peer should be using. thinks is the better primary address that the peer should be using.
One last thing this extension adds is a small 32 bit integer, called One last thing this extension adds is a small, 32-bit integer called
an adaptation indication, that can be exchanged at startup. This is an adaptation indication that can be exchanged at startup. This is
useful for applications where there is one or more specific layers useful for applications where there are one or more specific layers
below the application, yet still above SCTP. In such a case the below the application, yet still above SCTP. In such a case, the
exchange of this indication can allow the proper layer to be enabled exchange of this indication can allow the proper layer to be enabled
below the application. below the application.
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Serial Number Arithmetic 3. Serial Number Arithmetic
It is essential to remember that the actual ASCONF Sequence Number It is essential to remember that the actual Address Configuration
space is finite, though very large. This space ranges from 0 to Change Chunk (ASCONF) Sequence Number space is finite, though very
2**32 - 1. Since the space is finite, all arithmetic dealing with large. This space ranges from 0 to 2**32 - 1. Since the space is
ASCONF Sequence Numbers MUST be performed modulo 2**32. This finite, all arithmetic dealing with ASCONF Sequence Numbers MUST be
unsigned arithmetic preserves the relationship of sequence numbers as performed modulo 2**32. This unsigned arithmetic preserves the
they cycle from 2**32 - 1 to 0 again. There are some subtleties to relationship of sequence numbers as they cycle from 2**32 - 1 to 0
computer modulo arithmetic, so great care should be taken in again. There are some subtleties to computer modulo arithmetic, so
programming the comparison of such values. When referring to ASCONF great care should be taken in programming the comparison of such
Sequence Numbers, the symbol "=<" means "less than or equal"(modulo values. When referring to ASCONF Sequence Numbers, the symbol "=<"
2**32). means "less than or equal"(modulo 2**32).
Comparisons and arithmetic on ASCONF sequence numbers in this Comparisons and arithmetic on ASCONF sequence numbers in this
document SHOULD use Serial Number Arithmetic as defined in [RFC1982] document SHOULD use Serial Number Arithmetic as defined in [RFC1982]
where SERIAL_BITS = 32. where SERIAL_BITS = 32.
ASCONF Sequence Numbers wrap around when they reach 2**32 - 1. That ASCONF Sequence Numbers wrap around when they reach 2**32 - 1. That
is, the next ASCONF Sequence Number an ASCONF chunk MUST use after is, the next ASCONF Sequence Number an ASCONF chunk MUST use after
transmitting ASCONF Sequence Number = 2**32 - 1 is 0. transmitting an ASCONF Sequence Number = 2**32 - 1 is 0.
Any arithmetic done on Stream Sequence Numbers SHOULD use Serial Any arithmetic done on Stream Sequence Numbers SHOULD use Serial
Number Arithmetic as defined in [RFC1982] where SERIAL_BITS = 16. Number Arithmetic (as defined in [RFC1982]) where SERIAL_BITS = 16.
All other arithmetic and comparisons in this document uses normal All other arithmetic and comparisons in this document use normal
arithmetic. arithmetic.
4. Additional Chunks and Parameters 4. Additional Chunks and Parameters
This section describes the addition of two new chunks and, seven new This section describes the addition of two new chunks and seven new
parameters to allow: parameters to allow:
o Dynamic addition of IP Addresses to an association. o Dynamic addition of IP addresses to an association.
o Dynamic deletion of IP Addresses from an association.
o Dynamic deletion of IP addresses from an association.
o A request to set the primary address the peer will use when o A request to set the primary address the peer will use when
sending to an endpoint. sending to an endpoint.
Additionally, this section describes three new error causes that Additionally, this section describes three new Error Causes that
support these new chunks and parameters. support these new chunks and parameters.
4.1. New Chunk Types 4.1. New Chunk Types
This section defines two new chunk types that will be used to This section defines two new chunk types that will be used to
transfer the control information reliably. Table 1 illustrates the transfer the control information reliably. Table 1 illustrates the
two new chunk types. two new chunk types.
Chunk Type Chunk Name Chunk Type Chunk Name
-------------------------------------------------------------- --------------------------------------------------------------
skipping to change at page 7, line 18 skipping to change at page 5, line 18
0x80 Address Configuration Acknowledgment (ASCONF-ACK) 0x80 Address Configuration Acknowledgment (ASCONF-ACK)
Table 1: Address Configuration Chunks Table 1: Address Configuration Chunks
4.1.1. Address Configuration Change Chunk (ASCONF) 4.1.1. Address Configuration Change Chunk (ASCONF)
This chunk is used to communicate to the remote endpoint one of the This chunk is used to communicate to the remote endpoint one of the
configuration change requests that MUST be acknowledged. The configuration change requests that MUST be acknowledged. The
information carried in the ASCONF Chunk uses the form of a Type- information carried in the ASCONF Chunk uses the form of a Type-
Length-Value (TLV), as described in "3.2.1 Optional/Variable-length Length-Value (TLV), as described in "3.2.1 Optional/Variable-length
Parameter Format" in [I-D.ietf-tsvwg-2960bis] for all variable Parameter Format" in [RFC4960] for all variable parameters. This
parameters. This chunk MUST be sent in an authenticated way by using chunk MUST be sent in an authenticated way by using the mechanism
the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk defined in [RFC4895]. If this chunk is received unauthenticated it
is received unauthenticated it MUST be silently discarded as MUST be silently discarded as described in [RFC4895].
described in [I-D.ietf-tsvwg-sctp-auth].
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0xC1 | Chunk Flags | Chunk Length | | Type = 0xC1 | Chunk Flags | Chunk Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Parameter | | Address Parameter |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF Parameter #1 | | ASCONF Parameter #1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \ \ \
/ .... / / .... /
\ \ \ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF Parameter #N | | ASCONF Parameter #N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sequence Number : 32 bits (unsigned integer) Sequence Number: 32 bits (unsigned integer)
This value represents a Sequence Number for the ASCONF Chunk. The This value represents a Sequence Number for the ASCONF Chunk. The
valid range of Sequence Number is from 0 to 4294967295 (2**32 - 1). valid range of a Sequence Number is from 0 to 4294967295 (2**32 - 1).
Sequence Numbers wrap back to 0 after reaching 4294967295. Sequence Numbers wrap back to 0 after reaching 4294967295.
Address Parameter : 8 or 20 bytes (depending on the address type) Address Parameter: 8 or 20 bytes (depending on the address type)
This field contains an address parameter, either IPv6 or IPv4, from This field contains an address parameter, either IPv6 or IPv4, from
[I-D.ietf-tsvwg-2960bis]. The address is an address of the sender of [RFC4960]. The address is an address of the sender of the ASCONF
the ASCONF Chunk, the address MUST be considered part of the Chunk; the address MUST be considered part of the association by the
association by the peer endpoint (the receiver of the ASCONF Chunk). peer endpoint (the receiver of the ASCONF Chunk). This field may be
This field may be used by the receiver of the ASCONF to help in used by the receiver of the ASCONF to help in finding the
finding the association. If the address 0.0.0.0 or ::0 is provided association. If the address 0.0.0.0 or ::0 is provided, the receiver
the receiver MAY lookup the association by other information provided MAY lookup the association by other information provided in the
in the packet. This parameter MUST be present in every ASCONF packet. This parameter MUST be present in every ASCONF message, i.e.
message, i.e. it is a mandatory TLV parameter. it is a mandatory TLV parameter.
Note: the host name address MUST NOT be sent and MUST be ignored if Note: The host name address MUST NOT be sent and MUST be ignored if
received in any ASCONF message. received in any ASCONF message.
It should be noted that the ASCONF Chunk format requires the receiver It should be noted that the ASCONF Chunk format requires the receiver
to report to the sender if it does not understand the ASCONF Chunk. to report to the sender if it does not understand the ASCONF Chunk.
This is accomplished by setting the upper bits in the chunk type as This is accomplished by setting the upper bits in the chunk type as
described in [I-D.ietf-tsvwg-2960bis]. section 3.2. Note that the described in [RFC4960], Section 3.2. Note that the upper two bits in
upper two bits in the ASCONF Chunk are set to one. As defined in the ASCONF Chunk are set to one. As defined in [RFC4960], Section
[I-D.ietf-tsvwg-2960bis] section 3.2, when setting these upper bits 3.2, when setting these upper bits in this manner the receiver that
in this manner the receiver that does not understand this chunk MUST does not understand this chunk MUST skip the chunk and continue
skip the chunk and continue processing, and report in an Operation processing, and report in an Operation Error Chunk using the
Error Chunk using the 'Unrecognized Chunk Type' cause of error. This 'Unrecognized Chunk Type' cause of error. This will NOT abort the
will NOT abort the association but indicates to the sender that it association but indicates to the sender that it MUST not send any
MUST not send any further ASCONF chunks. further ASCONF chunks.
ASCONF Parameter: TLV format ASCONF Parameter: TLV format
Each Address configuration change is represented by a TLV parameter Each address configuration change is represented by a TLV parameter,
as defined in Section 4.2. One or more requests may be present in an as defined in Section 4.2. One or more requests may be present in an
ASCONF Chunk. ASCONF Chunk.
4.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK) 4.1.2. Address Configuration Acknowledgment Chunk (ASCONF-ACK)
This chunk is used by the receiver of an ASCONF Chunk to acknowledge This chunk is used by the receiver of an ASCONF Chunk to acknowledge
the reception. It carries zero or more results for any ASCONF the reception. It carries zero or more results for any ASCONF
Parameters that were processed by the receiver. This chunk MUST be parameters that were processed by the receiver. This chunk MUST be
sent in an authenticated way by using the mechanism defined in sent in an authenticated way by using the mechanism defined in
[I-D.ietf-tsvwg-sctp-auth]. If this chunk is received [RFC4895]. If this chunk is received unauthenticated it MUST be
unauthenticated it MUST be silently discarded as described in silently discarded as described in [RFC4895].
[I-D.ietf-tsvwg-sctp-auth].
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x80 | Chunk Flags | Chunk Length | | Type = 0x80 | Chunk Flags | Chunk Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF Parameter Response#1 | | ASCONF Parameter Response#1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \ \ \
/ .... / / .... /
\ \ \ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF Parameter Response#N | | ASCONF Parameter Response#N |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sequence Number : 32 bits (unsigned integer) Sequence Number: 32 bits (unsigned integer)
This value represents the Sequence Number for the received ASCONF This value represents the Sequence Number for the received ASCONF
Chunk that is acknowledged by this chunk. This value is copied from Chunk that is acknowledged by this chunk. This value is copied from
the received ASCONF Chunk. the received ASCONF Chunk.
ASCONF Parameter Response : TLV format ASCONF Parameter Response: TLV format
The ASCONF Parameter Response is used in the ASCONF-ACK to report The ASCONF Parameter Response is used in the ASCONF-ACK to report the
status of ASCONF processing. By default, if a responding endpoint status of ASCONF processing. By default, if a responding endpoint
does not include any Error Cause, a success is indicated. Thus a does not include any Error Cause, a success is indicated. Thus a
sender of an ASCONF-ACK MAY indicate complete success of all TLVs in sender of an ASCONF-ACK MAY indicate complete success of all TLVs in
an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length
(set to 8) and the Sequence Number. (set to 8), and the Sequence Number.
4.2. New Parameter Types 4.2. New Parameter Types
The seven new parameters added follow the format defined in section The seven new parameters added follow the format defined in Section
3.2.1 of [I-D.ietf-tsvwg-2960bis]. Tables 2, 3 and 4 describe the 3.2.1 of [RFC4960]. Tables 2, 3, and 4 describe the parameters.
parameters.
Address Configuration Parameters Parameter Type Address Configuration Parameters Parameter Type
------------------------------------------------- -------------------------------------------------
Set Primary Address 0xC004 Set Primary Address 0xC004
Adaptation Layer Indication 0xC006 Adaptation Layer Indication 0xC006
Supported Extensions 0x8008 Supported Extensions 0x8008
Table 2: Parameters that can be used in INIT/INIT-ACK chunk Table 2: Parameters That Can Be Used in an INIT/INIT-ACK Chunk
Address Configuration Parameters Parameter Type Address Configuration Parameters Parameter Type
------------------------------------------------- -------------------------------------------------
Add IP Address 0xC001 Add IP Address 0xC001
Delete IP Address 0xC002 Delete IP Address 0xC002
Set Primary Address 0xC004 Set Primary Address 0xC004
Table 3: Parameters used in ASCONF Parameter Table 3: Parameters Used in an ASCONF Parameter
Address Configuration Parameters Parameter Type Address Configuration Parameters Parameter Type
------------------------------------------------- -------------------------------------------------
Error Cause Indication 0xC003 Error Cause Indication 0xC003
Success Indication 0xC005 Success Indication 0xC005
Table 4: Parameters used in ASCONF Parameter Response Table 4: Parameters Used in an ASCONF Parameter Response
Any parameter that appears where it is not allowed (for example a Any parameter that appears where it is not allowed (for example, a
0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be
responded to with an ABORT by the receiver of the invalid parameter. responded to with an ABORT by the receiver of the invalid parameter.
If the receiver chooses NOT to abort, the parameter MUST be ignored. If the receiver chooses NOT to abort, the parameter MUST be ignored.
A robust implementation SHOULD ignore the parameter and leave the A robust implementation SHOULD ignore the parameter and leave the
association intact. association intact.
4.2.1. Add IP Address 4.2.1. Add IP Address
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 10, line 42 skipping to change at page 8, line 42
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF-Request Correlation ID | | ASCONF-Request Correlation ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Parameter | | Address Parameter |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ASCONF-Request Correlation ID: 32 bits ASCONF-Request Correlation ID: 32 bits
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. The receiver of the ASCONF Chunk will copy this request parameter. The receiver of the ASCONF Chunk will copy this
32 bit value into the ASCONF Response Correlation ID field of the 2-bit value into the ASCONF Response Correlation ID field of the
ASCONF-ACK response parameter. The sender of the ASCONF can use this ASCONF-ACK response parameter. The sender of the ASCONF can use this
same value in the ASCONF-ACK to find which request the response is same value in the ASCONF-ACK to find which request the response is
for. Note that the receiver MUST NOT change this 32 bit value. for. Note that the receiver MUST NOT change this 32-bit value.
Address Parameter: TLV Address Parameter: TLV
This field contains an IPv4 or IPv6 address parameter as described in This field contains an IPv4 or IPv6 address parameter as described in
3.3.2.1 of [I-D.ietf-tsvwg-2960bis]. The complete TLV is wrapped Section 3.3.2.1 of [RFC4960]. The complete TLV is wrapped within
within this parameter. It informs the receiver that the address this parameter. It informs the receiver that the address specified
specified is to be added to the existing association. This parameter is to be added to the existing association. This parameter MUST NOT
MUST NOT contain a broadcast or multicast address. If the address contain a broadcast or multicast address. If the address 0.0.0.0 or
0.0.0.0 or ::0 is provided, the source address of the packet MUST be ::0 is provided, the source address of the packet MUST be added.
added.
An example TLV requesting that the IPv4 address 192.0.2.1 be added to An example TLV requesting that the IPv4 address 192.0.2.1 be added to
the association would look as follows: the association would look as follows:
+--------------------------------+ +--------------------------------+
| Type=0xC001 | Length = 16 | | Type=0xC001 | Length = 16 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023474 | | C-ID = 0x01023474 |
+--------------------------------+ +--------------------------------+
| Type=5 | Length = 8 | | Type=5 | Length = 8 |
skipping to change at page 11, line 45 skipping to change at page 9, line 48
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF-Request Correlation ID | | ASCONF-Request Correlation ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Parameter | | Address Parameter |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ASCONF-Request Correlation ID: 32 bits ASCONF-Request Correlation ID: 32 bits
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. The receiver of the ASCONF Chunk will copy this request parameter. The receiver of the ASCONF Chunk will copy this
32 bit value into the ASCONF Response Correlation ID field of the 32-bit value into the ASCONF Response Correlation ID field of the
ASCONF-ACK response parameter. The sender of the ASCONF can use this ASCONF-ACK response parameter. The sender of the ASCONF can use this
same value in the ASCONF-ACK to find which request the response is same value in the ASCONF-ACK to find which request the response is
for. Note that the receiver MUST NOT change this 32 bit value. for. Note that the receiver MUST NOT change this 32-bit value.
Address Parameter: TLV Address Parameter: TLV
This field contains an IPv4 or IPv6 address parameter as described in
3.3.2.1 of [I-D.ietf-tsvwg-2960bis]. The complete TLV is wrapped This field contains an IPv4 or IPv6 address parameter, as described
within this parameter. It informs the receiver that the address in Section 3.3.2.1 of [RFC4960]. The complete TLV is wrapped within
specified is to be removed from the existing association. This this parameter. It informs the receiver that the address specified
parameter MUST NOT contain a broadcast or multicast address. If the is to be removed from the existing association. This parameter MUST
address 0.0.0.0 or ::0 is provided, all addresses of the peer except NOT contain a broadcast or multicast address. If the address 0.0.0.0
the source address of the packet MUST be deleted. or ::0 is provided, all addresses of the peer except the source
address of the packet MUST be deleted.
An example TLV deleting the IPv4 address 192.0.2.1 from an existing An example TLV deleting the IPv4 address 192.0.2.1 from an existing
association would look as follows: association would look as follows:
+--------------------------------+ +--------------------------------+
| Type=0xC002 | Length = 16 | | Type=0xC002 | Length = 16 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023476 | | C-ID = 0x01023476 |
+--------------------------------+ +--------------------------------+
| Type=5 | Length = 8 | | Type=5 | Length = 8 |
skipping to change at page 12, line 46 skipping to change at page 10, line 49
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF-Response Correlation ID | | ASCONF-Response Correlation ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Cause(s) or Success Indication | | Error Cause(s) or Success Indication |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ASCONF-Response Correlation ID: 32 bits ASCONF-Response Correlation ID: 32 bits
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. The receiver of the ASCONF Chunk will copy this request parameter. The receiver of the ASCONF Chunk will copy this
32 bit value from the ASCONF-Request Correlation ID into the ASCONF 32-bit value from the ASCONF-Request Correlation ID into the ASCONF
Response Correlation ID field so the peer can easily correlate the Response Correlation ID field so the peer can easily correlate the
request to this response. Note that the receiver MUST NOT change request to this response. Note that the receiver MUST NOT change
this 32 bit value. this 32-bit value.
Error Cause(s): TLV(s) Error Cause(s): TLV(s)
When reporting an error this response parameter is used to wrap one
or more standard error causes normally found within an SCTP When reporting an error, this response parameter is used to wrap one
Operational Error or SCTP Abort (as defined in or more standard Error Causes normally found within an SCTP
[I-D.ietf-tsvwg-2960bis]). The Error Cause(s) follow the format Operational Error or SCTP Abort (as defined in [RFC4960]). The Error
defined in section 3.3.10 of [I-D.ietf-tsvwg-2960bis]. Cause(s) follow the format defined in Section 3.3.10 of [RFC4960].
Valid Chunk Appearance Valid Chunk Appearance
The Error Cause Indication parameter may only appear in the ASCONF- The Error Cause Indication parameter may only appear in the ASCONF-
ACK Chunk type. ACK Chunk Type.
4.2.4. Set Primary IP Address 4.2.4. Set Primary IP Address
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type =0xC004 | Length = Variable | | Type =0xC004 | Length = Variable |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF-Request Correlation ID | | ASCONF-Request Correlation ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Parameter | | Address Parameter |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ASCONF-Request Correlation ID: 32 bits ASCONF-Request Correlation ID: 32 bits
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. The receiver of the ASCONF Chunk will copy this request parameter. The receiver of the ASCONF Chunk will copy this
32 bit value into the ASCONF Response Correlation ID field of the 32-bit value into the ASCONF Response Correlation ID field of the
ASCONF-ACK response parameter. The sender of the ASCONF can use this ASCONF-ACK response parameter. The sender of the ASCONF can use this
same value in the ASCONF-ACK to find which request the response is same value in the ASCONF-ACK to find which request the response is
for. Note that the receiver MUST NOT change this 32 bit value. for. Note that the receiver MUST NOT change this 32-bit value.
Address Parameter: TLV Address Parameter: TLV
This field contains an IPv4 or IPv6 address parameter as described in This field contains an IPv4 or IPv6 address parameter as described in
3.3.2.1 of [I-D.ietf-tsvwg-2960bis]. The complete TLV is wrapped Section 3.3.2.1 of [RFC4960]. The complete TLV is wrapped within
within this parameter. It requests the receiver to mark the this parameter. It requests the receiver to mark the specified
specified address as the primary address to send data to (see section address as the primary address to send data to (see Section 5.1.2 of
5.1.2 of [I-D.ietf-tsvwg-2960bis]). The receiver MAY mark this as [RFC4960]). The receiver MAY mark this as its primary address upon
its primary upon receiving this request. If the address 0.0.0.0 or receiving this request. If the address 0.0.0.0 or ::0 is provided,
::0 is provided, the receiver MAY mark the source address of the the receiver MAY mark the source address of the packet as its
packet as its primary. primary.
An example TLV requesting that the IPv4 address 192.0.2.1 be made the An example TLV requesting that the IPv4 address 192.0.2.1 be made the
primary destination address would look as follows: primary destination address would look as follows:
+--------------------------------+ +--------------------------------+
| Type=0xC004 | Length = 16 | | Type=0xC004 | Length = 16 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023479 | | C-ID = 0x01023479 |
+--------------------------------+ +--------------------------------+
| Type=5 | Length = 8 | | Type=5 | Length = 8 |
+----------------+---------------+ +----------------+---------------+
| Value=0xC0000201 | | Value=0xC0000201 |
+----------------+---------------+ +----------------+---------------+
Valid Chunk Appearance Valid Chunk Appearance
The Set Primary IP Address parameter may appear in the ASCONF, the The Set Primary IP Address parameter may appear in the ASCONF, the
INIT, or the INIT-ACK chunk type. The inclusion of this parameter in INIT, or the INIT-ACK Chunk Type. The inclusion of this parameter in
the INIT or INIT-ACK can be used to indicate an initial preference of the INIT or INIT-ACK can be used to indicate an initial preference of
primary address. primary address.
4.2.5. Success Indication 4.2.5. Success Indication
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0xC005 | Length = 8 | | Type = 0xC005 | Length = 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCONF-Response Correlation ID | | ASCONF-Response Correlation ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
By default if a responding endpoint does not report an error for any By default, if a responding endpoint does not report an error for any
requested TLV, a success is implicitly indicated. Thus a sender of a requested TLV, a success is implicitly indicated. Thus, a sender of
ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by an ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF
returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) by returning only the Chunk Type, Chunk Flags, Chunk Length (set to
and the Sequence Number. 8), and the Sequence Number.
The responding endpoint MAY also choose to explicitly report a The responding endpoint MAY also choose to explicitly report a
success for a requested TLV, by returning a success report ASCONF success for a requested TLV, by returning a success report ASCONF
Parameter Response. Parameter Response.
ASCONF-Response Correlation ID: 32 bits ASCONF-Response Correlation ID: 32 bits
This is an opaque integer assigned by the sender to identify each This is an opaque integer assigned by the sender to identify each
request parameter. The receiver of the ASCONF Chunk will copy this request parameter. The receiver of the ASCONF Chunk will copy this
32 bit value from the ASCONF-Request Correlation ID into the ASCONF 32-bit value from the ASCONF-Request Correlation ID into the ASCONF
Response Correlation ID field so the peer can easily correlate the Response Correlation ID field so the peer can easily correlate the
request to this response. request to this response.
Valid Chunk Appearance Valid Chunk Appearance
The Success Indication parameter may only appear in the ASCONF-ACK The Success Indication parameter may only appear in the ASCONF-ACK
chunk type. Chunk Type.
4.2.6. Adaptation Layer Indication 4.2.6. Adaptation Layer Indication
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type =0xC006 | Length = 8 | | Type =0xC006 | Length = 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Adaptation Code point | | Adaptation Code point |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This parameter is specified for the communication of peer upper layer This parameter is specified for the communication of peer upper-layer
protocols. It is envisioned to be used for flow control and other protocols. It is envisioned to be used for flow control and other
adaptation layers that require an indication to be carried in the adaptation layers that require an indication to be carried in the
INIT and INIT-ACK. Each adaptation layer that is defined that wishes INIT and INIT-ACK. Each adaptation layer that is defined that wishes
to use this parameter MUST specify an adaptation code point in an to use this parameter MUST specify an adaptation code point in an
appropriate RFC defining its use and meaning. This parameter SHOULD appropriate RFC defining its use and meaning. This parameter SHOULD
NOT be examined by the receiving SCTP implementation and should be NOT be examined by the receiving SCTP implementation and should be
passed opaquely to the upper layer protocol. passed opaquely to the upper-layer protocol.
Note: this parameter is not used in either the addition or deletion Note: This parameter is not used in either the addition or deletion
of addresses but is for the convenience of the upper layer. This of addresses but is for the convenience of the upper layer. This
document includes this parameter to minimize the number of SCTP document includes this parameter to minimize the number of SCTP
documents. documents.
Valid Chunk Appearance Valid Chunk Appearance
The Adaptation Layer Indication parameter may appear in INIT or INIT- The Adaptation Layer Indication parameter may appear in INIT or INIT-
ACK chunk and SHOULD be passed to the receivers upper layer protocol ACK chunk and SHOULD be passed to the receiver's upper-layer protocol
based upon the upper layer protocol configuration of the SCTP stack. based upon the upper-layer protocol configuration of the SCTP stack.
This parameter MUST NOT be sent in any other chunks and if it is This parameter MUST NOT be sent in any other chunks, and if it is
received in another chunk it MUST be ignored. received in another chunk, it MUST be ignored.
4.2.7. Supported Extensions Parameter 4.2.7. Supported Extensions Parameter
This parameter is used at startup to identify any additional This parameter is used at startup to identify any additional
extensions that the sender supports. The sender MUST support both extensions that the sender supports. The sender MUST support both
the sending and the receiving of any chunk types listed within the the sending and the receiving of any chunk types listed within the
Supported Extensions Parameter. An implementation supporting this Supported Extensions Parameter. An implementation supporting this
extension MUST list the ASCONF,the ASCONF-ACK, and the AUTH chunks in extension MUST list the ASCONF,the ASCONF-ACK, and the AUTH chunks in
its INIT and INIT-ACK parameters. its INIT and INIT-ACK parameters.
skipping to change at page 16, line 17 skipping to change at page 14, line 17
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Parameter Type = 0x8008 | Parameter Length | | Parameter Type = 0x8008 | Parameter Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| CHUNK TYPE 1 | CHUNK TYPE 2 | CHUNK TYPE 3 | CHUNK TYPE 4 | | CHUNK TYPE 1 | CHUNK TYPE 2 | CHUNK TYPE 3 | CHUNK TYPE 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .... | | .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| CHUNK TYPE N | PAD | PAD | PAD | | CHUNK TYPE N | PAD | PAD | PAD |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameter Type This field holds the IANA defined parameter type for Parameter Type This field holds the IANA-defined parameter type for
Supported Extensions Parameter. The suggested value of this field the Supported Extensions Parameter. The value of this field is
for IANA is 0x8008. 0x8008.
Parameter Type Length This field holds the length of the parameter, Parameter Type Length This field holds the length of the parameter,
including the Parameter Type, Parameter Length and any addition including the Parameter Type, Parameter Length, and any additional
supported extensions. Note: the length MUST NOT include any padding. supported extensions. Note: The length MUST NOT include any padding.
CHUNK TYPE X This field(s) hold the chunk type of any SCTP CHUNK TYPE X This field(s) hold the chunk type of any SCTP
extension(s) that are currently supported by the sending SCTP. extension(s) that are currently supported by the sending SCTP.
Multiple chunk types may be defined listing each additional feature Multiple chunk types may be defined listing each additional feature
that the sender supports. The sender MUST NOT include multiple that the sender supports. The sender MUST NOT include multiple
Supported Extensions Parameter within any chunk. Supported Extensions Parameter within any chunk.
Parameter Appearance This parameter may appear in the INIT or INIT- Parameter Appearance This parameter may appear in the INIT or INIT-
ACK chunk. This parameter MUST NOT appear in any other chunk. ACK chunk. This parameter MUST NOT appear in any other chunk.
4.3. New Error Causes 4.3. New Error Causes
Five new Error Causes are added to the SCTP Operational Errors, Five new Error Causes are added to the SCTP Operational Errors,
primarily for use in the ASCONF-ACK Chunk. primarily for use in the ASCONF-ACK Chunk.
Cause Code Cause Code
Value Cause Code Value Cause Code
--------- ---------------- --------- ----------------
0x0100 Request to Delete Last Remaining IP Address. 0x00A0 Request to Delete Last Remaining IP Address
0x0101 Operation Refused Due to Resource Shortage. 0x00A1 Operation Refused Due to Resource Shortage
0x0102 Request to Delete Source IP Address. 0x00A2 Request to Delete Source IP Address
0x0103 Association Aborted due to illegal ASCONF-ACK. 0x00A3 Association Aborted Due to Illegal ASCONF-ACK
0x0104 Request refused - no authorization. 0x00A4 Request Refused - No Authorization
Table 5: New Error Causes Table 5: New Error Causes
4.3.1. Error Cause: Request to Delete Last Remaining IP Address 4.3.1. Error Cause: Request to Delete Last Remaining IP Address
Cause of error Cause of error
Request to Delete Last Remaining IP address: The receiver of this Request to Delete Last Remaining IP Address: The receiver of this
error sent a request to delete the last IP address from its error sent a request to delete the last IP address from its
association with its peer. This error indicates that the request is association with its peer. This error indicates that the request is
rejected. rejected.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cause Code=0x0100 | Cause Length=Variable | | Cause Code=0x00A0 | Cause Length=Variable |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ TLV-Copied-From-ASCONF / \ TLV-Copied-From-ASCONF /
/ \ / \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
An example of a failed delete in an Error Cause TLV would look as An example of a failed delete in an Error Cause TLV would look as
follows in the response ASCONF-ACK message: follows in the response ASCONF-ACK message:
+--------------------------------+ +--------------------------------+
| Type = 0xC003 | Length = 28 | | Type = 0xC003 | Length = 28 |
+----------------+---------------+ +----------------+---------------+
| C-ID = 0x01023476 | | C-ID = 0x01023476 |
+--------------------------------+ +--------------------------------+
| Cause=0x0100 | Length = 20 | | Cause=0x00A0 | Length = 20 |
+----------------+---------------+ +----------------+---------------+
| Type= 0xC002 | Length = 16 | | Type= 0xC002 | Length = 16 |
+----------------+---------------+ +----------------+---------------+
| C-ID = 0x01023476 | | C-ID = 0x01023476 |
+--------------------------------+ +--------------------------------+
| Type=0x0005 | Length = 8 | | Type=0x0005 | Length = 8 |
+----------------+---------------+ +----------------+---------------+
| Value=0xC0000201 | | Value=0xC0000201 |
+----------------+---------------+ +----------------+---------------+
4.3.2. Error Cause: Operation Refused Due to Resource Shortage 4.3.2. Error Cause: Operation Refused Due to Resource Shortage
Cause of error Cause of error
This error cause is used to report a failure by the receiver to This Error Cause is used to report a failure by the receiver to
perform the requested operation due to a lack of resources. The perform the requested operation due to a lack of resources. The
entire TLV that is refused is copied from the ASCONF into the error entire TLV that is refused is copied from the ASCONF into the Error
cause. Cause.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cause Code=0x0101 | Cause Length=Variable | | Cause Code=0x00A1 | Cause Length=Variable |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ TLV-Copied-From-ASCONF / \ TLV-Copied-From-ASCONF /
/ \ / \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
An example of a failed addition in an Error Cause TLV would look as An example of a failed addition in an Error Cause TLV would look as
follows in the response ASCONF-ACK message: follows in the response ASCONF-ACK message:
+--------------------------------+ +--------------------------------+
| Type = 0xC003 | Length = 28 | | Type = 0xC003 | Length = 28 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023474 | | C-ID = 0x01023474 |
+--------------------------------+ +--------------------------------+
| Cause=0x0101 | Length = 20 | | Cause=0x00A1 | Length = 20 |
+----------------+---------------+ +----------------+---------------+
| Type=0xC001 | Length = 16 | | Type=0xC001 | Length = 16 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023474 | | C-ID = 0x01023474 |
+--------------------------------+ +--------------------------------+
| Type=0x0005 | Length = 8 | | Type=0x0005 | Length = 8 |
+----------------+---------------+ +----------------+---------------+
| Value=0xC0000201 | | Value=0xC0000201 |
+----------------+---------------+ +----------------+---------------+
skipping to change at page 18, line 44 skipping to change at page 16, line 44
Cause of error Cause of error
Request to Delete Source IP Address: The receiver of this error sent Request to Delete Source IP Address: The receiver of this error sent
a request to delete the source IP address of the ASCONF message. a request to delete the source IP address of the ASCONF message.
This error indicates that the request is rejected. This error indicates that the request is rejected.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cause Code=0x0102 | Cause Length=Variable | | Cause Code=0x00A2 | Cause Length=Variable |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ TLV-Copied-From-ASCONF / \ TLV-Copied-From-ASCONF /
/ \ / \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
An example of a failed delete in an Error Cause TLV would look as An example of a failed delete in an Error Cause TLV would look as
follows in the response ASCONF-ACK message: follows in the response ASCONF-ACK message:
+--------------------------------+ +--------------------------------+
| Type = 0xC003 | Length = 28 | | Type = 0xC003 | Length = 28 |
+--------------------------------+ +--------------------------------+
| C-ID = 0x01023476 | | C-ID = 0x01023476 |
+--------------------------------+ +--------------------------------+
| Cause=0x0102 | Length = 20 | | Cause=0x00A2 | Length = 20 |
+----------------+---------------+ +----------------+---------------+
| Type=0xC002 | Length = 16 | | Type=0xC002 | Length = 16 |
+----------------+---------------+ +----------------+---------------+
| C-ID = 0x01023476 | | C-ID = 0x01023476 |
+--------------------------------+ +--------------------------------+
| Type=0x0005 | Length = 8 | | Type=0x0005 | Length = 8 |
+----------------+---------------+ +----------------+---------------+
| Value=0xC0000201 | | Value=0xC0000201 |
+----------------+---------------+ +----------------+---------------+
IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a
packet from the address being deleted, unless the endpoint does not packet from the address being deleted, unless the endpoint does not
do proper source address selection. do proper source address selection.
4.3.4. Error Cause: Association Aborted due to illegal ASCONF-ACK 4.3.4. Error Cause: Association Aborted Due to Illegal ASCONF-ACK
This error is to be included in an ABORT that is generated due to the This error is to be included in an ABORT that is generated due to the
reception of an ASCONF-ACK that was not expected but is larger than reception of an ASCONF-ACK that was not expected but is larger than
the current sequence number (see Section 5.3 Rule F0 ). Note: that a the current Sequence Number (see Section 5.3, Rule F0 ). Note that a
sequence number is larger than the last ACKed sequence number if it Sequence Number is larger than the last acked Sequence Number if it
is either the next sequence or no more than 2**31-1 greater than the is either the next sequence or no more than 2**31-1 greater than the
current sequence number. Sequence numbers smaller than the last current Sequence Number. Sequence Numbers smaller than the last
acked sequence number are silently ignored. acked Sequence Number are silently ignored.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cause Code=0x0103 | Cause Length=4 | | Cause Code=0x00A3 | Cause Length=4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4.3.5. Error Cause: Request refused - no authorization. 4.3.5. Error Cause: Request Refused - No Authorization.
Cause of error Cause of error
This error cause may be included to reject a request based on local This Error Cause may be included to reject a request based on local
security policies. security policies.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cause Code=0x0104 | Cause Length=Variable | | Cause Code=0x00A4 | Cause Length=Variable |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ TLV-Copied-From-ASCONF / \ TLV-Copied-From-ASCONF /
/ \ / \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5. Procedures 5. Procedures
This section will lay out the specific procedures for address This section will lay out the specific procedures for address-
configuration change chunk type and its processing. configuration change chunk type and its processing.
5.1. ASCONF Chunk Procedures 5.1. ASCONF Chunk Procedures
When an endpoint has an ASCONF signaled change to be sent to the When an endpoint has an ASCONF signaled change to be sent to the
remote endpoint it MUST do the following: remote endpoint, it MUST do the following:
A1) Create an ASCONF Chunk as defined in Section 4.1.1. The chunk A1) Create an ASCONF Chunk as defined in Section 4.1.1. The chunk
MUST contain all of the TLV(s) of information necessary to be sent MUST contain all of the TLV(s) of information necessary to be
to the remote endpoint, and unique correlation identities for each sent to the remote endpoint, and unique correlation identities
request. for each request.
A2) A sequence number MUST be assigned to the Chunk. The sequence A2) A Sequence Number MUST be assigned to the Chunk. The Sequence
number MUST be larger by one. The sequence number MUST be Number MUST be larger by one. The Sequence Number MUST be
initialized at the start of the association to the same value as initialized at the start of the association to the same value as
the Initial TSN and every time a new ASCONF Chunk is created it the Initial Transmission Sequence Number (TSN) and every time a
MUST be incremented by one after assigning the sequence number to new ASCONF Chunk is created, it MUST be incremented by one after
the newly created chunk . assigning the Sequence Number to the newly created chunk.
A3) If no SCTP packet with one or more ASCONF Chunk(s) is A3) If no SCTP packet with one or more ASCONF Chunk(s) is
outstanding (un-acknowledged) with the remote peer, send the chunk outstanding (unacknowledged) with the remote peer, send the
and proceed to step A4. If an ASCONF chunk is outstanding, then chunk and proceed to step A4. If an ASCONF chunk is
the ASCONF chunk should be queued for later transmission and no outstanding, then the ASCONF chunk should be queued for later
further action should be taken until the previous ASCONF is transmission and no further action should be taken until the
acknowledged or a time out occurs. previous ASCONF is acknowledged or a timeout occurs.
A4) The sender MUST Start a T-4 RTO timer, using the RTO value of A4) The sender MUST Start a T-4 Retransmission Timeout (RTO) timer,
the selected destination address (normally the primary path; see using the RTO value of the selected destination address
[I-D.ietf-tsvwg-2960bis] section 6.4 for details). (normally the primary path; see [RFC4960], Section 6.4 for
details).
A5) When the ASCONF-ACK that acknowledges the sequence number last A5) When the ASCONF-ACK that acknowledges the Sequence Number last
sent arrives, the sender MUST stop the T-4 RTO timer, and clear sent arrives, the sender MUST stop the T-4 RTO timer, and clear
the appropriate association and destination error counters as the appropriate association and destination error counters as
defined in [I-D.ietf-tsvwg-2960bis] section 8.1 and 8.2. defined in [RFC4960], Sections 8.1 and 8.2.
A6) The endpoint MUST process all of the TLVs within the ASCONF- A6) The endpoint MUST process all of the TLVs within the ASCONF-
ACK(s) to find out particular status information returned to the ACK(s) to find out particular status information returned to the
various requests that were sent. Use the Correlation IDs to various requests that were sent. Use the Correlation IDs to
correlate the request and the responses. correlate the request and the responses.
A7) If an error response is received for a TLV parameter, all TLVs A7) If an error response is received for a TLV parameter, all TLVs
with no response before the failed TLV are considered successful with no response before the failed TLV are considered successful
if not reported. All TLVs after the failed response are if not reported. All TLVs after the failed response are
considered unsuccessful unless a specific success indication is considered unsuccessful unless a specific success indication is
present for the parameter. present for the parameter.
A8) If there is no response(s) to specific TLV parameter(s), and no A8) If there is no response(s) to specific TLV parameter(s), and no
failures are indicated, then all request(s) are considered failures are indicated, then all request(s) are considered
successful. successful.
A9) If the peer responds to an ASCONF with an ERROR chunk reporting A9) If the peer responds to an ASCONF with an ERROR Chunk reporting
that it did not recognize the ASCONF Chunk type, the sender of the that it did not recognize the ASCONF Chunk Type, the sender of
ASCONF MUST NOT send any further ASCONF Chunks and MUST stop its the ASCONF MUST NOT send any further ASCONF Chunks and MUST stop
T-4 timer. its T-4 timer.
If the T-4 RTO timer expires the endpoint MUST do the following: If the T-4 RTO timer expires the endpoint MUST do the following:
B1) Increment the error counters and perform path failure detection B1) Increment the error counters and perform path failure detection
on the appropriate destination address as defined in on the appropriate destination address as defined in [RFC4960],
[I-D.ietf-tsvwg-2960bis] section 8.1 and 8.2. Sections 8.1 and 8.2.
B2) Increment the association error counters and perform endpoint B2) Increment the association error counters and perform endpoint
failure detection on the association as defined in failure detection on the association as defined in [RFC4960],
[I-D.ietf-tsvwg-2960bis] section 8.1 and 8.2. Sections 8.1 and 8.2.
B3) Back-off the destination address RTO value to which the ASCONF B3) Backoff the destination address RTO value to which the ASCONF
chunk was sent by doubling the RTO timer value. chunk was sent by doubling the RTO timer value.
Note: The RTO value is used in the setting of all timer types for Note: The RTO value is used in the setting of all timer types
SCTP. Each destination address has a single RTO estimate. for SCTP. Each destination address has a single RTO estimate.
B4) Re-transmit the ASCONF Chunk last sent and if possible choose an B4) Re-transmit the ASCONF Chunk last sent and if possible choose an
alternate destination address (please refer to alternate destination address (please refer to [RFC4960],
[I-D.ietf-tsvwg-2960bis] section 6.4.1). An endpoint MUST NOT add Section 6.4.1). An endpoint MUST NOT add new parameters to this
new parameters to this chunk, it MUST be the same (including its chunk; it MUST be the same (including its Sequence Number) as
sequence number) as the last ASCONF sent. An endpoint MAY, the last ASCONF sent. An endpoint MAY, however, bundle an
however, bundle an additional ASCONF with new ASCONF parameters additional ASCONF with new ASCONF parameters with the next
with the next sequence number. For details see Section 5.5 Sequence Number. For details, see Section 5.5.
B5) Restart the T-4 RTO timer. Note: that if a different B5) Restart the T-4 RTO timer. Note that if a different destination
destination is selected, then the RTO used will be that of the new is selected, then the RTO used will be that of the new
destination address. destination address.
Note: the total number of re-transmissions is limited by B2 above. Note: The total number of retransmissions is limited by B2 above. If
If the maximum is reached, the association will fail and enter into the maximum is reached, the association will fail and enter into the
the CLOSED state (see [I-D.ietf-tsvwg-2960bis] section 6.4.1 for CLOSED state (see [RFC4960], Section 6.4.1 for details).
details).
5.1.1. Congestion Control of ASCONF Chunks 5.1.1. Congestion Control of ASCONF Chunks
In defining the ASCONF Chunk transfer procedures, it is essential In defining the ASCONF Chunk transfer procedures, it is essential
that these transfers MUST NOT cause congestion within the network. that these transfers MUST NOT cause congestion within the network.
To achieve this, we place these restrictions on the transfer of To achieve this, we place these restrictions on the transfer of
ASCONF Chunks: ASCONF Chunks:
C1) One and only one SCTP packet holding ASCONF Chunk(s) MAY be in C1) One and only one SCTP packet-holding ASCONF Chunk(s) MAY be in
transit and unacknowledged at any one time. If a sender, after transit and unacknowledged at any one time. If a sender, after
sending an ASCONF chunk, decides it needs to transfer another sending an ASCONF chunk, decides it needs to transfer another
ASCONF Chunk, it MUST wait until the ASCONF-ACK Chunk returns from ASCONF Chunk, it MUST wait until the ASCONF-ACK Chunk returns
the previous ASCONF Chunk before sending a subsequent ASCONF. from the previous ASCONF Chunk before sending a subsequent
Note: this restriction binds each side, so at any time two ASCONF ASCONF. Note: This restriction binds each side, so at any time,
may be in-transit on any given association (one sent from each two ASCONF may be in-transit on any given association (one sent
endpoint). However when an ASCONF Chunk is retransmitted due to a from each endpoint). However, when an ASCONF Chunk is
time-out, the additional held ASCONF Chunks can be bundled into retransmitted due to a time-out, the additionally held ASCONF
the retransmission packet as described in Section 5.5. Chunks can be bundled into the retransmission packet as
described in Section 5.5.
C2) An ASCONF Chunk may be bundled with any other chunk type C2) An ASCONF Chunk may be bundled with any other chunk type
including other ASCONF Chunks. If bundled with other ASCONF including other ASCONF Chunks. If bundled with other ASCONF
Chunks, the chunks MUST appear in sequential order with respect to Chunks, the chunks MUST appear in sequential order with respect
their Sequence Number. to their Sequence Number.
C3) An ASCONF-ACK Chunk may be bundled with any other chunk type C3) An ASCONF-ACK Chunk may be bundled with any other chunk type
including other ASCONF-ACK Chunks. If bundled with other ASCONF- including other ASCONF-ACK Chunks. If bundled with other
ACK Chunks, the chunks MUST appear in sequential order with ASCONF-ACK Chunks, the chunks MUST appear in sequential order
respect to their Sequence Number. with respect to their Sequence Number.
C4) Both ASCONF and ASCONF-ACK Chunks MUST NOT be sent in any SCTP C4) Both ASCONF and ASCONF-ACK Chunks MUST NOT be sent in any SCTP
state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED,
SHUTDOWN-SENT. and SHUTDOWN-SENT.
C5) An ASCONF Chunk and an ASCONF-ACK Chunk SHOULD not be larger C5) An ASCONF Chunk and an ASCONF-ACK Chunk SHOULD not be larger
than the PMTU. If the PMTU is unknown, then the PMTU should be than the PMTU. If the PMTU is unknown, then the PMTU should be
set to the minimum PMTU. The minimum PMTU depends on the IP set to the minimum PMTU. The minimum PMTU depends on the IP
version used for transmission, and is the lesser of 576 octets and version used for transmission, and is the lesser of 576 octets
the first-hop MTU for IPv4 [RFC1122] and 1280 octets for IPv6 and the first-hop MTU for IPv4 [RFC1122] and 1280 octets for
[RFC2460]. IPv6 [RFC2460].
An ASCONF sender without these restrictions could possibly flood the An ASCONF sender without these restrictions could possibly flood the
network with a large number of separate address change operations network with a large number of separate address-change operations,
thus causing network congestion. thus causing network congestion.
If the sender of an ASCONF Chunk receives an Operational Error If the sender of an ASCONF Chunk receives an Operational Error
indicating that the ASCONF Chunk type is not understood, then the indicating that the ASCONF Chunk Type is not understood, then the
sender MUST NOT send subsequent ASCONF Chunks to the peer. The sender MUST NOT send subsequent ASCONF Chunks to the peer. The
endpoint should also inform the upper layer application that the peer endpoint should also inform the upper-layer application that the peer
endpoint does not support any of the extensions detailed in this endpoint does not support any of the extensions detailed in this
document. document.
5.2. Upon reception of an ASCONF Chunk. 5.2. Upon Reception of an ASCONF Chunk
When an endpoint receives an ASCONF Chunk from the remote peer When an endpoint receives an ASCONF Chunk from the remote peer,
special procedures may be needed to identify the association the special procedures may be needed to identify the association the
ASCONF Chunk is associated with. To properly find the association ASCONF Chunk is associated with. To properly find the association,
the following procedures SHOULD be followed: the following procedures SHOULD be followed:
D1) Use the source address and port number of the sender to attempt D1) Use the source address and port number of the sender to attempt
to identify the association (i.e., use the same method defined in to identify the association (i.e., use the same method defined
[I-D.ietf-tsvwg-2960bis] used for all other SCTP Chunks). If in [RFC4960] used for all other SCTP Chunks). If found proceed
found proceed to rule D4. to rule D4.
D2) If the association is not found, use the address found in the D2) If the association is not found, use the address found in the
Address Parameter TLV combined with the port number found in the Address Parameter TLV combined with the port number found in the
SCTP common header. If found proceed to rule D4. SCTP common header. If found, proceed to rule D4.
D2-ext) If more than one ASCONF Chunks are packed together, use the D2-ext) If more than one ASCONF Chunks are packed together, use the
address found in the ASCONF Address Parameter TLV of each of the address found in the ASCONF Address Parameter TLV of each of
subsequent ASCONF Chunks. If found, proceed to rule D4. the subsequent ASCONF Chunks. If found, proceed to rule D4.
D3) If neither D1, D2 nor D2-ext locates the association, treat the D3) If neither D1, D2, nor D2-ext locates the association, treat the
chunk as an Out Of The Blue packet as defined in chunk as an Out Of The Blue packet as defined in [RFC4960].
[I-D.ietf-tsvwg-2960bis].
D4) Follow the normal rules to validate the SCTP verification tag D4) Follow the normal rules to validate the SCTP verification tag
found in [I-D.ietf-tsvwg-2960bis]. found in [RFC4960].
D5) After the verification tag has been validated, normal chunk D5) After the verification tag has been validated, normal chunk
processing should occur. Prior to finding the ASCONF chunk the processing should occur. Prior to finding the ASCONF chunk, the
receiver MUST encounter an AUTH chunk as described in receiver MUST encounter an AUTH chunk as described in [RFC4895].
[I-D.ietf-tsvwg-sctp-auth]. If either authentication fails, or If either authentication fails, or the AUTH chunk is missing,
the AUTH chunk is missing, the receiver MUST silently discard this the receiver MUST silently discard this chunk and the rest of
chunk and the rest of the packet. the packet.
After identification and verification of the association, the After identification and verification of the association, the
following should be performed to properly process the ASCONF Chunk: following should be performed to properly process the ASCONF Chunk:
E1) E1) If the value found in the Sequence Number of the ASCONF Chunk is
equal to the ('Peer-Sequence-Number' + 1) and the Sequence
If the value found in the sequence number of the ASCONF Chunk is Number of the ASCONF Chunk is the first in the SCTP Packet, the
equal to the ('Peer-Sequence-Number' + 1) and the Sequence Number endpoint MAY clean any old cached ASCONF-ACK up to the 'Peer-
of the ASCONF Chunk is the first in the SCTP Packet, the endpoint Sequence-Number' and then proceed to rule E4.
MAY clean any old cached ASCONF-ACK up to the 'Peer-Sequence-
Number' and then proceed to rule E4.
E1-ext If the value found in the sequence number of the ASCONF Chunk
is equal to the ('Peer-Sequence-Number' + 1) and the ASCONF chunk
is NOT the first Sequence Number in the SCTP packet proceed to
rule E4 but do NOT clear any cached ASCONF-ACK or state
information.
E2)
If the value found in the sequence number is less than the ('Peer- E1-ext) If the value found in the Sequence Number of the ASCONF
Sequence-Number' + 1), simply skip to the next ASCONF, and include Chunk is equal to the ('Peer-Sequence-Number' + 1) and the
in the outbound response packet any previously cached ASCONF-ACK ASCONF chunk is NOT the first Sequence Number in the SCTP
response that was sent and saved that matches the sequence number packet, proceed to rule E4 but do NOT clear any cached
of the ASCONF. Note: it is possible that no cached ASCONF-ACK ASCONF- ACK or state information.
Chunk exists. This will occur when an older ASCONF arrives out of
order. In such a case the receiver should skip the ASCONF Chunk
and not include ASCONF-ACK Chunk for that chunk.
E3) E2) If the value found in the Sequence Number is less than the
('Peer- Sequence-Number' + 1), simply skip to the next ASCONF,
and include in the outbound response packet any previously
cached ASCONF-ACK response that was sent and saved that matches
the Sequence Number of the ASCONF. Note: It is possible that no
cached ASCONF-ACK Chunk exists. This will occur when an older
ASCONF arrives out of order. In such a case, the receiver
should skip the ASCONF Chunk and not include ASCONF-ACK Chunk
for that chunk.
Then, process each ASCONF one by one as above while the Sequence E3) Then, process each ASCONF one by one as above while the Sequence
Number of the ASCONF is less than the ('Peer-Sequence-Number' + Number of the ASCONF is less than the ('Peer-Sequence-Number' +
1). 1).
E4) When the sequence number matches the next one expected, process E4) When the Sequence Number matches the next one expected, process
the ASCONF as described below and after processing the ASCONF the ASCONF as described below and after processing the ASCONF
Chunk, append an ASCONF-ACK Chunk to the response packet and cache Chunk, append an ASCONF-ACK Chunk to the response packet and
a copy of it (in the event it later needs to be retransmitted). cache a copy of it (in the event it later needs to be
retransmitted).
V1) Process the TLVs contained within the Chunk performing the V1) Process the TLVs contained within the Chunk performing the
appropriate actions as indicated by each TLV type. The TLVs appropriate actions as indicated by each TLV type. The
MUST be processed in order within the Chunk. For example, if TLVs MUST be processed in order within the Chunk. For
the sender puts 3 TLVs in one chunk, the first TLV (the one example, if the sender puts 3 TLVs in one chunk, the first
closest to the Chunk Header) in the Chunk MUST be processed TLV (the one closest to the Chunk Header) in the Chunk MUST
first. The next TLV in the chunk (the middle one) MUST be be processed first. The next TLV in the chunk (the middle
processed second and finally the last TLV in the Chunk MUST be one) MUST be processed second and finally, the last TLV in
processed last. the Chunk MUST be processed last.
V2) In processing the chunk, the receiver should build a response V2) In processing the chunk, the receiver should build a
message with the appropriate error TLVs, as specified in the response message with the appropriate error TLVs, as
Parameter type bits for any ASCONF Parameter it does not specified in the Parameter type bits, for any ASCONF
understand. To indicate an unrecognized parameter, cause type Parameter it does not understand. To indicate an
8 as defined in the ERROR in 3.3.10.8 of unrecognized parameter, Cause Type 8 should be used as
[I-D.ietf-tsvwg-2960bis] should be used. The endpoint may also defined in the ERROR in Section 3.3.10.8, [RFC4960]. The
use the response to carry rejections for other reasons such as endpoint may also use the response to carry rejections for
resource shortages etc, using the Error Cause TLV and an other reasons, such as resource shortages, etc., using the
appropriate error condition. Error Cause TLV and an appropriate error condition.
Note: a positive response is implied if no error is indicated Note: A positive response is implied if no error is indicated by
by the sender. the sender.
V3)
All responses MUST copy the ASCONF-Request Correlation ID field V3) All responses MUST copy the ASCONF-Request Correlation ID
received in the ASCONF parameter, from the TLV being responded field received in the ASCONF parameter from the TLV being
to, into the ASCONF-Request Correlation ID field in the responded to, into the ASCONF-Request Correlation ID field
response parameter. in the response parameter.
V4) After processing the entire Chunk, the receiver of the ASCONF V4) After processing the entire Chunk, the receiver of the
MUST queue the response ASCONF-ACK Chunk for transmission after ASCONF MUST queue the response ASCONF-ACK Chunk for
the rest of the SCTP packet has been processed. This allows transmission after the rest of the SCTP packet has been
the ASCONF-ACK Chunk to be bundled with other ASCONF-ACK Chunks processed. This allows the ASCONF-ACK Chunk to be bundled
as well as any additional responses e.g. a SACK Chunk. with other ASCONF-ACK Chunks as well as any additional
responses, e.g., a Selective Acknowledgment (SACK) Chunk.
V5) Update the 'Peer-Sequence-Number' to the value found in the V5) Update the 'Peer-Sequence-Number' to the value found in the
sequence number field. Sequence Number field.
E5) Otherwise, the ASCONF Chunk is discarded since it must be either E5) Otherwise, the ASCONF Chunk is discarded since it must be either
a stale packet or from an attacker. A receiver of such a packet a stale packet or from an attacker. A receiver of such a packet
MAY log the event for security purposes. MAY log the event for security purposes.
E6) When all ASCONF Chunks are processed for this SCTP packet, send E6) When all ASCONF Chunks are processed for this SCTP packet, send
back the accumulated single response packet with all of the back the accumulated single response packet with all of the
ASCONF-ACK Chunks. The destination address of the SCTP packet ASCONF-ACK Chunks. The destination address of the SCTP packet
containing the ASCONF-ACK Chunks MUST be the source address of the containing the ASCONF-ACK Chunks MUST be the source address of
SCTP packet that held the ASCONF Chunks. the SCTP packet that held the ASCONF Chunks.
E7) While processing the ASCONF Chunks in the SCTP packet, if the E7) While processing the ASCONF Chunks in the SCTP packet, if the
response packet will exceed the PMTU of the return path, the response packet will exceed the PMTU of the return path, the
receiver MUST stop adding additional ASCONF-ACKs into the response receiver MUST stop adding additional ASCONF-ACKs into the
packet but MUST continue to process all of the ASCONF Chunks, response packet but MUST continue to process all of the ASCONF
saving ASCONF-ACK Chunk responses in its cached copy. The sender Chunks, saving ASCONF-ACK Chunk responses in its cached copy.
of the ASCONF Chunk will later retransmit the ASCONF Chunks that The sender of the ASCONF Chunk will later retransmit the ASCONF
were not responded to, at which time the cached copies of the Chunks that were not responded to, at which time the cached
responses that would NOT fit in the PMTU can be sent to the peer. copies of the responses that would NOT fit in the PMTU can be
sent to the peer.
Note: These rules have been presented with the assumption that the Note: These rules have been presented with the assumption that the
implementation is caching old ASCONF-ACKs in case of loss of SCTP implementation is caching old ASCONF-ACKs in case of loss of SCTP
packets in the ACK path. It is allowable for an implementation to packets in the ACK path. It is allowable for an implementation to
maintain this state in another form it deems appropriate, as long as maintain this state in another form it deems appropriate, as long as
that form results in the same ASCONF-ACK sequences being returned to that form results in the same ASCONF-ACK sequences being returned to
the peer as outlined above. the peer as outlined above.
5.3. General rules for address manipulation 5.3. General Rules for Address Manipulation
When building TLV parameters for the ASCONF Chunk that will add or When building TLV parameters for the ASCONF Chunk that will add or
delete IP addresses the following rules MUST be applied: delete IP addresses, the following rules MUST be applied:
F0) If an endpoint receives an ASCONF-ACK that is greater than or F0) If an endpoint receives an ASCONF-ACK that is greater than or
equal to the next sequence number to be used but no ASCONF Chunk equal to the next Sequence Number to be used but no ASCONF Chunk
is outstanding the endpoint MUST ABORT the association. Note: is outstanding, the endpoint MUST ABORT the association. Note
that a sequence number is greater than if it is no more than that a Sequence Number is greater than if it is no more than
2^^31-1 larger than the current sequence number (using serial 2^^31-1 larger than the current Sequence Number (using serial
arithmetic). arithmetic).
F1) When adding an IP address to an association, the IP address is F1) When adding an IP address to an association, the IP address is
NOT considered fully added to the association until the ASCONF-ACK NOT considered fully added to the association until the ASCONF-
arrives. This means that until such time as the ASCONF containing ACK arrives. This means that until such time as the ASCONF
the add is acknowledged the sender MUST NOT use the new IP address containing the add is acknowledged, the sender MUST NOT use the
as a source for ANY SCTP packet except on carrying an ASCONF new IP address as a source for ANY SCTP packet except on
Chunk. The receiver of the add IP address request may use the carrying an ASCONF Chunk. The receiver of the Add IP Address
address as a destination immediately. The receiver MUST use the request may use the address as a destination immediately. The
path verification procedure for the added address before using receiver MUST use the path-verification procedure for the added
that address. The receiver MUST NOT send packets to the new address before using that address. The receiver MUST NOT send
address except for the corresponding ASCONF-ACK Chunk or HEARTBEAT packets to the new address except for the corresponding ASCONF-
Chunks for path verification before the new path is verified. If ACK Chunk or HEARTBEAT Chunks for path verification before the
the ASCONF-ACK is sent to the new address it MAY be bundled with new path is verified. If the ASCONF-ACK is sent to the new
the HEARTBEAT chunk for path verification. address, it MAY be bundled with the HEARTBEAT chunk for path
verification.
F2) After the ASCONF-ACK of an IP address add arrives, the endpoint F2) After the ASCONF-ACK of an IP address Add arrives, the endpoint
MAY begin using the added IP address as a source address for any MAY begin using the added IP address as a source address for any
type of SCTP chunk. type of SCTP chunk.
F3a) If an endpoint receives an Error Cause TLV indicating that the F3a) If an endpoint receives an Error Cause TLV indicating that the
IP address Add or IP address Deletion parameters was not IP address Add or IP address Deletion parameters was not
understood, the endpoint MUST consider the operation failed and understood, the endpoint MUST consider the operation failed and
MUST NOT attempt to send any subsequent Add or Delete requests to MUST NOT attempt to send any subsequent Add or Delete requests
the peer. to the peer.
F3b) If an endpoint receives an Error Cause TLV indicating that the F3b) If an endpoint receives an Error Cause TLV indicating that the
IP address Set Primary IP Address parameter was not understood, IP address Set Primary IP Address parameter was not understood,
the endpoint MUST consider the operation failed and MUST NOT the endpoint MUST consider the operation failed and MUST NOT
attempt to send any subsequent Set Primary IP Address requests to attempt to send any subsequent Set Primary IP Address requests
the peer. to the peer.
F4) When deleting an IP address from an association, the IP address F4) When deleting an IP address from an association, the IP address
MUST be considered a valid destination address for the reception MUST be considered a valid destination address for the reception
of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used of SCTP packets until the ASCONF-ACK arrives and MUST NOT be
as a source address for any subsequent packets. This means that used as a source address for any subsequent packets. This means
any datagrams that arrive before the ASCONF-ACK destined to the IP that any datagrams that arrive before the ASCONF-ACK destined to
address being deleted MUST be considered part of the current the IP address being deleted MUST be considered part of the
association. One special consideration is that ABORT Chunks current association. One special consideration is that ABORT
arriving destined to the IP address being deleted MUST be ignored Chunks arriving destined to the IP address being deleted MUST be
(see Section 5.3.1 for further details). ignored (see Section 5.3.1 for further details).
F5) An endpoint MUST NOT delete its last remaining IP address from F5) An endpoint MUST NOT delete its last remaining IP address from
an association. In other words if an endpoint is NOT multi-homed an association. In other words, if an endpoint is NOT multi-
it MUST NOT use the delete IP address without an add IP address homed, it MUST NOT use the delete IP address without an Add IP
preceding the delete parameter in the ASCONF Chunk. Or if an Address preceding the delete parameter in the ASCONF Chunk. Or,
endpoint sends multiple requests to delete IP addresses it MUST if an endpoint sends multiple requests to delete IP addresses,
NOT delete all of the IP addresses that the peer has listed for it MUST NOT delete all of the IP addresses that the peer has
the requester. listed for the requester.
F6) An endpoint MUST NOT set an IP header source address for an SCTP F6) An endpoint MUST NOT set an IP header source address for an SCTP
packet holding the ASCONF Chunk to be the same as an address being packet holding the ASCONF Chunk to be the same as an address
deleted by the ASCONF Chunk. being deleted by the ASCONF Chunk.
F7) If a request is received to delete the last remaining IP address F7) If a request is received to delete the last remaining IP address
of a peer endpoint, the receiver MUST send an Error Cause TLV with of a peer endpoint, the receiver MUST send an Error Cause TLV
the error cause set to the new error code 'Request to Delete Last with the Error Cause set to the new error code 'Request to
Remaining IP Address'. The requested delete MUST NOT be performed Delete Last Remaining IP Address'. The requested delete MUST
or acted upon, other than to send the ASCONF-ACK. NOT be performed or acted upon, other than to send the ASCONF-
ACK.
F8) If a request is received to delete an IP address which is also F8) If a request is received to delete an IP address that is also
the source address of the IP packet which contained the ASCONF the source address of the IP packet that contained the ASCONF
chunk, the receiver MUST reject this request. To reject the chunk, the receiver MUST reject this request. To reject the
request the receiver MUST send an Error Cause TLV set to the new request, the receiver MUST send an Error Cause TLV set to the
error code 'Request to Delete Source IP Address' (unless Rule F5 new error code 'Request to Delete Source IP Address' (unless
has also been violated, in which case the error code 'Request to Rule F5 has also been violated, in which case the error code
Delete Last Remaining IP Address' is sent). 'Request to Delete Last Remaining IP Address' is sent).
F9) If an endpoint receives an ADD IP address request and does not F9) If an endpoint receives an ADD IP Address request and does not
have the local resources to add this new address to the have the local resources to add this new address to the
association, it MUST return an Error Cause TLV set to the new association, it MUST return an Error Cause TLV set to the new
error code 'Operation Refused Due to Resource Shortage'. error code 'Operation Refused Due to Resource Shortage'.
F10) If an endpoint receives an 'Out of Resource' error in response F10) If an endpoint receives an 'Out of Resource' error in response
to its request to ADD an IP address to an association, it must to its request to ADD an IP address to an association, it must
either ABORT the association or not consider the address part of either ABORT the association or not consider the address part of
the association. In other words if the endpoint does not ABORT the association. In other words, if the endpoint does not ABORT
the association, it must consider the add attempt failed and NOT the association, it must consider the add attempt failed and NOT
use this address since its peer will treat SCTP packets destined use this address since its peer will treat SCTP packets destined
to the address as Out Of The Blue packets. to the address as Out Of The Blue packets.
F11) When an endpoint receiving an ASCONF to add an IP address sends F11) When an endpoint receives an ASCONF to add an IP address sends
an 'Out of Resource' in its response, it MUST also fail any an 'Out of Resource' in its response, it MUST also fail any
subsequent add or delete requests bundled in the ASCONF. The subsequent add or delete requests bundled in the ASCONF. The
receiver MUST NOT reject an ADD and then accept a subsequent receiver MUST NOT reject an ADD and then accept a subsequent
DELETE of an IP address in the same ASCONF Chunk. In other words, DELETE of an IP address in the same ASCONF Chunk. In other
once a receiver begins failing any ADD or DELETE request, it must words, once a receiver begins failing any ADD or DELETE request,
fail all subsequent ADD or DELETE requests contained in that it must fail all subsequent ADD or DELETE requests contained in
single ASCONF. that single ASCONF.
F12) When an endpoint receives a request to delete an IP address F12) When an endpoint receives a request to delete an IP address that
that is the current primary address, it is an implementation is the current primary address, it is an implementation decision
decision as to how that endpoint chooses the new primary address. as to how that endpoint chooses the new primary address.
F13) When an endpoint receives a valid request to DELETE an IP F13) When an endpoint receives a valid request to DELETE an IP
address the endpoint MUST consider the address no longer as part address, the endpoint MUST consider the address no longer part
of the association. It MUST NOT send SCTP packets for the of the association. It MUST NOT send SCTP packets for the
association to that address and it MUST treat subsequent packets association to that address and it MUST treat subsequent packets
received from that address as Out Of The Blue. received from that address as Out Of The Blue.
During the time interval between sending out the ASCONF and During the time interval between sending out the ASCONF and
receiving the ASCONF-ACK it MAY be possible to receive DATA Chunks receiving the ASCONF-ACK, it MAY be possible to receive DATA
out of order. The following examples illustrate these problems: Chunks out of order. The following examples illustrate these
problems:
F14) All addresses added by the reception of an ASCONF chunk MUST be F14) All addresses added by the reception of an ASCONF Chunk MUST be
put into the unconfirmed state and MUST have path verification put into the UNCONFIRMED state and MUST have path verification
performed on them before the address can be used as described in performed on them before the address can be used as described in
[I-D.ietf-tsvwg-2960bis] section 5.4. [RFC4960], Section 5.4.
Endpoint-A Endpoint-Z Endpoint-A Endpoint-Z
---------- ---------- ---------- ----------
ASCONF[Add-IP:X]------------------------------> ASCONF[Add-IP:X]------------------------------>
/--ASCONF-ACK /--ASCONF-ACK
/ /
/--------/---New DATA: /--------/---New DATA:
/ / Destination / / Destination
<-------------------/ / IP:X <-------------------/ / IP:X
/ /
<--------------------------/ <--------------------------/
In the above example we see a new IP address (X) being added to the In the above example, we see a new IP address (X) being added to the
Endpoint-A. However due to packet re-ordering in the network a new Endpoint-A. However, due to packet re-ordering in the network, a new
DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK
confirming the add of the address to the association. confirms the add of the address to the association.
A similar problem exists with the deletion of an IP address as A similar problem exists with the deletion of an IP address as
follows: follows:
Endpoint-A Endpoint-Z Endpoint-A Endpoint-Z
---------- ---------- ---------- ----------
/------------New DATA: /------------New DATA:
/ Destination / Destination
/ IP:X / IP:X
ASCONF [DEL-IP:X]---------/----------------> ASCONF [DEL-IP:X]---------/---------------->
<-----------------/------------------ASCONF-ACK <-----------------/------------------ASCONF-ACK
/ /
/ /
<-------------/ <-------------/
In this example we see a DATA chunk destined to the IP:X (which is In this example, we see a DATA chunk destined to the IP:X (which is
about to be deleted) arriving after the deletion is complete. For about to be deleted) arriving after the deletion is complete. For
the ADD case an endpoint SHOULD consider the newly adding IP address the ADD case, an endpoint SHOULD consider the newly added IP address
valid for the association to receive data from during the interval for the purpose of sending data to the association before the ASCONF-
when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from ACK has been received. The endpoint MUST NOT source data from this
this new address until the ASCONF-ACK arrives but it may receive out new address until the ASCONF-ACK arrives, but it may receive out-of-
of order data as illustrated and MUST NOT treat this data as an OOTB order data as illustrated and MUST NOT treat this data as an OOTB
datagram (please see [I-D.ietf-tsvwg-2960bis] section 8.4). It MAY datagram (please see [RFC4960] section 8.4). It MAY drop the data
drop the data silently or it MAY consider it part of the association silently or it MAY consider it part of the association, but it MUST
but it MUST NOT respond with an ABORT. NOT respond with an ABORT.
For the DELETE case, an endpoint MAY respond to the late arriving For the DELETE case, an endpoint MAY respond to the late-arriving
DATA packet as an OOTB datagram or it MAY hold the deleting IP DATA packet as an OOTB datagram or it MAY hold the deleting IP
address for a small period of time as still valid. If it treats the address for a small period of time as still valid. If it treats the
DATA packet as an OOTB the peer will silently discard the ABORT DATA packet as OOTB, the peer will silently discard the ABORT (since
(since by the time the ABORT is sent the peer will have removed the by the time the ABORT is sent, the peer will have removed the IP
IP address from this association). If the endpoint elects to hold address from this association). If the endpoint elects to hold the
the IP address valid for a period of time, it MUST NOT hold it valid IP address valid for a period of time, it MUST NOT hold it valid
longer than 2 RTO intervals for the destination being removed. longer than 2 RTO intervals for the destination being removed.
5.3.1. A special case for OOTB ABORT Chunks 5.3.1. A Special Case for OOTB ABORT Chunks
Another case worth mentioning is illustrated below: Another case worth mentioning is illustrated below:
Endpoint-A Endpoint-Z Endpoint-A Endpoint-Z
---------- ---------- ---------- ----------
New DATA:------------\ New DATA:------------\
Source IP:X \ Source IP:X \
\ \
ASCONF-REQ[DEL-IP:X]----\------------------> ASCONF-REQ[DEL-IP:X]----\------------------>
skipping to change at page 30, line 23 skipping to change at page 29, line 27
\ / \ /
\----/-----------> OOTB \----/-----------> OOTB
(Ignored <---------------------/-------------ABORT (Ignored <---------------------/-------------ABORT
by rule F4) / by rule F4) /
<---------------------/ <---------------------/
For this case, during the deletion of an IP address, an Abort MUST be For this case, during the deletion of an IP address, an Abort MUST be
ignored if the destination address of the Abort message is that of a ignored if the destination address of the Abort message is that of a
destination being deleted. destination being deleted.
5.3.2. A special case for changing an address. 5.3.2. A Special Case for Changing an Address
In some instances the sender may only have one IP address in an In some instances, the sender may only have one IP address in an
association that is being renumbered. When this occurs, the sender association that is being renumbered. When this occurs, the sender
may not be able to send to the peer the appropriate ADD/DELETE pair may not be able to send the appropriate ADD/DELETE pair to the peer,
and use the old address as a source in the IP header. For this and may use the old address as a source in the IP header. For this
reason the sender MUST fill in the Address Parameter field with an reason, the sender MUST fill in the Address Parameter field with an
address that is part of the association (in this case the one being address that is part of the association (in this case, the one being
deleted). This will allow the receiver to locate the association deleted). This will allow the receiver to locate the association
without using the source address found in the IP header. without using the source address found in the IP header.
The receiver of such a chunk MUST always first use the source address The receiver of such a chunk MUST always first use the source address
found in the IP header in looking up the association. The receiver found in the IP header in looking up the association. The receiver
should attempt to use the address found in the Address Parameter should attempt to use the address found in the Address Parameter
field only if the lookup fails using the source address from the IP field only if the lookup using the source address from the IP header
header. The receiver MUST reply to the source address of the packet fails. The receiver MUST reply to the source address of the packet
in this case which is the new address that was added by the ASCONF in this case, which is the new address that was added by the ASCONF
(since the old address is no longer a part of the association after (since the old address is no longer part of the association after
processing). processing).
5.4. Setting of the primary address 5.4. Setting of the Primary Address
A sender of this option MAY elect to send this combined with a A sender of the set primary parameter MAY elect to send this combined
deletion or addition of an address. A sender MUST only send a set with an add or delete of an address. A sender MUST only send a set
primary request to an address that is already considered part of the primary request to an address that is already considered part of the
association. In other words if a sender combines a set primary with association. In other words, if a sender combines a set primary with
an add of a new IP address the set primary will be discarded unless an add new IP address request, the set primary will be discarded
the add request is to be processed BEFORE the set primary (i.e., it unless the add request is to be processed BEFORE the set primary
precedes the set primary). (i.e., it precedes the set primary).
A request to set primary MAY also appear in an INIT or INIT-ACK A request to set primary MAY also appear in an INIT or INIT-ACK
chunk. This can give advice to the peer endpoint as to which of its chunk, which can give advice to the peer endpoint as to which of its
addresses the sender of the INIT or INIT-ACK would prefer to be used addresses the sender of the INIT or INIT-ACK would prefer as the
as the primary address. primary address.
The request to set an address as the primary path is an option the The request to set an address as the primary path is an option the
receiver SHOULD perform. It is considered advice to the receiver of receiver SHOULD perform. It is considered advice to the receiver of
the best destination address to use in sending SCTP packets (in the the best-destination address to use in sending SCTP packets (in the
requester's view). If a request arrives that asks the receiver to requester's view). If a request arrives that asks the receiver to
set an address as primary that does not exist, the receiver SHOULD set an address as primary that does not exist, the receiver SHOULD
NOT honor the request, leaving its existing primary address NOT honor the request, leaving its existing primary address
unchanged. unchanged.
5.5. Bundling of multiple ASCONFs 5.5. Bundling of Multiple ASCONFs
In the normal case a single ASCONF is sent in a packet and a single In the normal case, a single ASCONF is sent in a packet and a single
reply ASCONF-ACK is received. However, in the event of the loss of reply ASCONF-ACK is received. However, in the event of the loss of
an SCTP packet containing either an ASCONF or ASCONF-ACK it is an SCTP packet containing either an ASCONF or ASCONF-ACK, it is
allowable for a sender to bundle additional ASCONFs in the allowable for a sender to bundle additional ASCONFs in the
retransmission. In bundling multiple ASCONFs the following rules retransmission. In bundling multiple ASCONFs, the following rules
MUST be followed: MUST be followed:
1. Previously transmitted ASCONF Chunks MUST be left unchanged. 1. Previously transmitted ASCONF Chunks MUST be left unchanged.
2. Each SCTP packet containing ASCONF Chunks MUST be bundled 2. Each SCTP packet containing ASCONF Chunks MUST be bundled
starting with the smallest ASCONF Sequence Number first in the starting with the smallest ASCONF Sequence Number first in the
packet (closest to the Chunk header) and preceding in sequential packet (closest to the Chunk header) and preceding in sequential
order from lowest to highest ASCONF Sequence Number. order from the lowest to highest ASCONF Sequence Number.
3. All ASCONFs within the packet MUST be adjacent to each other
3. All ASCONFs within the packet MUST be adjacent to each other,
i.e., no other chunk type must separate the ASCONFs. i.e., no other chunk type must separate the ASCONFs.
4. Each new ASCONF lookup address MUST be populated as if the 4. Each new ASCONF lookup address MUST be populated as if the
previous ASCONFs had been processed and accepted. previous ASCONFs had been processed and accepted.
6. Security Considerations 6. Security Considerations
The addition and or deletion of an IP address to an existing The addition and or deletion of an IP address to an existing
association does provide an additional mechanism by which existing association does provide an additional mechanism by which existing
associations can be hijacked. Therefore this document requires the associations can be hijacked. Therefore, this document requires the
use of the authentication mechanism defined in use of the authentication mechanism defined in [RFC4895] to limit the
[I-D.ietf-tsvwg-sctp-auth] to limit the ability of an attacker to ability of an attacker to hijack an association.
hijack an association.
Hijacking an association by using the addition and deletion of an IP Hijacking an association by using the addition and deletion of an IP
address is only possible for an attacker who is able to intercept the address is only possible for an attacker who is able to intercept the
initial two packets of the association setup when the SCTP-AUTH initial two packets of the association setup when the SCTP-AUTH
extension is used without pre-shared keys. If such a threat is extension is used without pre-shared keys. If such a threat is
considered a possibility, then the [I-D.ietf-tsvwg-sctp-auth] considered a possibility, then the [RFC4895] extension MUST be used
extension MUST be used with a preconfigured shared end-point pair key with a preconfigured shared endpoint pair key to mitigate this
to mitigate this threat. For a more detailed analysis see threat. For a more detailed analysis, see [RFC4895].
[I-D.ietf-tsvwg-sctp-auth].
When the address parameter in ASCONF chunks with Add, IP Delete IP, When the address parameter in ASCONF chunks with Add, IP Delete IP,
or Set Primary IP parameters is a wildcard, the source address of the or Set Primary IP parameters is a wildcard, the source address of the
packet is used. This address is not protected by SCTP-AUTH packet is used. This address is not protected by SCTP-AUTH [RFC4895]
[I-D.ietf-tsvwg-sctp-auth] and an attacker can therefore intercept and an attacker can therefore intercept such a packet and modify the
such a packet and modify the source address. Even if the source source address. Even if the source address is not one presently an
address is not one presently an alternate for the association, the alternate for the association, the identification of the association
identification of the association may rely on the other information may rely on the other information in the packet (perhaps the
in the packet (perhaps the verification tag, for example). An on- verification tag, for example). An on-path attacker can therefore
path attacker can therefore modify the source address to its liking. modify the source address to its liking.
If the ASCONF includes an Add IP with a wildcard address, the If the ASCONF includes an Add IP with a wildcard address, the
attacker can add an address of its liking, which provides little attacker can add an address of its liking, which provides little
immediate damage but can set up later attacks. immediate damage but can set up later attacks.
If the ASCONF includes a Delete IP with a wildcard address, the If the ASCONF includes a Delete IP with a wildcard address, the
attacker can cause all addresses but one of its choosing to be attacker can cause all addresses but one of its choosing to be
deleted from an association. The address supplied by the attacker deleted from an association. The address supplied by the attacker
must already belong to the association, which makes this more must already belong to the association, which makes this more
difficult for the attacker. However, the sole remaining address difficult for the attacker. However, the sole remaining address
might be one that the attacker controls, for example, or can monitor, might be one that the attacker controls, for example, or can monitor,
etc. The least result is the sender and the deceived receiver would etc. In the least, the sender and the deceived receiver would have
have different ideas of what that sole remaining address would be. different ideas of what that sole remaining address would be. This
This will eventually cause the association to fail, but in the will eventually cause the association to fail, but in the meantime,
meantime, the deceived receiver could be transmitting packets to an the deceived receiver could be transmitting packets to an address the
address the sender did not intend. sender did not intend.
If the ASCONF includes a Set Primary IP with a wildcard address, then If the ASCONF includes a Set Primary IP with a wildcard address, then
the attacker can cause an address to be used as a primary address. the attacker can cause an address to be used as a primary address.
This is limited to an address that already belongs to the This is limited to an address that already belongs to the
association, so the damage is limited. At least, the result would be association, so the damage is limited. At least, the result would be
that the recipient is using a primary address that the sender did not that the recipient is using a primary address that the sender did not
intend. However, if both a wildcard Add IP and a wildcard Set intend. However, if both a wildcard Add IP and a wildcard Set
Primary IP are used, then the attacker can modify the source address Primary IP are used, then the attacker can modify the source address
to both add an address to its liking to the association and make it to both add an address to its liking to the association and make it
the primary address. Such a combination would present the attacker the primary address. Such a combination would present the attacker
with opportunity for more damage. with an opportunity for more damage.
Note that all these attacks are from an on-path attacker. Endpoints Note that all these attacks are from an on-path attacker. Endpoints
that believe they face a threat from on-path attackers SHOULD NOT use that believe they face a threat from on-path attackers SHOULD NOT use
wildcard addresses in ASCONF Add IP, Delete IP or Set Primary IP wildcard addresses in ASCONF Add IP, Delete IP, or Set Primary IP
parameters. parameters.
If an SCTP endpoint that supports this extension receives an INIT If an SCTP endpoint that supports this extension receives an INIT
that indicates that the peer supports the ASCONF extension but does that indicates that the peer supports the ASCONF extension but does
NOT support the [I-D.ietf-tsvwg-sctp-auth] extension, the receiver of NOT support the [RFC4895] extension, the receiver of such an INIT
such an INIT MUST send an ABORT in response to such an INIT. Note: MUST send an ABORT in response. Note that an implementation is
allowed to silently discard such an INIT as an option as well, but
that an implementation is allowed to silently discard such an INIT as under NO circumstance is an implementation allowed to proceed with
an option as well but under NO circumstance is an implementation the association setup by sending an INIT-ACK in response.
allowed to proceed with the association setup by sending an INIT-ACK
in response.
An implementation that receives an INIT-ACK that indicates that the An implementation that receives an INIT-ACK that indicates that the
peer does not support the [I-D.ietf-tsvwg-sctp-auth] extension MUST peer does not support the [RFC4895] extension MUST NOT send the
NOT send the COOKIE-ECHO to establish the association. Instead the COOKIE-ECHO to establish the association. Instead, the
implementation MUST discard the INIT-ACK and report to the upper implementation MUST discard the INIT-ACK and report to the upper-
layer user that an association cannot be established destroying the layer user that an association cannot be established destroying the
TCB. Transmission Control Block (TCB).
Other types of attacks, e.g. bombing, are discussed in detail in Other types of attacks, e.g., bombing, are discussed in detail in
[I-D.ietf-tsvwg-sctpthreat]. The bombing attack, in particular, is [RFC5062]. The bombing attack, in particular, is countered by the
countered by the use of a random nonce and is required by use of a random nonce and is required by [RFC4960].
[I-D.ietf-tsvwg-2960bis].
An on-path attacker can modify the INIT and INIT-ACK Supported An on-path attacker can modify the INIT and INIT-ACK Supported
Extensions parameter (and authentication related parameters) to Extensions parameter (and authentication-related parameters) to
produce a denial of service. If the on-path attacker removes the produce a denial of service. If the on-path attacker removes the
[I-D.ietf-tsvwg-sctp-auth] related parameters from an INIT that [RFC4895]-related parameters from an INIT that indicates it supports
indicates it supports the ASCONF extension, the association will not the ASCONF extension, the association will not be established. If
be established. If the on-path attacker adds a Supported Extensions the on-path attacker adds a Supported Extensions parameter mentioning
parameter mentioning the ASCONF type to an INIT or INIT-ACK that does the ASCONF type to an INIT or INIT-ACK that does not carry any AUTH-
not carry any AUTH related parameters, the association will not be related parameters, the association will not be established. If the
established. If the on-path attacker removes the Supported on-path attacker removes the Supported Extensions parameter (or
Extensions parameter (or removes the ASCONF type from that parameter) removes the ASCONF type from that parameter) from the INIT or the
from the INIT or the INIT-ACK, then the association will not be able INIT-ACK, then the association will not be able to use the ADD-IP
to use the ADD-IP feature. If the on-path attacker adds the feature. If the on-path attacker adds the Supported Extensions
Supported Extensions parameter listing the ASCONF type to an INIT-ACK parameter listing the ASCONF type to an INIT-ACK that did not carry
that did not carry one (but did carry AUTH related parameters), then one (but did carry AUTH-related parameters), then the INIT sender may
the INIT sender may use ASCONF where the INIT-ACK sender does not use ASCONF where the INIT-ACK sender does not support it. This would
support it. This would be discovered later if the INIT sender be discovered later if the INIT sender transmitted an ASCONF, but the
transmitted an ASCONF, but the INIT sender could have made INIT sender could have made configuration choices at that point. As
configuration choices at that point. As the INIT and INIT-ACK are the INIT and INIT-ACK are not protected by the AUTH feature, there is
not protected by the AUTH feature, there is no way to counter such no way to counter such attacks. Note however that an on-path
attacks. Note however that an on-path attacker capable of modifying attacker capable of modifying the INIT and INIT-ACK would almost
the INIT and INIT-ACK would almost certainly also be able to prevent certainly also be able to prevent the INIT and INIT-ACK from being
the INIT and INIT-ACK from being delivered or modify the verification delivered or modify the verification tags or checksum to cause the
tags or checksum to cause the packet to be discarded, so the packet to be discarded, so the Supported Extensions adds little
Supported Extensions adds little additional vulnerability (with additional vulnerability (with respect to preventing association
respect to preventing association formation) to the SCTP protocol. formation) to the SCTP protocol. The ability to prevent the use of
The ability to prevent the use of this new feature is an additional this new feature is an additional vulnerability to SCTP but only for
vulnerability to SCTP but only for this new feature. this new feature.
The Adaptation Layer Indication is subject to corruption, insertion The Adaptation Layer Indication is subject to corruption, insertion,
or deletion from the INIT and INIT-ACK chunks by an on-path attacker. or deletion from the INIT and INIT-ACK chunks by an on-path attacker.
This parameter SHOULD be opaque to the SCTP protocol (see section This parameter SHOULD be opaque to the SCTP protocol (see Section
4.2.6), and so changes to the parameter will likely not affect the 4.2.6), and so changes to the parameter will likely not affect the
SCTP protocol. However, any adaptation layer that is defined SHOULD SCTP protocol. However, any adaptation layer that is defined SHOULD
consider its own vulnerabilities in the security considerations consider its own vulnerabilities in the Security Considerations
section of the RFC that defines its adaptation code point. section of the RFC that defines its adaptation code point.
The Set Primary IP Address parameter is subject to corruption, The Set Primary IP Address parameter is subject to corruption,
insertion or deletion by an on-path attacker when included in the insertion, or deletion by an on-path attacker when included in the
INIT and INIT-ACK chunks. The attacker could use this to influence INIT and INIT-ACK chunks. The attacker could use this to influence
the receiver to choose an address to its own purposes (one over which the receiver to choose an address to its own purposes (one over which
it has control, one that would be less desirable for the sender, it has control, one that would be less desirable for the sender,
etc.). An on-path attacker would also have the ability to include or etc.). An on-path attacker would also have the ability to include or
remove addresses for the association from the INIT or INIT-ACK, so it remove addresses for the association from the INIT or INIT-ACK, so it
is not limited in the address it can specify in the Set Primary IP is not limited in the address it can specify in the Set Primary IP
Address. Endpoints that wish to avoid this possible threat MAY defer Address. Endpoints that wish to avoid this possible threat MAY defer
sending the initial Set Primary request and wait until the sending the initial Set Primary request and wait until the
association is fully established before sending a fully protected association is fully established before sending a fully protected
ASCONF with the Set Primary as its single parameter. ASCONF with the Set Primary as its single parameter.
7. IANA considerations 7. IANA Considerations
This document defines the following new SCTP parameters, chunks and This document defines the following new SCTP parameters, chunks, and
errors (http://www.iana.org/assignments/sctp-parameters): errors (http://www.iana.org/assignments/sctp-parameters):
o Two new chunk types, o two new chunk types,
o Six parameter types, and
o Five new SCTP error causes.
One of the two new chunk types must come from the range of chunk o six parameter types, and
types where the upper two bits are one, we recommend 0xC1 but any
other available code point with the upper bits set is also o five new SCTP error causes.
acceptable. The second chunk type must come from the range where
only the upper bit is set to one. We recommend 0x80 but any other The chunk types with their assigned values are shown below.
available code point with the upper bit set is also acceptable. The
chunk types with there suggested values are shown below.
Chunk Type Chunk Name Chunk Type Chunk Name
-------------------------------------------------------------- --------------------------------------------------------------
0xC1 Address Configuration Change Chunk (ASCONF) 0xC1 Address Configuration Change Chunk (ASCONF)
0x80 Address Configuration Acknowledgment (ASCONF-ACK) 0x80 Address Configuration Acknowledgment (ASCONF-ACK)
All of the parameter types, with the exception of the supported The parameter types are listed below:
parameters extension, must come from the range of types where the
upper two bits are set, we recommend 0xC001 - 0xC006, as shown below.
The supported parameters type extension must come from the range
where only the upper bit is set, we recommend 0x8008. Note: that for
any of these values a different unique parameter type may be assigned
by IANA as long as the upper bits correspond to the ones specified in
this document. The suggested parameter types are listed below:
Parameter Type Parameter Name Parameter Type Parameter Name
------------------------------------------------- -------------------------------------------------
0x8008 Supported Extensions 0x8008 Supported Extensions
0xC001 Add IP Address 0xC001 Add IP Address
0xC002 Delete IP Address 0xC002 Delete IP Address
0xC003 Error Cause Indication 0xC003 Error Cause Indication
0xC004 Set Primary Address 0xC004 Set Primary Address
0xC005 Success Indication 0xC005 Success Indication
0xC006 Adaptation Layer Indication 0xC006 Adaptation Layer Indication
The five new error causes can be any value, in this document we have The Error Causes are listed below:
used 0x0100-0x0104 in an attempt to separate these from the common
ranges of error codes. Any other unassigned values are also
acceptable. The suggested error causes are listed below:.
Cause Code Cause Code
Value Cause Code Value Cause Code
--------- ---------------- --------- ----------------
0x0100 Request to Delete Last Remaining IP Address. 0x00A0 Request to Delete Last Remaining IP Address
0x0101 Operation Refused Due to Resource Shortage. 0x00A1 Operation Refused Due to Resource Shortage
0x0102 Request to Delete Source IP Address. 0x00A2 Request to Delete Source IP Address
0x0103 Association Aborted due to illegal ASCONF-ACK 0x00A3 Association Aborted Due to Illegal ASCONF-ACK
0x0104 Request refused - no authorization. 0x00A4 Request Refused - No Authorization
This document also defines an Adaptation code point. The adaptation This document also defines an adaptation code point. The adaptation
code point is a 32 bit integer that is assigned by IANA through an code point is a 32-bit integer that is assigned by IANA through an
IETF Consensus action as defined in [RFC2434]. For this new registry IETF Consensus action as defined in [RFC2434]. For this new
no initial values are being added by this document, however registry, no initial values are being added by this document;
draft-ietf-rddp-sctp will add the first entry. however, [RDDP] will add the first entry.
8. Acknowledgments 8. Acknowledgments
The authors would like to express a special note of thanks to Michael The authors would like to express a special note of thanks to Michael
Ramahlo and Phillip Conrad for their extreme efforts in the early Ramahlo and Phillip Conrad for their extreme efforts in the early
formation of this draft. formation of this draft.
The authors wish to thank Jon Berger, Mark Butler, Lars Eggert, The authors wish to thank Jon Berger, Mark Butler, Lars Eggert,
Janardhan Iyengar, Greg Kendall, Seok Koh, Salvatore Loreto, Peter Janardhan Iyengar, Greg Kendall, Seok Koh, Salvatore Loreto, Peter
Lei, John Loughney, Sandy Murphy, Ivan Arias Rodriguez, Renee Revis, Lei, John Loughney, Sandy Murphy, Ivan Arias Rodriguez, Renee Revis,
Marshall Rose, Ronnie Sellars, Chip Sharp, and Irene Ruengeler for Marshall Rose, Ronnie Sellars, Chip Sharp, and Irene Ruengeler for
their invaluable comments. their invaluable comments.
The authors would also like to give special mention to Maria-Carmen The authors would also like to give special mention to Maria-Carmen
Belinchon and Ian Rytina for there early contributions to this Belinchon and Ian Rytina for their early contributions to this
document and their thoughtful comments. document and their thoughtful comments.
And a special thanks to James Polk, abstract writer to the few but And a special thanks to James Polk, abstract writer to the few but
lucky. lucky.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC1122] Braden, R., "Requirements for Internet Hosts - [RFC1122] Braden, R., "Requirements for Internet Hosts -
skipping to change at page 36, line 34 skipping to change at page 35, line 25
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434, IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998. October 1998.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[I-D.ietf-tsvwg-2960bis] [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol",
Stewart, R., "Stream Control Transmission Protocol", RFC 4960, September 2007.
draft-ietf-tsvwg-2960bis-05 (work in progress), June 2007.
[I-D.ietf-tsvwg-sctp-auth] [RFC4895] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla,
Tuexen, M., "Authenticated Chunks for Stream Control "Authenticated Chunks for the Stream Control Transmission
Transmission Protocol (SCTP)", Protocol (SCTP)", RFC 4895, August 2007.
draft-ietf-tsvwg-sctp-auth-08 (work in progress),
February 2007.
9.2. Informative References 9.2. Informative References
[I-D.ietf-tsvwg-sctpthreat] [RFC5062] Stewart, R., Tuexen, M., and G. Camarillo, "Security
Stewart, R., "Security Attacks Found Against SCTP and Attacks Found Against SCTP and Current Countermeasures",
Current Countermeasures", draft-ietf-tsvwg-sctpthreat-05 RFC 5062, September 2007.
(work in progress), June 2007.
[RDDP] Bestler, C. and R. Stewart, "Stream Control Transmission
Protocol (SCTP) Direct Data Placement (DDP) Adaptation",
Work in Progress, September 2006.
Appendix A. Abstract Address Handling Appendix A. Abstract Address Handling
A.1. General remarks A.1. General Remarks
This appendix is non-normative. It is present to give the reader a This appendix is non-normative. It is present to give the reader a
concise mathematical definition of an SCTP endpoint. The following concise mathematical definition of an SCTP endpoint. The following
text provides a working definition of the endpoint notion to discuss text provides a working definition of the endpoint notion to discuss
address reconfiguration. It is not intended to restrict address reconfiguration. It is not intended to restrict
implementations in any way, its goal is to provide a set of implementations in any way; its goal is to provide a set of
definitions only. Using these definitions should make a discussion definitions only. Using these definitions should make a discussion
about address issues easier. about address issues easier.
A.2. Generalized endpoints A.2. Generalized Endpoints
A generalized endpoint is a pair of a set of IP addresses and a port A generalized endpoint is a pair of a set of IP addresses and a port
number at any given point of time. The precise definition is as number at any given point of time. The precise definition is as
follows: follows:
A generalized endpoint gE at time t is given by A generalized endpoint gE at time t is given by
gE(t) = ({IP1, ..., IPn}, Port) gE(t) = ({IP1, ..., IPn}, Port)
where {IP1, ..., IPn} is a non empty set of IP addresses. where {IP1, ..., IPn} is a non-empty set of IP addresses.
Please note that the dynamic addition and deletion of IP-addresses Please note that the dynamic addition and deletion of IP addresses
described in this document allows the set of IP-addresses of a described in this document allows the set of IP addresses of a
generalized endpoint to be changed at some point of time. The port generalized endpoint to be changed at some point of time. The port
number can never be changed. number can never be changed.
The set of IP addresses of a generalized endpoint gE at a time t is The set of IP addresses of a generalized endpoint gE at a time t is
defined as defined as
Addr(gE)(t) = {IP1, ..., IPn} Addr(gE)(t) = {IP1, ..., IPn}
if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. if gE(t) = ({IP1, ..., IPn}, Port) holds at time t.
The port number of a generalized endpoint gE is defined as The port number of a generalized endpoint gE is defined as
Port(gE) = Port Port(gE) = Port
if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. if gE(t) = ({IP1, ..., IPn}, Port) holds at time t.
There is one fundamental rule which restricts all generalized There is one fundamental rule that restricts all generalized
endpoints: endpoints:
For two different generalized endpoints gE' and gE'' with the same For two different generalized endpoints gE' and gE'' with the same
port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and port number Port(gE') = Port(gE''), the address sets Addr(gE')(t) and
Addr(gE'')(t) must be disjoint at every point of time. Addr(gE'')(t) must be disjoint at every point in time.
A.3. Associations A.3. Associations
Associations consists of two generalized endpoints and the two Associations consist of two generalized endpoints and the two address
address sets known by the peer at any time. The precise definition sets known by the peer at any time. The precise definition is as
is as follows: follows:
An association A between to different generalized endpoints gE' and An association A between two different generalized endpoints gE' and
gE'' is given by gE'' is given by
A = (gE', S', gE'', S'') A = (gE', S', gE'', S'')
where S'(t) and S''(t) are set of addresses at any time t such that where S'(t) and S''(t) are a set of addresses at any time t such that
S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty
subset of Addr(gE'')(t). subset of Addr(gE'')(t).
If A = (gE', S', gE'', S'') is an association between the generalized If A = (gE', S', gE'', S'') is an association between the generalized
endpoints gE' and gE'' the following notion is used: endpoints gE' and gE'', the following notion is used:
Addr(A, gE') = S' and Addr(A, gE'') = S''. Addr(A, gE') = S' and Addr(A, gE'') = S''.
If the dependency on time is important the notion Addr(A, gE')(t) = If the dependency on time is important the notion Addr(A, gE')(t) =
S'(t) will be used. S'(t) will be used.
If A is an association between gE' and gE'' then Addr(A, gE') is the If A is an association between gE' and gE'', then Addr(A, gE') is the
subset of IP addresses of gE' which is known by gE'' and used by gE'. subset of IP addresses of gE', which is known by gE'' and used by
gE'.
Association establishment between gE' and gE'' can be seen as: Association establishment between gE' and gE'' can be seen as:
1. gE' and gE'' do exist before the association. 1. gE' and gE'' do exist before the association.
2. If an INIT has to be send from gE' to gE'' address scoping rules
2. If an INIT has to be sent from gE' to gE'', address-scoping rules
and other limitations are applied to calculate the subset S' from and other limitations are applied to calculate the subset S' from
Addr(gE'). The addresses of S' are included in the INIT chunk. Addr(gE'). The addresses of S' are included in the INIT chunk.
3. If an INIT-ACK has to be send from gE'' to gE' address scoping
3. If an INIT-ACK has to be sent from gE'' to gE', address-scoping
rules and other limitations are applied to calculate the subset rules and other limitations are applied to calculate the subset
S'' from Addr(gE''). The addresses of S'' are included in the S'' from Addr(gE''). The addresses of S'' are included in the
INIT-ACK chunk. INIT-ACK chunk.
4. After the handshake the association A = (gE', S', gE'', S'') has 4. After the handshake the association A = (gE', S', gE'', S'') has
been established. been established.
5. Right after the association establishment Addr(A, gE') and 5. Right after the association establishment Addr(A, gE') and
Addr(A, gE'') are the addresses which have been seen on the wire Addr(A, gE'') are the addresses that have been seen on the wire
during the handshake. during the handshake.
A.4. Relationship with RFC 4960 A.4. Relationship with RFC 4960
[I-D.ietf-tsvwg-2960bis] defines the notion of an endpoint. This [RFC4960] defines the notion of an endpoint. This subsection will
subsection will show that these endpoints are also (special) show that these endpoints are also (special) generalized endpoints.
generalized endpoints.
[I-D.ietf-tsvwg-2960bis] has no notion of address scoping or other [RFC4960] has no notion of address-scoping or other address-handling
address handling limitations and provides no mechanism to change the limitations and provides no mechanism to change the addresses of an
addresses of an endpoint. endpoint.
This means that an endpoint is simply a generalized endpoint which This means that an endpoint is simply a generalized endpoint that
does not depend on the time. Neither the Port nor the address list does not depend on time. Neither the port nor the address list
changes. changes.
During association setup no address scoping rules or other During association setup, no address-scoping rules or other
limitations will be applied. This means that for an association A limitations will be applied. This means that for an association A
between two endpoints gE' and gE'' the following is true: between two endpoints gE' and gE'', the following is true:
Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE'').
A.5. Rules for address manipulation A.5. Rules for Address Manipulation
The rules for address manipulation can now be stated in a simple way: The rules for address manipulation can now be stated in a simple way:
1. An address can be added to a generalized endpoint gE only if this 1. An address can be added to a generalized endpoint gE only if this
address is not an address of a different generalized endpoint address is not an address of a different generalized endpoint
with the same port number. with the same port number.
2. An address can be added to an association A with generalized 2. An address can be added to an association A with generalized
endpoint gE if it has been added to the generalized endpoint gE endpoint gE if it has been added to the generalized endpoint gE
first. This means that the address must be an element of first. This means that the address must be an element of
Addr(gE) first and then it can become an element of Addr(A, gE). Addr(gE) first and then it can become an element of Addr(A, gE).
But this is not necessary. If the association does not allow the But this is not necessary. If the association does not allow the
reconfiguration of the addresses only Addr(gE) can be modified. reconfiguration of the addresses only Addr(gE) can be modified.
3. An address can be deleted from an association A with generalized 3. An address can be deleted from an association A with generalized
endpoint gE as long as Addr(A, gE) stays non-empty. endpoint gE as long as Addr(A, gE) stays non-empty.
4. An address can be deleted from an generalized endpoint gE only if 4. An address can be deleted from an generalized endpoint gE only if
it has been removed from all associations having gE as a it has been removed from all associations having gE as a
generalized endpoint. generalized endpoint.
These rules simply make sure that the rules for the endpoints and These rules simply make sure that the rules for the endpoints and
associations given above are always fulfilled. associations given above are always fulfilled.
Authors' Addresses Authors' Addresses
Randall R. Stewart Randall R. Stewart
skipping to change at page 39, line 50 skipping to change at page 39, line 15
Authors' Addresses Authors' Addresses
Randall R. Stewart Randall R. Stewart
Cisco Systems, Inc. Cisco Systems, Inc.
4875 Forest Drive 4875 Forest Drive
Suite 200 Suite 200
Columbia, SC 29206 Columbia, SC 29206
US US
Phone: Phone:
Email: rrs@cisco.com EMail: rrs@cisco.com
Qiaobing Xie Qiaobing Xie
Motorola, Inc. Motorola, Inc.
1501 W. Shure Drive, #2309 1501 W. Shure Drive, 2-3C
Arlington Heights, IL 60004 Arlington Heights, IL 60004
USA USA
Phone: +1-847-632-3028 Phone: +1-847-632-3028
Email: qxie1@email.mot.com EMail: Qiaobing.Xie@motorola.com
Michael Tuexen Michael Tuexen
Univ. of Applied Sciences Muenster Univ. of Applied Sciences Muenster
Stegerwaldstr. 39 Stegerwaldstr. 39
48565 Steinfurt 48565 Steinfurt
Germany Germany
Email: tuexen@fh-muenster.de EMail: tuexen@fh-muenster.de
Shin Maruyama Shin Maruyama
Kyoto University Kyoto University
Yoshida-Honmachi Yoshida-Honmachi
Sakyo-ku Sakyo-ku
Kyoto, Kyoto 606-8501 Kyoto, Kyoto 606-8501
JAPAN JAPAN
Phone: +81-75-753-7468 Phone: +81-75-753-7417
Email: mail@marushin.gr.jp EMail: mail@marushin.gr.jp
Masahiro Kozuka Masahiro Kozuka
Kyoto University Kyoto University
Yoshida-Honmachi Yoshida-Honmachi
Sakyo-ku Sakyo-ku
Kyoto, Kyoto 606-8501 Kyoto, Kyoto 606-8501
JAPAN JAPAN
Phone: +81-75-753-7468 Phone: +81-75-753-7417
Email: ma-kun@kozuka.jp EMail: ma-kun@kozuka.jp
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
skipping to change at page 41, line 44 skipping to change at line 1767
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
 End of changes. 236 change blocks. 
701 lines changed or deleted 670 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/