draft-ietf-tsvwg-sctp-udp-encaps-06.txt   draft-ietf-tsvwg-sctp-udp-encaps-07.txt 
Network Working Group M. Tuexen Network Working Group M. Tuexen
Internet-Draft Muenster Univ. of Appl. Sciences Internet-Draft Muenster Univ. of Appl. Sciences
Intended status: Standards Track R. Stewart Intended status: Standards Track R. Stewart
Expires: April 23, 2013 Adara Networks Expires: June 26, 2013 Adara Networks
October 20, 2012 December 23, 2012
UDP Encapsulation of SCTP Packets UDP Encapsulation of SCTP Packets
draft-ietf-tsvwg-sctp-udp-encaps-06.txt draft-ietf-tsvwg-sctp-udp-encaps-07.txt
Abstract Abstract
This document describes a simple method of encapsulating SCTP Packets This document describes a simple method of encapsulating SCTP Packets
into UDP packets and its limitations. This allows the usage of SCTP into UDP packets and its limitations. This allows the usage of SCTP
in networks with legacy NAT not supporting SCTP. It can also be used in networks with legacy NAT not supporting SCTP. It can also be used
to implement SCTP on hosts without directly accessing the IP-layer, to implement SCTP on hosts without directly accessing the IP-layer,
for example implementing it as part of the application without for example implementing it as part of the application without
requiring special privileges. requiring special privileges.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 23, 2013. This Internet-Draft will expire on June 26, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 28
4.4. Decapsulation Procedure . . . . . . . . . . . . . . . . . 6 4.4. Decapsulation Procedure . . . . . . . . . . . . . . . . . 6
4.5. ICMP Considerations . . . . . . . . . . . . . . . . . . . 6 4.5. ICMP Considerations . . . . . . . . . . . . . . . . . . . 6
4.6. Path MTU Considerations . . . . . . . . . . . . . . . . . 7 4.6. Path MTU Considerations . . . . . . . . . . . . . . . . . 7
4.7. Handling of Embedded IP-addresses . . . . . . . . . . . . 7 4.7. Handling of Embedded IP-addresses . . . . . . . . . . . . 7
4.8. ECN Considerations . . . . . . . . . . . . . . . . . . . . 7 4.8. ECN Considerations . . . . . . . . . . . . . . . . . . . . 7
5. Socket API Considerations . . . . . . . . . . . . . . . . . . 7 5. Socket API Considerations . . . . . . . . . . . . . . . . . . 7
5.1. Get or Set the Remote UDP Encapsulation Port Number 5.1. Get or Set the Remote UDP Encapsulation Port Number
(SCTP_REMOTE_UDP_ENCAPS_PORT) . . . . . . . . . . . . . . 8 (SCTP_REMOTE_UDP_ENCAPS_PORT) . . . . . . . . . . . . . . 8
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . . 9 9.2. Informative References . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
This document describes a simple method of encapsulating SCTP packets This document describes a simple method of encapsulating SCTP packets
into UDP packets. SCTP as defined in [RFC4960] runs directly over into UDP packets. SCTP as defined in [RFC4960] runs directly over
IPv4 or IPv6. There are two main reasons for encapsulating SCTP IPv4 or IPv6. There are two main reasons for encapsulating SCTP
packets: packets:
o Allow SCTP traffic to pass legacy NATs, which do not provide o Allow SCTP traffic to pass legacy NATs, which do not provide
skipping to change at page 4, line 29 skipping to change at page 4, line 29
4. SCTP over UDP 4. SCTP over UDP
4.1. Architectural Considerations 4.1. Architectural Considerations
An SCTP implementation supporting UDP encapsulation MUST store a An SCTP implementation supporting UDP encapsulation MUST store a
remote UDP encapsulation port number per destination address for each remote UDP encapsulation port number per destination address for each
SCTP association. SCTP association.
Each SCTP stack uses a single local UDP encapsulation port number as Each SCTP stack uses a single local UDP encapsulation port number as
the destination port for all its incoming SCTP packets. The IANA the destination port for all its incoming SCTP packets. The IANA
assigned value of 9899 MAY be used as this port number. If there is assigned value of 9899 (sctp-tunneling) MAY be used as this port
only a single SCTP implementation on a host (for example, a kernel number. If there is only a single SCTP implementation on a host (for
implementation being part of the operating system), using a single example, a kernel implementation being part of the operating system),
UDP encapsulation port number per host can be advantageous (e.g., using a single UDP encapsulation port number per host can be
this reduces the number of mappings in firewalls and NATs, among advantageous (e.g., this reduces the number of mappings in firewalls
other things). However, this is not possible if the SCTP stack is and NATs, among other things). Using a single UDP encapsulation port
implemented as part of an application. number per host is not possible if the SCTP stack is implemented as
part of an application.
4.2. Packet Format 4.2. Packet Format
To encapsulate an SCTP packet, a UDP header as defined in [RFC0768] To encapsulate an SCTP packet, a UDP header as defined in [RFC0768]
is inserted between the IP header as defined in [RFC0791] and the is inserted between the IP header as defined in [RFC0791] and the
SCTP common header as defined in [RFC4960]. SCTP common header as defined in [RFC4960].
Figure 1 shows the packet format of an encapsulated SCTP packet when Figure 1 shows the packet format of an encapsulated SCTP packet when
IPv4 is used. IPv4 is used.
skipping to change at page 6, line 7 skipping to change at page 6, line 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SCTP Chunk #n | | SCTP Chunk #n |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: An SCTP/UDP/IPv6 packet Figure 2: An SCTP/UDP/IPv6 packet
4.3. Encapsulation Procedure 4.3. Encapsulation Procedure
When inserting the UDP header, the source port is the local UDP When inserting the UDP header, the source port MUST be the local UDP
encapsulation port number of the SCTP stack, the destination port is encapsulation port number of the SCTP stack, the destination port
the remote UDP encapsulation port number stored for the destination MUST be the remote UDP encapsulation port number stored for the
address to which the packet is sent (see Section 4.1). destination address to which the packet is sent (see Section 4.1).
The length of the UDP packet is the length of the SCTP packet plus The length of the UDP packet MUST be the length of the SCTP packet
the size of the UDP header. plus the size of the UDP header.
For IPv4, the UDP checksum SHOULD be computed and the SCTP checksum For IPv4, the UDP checksum SHOULD be computed and the SCTP checksum
MUST be computed, whereas for IPv6, the UDP checksum and the SCTP MUST be computed, whereas for IPv6, the UDP checksum and the SCTP
checksum MUST be computed. checksum MUST be computed.
4.4. Decapsulation Procedure 4.4. Decapsulation Procedure
When an encapsulated packet is received, the UDP header is removed. When an encapsulated packet is received, the UDP header is removed.
Then a lookup is performed to find the association for the received Then a lookup is performed to find the association for the received
SCTP packet. The UDP source port is stored as the encapsulation port SCTP packet. After finding the SCTP association (which includes
for the destination address the SCTP packet is received from (see checking the verification tag), the UDP source port MUST be stored as
Section 4.1). the encapsulation port for the destination address the SCTP packet is
received from (see Section 4.1).
Please note that when a non-encapsulated SCTP packet is received, the Please note that when a non-encapsulated SCTP packet is received, the
encapsulation of outgoing packets belonging to the same association encapsulation of outgoing packets belonging to the same association
and the corresponding destination address is disabled. and the corresponding destination address MUST be disabled.
4.5. ICMP Considerations 4.5. ICMP Considerations
When receiving ICMP or ICMPv6 response packets, there might not be When receiving ICMP or ICMPv6 response packets, there might not be
enough bytes in the payload to identify the SCTP association which enough bytes in the payload to identify the SCTP association which
the SCTP packet triggering the ICMP or ICMPv6 packet belongs to. If the SCTP packet triggering the ICMP or ICMPv6 packet belongs to. If
a received ICMP or ICMPv6 packet can not be related to a specific a received ICMP or ICMPv6 packet can not be related to a specific
SCTP association or the verification tag can't be verified, it MUST SCTP association or the verification tag can't be verified, it MUST
be discarded silently. This means in particular that the SCTP stack be discarded silently. This means in particular that the SCTP stack
MUST NOT rely on receiving ICMP or ICMPv6 messages. Implementation MUST NOT rely on receiving ICMP or ICMPv6 messages. Implementation
skipping to change at page 8, line 43 skipping to change at page 8, line 45
6. IANA Considerations 6. IANA Considerations
This document does not require any actions from IANA. It refers to This document does not require any actions from IANA. It refers to
the already assigned UDP port 9899 (sctp-tunneling). the already assigned UDP port 9899 (sctp-tunneling).
7. Security Considerations 7. Security Considerations
Encapsulating SCTP into UDP does not add any additional security Encapsulating SCTP into UDP does not add any additional security
considerations to the ones given in [RFC4960] and [RFC5061]. considerations to the ones given in [RFC4960] and [RFC5061].
An attacker might send a malicious UDP packet towards an SCTP end-
point to change the encapsulation port for a single remote address of
a particular SCTP association. However, as specified in Section 4.4,
this requires the usage of one the two negotiated verification tags.
This protects against blind attackers the same way as described in
[RFC4960] for SCTP over IPv4 or IPv6. Non-blind attackers can affect
SCTP association using the UDP encapsulation described in this
document in the same way as SCTP associations not using the UDP
encapsulation of SCTP described here.
8. Acknowledgments 8. Acknowledgments
The authors wish to thank Gorry Fairhurst, Irene Ruengeler, and Dan The authors wish to thank Gorry Fairhurst, Martin Stiemerling, Irene
Wing for their invaluable comments. Ruengeler, and Dan Wing for their invaluable comments.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980. August 1980.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
September 1981. September 1981.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, September 1981. RFC 792, September 1981.
skipping to change at page 10, line 11 skipping to change at page 10, line 25
[I-D.ietf-behave-sctpnat] [I-D.ietf-behave-sctpnat]
Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control
Transmission Protocol (SCTP) Network Address Translation", Transmission Protocol (SCTP) Network Address Translation",
draft-ietf-behave-sctpnat-07 (work in progress), draft-ietf-behave-sctpnat-07 (work in progress),
October 2012. October 2012.
[I-D.ietf-tsvwg-natsupp] [I-D.ietf-tsvwg-natsupp]
Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control
Transmission Protocol (SCTP) Network Address Translation Transmission Protocol (SCTP) Network Address Translation
for Endpoints", draft-ietf-tsvwg-natsupp-03 (work in Support", draft-ietf-tsvwg-natsupp-04 (work in progress),
progress), October 2012. October 2012.
Authors' Addresses Authors' Addresses
Michael Tuexen Michael Tuexen
Muenster University of Applied Sciences Muenster University of Applied Sciences
Stegerwaldstrasse 39 Stegerwaldstrasse 39
48565 Steinfurt 48565 Steinfurt
DE DE
Email: tuexen@fh-muenster.de Email: tuexen@fh-muenster.de
 End of changes. 14 change blocks. 
27 lines changed or deleted 40 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/