Stream Control Transmission

Protocol SCTP
Srikant Patnaik

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 1
- Srikant Patnaik
 Architectural view of SCTP

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 2
- Srikant Patnaik
 SCTP common terms
• Active destination transport address
• Bundling
• Chunk
• Congestion window(cwnd) => a value where in a SCTP endpoint can send
packet without receiving a ACK
• Cumulative TSN ACK point=> Last TSN of data chunk which received ACK
in SACK - chunk
• Idle destination address=>
• Inactive destination transport address=> Error state of SCTP endpoint
• User message => Data that needs to be passed to the other end user.
• Message Authentication Code(MAC)=>integrity check mechanism
based on cryptographic hash functions using a secret key. Cookie/Cookie Echo

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 3
- Srikant Patnaik
 SCTP common terms(contd).
• Network Byte Order - MSB 1st(Big Indian)
• Outstanding TSN-
• Path-
• Primary path-
• Receiver Window(rwnd)-
• SCTP association-
• SCTP user -
• SCTP endpoint-
• Slow start threshold (ssthresh, in bytes) => variable is used by sender to
distinguish between slow start and congestion avoidance mechanism.
• Verification tag=> 32 bit random value that is unique for any association.
It is the key that receiver SCTP endpoint verify’s if the packet is of current
SCTP association.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 4
- Srikant Patnaik
 SCTP common terms(contd).
• Stream Sequence Number=> A 16-bit sequence number is given to
every message from a SCTP end point stream. Every SCTP message
wil have a SSN.
• Tie-tags- A 64 bit random number used in state cookie and in TCB
so that newly restarted endpoint can be related to corresponding
endpoint which was not restated. So that verification Tag need not
be shared.
• Transmission Control Block(TCB)=>An internal data structure
created by an SCTP endpoint for each of its existing SCTP
associations to other SCTP endpoints.
• TSN=> 32 bit sequence number Every chunk with a SCTP message
will have TSN.
• Transport Address =>IP + Port
• Unacknowledged TSN=> A CHUNK data contain TSN in SCTP is sent
but ACK is not received from its peer endpoint.
• Un-ordered Message
• Ordered Message SCTP Protocol Basics Doc Version: 1.0
9/30/2017 5
- Srikant Patnaik
 SCTP common terms(contd).
• Advertised receiver window credit <a_rwnd> => Amount of
dedicated buffer space for this association that should never be reduced.
Normally it is equal to <rwnd>
• Receiver Window (rwnd)=> The most recently advertised receiver
window.
• Initial Window <iw>
• Loss Window <lw>
• Restart Window<rw>

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 6
- Srikant Patnaik
 Similartiy SCTP vs TCP
• Connection oriented
• Uses a checksum and sequence
number(Transmission Sequence Number)
• Implements tcp-like mechanisms of:
– flow and congestion control follow TCP algorithm
– reliable delivery of data
– slowstart
– fast recovery
– delayed ACKS
– error detection and retransmission

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 7
- Srikant Patnaik
 Differences SCTP vs TCP
• uses a 32 bit checksum as opposed to a 16 bit checksum
• can have several streams within an association
• defines a stream as a sequence of messages(chunks)--not
bytes--there are presently 13 chunk types defined
• a packet includes a common header plus one or more chunks
which can be control or data
• uses 4 messages in setting up an association and data may be
sent with 3rd & 4the message
• uses 3 messages for shutdown--there are no half-open
connections
• can use multi-homed endpoints for redundancy

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 8
- Srikant Patnaik
 Differences SCTP vs TCP ( contd.)

• employs a signed cookie mechanism specifically to guard

against SYN flooding
• uses a Verification Tag as a protection against blind
masquerade attacks and stale packets from a previous
association
• supports in-order and order-of-arrival delivery on a per
datagram basis
• IP multicast and broadcast are NOT supported
• Sack messages may carry a larger number of SACK blocks than
TCP's 3 or 4

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 9
- Srikant Patnaik
 TCP, UDP, and SCTP comparison
Characteristics TCP UDP SCTP
--------------------------------------------------------------------------------------------
Unicast Yes Yes Yes
Byte oriented Yes No No
Message oriented No No Yes
Reliable transport service Yes No Yes
Multi-homing No No Yes
Multi-stream No No Yes
Cookie mechanisms No No Yes
Rate adaptive Yes No Yes
Heartbeat mechanism No No Yes

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 10
- Srikant Patnaik
 Functional View of SCTP

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 11
- Srikant Patnaik
 Association Startup and Takedown
• Association and Start up
– SCTP runs on top of IP STACK.
– An association is initiated by a request from the SCTP
user(SCTP Client).
– There are 2 methods of SCTP close
• Graceful shutdown(SHUTDOWN primitive is used)
• Un-graceful shutdown(ABORT primitive is used) when
Error condition detected by user.
– SCTP does not support a half-open state (like TCP) wherein
one side may continue sending data while the other end is
closed. It stops sending packets if either of endpoint is
closed. In case of graceful shutdown it will send remaining
packets in Queue.
– 4 way start up cookie procedure is used during initiation
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 12
- Srikant Patnaik
Sequenced delivery within streams

• SCTP will have number of independent streams which is fixed at startup.

• At the start of initiation the SCTP user define number of streams to be
supported by the SCTP association. These values are negotiated with the
receiver endpoint .
• Inside these streams number of user messages are transmitted between
two SCTP users.
• SCTP assigns a Stream Sequence Number internally to each message
passed to it by the SCTP user
• All the streams are independent of each other, one of the streams may be
waiting for the messages but other streams would be functioning.
• SCTP also provides a mechanism to bypass this service of sequence
delivery of packet ,so that it can immediately send the packet to SCTP
user. As soon it has revived.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 13
- Srikant Patnaik
 User Data Fragmentation.

• SCTP fragments user messages to ensure that the SCTP packet passed to
the lower layer conforms to the path MTU.
• On receipt, fragments are reassembled into complete messages before
being passed to the SCTP user.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 14
- Srikant Patnaik
 Acknowledgement and Congestion
Avoidance
• Transmission Sequence Number (TSN) to each user data
(fragment or un-fragmented message).
• The receiving end acknowledges all TSNs received even if
there are gaps in the sequence.
• The acknowledgement and congestion avoidance function is
responsible for packet retransmission when timely
acknowledgement has not been received.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 15
- Srikant Patnaik
 Chunk Building

• SCTP packet delivered IP will contain (SCTP common Header +

Chunk Data(user data /SCTP control information)
• The chunk bundling function of SCTP is responsible for
assembly of the complete SCTP packet and its disassembly at
the receiving end.
• User has the option of enabling / disabling multiple chunk
bundling.In times of congestion multiple chunk bundling is
done mandatorily.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 16
- Srikant Patnaik
 Packet Validation

• Verification tag is used by each end of the association during

association startup.
• 32 bit checksum is set by the sender to to provide additional
protection against data corruption in the NW.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 17
- Srikant Patnaik
 Path Management
• SCTP path management function chooses the destination
transport address for each outgoing SCTP packet based on
the SCTP user's instructions and the currently perceived
reachability status of the eligible destination set.
• This functionality monitors reachability of destination address
through heartbeat
• It is also responsible for reporting the eligible set of local
transport addresses to the far end during association
startup,and then pass this information to to SCTP user.
• In the receiving end, the path management is responsible for
verifying the existence of a valid SCTP association to which
the inbound SCTP packet belongs before passing it for
further processing.
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 18
- Srikant Patnaik
 SCTP packet Format

• Multiple chunks can be bundled into one SCTP packet up to

the MTU size.
• INIT, INIT_ACK, and SHUTDOWN_COMPLETE chunks MUST
NOT be bundled.
• If a user data message doesn’t fit into one SCTP packet it can
be fragmented into multiple chunks.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 19
- Srikant Patnaik
 SCTP Common Header Field Descriptions

• Source Port Number

• Destination Port Number
• Verification Tag – fixed value. Set during start of association
• Init – Zero verification tag
• SHUTDOWN_COMPLETE – verification tag copied from the
SHUTDOWN_ACK
• ABORT copied from the chunck which caused the ABORT
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 20
- Srikant Patnaik
 Chunk Field Descriptions

• Chunk Type – DATA,INIT,INIT_ACK, SACK,

HEARTBEAT,HEARTBEAT_ACK,ABORT,SHUTDOWN,COOKIE_ECHO,
COOKIE_ACK
• Bit- position '0' and '1' determine – action point the endpoint should
take to if it cannot recognize the chunk type. More details in the next
slide.
• If chunk value is zero the chunk length is 4. Minimum length of chunk.
• If the length of the chunk is not a multiple of 4 bytes, the sender
MUST pad the chunk with all zero bytes and this padding is not
included in the chunk length field.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 21
- Srikant Patnaik
 Encoding of Chunk Type
• Chunk Types are encoded such that the highest-order 2 bits
specify the action that must be taken if the processing
endpoint does not recognize the Chunk Type.
– 00 - Stop processing this SCTP packet and discard it, do not
process any further chunks within it.
– 01 - Stop processing this SCTP packet and discard it, do not
process any further chunks within it, and report the
unrecognized chunk in an ’Unrecognized Chunk Type’.
– 10 - Skip this chunk and continue processing.
– 11 - Skip this chunk and continue processing, but report in
an ERROR chunk using the ’Unrecognized Chunk Type’
cause of error.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 22
- Srikant Patnaik
 Different Chunk Types

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 23
- Srikant Patnaik
 Details of chunk header
• Chunk Flags - All 8 bits are set to '0'.
• Chunk length - This value represents the size of the chunk in
bytes, including the Chunk Type, Chunk Flags, Chunk Length,
and Chunk Value fields.
• if the Chunk Value field is zero-length, the Length field will be
set to 4.
• The Chunk Length field does not count any chunk padding.
• Padding MUST NOT be more than 3 bytes in total.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 24
- Srikant Patnaik
 Details of chunk value ( contd.)
• SCTP also supports variable length parameter format

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 25
- Srikant Patnaik
 DATA(PAYLOAD DATA)

• TSN – 0 to 2^32-1 increases for every SCTP TX packet. SCTP

monitors the recieve packet depending on TSN. TSN is used
in packet retransmission.
• Stream Identifier S-Identifies the stream to which the
following user data belongs.
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 26
- Srikant Patnaik
 DATA(PAYLOAD DATA) – contd.

• Stream Sequence Number(SSN)- When a user message is

fragmented by SCTP for transport, the same stream sequence number
MUST be carried in each of the fragments of the message.Used for
handling of user specific messages.
• U – un-ordered bit,
– When U bit set to '1', it inidcates no SSN is assigned, the
reciever sctp endpoint should ignore SSN and data should
be passed to the higher layers withour re-ordering.
– If it is a fragmented message U bit set to '1', in all
fragmented message.
– Length 16 bytes if no data is present
[Type(1)]+[Reserved+U+B+E(1)]+[length(2)]+[TSN(4)]+[SI(2)]+[SSN
(2)]+[Protocol Identifier(4)]
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 27
- Srikant Patnaik
 DATA(PAYLOAD DATA) contd.

•(B)eigning bit, (E)nding bit

•When the data is fragmented then the TSN value is used for
the data aggregration. The values in this case should be in
sequence

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 28
- Srikant Patnaik
 DATA(PAYLOAD DATA)
• Protocol Identifier -
– This value represents an application (or upper layer) specified protocol
identifier.
– This value is not used by SCTP
– to identify the type of information being carried in this DATA chunk
– Protocol Identifier can be '0', it indicates the upper application layer
does not have any identifier
• payload data,
– it must be 4 byte boundary
– padding must not be more than 3 bytes.
Verification Tag is copied from “initiate Tag” of INIT packet if the DATA is
from SCTP-s to SCTP-c. If the DATA is sent from SCTP-c to SCTP-s ,
verification tag is copied from INIT_ACK “inititate tag” .w
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 29
- Srikant Patnaik
 Data ( Wireshark)

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 30
- Srikant Patnaik
 CHUNK TYPE - Initiation (INIT)

• This chunk is used to initiate a SCTP association between two

endpoints.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 31
- Srikant Patnaik
 CHUNK TYPE - Initiation (INIT)

• The Chunk Flags field in INIT is reserved and all bits in it

should be set to 0 by the sender and ignored by the
receiver.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 32
- Srikant Patnaik
 CHUNK TYPE - Initiation (INIT)
• If the value of the “Initiate Tag” in a received INIT chunk is
found to be 0, the receiver MUST treat it as an error and close
the association by transmitting an ABORT.
• “Initiate Tag”value represents the dedicated buffer space, in
number of bytes, the sender of the INIT has reserved in
association with this window.
• Defines the number of outbound/inbound streams the sender
of this INIT chunk wishes to create in this association.
• Defines the maximum number of streams the sender of this
INIT chunk allows the peer end to create in this association.
• The reciever of INIT chunk gets unreconized parameter filed,
inside the INIT_ACK this is sent back to sender but if reciver of
this INIT chunk is not making association due to unrecognized
parameter, then reciever should send ABORT.
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 33
- Srikant Patnaik
 INIT (contd...)
• “Initiate Tag” value should be placed into verification tag in all
packets that the reciver of the INIT sends.
• INIT can have multiple address concatinated
• INIT can contain host name and address. If any other address
other than the above is recieved then reciver of INIT must
ignore it.
• Error chunk can be bundled by recive rof INIT chunk. If abort
needs to be send then error chunk needs to sent later.
• I-TSN can be equal to “Initiate tag” or any random number.
• Verification Tag is set to “0'

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 34
- Srikant Patnaik
 Optional Parameters – IP-4/5 addressing’

• Can be applied in the source and destination address.

• IP4 format is mentioned in the below format

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 35
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 36
- Srikant Patnaik
 Optional parameter – cookie
preservative

• This optional parameter should be added to the INIT

chunk by the sender when it re-attempts establishing an
association with a peer to which its previous attempt of
establishing the association failed due to a stale cookie
operation error. The receiver MAY choose to ignore the
suggested cookie life-span increase for its own security
reasons.
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 37
- Srikant Patnaik
Optional parameter – host name & address

• The length depends upon the host name field.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 38
- Srikant Patnaik
Initialization Acknowledgement (INIT ACK)

Reciever of INIT_ACK places the value of Initiate Tag” into

verification tag of every outbound packet.
SCTP Protocol Basics Doc Version: 1.0
9/30/2017 39
- Srikant Patnaik
 Initialization Acknowledgement (INIT ACK)

• Value of “initiate tag” cannot be '0'. If it is '0' then delete the association
and delete the TCB and send ABORT to sener of INIT_ACK
• Amount of the space in TCB that the sender of this packet has reserved for
this association.Should not be chnaged.
• INIT_ACK can conatin only 1 host name and address.
• State cookie and variable address is added in the INIT_ACK in optional
/variable length prameter.
• State cookie is parameter type and value
– Parameter Type - Type and length( variable length)
– Value - will have all info to create association including MAC.
• Unrecognized parameter type and value is copied from INIT

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 40
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 41
- Srikant Patnaik
 Selective Acknowledge (SACK)

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 42
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 43
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 44
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 45
- Srikant Patnaik
 Cookie Echo

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 46
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 47
- Srikant Patnaik
 Cookie Echo Ack

• Only used during intitialization of association, used for

acknolwedge of Cookie echo.
• This should be sent before any SACK or DATA can be sent.
• DATA or SACK can be bundled with COOCIE_ECHO_ACK but this
should be first CHUNK #1
• Chunk flags are set to '0's.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 48
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 49
- Srikant Patnaik
 SCTP Protocol Basics Doc Version: 1.0
9/30/2017 50
- Srikant Patnaik
 Shutdown Complete

• This acknowledgement of SHUTDOWN ACK chunk. It indicates

complete of shutdown process
• This chunk has no parameters, only Type = 14.
• Chunk flag bits are set to '0'.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 51
- Srikant Patnaik
 SCTP Client State startup diagram

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 52
- Srikant Patnaik
 SCTP State diagram description

• SCTP-client(SCTP-c) endpoint sends INIT message to SCTP- server(SCTP-s) and

starts the “T1 - init timer” and goes into COOKIE_WAIT state.
• If the “T1 - init timer” expires , it keeps trying till max_init_retransmit. There
should be no change of state. If stilll fails then send ABORT.
• SCTP-client endpoint on reception of INIT_ACK stop T1- init-timer -> send cookie
echo -> start T1-cookie timer -> move to COOKIE_ECHOED_STATE
• If T1 cookie timer expires then ,it keeps trying till max_init_ retransmit. If still fails
then abort the initialization state and SCTP endpoint should report to SCTP user.
• SCTP-client endpoint on reception of COOKIE_ECHO_ACK , stop the T1-cookie
timer and move to ESTABLISHED state.
• SCTP client recives following messages
• INT_ACK
• COOKIE_ECHO_ACK

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 53
- Srikant Patnaik
• In SHUTDOWN state the SCTP endpoint.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 54
- Srikant Patnaik
 SCTP Client & server state close diagram

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 55
- Srikant Patnaik
 Association & Initilization
• Normal Establishment Procedure
– SCTP-c starts initialization procedure by sending INIT to SCTP-s with all default values.
The “SCTP-c init-tag” field contains radom 32 bit value. Start T1 Init timer and enters
COOKIE_WAIT state
– SCTP-s recieves the INIT message and fills the verification tag filed in INIT_ACK message
to “SCTP-c init-tag”. Generates state cookie and sends it own “SCTP-s tag” to SCTP-c.
Deletes all association related things and free memory
– Similarly the COOKIE_ECHO and COOKIE_ECHO_ACK. States and other timer related
thigs ar explained in above slides.
– Sometimes SCTP endpoint revives INIT, INIT_ACK, COOKIE_ECHO, COOKIE_ECHO_ACK
but still does not establish connection then ABORT is send with reason. In the
verification tag filed of ABORT message the tag of Peer is sent that caused ABORT with
cause.

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 56
- Srikant Patnaik
– During INIT and INIT_ACK the MOS( max out bound stream) of SCTP-c should be
less or equal to MIS( max in bound stream). if it is greater then reports to upper layer
and then itis decided if association to be continued or aborted.
– Address resolution can be done after exchange of COOKIE_ECHO,
COOCIE_ECHO_ACK . If in INIT, INIT_ACK if address is not present the details ar etaken
from the SCTP header. If the adress resolution is done in INIT, INIT_ACK if sometimes
there is log delay the endpoint should postpone till exchange of COOKIE_ECHO,
COOCIE_ECHO_ACK . f still address resolution fails then ABORT with cause “
unresolveable address”.
– Transport address are derived from INIT/INIT_ACK

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 57
- Srikant Patnaik
 References
• http://petanode.com/blog/posts/sctp-
association-initialisation.html
• https://dzone.com/articles/multi-homing-in-
sctp

SCTP Protocol Basics Doc Version: 1.0

9/30/2017 58
- Srikant Patnaik