Network protocol: sctp flow control transmission protocol

Introduction

To talk about network protocols, it must be inseparable from the seven-layer model of OSI (Open System Interconnection). We generally focus on the layers above the network layer, such as the network layer where IPV4 and IPV6 are located, the transport layer where TCP UDP is located, and the application layer where HTTP FTP is located.

The sctp protocol to be talked about today, the full name is Stream Control Transmission Protocol, translated into Chinese is the Stream Control Transmission Protocol. It was proposed by the IETF in RFC 4960.

The transport layer already has widely used TCP and UDP protocols, so why invent an SCTP protocol?

Obviously, SCTP protocol is an improvement of TCP and UDP protocols. Specifically, SCTP protocol not only provides the message-oriented characteristics of UDP protocol, but also has the reliability, sequential transmission and congestion control functions of TCP protocol, and also provides Features multi-homing and redundant paths for increased resiliency and reliability.

This article will explain in detail the implementation principle and protocol details of SCTP.

What's wrong with TCP

What's so bad about TCP? Of course TCP is good, we know that UDP is an unreliable message transmission method, and TCP is a reliable message transmission method.

UDP and TCP have been used in a very wide range of application scenarios. However, a product or protocol cannot be perfect, and there must be some shortcomings. Let's take a look at the shortcomings of TCP.

The biggest difference between TCP and UDP is that TCP is reliable, which means that TCP provides a method for transmitting data reliably over the Internet.

However, in order to ensure reliable data transmission, TCP imposes some restrictions on transmission.

For example, in order to ensure the reliability of data transmission, TCP needs to strictly require the order of data transmission. For example, a data packet is split into three parts labeled A, B, and C respectively. Then for the receiver, the packet A must be accepted first, followed by B and C. If B is received first, then the receiver will need to let the sender retransmit the packet.

With such strict requirements on packet ordering, unnecessary data delays and message blocking can occur.

Because TCP is stream-oriented, in order to mark different records in the data stream, the data in TCP needs to add some additional markers or encoding to distinguish the records.

In addition, in order to improve transmission efficiency and avoid sending multiple small data packets, TCP may also optimize it, that is to say, wait for multiple small data packets to combine them into one large data packet. If such optimization is not desired, then the PSH flag needs to be set in the TCP packet to make it clear that the request is a non-delay transfer request.

Finally, TCP is also vulnerable to DOS (denial-of-service) attacks.

Features of sctp

Since TCP still has many shortcomings, what are the characteristics of the new SCTP protocol?

SCTP has two main features. The first feature is Message-based, which means that SCTP is message-oriented. SCTP transmits a series of messages, and a message is a group of bytes.

In contrast, TCP transmits a stream of bytes.

A message in SCTP can be split into multiple data blocks, and all the data in each data block comes from the same user. When these data need to be transmitted in IP, SCTP will package these data packets into SCTP packets. Each SCTP packet contains a packet header, and if necessary, a control block, followed by a data block.

How to understand the difference between TCP packets and SCTP packets?

For example, when the client sends multiple messages to the server using the TCP protocol, if the message is very short, in order to improve the transmission efficiency, TCP may put these small data with different functions into the same TCP packet. In the process of receiving on the server side, all the data in the TCP packet is collected at one time, and then the application program itself splits the underlying data in the TCP packet.

For SCTP packets, one SCTP packet can contain multiple data chunks, and different data chunks can contain different messages of different users, because SCTP packets have distinguished different messages, so for server-side reading, it is Relatively easy.

The following is the basic structure of an SCTP packet:

As can be seen from the above figure, the 12 bytes in the previous blue part are the header of the SCTP packet, the first two bytes are the source port number, the next two bytes are the destination port number, and then 4 words The section is the verification mark, and the last 4 are directly the check digit, for a total of 12 bytes.

The header is followed by data chunks, that is, data blocks. Each chunk contains a type bit, a flags bit and a length bit, followed by the specific data of the chunk.

Another feature of SCTP is multi-streaming, which means that SCTP can transmit multiple independent data streams in parallel.

Why is it possible to do this? This is also determined by the structure of SCTP data packets. We can see that SCTP data packets can contain multiple data chunks. These data chunks can contain data from different data streams, so message-oriented SCTP can realize parallel transmission. Features of data from different data sources.

Another feature of SCTP is Multihoming. Multihoming is a compound word of multiple+homing, which literally means multiple homes.

What does it mean?

We know that for the TCP protocol, there is only one client and one server, which is a one-to-one connection. If any IP or port at both ends of the connection cannot be used, then the entire TCP connection will collapse.

So can TCP develop into a model similar to LSB load balancing? If one IP is unavailable, automatically reconnect to an alternate IP address.

SCTP is an upgraded version of the TCP protocol, which is optimized to enhance reliability.

Specifically, each SCTP node will use the heartbeat mechanism to periodically check the reachability of the remote node's primary IP address and backup redundant IP address. In SCTP, a node can bind multiple IP addresses.

The SCTP node will confirm the specific access information according to the heartbeat return value received from the remote node.

Because the number of client nodes and server nodes may be different, SCTP can be divided into symmetric multihoming and asymmetric multihoming.

The following three figures are the case of symmetric multihoming and two asymmetric multihoming:

Finally, the security of SCTP is also improved. Compared with TCP's three-way handshake, SCTP has four-way handshake.

TCP's three-way handshake can lead to SYN attacks.

What is a SYN attack? Let's review the TCP three-way handshake process. First, the client sends a SYN A request to the server. After receiving the SYN request, the server will cache the SYN request, and then return SYN B to the client. ACK A+1 , After receiving the reply, the client verifies the value of ACK, and then sends ACK B+1 to the server again. After the server receives the B+1 request, it finally confirms the identity of the client and the connection is established.

In the above process, because the server needs to cache the SYN messages of the TCP client, if the server receives a large number of SYN messages, it will cause a SYN attack.

In contrast, after SCTP receives the connection request from the client, it does not allocate memory and cache it immediately, but returns a COOKIE to the client. When the client requests again, it needs to bring the cookie information, and the server will verify the identity of the client through cookie verification, and then the connection will be finally established. Thereby avoiding the SYN attack of TCP.

Summarize

To sum up, SCTP can guarantee orderly and reliable transmission of countless data streams, and can support Multihoming, where each node can contain multiple IP addresses, enabling transparent failover between redundant network paths. And improve the verification and confirmation mechanism to prevent SYN attacks.

SCTP is a very good protocol. For commonly used operating systems, support for SCTP is also provided in specific versions. For example, in linux, the SCTP protocol is supported on the kernel version 2.4.

If you are on Windows or MAC, you need to install additional third-party drivers. The Windows driver is called SctpDrv kernel driver, and the driver on MAC is called SCTP Network Kernel Extension for Mac OS X.

This article has been included in http://www.flydean.com/21-sctp/

The most popular interpretation, the most profound dry goods, the most concise tutorials, and many tricks you don't know are waiting for you to discover!

Welcome to pay attention to my official account: "Program those things", understand technology, understand you better!