Manualshelf

SCTP Programmer's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
11121314151617181920
TCP not only makes partial ordering of data impossible, it also causes unnecessary
delay in the overall data delivery. Moreover, if a single packet is lost, delivery of
subsequent packets is blocked until the lost TCP packet is delivered. This causes
head-of-line (HOL) blocking.
TCP transmits data in a stream. This requires that applications add their own
record marking, to delineate their messages. Applications must use the PUSH flag
in the TCP header, to ensure that a complete message is transferred in reasonable
time.
In a TCP connection, each host includes a single network interface, and a connection
is established between the network interfaces of the two hosts. As a result, if the
connection breaks because of a path failure, data becomes unavailable until the
connection is re-established.
TCP is vulnerable to denial of service (DoS) attacks, such as SYN flood attacks. A
DoS occurs when a malicious host forges an IP packet with a fake IP address and
sends a large number of TCP SYN messages to the victim host. Each time the TCP
stack, on the victim host, receives a new SYN message, the TCP stack allocates
kernel resources to service the new SYN message. When the TCP stack is flooded
with multiple SYN messages, the victim host can run out of resources and fail to
service the new legitimate SYN messages.
Limitations of UDP
Following are the limitations of UDP:
In UDP, the transfer of data is unreliable, because it is a connectionless protocol.
In a UDP connection, an application cannot verify if the packet has reached the
destination.
UDP does not contain an in-built congestion control mechanism to detect path
congestion. As a result, more data may be injected into an already congested
network. This results in data loss.
If stringent rules for reliable data transfer are implemented in applications that
use UDP, the implementation causes additional overhead and complexity in the
applications.
SCTP Architecture
SCTP is designed to address the shortcomings in TCP. It uses mechanisms, such as
four-way handshake to prevent DoS attacks. The SCTP architecture defines packet
format that contains additional fields, such as cookie and verification tag, to avoid SYN
flooding. The SCTP architecture includes improved congestion control algorithms that
are effective in controlling congestion in unstable networks.
This section addresses the following topics:
“SCTP in the IP Stack” (page 20)
“Connection Setup in SCTP” (page 21)
SCTP Architecture 19