Manualshelf

SCTP Programmer's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
31323334353637383940
SCTP also uses the four SACK rule to avoid retransmission caused by normal
occurrences, such as packets received out of sequence.
HEARTBEATs to Identify Path Failures
SCTP periodically sends HEARTBEAT chunks to idle destinations, or alternate addresses
to identify a path failure. SCTP maintains a counter to store the number of heartbeats
that are sent to the inactive destination, without receiving a corresponding Heartbeat
Ack chunk. When the counter reaches the specified maximum value, SCTP also declares
the destination address as inactive. SCTP notifies the application about the inactive
destination address and starts using an alternate address for sending the DATA chunks.
However, SCTP continues to send heartbeats to the inactive destination address until
it receives an ACK chunk. On receipt of an ACK chunk, SCTP considers the destination
address as active again. The rate at which SCTP sends heartbeats depends on the sum
of the RTO value and the delay parameter, which allow Heartbeat traffic to be tailored
per the needs of the user application.
HEARTBEATs to Identify Endpoint Failure
SCTP identifies an endpoint failure in a way that is similar to path failure discussed in
“HEARTBEATs to Identify Path Failures” (page 38)
SCTP maintains a counter across all destination addresses, to store the number of
retransmits or Heartbeats sent to the remote endpoint without a successful ACK. When
the value of the counter exceeds a preconfigured maximum value, SCTP declares the
endpoint as unreachable and closes the association.
SCTP Security
SCTP uses the following methods to provide security:
Cookie Mechanism
Verification Tag
This section addresses the following topics:
“Cookie Mechanism” (page 38)
“Verification Tag” (page 39)
Cookie Mechanism
A cookie mechanism is employed during the initialization of an association, to provide
protection against security attacks. The cookie mechanism uses a four-way handshake,
and the last pair of handshake is allowed to carry user data for fast setup.
The cookie mechanism guards against a blind attacker from generating INIT chunks,
which overload the resources of an SCTP server by causing the server to use memory
and resources to handle new INIT requests. Instead of allocating memory for a
Transmission Control Block (TCB), the server creates a cookie parameter with the TCB
38 Introduction