Network Working Group M. Tuexen Internet-Draft Muenster Univ. of Appl. Sciences Intended status: Standards Track R. Stewart Expires: January 26, 2012 Adara Networks July 25, 2011 UDP Encapsulation of SCTP Packets draft-ietf-tsvwg-sctp-udp-encaps-00.txt Abstract This document describes a simple method of encapsulating SCTP Packets into UDP packets and its limitations. This allows the usage of SCTP in networks with legacy NAT not supporting SCTP. It can also be used to implement SCTP on hosts without directly accessing the IP-layer, for example implementing it as part of the application without requiring special privileges. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 26, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Tuexen & Stewart Expires January 26, 2012 [Page 1] Internet-Draft UDP Encapsulation of SCTP Packets July 2011 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Portable SCTP Implementations . . . . . . . . . . . . . . . 3 3.2. Legacy NAT traversal . . . . . . . . . . . . . . . . . . . 4 4. SCTP over UDP . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Architectural Considerations . . . . . . . . . . . . . . . 4 4.2. Packet Format . . . . . . . . . . . . . . . . . . . . . . . 4 4.3. Encapsulation Procedure . . . . . . . . . . . . . . . . . . 5 4.4. Decapsulation Procedure . . . . . . . . . . . . . . . . . . 5 4.5. ICMP considerations . . . . . . . . . . . . . . . . . . . . 6 4.6. Path MTU considerations . . . . . . . . . . . . . . . . . . 6 4.7. Handling of Embedded IP-addresses . . . . . . . . . . . . . 6 4.8. ECN considerations . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . . 7 8.2. Informative References . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Tuexen & Stewart Expires January 26, 2012 [Page 2] Internet-Draft UDP Encapsulation of SCTP Packets July 2011 1. Introduction This document describes a simple method of encapsulating SCTP packets into UDP packets. SCTP is defined in [RFC4960]. There are two main reasons for this: o Allow SCTP traffic to pass legacy NATs, which do not provide native SCTP support as specified in [I-D.ietf-behave-sctpnat] and [I-D.ietf-tsvwg-natsupp]. o Allow SCTP to be implemented on hosts which do not provide direct access to the IP-layer. In particular, applications can use their own SCTP implementation if the operating system does not provide one. 2. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Use Cases This section discusses two important use cases for encapsulating SCTP into UDP. 3.1. Portable SCTP Implementations Some operating systems support SCTP natively. For other operating systems implementations are available, but require special privileges to install and/or use them. In some cases no kernel implementation might be available at all. When proving an SCTP implementation as part of a user process, most operating systems require special privileges to access the IP layer directly. Using UDP encapsulation makes it possible to provide an SCTP implementation as part of a user process which does not require any special privileges. A crucial point for implementing SCTP in userland is controlling the source address of outgoing packets. This is not an issue when using all available addresses. However, this is not the case when also using the address management required for NAT traversal described in Section 4.7. Tuexen & Stewart Expires January 26, 2012 [Page 3] Internet-Draft UDP Encapsulation of SCTP Packets July 2011 3.2. Legacy NAT traversal Using UDP encapsulation allows an SCTP communication traversing legacy NATs not supporting SCTP as described in [I-D.ietf-behave-sctpnat] and [I-D.ietf-tsvwg-natsupp]. It is important to realize that for single homed associations it is only necessary that no IP addresses are listen in the INIT- and INIT-ACK chunks. Dynamic address reconfiguration to change the single address has to make use of wildcard addresses as described in [RFC5061]. For multi-homed SCTP association the address management as described in Section 4.7 MUST be performed. 4. SCTP over UDP 4.1. Architectural Considerations An SCTP implementation supporting UDP encapsulation MUST store a UDP encapsulation port per destination address for each SCTP association. 4.2. Packet Format To encapsulate an SCTP packet, a UDP header header as defined in [RFC0768] is inserted between the IP header and the SCTP common header. Figure 1 shows the packet format of an encapsulated SCTP packet when IPv4 is used. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UDP Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SCTP Common Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SCTP Chunk #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SCTP Chunk #n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1 Tuexen & Stewart Expires January 26, 2012 [Page 4] Internet-Draft UDP Encapsulation of SCTP Packets July 2011 The packet format for an encapsulated SCTP packet when using IPv6 is shown in Figure 2. Please note the the number m of IPv6 extension headers can be 0. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv6 Base Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv6 Extension Header #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv6 Extension Header #m | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UDP Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SCTP Common Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SCTP Chunk #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SCTP Chunk #n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2 The UDP checksum MUST NOT be zero. 4.3. Encapsulation Procedure When inserting the UDP header, the source port is 9899, the destination port is the one stored for the destination address the packet is sent to or 9899 if not destination address is stored. The length of the UDP packet is the length of the SCTP packet plus the size of the UDP header. The checksum MUST be computed. 4.4. Decapsulation Procedure When an encapsulated packet is received, the UDP header is removed. Then a lookup is performed to find the association the received SCTP packet belongs to. The UDP source port is stored as the encapsulation port of the SCTP destination address the received SCTP packet is sent from. Tuexen & Stewart Expires January 26, 2012 [Page 5] Internet-Draft UDP Encapsulation of SCTP Packets July 2011 4.5. ICMP considerations When receiving ICMP or ICMPv6 response packet, there might not be enough bytes in the payload to identify the SCTP association which the SCTP packet triggering the ICMP or ICMPv6 packet belongs to. If a received ICMP or ICMPv6 packet can to be related to a specific SCTP association, it MUST be discarded silently. 4.6. Path MTU considerations If an SCTP endpoint starts to encapsulate the packets of a path, it MUST decrease the path MTU of that path by the size of an UDP header. If it stops encapsulating them, the path MTU MUST be increased by the size of an UDP header. When performing path MTU discovery as described in [RFC4820] it MUST take into account that it cannot rely on the feedback provided by ICMP or ICMPv6 due to the limitation laid out in Section 4.5. 4.7. Handling of Embedded IP-addresses When using UDP encapsulation is used for legacy NAT traversal, IP address that might be translated MUST NOT be put into any SCTP packet. This means that an SCTP association is setup singled homed and the protocol extension [RFC5061] is used to add multiple address. Only wildcard addresses are put into the SCTP packet. When addresses are changed during the lifetime of the association [RFC5061] MUST be used with wildcard addresses only. 4.8. ECN considerations TBD 5. IANA Considerations This document does not require any actions from IANA. 6. Security Considerations Encapsulating SCTP into UDP does not add any additional security considerations to the ones given in [RFC4960] and [RFC5061]. Tuexen & Stewart Expires January 26, 2012 [Page 6] Internet-Draft UDP Encapsulation of SCTP Packets July 2011 7. Acknowledgments The authors wish to thank Irene Ruengeler for her invaluable comments. 8. References 8.1. Normative References [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980. [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC4820] Tuexen, M., Stewart, R., and P. Lei, "Padding Chunk and Parameter for the Stream Control Transmission Protocol (SCTP)", RFC 4820, March 2007. [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU Discovery", RFC 4821, March 2007. [RFC4895] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla, "Authenticated Chunks for the Stream Control Transmission Protocol (SCTP)", RFC 4895, August 2007. [RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 4960, September 2007. [RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M. Kozuka, "Stream Control Transmission Protocol (SCTP) Dynamic Address Reconfiguration", RFC 5061, September 2007. 8.2. Informative References [I-D.ietf-behave-sctpnat] Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control Transmission Protocol (SCTP) Network Address Translation", draft-ietf-behave-sctpnat-05 (work in progress), June 2011. Tuexen & Stewart Expires January 26, 2012 [Page 7] Internet-Draft UDP Encapsulation of SCTP Packets July 2011 [I-D.ietf-tsvwg-natsupp] Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control Transmission Protocol (SCTP) Network Address Translation Support", draft-ietf-tsvwg-natsupp-01 (work in progress), June 2011. Authors' Addresses Michael Tuexen Muenster University of Applied Sciences Stegerwaldstr. 39 48565 Steinfurt DE Email: tuexen@fh-muenster.de Randall R. Stewart Adara Networks Chapin, SC 29036 USA Email: randall@lakerest.net Tuexen & Stewart Expires January 26, 2012 [Page 8]