1: SIGTRAN Introduction The SIGTRAN protocol is a set of transmission control protocols established by SIGTRAN, the IETF's signaling Transfer Working Group, to transmit PSTN signaling over an IP network. SIGTRAN defines a complete SIGTRAN protocol stack, which consists of four layers: IP protocol, signaling transmission, signaling transmission adaptation, and signaling application. Each layer contains the following content: · IP protocol layer: IP · signaling transport layer: SCTP · signaling transport Adaptation Layer: SUA; M3UA; M2UA/M2PA; IUA · signaling Application Layer: TCAP; TUP; ISUP; SCCP; MTP3; Q931/QSIG different signaling application layers require different signaling transport adaptation layers, but the IP protocol layer and the signaling transport layer are shared and the same. The correspondence between the signaling transport adaptation layer and the signaling application layer is as follows: · SUA corresponds to TCAP · M3UA and ISUP; SCCP and TCAP M2UA/M2PA correspond to MTP3, isup iua corresponds to Q931/QSIG, and ISUP (1) SCTP protocol SCTP proposed by IETF, which is a connection-oriented transport layer protocol, the TCP-like traffic control and congestion control algorithms are used to ensure reliable transmission of user data between two SCTP endpoints through self-validation and re-transmission mechanisms. Compared with other transmission protocols such as TCP, SCTP has a low transmission latency, which can avoid the blocking of some big data on other data and provide higher reliability and security. (2) M3UA is a third-level user adaptation layer protocol of MTP. It provides signal point encoding and IP address conversion. It is used to transmit the No. 7 signaling protocol between the softswitch and the signaling gateway. It supports the delivery of MTP Level 3 user messages, including ISUP, TUP, and SCCP messages on the IP network, the Net Load of TCAP messages as SCCP can be transparently transmitted by M3UA. (3) M2UA/M2PA protocol M2UA/M2PA is the Adaptation Layer Protocol between the second-level user peer-to-peer layers of MTP. (4) IUA is the user adaptation layer protocol of ISDN Q.931. (5) SUA is the SCCP user adaptation layer protocol. Unlike M3UA, SUA directly implements the TCAP over IP function. SIGTRAN supports standard primitive interfaces for PSTN signaling applications and uses the standard IP Transport Protocol as the low-layer transport signaling. It is one of the important transmission control protocols in NGN. SIGTRAN is a protocol for transmitting SS7 signaling in an IP network. the standard primitive interfaces supported by SS7 do not need to be modified on the existing SS7 signaling application. signaling transmission uses the standard IP Transport Protocol as the low-layer transmission, and adds its own functions to meet the transmission requirements of SS7 signaling.
2: SIGTRAN Data configuration process
1) Hardware Data configuration: The GARP board, EM, RP/EM define the lockdown; related commands: EXRPI, EXRUI; 2) IP layer data configuration: IP port related commands: IHCOI, IHCOC, IHRDI; 3) SCTP layer data configuration: sctp ep, SCTP Association instructions: IHBII, IHADI, IHASC, M3ASC; 4) M3UA layer data configuration: This Bureau, the target SPC, m3UA signaling routing and other related commands: C7OPI, C7NPC, C7SPI, C7SPC, M3RSI, M3RAI; 5) application layer data configuration; SIGTRAN data check commands: IHCOP, IHRDP, IHALP, IHSAP, IHSLP, IHSTP, M3ASP, M3RSP; the script defines the required MO for SIGTRAN: IPACCESSHOSTGPB, SCTP, M3UAASSOCIATION, MTP3BSPCHINA, MTPSBSRS, MTP3BSR;
3: SCTP Protocol
SCTP Stream Control transmission Protocol, Stream Control Transfer Protocol. SCTP is between the SCTP user application layer and the IP network layer. It uses the term "association" to define the Protocol status between two peer SCTP users that exchange information. SCTP is also connection-oriented, but in terms of concept, SCTP "association" is more extensive than TCP connections: a TCP connection has only one source address and one destination address, SCTP provides one way for each SCTP endpoint to provide a set of transport addresses for another peer endpoint, that is, the Transport Address = a group of IP addresses + port numbers.
Based on TCP features, SCTP provides some additional functions:
1) orderly transmission of user data in multiple "streams"
"Stream" refers to a series of bytes in TCP, and SCTP refers to a series of user messages sent to the upper-layer protocol. The order of these messages is related to other messages in the stream. When establishing an association, SCTP users can specify the number of streams supported by the association. This number is agreed with the source end, and the user message is associated with the number of streams. In the link, SCTP assigns a stream serial number to each message sent to the peer end. At the receiving end, SCTP ensures that messages are sent in order in a given stream. At the same time, when a stream is waiting for the next unordered user message, other streams will continue to be sent.
2) Split user data based on the size of the detected path MTU (maximum transmission unit)
To ensure that the SCTP packet sent to the lower layer is consistent with the path MTU, SCTP fragment the user message. At the receiving end, the parts are reorganized and then transmitted to the upper-layer SCTP users.
3) Selective validation (SACK) and congestion control selective validation are used for packet loss discovery. The confirmation serial number in TCP returns the byte serial number that the sender has successfully received (excluding the bytes indicated by the validation serial number ), the serial number of the message that SCTP backfeeds to the sender is missing and requires retransmission.
SCTP uses TCP congestion control technology, including slow start, congestion avoidance, and fast retransmission. Therefore, SCTP applications can receive network resources belonging to SCTP when they coexist with TCP applications.
4) chunk binding
That is, multiple user messages can be selectively bound to one SCTP package. By placing messages in one or more SCTP data structures-"blocks", SCTP retains the message framework boundary of the application. Different types of blocks can be bound to a SCTP package, but the control block must be placed before any data block.
5) Path Management
The SCTP Path Management Function selects the destination transmission address from a set of transmission addresses provided by the remote end. It selects the destination address based on two aspects: SCTP user instructions and currently accessible qualified destinations. When other traffic control policies cannot provide accessibility information, the path management function periodically scans the link accessibility and reports changes to the remote transmission address to SCTP. The SCTP path management module is also responsible for reporting available local addresses to the remote end when establishing a link, and notifying the SCTP users of the transmitted addresses returned from the remote end.
6) support for multiple locations
When SCTP sends data packets to the destination IP address, if the IP address is inaccessible, SCTP can re-route the message to an alternate IP address. In this way, network-level errors can be tolerated at one or both ends of the association.
7) Prevent DoS Attacks
There are many DoS attack methods. The most basic DoS attack is to use reasonable service requests to occupy too many service resources, so that legal users cannot receive service responses. SYN Flooding attacks are an example of DoS attacks and are currently the best hacker attack method. To defend against SYN Flooding Attacks on the target host, SCTP implements a secure "Cookie" mechanism during the association initialization phase. TCP cannot prevent DOS attacks. Therefore, SCTP uses four handshakes instead of three handshakes of TCP;
8) supports multiple transmission modes
Strict ordered transmission (like TCP), partial ordered transmission (like per-stream), and unordered transmission (like UDP ).
SCTP Package Structure
The structure of the SCTP package. A packet header can be followed by one or more variable-length blocks. The block format is "type-length-value" (TLV. The source port, destination port, and Verification Code have similar meanings as in TCP. Confirm that the tag stores the value of the initial tag exchanged for the first time in the SCTP handshake. In the association, if any SCTP packet does not contain such a label, it will be discarded by the receiving end when it arrives.
In each block, TLV includes the block type, transfer processing mark, and block length. Different block types can be used to transmit control information or data.
The transmission serial number (TSN) and the stream serial number (SSN) are two different serial numbers. The TSN ensures the reliability of the entire association, while the SSN ensures the order of the entire stream. In this way, during transmission, data reliability and orderliness are separated independently.
SCTP Data Transmission
1) SCTP 4-way handshake and anti-SYN Flooding Attack Principle
A sctp Association is defined as: [A group of IP addresses of host A] + [port of host A] + [A group of IP addresses of host B] + [port of host B]. Therefore, any IP address in the group at each end can be used as the corresponding source/destination address to indicate the association. The two SCTP hosts exchange the communication status through a four-way handshake.
SYN Flooding exploits the inherent vulnerability of TCP/IP. connection-oriented TCP three-way handshake is the basis for the existence of SYN Flooding. The principle of SYN Flooding Attacks is that a malicious attacker sends a large number of SYN packets to the server. After the server sends a SYN + ACK response packet, it cannot receive the ACK packet from the client (the third handshake cannot be completed ), the server consumes a lot of CPU time and memory resources to maintain a very large semi-connection list, and continuously retries SYN + ACK for the IP addresses in this list. The server will be busy processing the attacker's forged TCP connection requests without ignoring the normal requests of the customer. In this case, the server will lose response from the perspective of the normal customer.
In a SCTP four-way handshake, the receiving end of the INIT message does not have to save any status information or allocate any resources, so that DoS attacks such as SYN Flooding can be prevented. It uses a mechanism-"State Cookie"-to send a INIT-ACK message that has all the information required by the sender to establish its own State.
The process of generating a State Cookie in SCTP is as follows:
1. Use the received INIT and the information in the sent INIT-ACK block to create an associated TCB (transfer control block ).
2. In TCB, set the current date to the creation date, and set the Protocol Parameter "valid Cookie time" to the survival period.
3. Based on TCB, collect and reconstruct the minimum information subset required by TCB, and generate a MAC (Information Authentication Code) for the subset and key ).
4. Combine the minimum information subset and MAC to generate status cookies.
5. After the init ack (including the status Cookie parameter) is sent, the sender must delete TCB and any local resources related to the new association.
Both INIT and INIT-ACK must contain the parameters required to establish an initial State: a set of IP addresses that ensure reliable transmission of the initial TSN, each received SCTP package must contain an initial tag, the number of requests sent by each end and the number of streams that each end can receive. After these messages are exchanged, the sender of INIT sends the returned COOKIE as a Cookie-ECHO message. Based on the status COOKIE in the received Cookie-ECHO, the acceptor completely recreates its status and returns the COOKIE-ACK to confirm that the association has been established. Both COOKIE-ECHO and COOKIE-ACK can bind user data messages to their respective packages.
It can be seen that even if the above method is used to receive more INIT messages, the receiving end does not consume any resources: it neither allocates any system resources nor saves the status of the new association, it just includes the state Cookie used for the corresponding re-state as a parameter in each sent INIT-ACK message, and the State Cookie is sent back by the COOKIE-ECHO message.
2) SCTP data exchange
Normal data exchange between two SCTP hosts. The SCTP host sends an SACK block to confirm each received SCTP package. Because SACK can fully describe the status of the receiver, the sender can make a retransmission decision based on SACK. SCTP supports fast retransmission and time-out retransmission algorithms similar to TCP.
For packet loss detection, SCTP and TCP adopt a completely different mechanism: when TCP finds that there is a gap in the receipt serial number, it will wait until the gap is filled in to send data with a serial number higher than the loss packet. However, even if SCTP finds that there is a gap in the receipt sequence number or the order is disordered, it will still send the subsequent data.
3) close association in SCTP
As a connection-oriented transmission protocol, SCTP also uses a three-way handshake to close an association. However, unlike TCP, a TCP terminal can keep the connection open during the "Link Close" process, and receives new data from the peer end, while SCTP does not support the "half-off" Status of TCP. (1) host A issues A "SHUTDOWN" block to terminate the association with host B. HOST A enters the "SHUTDOWN-PENDING" status. The corresponding action is: no longer accept data from upper-layer applications. Only the remaining data in the queue is SENT to the "SHUTDOWN-SENT" status.
(2) Once host B receives the "closed" block, it enters the "SHUTDOWN-terminated ed" status. Like host A, it no longer accepts data from upper-layer applications, send only the remaining data in the queue.
(3) host A sends the "close" block again, notifies host B that the remaining data sent has arrived, and reiterated that the Association is being closed.
(4) When you receive the "close" block for the second time, host B sends the "confirm to close" block.
(5) host A then sends the "close end" block to close the connection.
