SCTP stands for Stream Control Trasport Protocol. As its name implies, it is a Trasport Protocol like TCP. It is similar to TCP in terms of fundamentals but added some features which would compensate the weak spot of TCP. Watch videos in Reference Section if you want to learn further details on SCTP protocol in general.
SCTP in 4G/5G Network Architecture
In cellular communication system, SCTP is the protocol being used in the communication between eNB and MME(4G) and the protocol being used between gNB and AMF as illustrated below.
Structure of the protocol stack for these interface is illustrated as below.
If you take packet capture (e.g, Wireshark capture) over the interface, you would get the packet structure as below.
Packet Structure
Following is an example of IP header + SCTP packet.
Chunk Type
Followings are the list of values used as Chunk Type field.
|
Value |
Abbreviation |
Description |
|---|---|---|
|
0 |
DATA |
Payload data |
|
1 |
INIT |
Initiation |
|
2 |
INIT ACK |
Initiation acknowledgement |
|
3 |
SACK |
Selective acknowledgement |
|
4 |
HEARTBEAT |
Heartbeat request |
|
5 |
HEARTBEAT ACK |
Heartbeat acknowledgement |
|
6 |
ABORT |
Abort |
|
7 |
SHUTDOWN |
Shutdown |
|
8 |
SHUTDOWN ACK |
Shutdown acknowledgement |
|
9 |
ERROR |
Operation error |
|
10 |
COOKIE ECHO |
State cookie |
|
11 |
COOKIE ACK |
Cookie acknowledgement |
|
12 |
ECNE |
Explicit congestion notification echo (reserved) |
|
13 |
CWR |
Congestion window reduced (reserved) |
|
14 |
SHUTDOWN COMPLETE |
Shutdown complete |
|
15 |
AUTH |
Authentication chunk |
|
1662 |
N/A |
Reserved by IETF |
|
63 |
IETF-defined chunk extensions |
|
|
64 |
I-DATA |
Payload data supporting packet interleaving |
|
65126 |
N/A |
Reserved by IETF |
|
127 |
IETF-defined chunk extensions |
|
|
128 |
ASCONF-ACK |
Address configuration change acknowledgement |
|
129 |
N/A |
Unassigned[3] |
|
130 |
RE-CONFIG |
Stream reconfiguration |
|
131 |
N/A |
Unassigned[3] |
|
132 |
PAD |
Packet padding |
|
133190 |
N/A |
Reserved by IETF |
|
191 |
IETF-defined chunk extensions |
|
|
192 |
FORWARD-TSN |
Increment expected TSN |
|
193 |
ASCONF |
Address configuration change |
|
194 |
I-FORWARD-TSN |
Increment expected TSN, supporting packet interleaving |
|
195254 |
N/A |
Reserved by IETF |
|
255 |
IETF-defined chunk extensions |
Chunk Flags
Followings are some of the chunk types. Which of these are used varies depending on Chunk Type.
- U (Unordered): Indicates that the chunk is to be delivered unordered to the receiving endpoint.
- B (Begin): Indicates that the chunk is the first of a multi-part message.
- E (End): Indicates that the chunk is the last of a multi-part message.
- I (Abort): Indicates that the sender has abandoned the transmission of the current message and is requesting an abort.
- T (Forward TSN Supported): Indicates support for the "Forward TSN" feature of SCTP.
- P (Padding): Indicates that the chunk contains padding to align the data on a 4-byte boundary.
- R (Reserved): Indicates that the flag bit is reserved for future use and must be set to zero.
- A (ASCONF Ack): Indicates that the chunk is an acknowledgment for an "Address Configuration" (ASCONF) chunk.
SCTP Establish
Like TCP, SCTP also requires the initial handshake to establish the connection between two end points. As shown below, SCTP goes through 4 step handshake whereas TCP goes through 3 way handshake. Following is SCTP initial setup process captured with Wireshark from Amarisoft Callbox.
(1) INIT
Internet Protocol Version 4, Src: 10.0.0.185, Dst: 10.0.0.162
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..10 = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
Total Length: 68
Identification: 0x0000 (0)
Flags: 0x40, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment Offset: 0
Time to Live: 64
Protocol: SCTP (132)
Header Checksum: 0x24da [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.0.0.185
Destination Address: 10.0.0.162
Stream Control Transmission Protocol, Src Port: 48041 (48041), Dst Port: 38412 (38412)
Source port: 48041
Destination port: 38412
Verification tag: 0x00000000
[Association index: 65535]
Checksum: 0x0ffaab98 [unverified]
[Checksum Status: Unverified]
INIT chunk (Outbound streams: 8, inbound streams: 65535)
Chunk type: INIT (1)
0... .... = Bit: Stop processing of the packet
.0.. .... = Bit: Do not report
Chunk flags: 0x00
Chunk length: 36
Initiate tag: 0x8d10a6cf
Advertised receiver window credit (a_rwnd): 106496
Number of outbound streams: 8
Number of inbound streams: 65535
Initial TSN: 3757580128
Supported address types parameter (Supported types: IPv4)
Parameter type: Supported address types (0x000c)
0... .... .... .... = Bit: Stop processing of chunk
.0.. .... .... .... = Bit: Do not report
Parameter length: 6
Supported address type: IPv4 address (5)
Parameter padding: 0000
ECN parameter
Parameter type: ECN (0x8000)
1... .... .... .... = Bit: Skip parameter and continue processing of the chunk
.0.. .... .... .... = Bit: Do not report
Parameter length: 4
Forward TSN supported parameter
Parameter type: Forward TSN supported (0xc000)
1... .... .... .... = Bit: Skip parameter and continue processing of the chunk
.1.. .... .... .... = Bit: Do report
Parameter length: 4
(2) INIT_ACK
Internet Protocol Version 4, Src: 10.0.0.162, Dst: 10.0.0.185
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..10 = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
Total Length: 292
Identification: 0x0000 (0)
Flags: 0x40, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment Offset: 0
Time to Live: 64
Protocol: SCTP (132)
Header Checksum: 0x23fa [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.0.0.162
Destination Address: 10.0.0.185
Stream Control Transmission Protocol, Src Port: 38412 (38412), Dst Port: 48041 (48041)
Source port: 38412
Destination port: 48041
Verification tag: 0x8d10a6cf
[Association index: 65535]
Checksum: 0x30678470 [unverified]
[Checksum Status: Unverified]
INIT_ACK chunk (Outbound streams: 8, inbound streams: 8)
Chunk type: INIT_ACK (2)
0... .... = Bit: Stop processing of the packet
.0.. .... = Bit: Do not report
Chunk flags: 0x00
Chunk length: 260
Initiate tag: 0x790ad620
Advertised receiver window credit (a_rwnd): 106496
Number of outbound streams: 8
Number of inbound streams: 8
Initial TSN: 4169966867
State cookie parameter (Cookie length: 228 bytes)
Parameter type: State cookie (0x0007)
0... .... .... .... = Bit: Stop processing of chunk
.0.. .... .... .... = Bit: Do not report
Parameter length: 232
State cookie: 4124569d7e0548bdbfbc4c54e0af0c95e938d9f500000000000000000000000000000000
ECN parameter
Parameter type: ECN (0x8000)
1... .... .... .... = Bit: Skip parameter and continue processing of the chunk
.0.. .... .... .... = Bit: Do not report
Parameter length: 4
Forward TSN supported parameter
Parameter type: Forward TSN supported (0xc000)
1... .... .... .... = Bit: Skip parameter and continue processing of the chunk
.1.. .... .... .... = Bit: Do report
Parameter length: 4
(3) COOKIE_ECHO
Internet Protocol Version 4, Src: 10.0.0.185, Dst: 10.0.0.162
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..10 = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
Total Length: 264
Identification: 0x0000 (0)
Flags: 0x40, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment Offset: 0
Time to Live: 64
Protocol: SCTP (132)
Header Checksum: 0x2416 [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.0.0.185
Destination Address: 10.0.0.162
Stream Control Transmission Protocol, Src Port: 48041 (48041), Dst Port: 38412 (38412)
Source port: 48041
Destination port: 38412
Verification tag: 0x790ad620
[Association index: 65535]
Checksum: 0xa00fe0f7 [unverified]
[Checksum Status: Unverified]
COOKIE_ECHO chunk (Cookie length: 228 bytes)
Chunk type: COOKIE_ECHO (10)
0... .... = Bit: Stop processing of the packet
.0.. .... = Bit: Do not report
Chunk flags: 0x00
Chunk length: 232
Cookie: 4124569d7e0548bdbfbc4c54e0af0c95e938d9f500000000000000000000000000000000
(4) COOKIE_ACK
Internet Protocol Version 4, Src: 10.0.0.162, Dst: 10.0.0.185
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..10 = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
Total Length: 36
Identification: 0x0000 (0)
Flags: 0x40, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment Offset: 0
Time to Live: 64
Protocol: SCTP (132)
Header Checksum: 0x24fa [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.0.0.162
Destination Address: 10.0.0.185
Stream Control Transmission Protocol, Src Port: 38412 (38412), Dst Port: 48041 (48041)
Source port: 38412
Destination port: 48041
Verification tag: 0x8d10a6cf
[Association index: 65535]
Checksum: 0xa018cd9c [unverified]
[Checksum Status: Unverified]
COOKIE_ACK chunk
Chunk type: COOKIE_ACK (11)
0... .... = Bit: Stop processing of the packet
.0.. .... = Bit: Do not report
Chunk flags: 0x00
Chunk length: 4
Videos
Reference
- Securing GTP and SCTP Traffic User Guide for Security Devices - Juniper Networks