1 / 7

SCTP as a transport for Diameter draft-pascual-dime-sctp-00

SCTP as a transport for Diameter draft-pascual-dime-sctp-00 . victor.pascual@acmepacket.com gonzalo.camarillo@ericsson.com IETF 79 - DIME WG November 2010, Beijing, China. Motivation. Clarify/specify the usage of Diameter over SCTP and its associated security mechanisms .

taniel
Télécharger la présentation

SCTP as a transport for Diameter draft-pascual-dime-sctp-00

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCTP as a transport for Diameter draft-pascual-dime-sctp-00 victor.pascual@acmepacket.com gonzalo.camarillo@ericsson.com IETF 79 - DIME WGNovember 2010, Beijing, China

  2. Motivation • Clarify/specify the usage of Diameter over SCTP and its associated security mechanisms

  3. draft-ietf-dime-rfc3588bis-25 • The base protocol is defined to run over TCP, SCTP or TLS • assuming that TLS is run on top of TCP when it is used • The use of a secured transport for exchanging Diameter messages is mandatory • being TLS the primary method and IPsec a secondary alternative • A TLS-like mechanism for Diameter over SCTP is desired

  4. TLS over SCTP has some serious limitations • These are documented in draft-ietf-tsvwg-dtls-for-sctp-06 • Examples: • It does not support the unordered delivery of SCTP user messages • It uses a TLS connection for every bidirectional stream, which requires a substantial amount of resources and message exchanges if a large number of streams is used • TLS over SCTP has seen very little deployment, if any

  5. DTLS over SCTP overcomes the limitations of TLS over SCTP • DTLS over SCTP supports all features SCTP support. Examples: • It does support the unordered delivery of SCTP user messages • It uses one DTLS connection per SCTP association • The IESG has recently approved it as a Proposed Standard and it will be published as a Standards Track RFC • Proposal: adopt DTLS over SCTP as a security mechanism for Diameter

  6. Mapping of Diameter messages into SCTP streams • Diameter messages need to be mapped into SCTP streams in a way that avoids Head Of the Line (HOL) blocking • Mapping diameter messages into different SCTP streams could fulfill this requirement but some increase of processing delay might be incurred • Sending every Diameter message via the SCTP Stream ID zero with the “unordered” flag set leads to improved performance and simplicity • Proposal: “a Diameter entity SHOULD send every Diameter message over stream zero with the unordered flag set. On the receiving side, a Diameter entity MUST be ready to receive Diameter messages over any stream”

  7. Questions to the WG • Is this something we should work on? • Where? • rfc3588bis vs separate document

More Related