draftpascualdimesctp00 victorpascualacmepacketcom gonzalocamarilloericssoncom IETF 79 DIME WG November 2010 Beijing China Motivation Clarifyspecify the usage of Diameter over SCTP and its associated security mechanisms ID: 264300
Download Presentation The PPT/PDF document "SCTP as a transport for Diameter" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
SCTP as a transport for Diameter draft-pascual-dime-sctp-00
victor.pascual@acmepacket.com
gonzalo.camarillo@ericsson.com
IETF 79 - DIME WG
November 2010, Beijing, ChinaSlide2
MotivationClarify/specify the usage of Diameter over SCTP and its associated security mechanisms Slide3
draft-ietf-dime-rfc3588bis-25The base protocol is defined to run over TCP, SCTP or TLS
assuming that TLS is run on top of TCP when it is used
The use of a secured transport for exchanging Diameter messages is mandatory
being TLS the primary method and IPsec a secondary alternative
A TLS-like mechanism for Diameter over SCTP is desiredSlide4
TLS over SCTP has some serious limitationsThese are documented in draft-ietf-tsvwg-dtls-for-sctp-06
Examples:
It does not support the unordered delivery of SCTP user messages
It uses a TLS connection for every bidirectional stream, which requires a substantial amount of resources and message exchanges if a large number of streams is used
TLS over SCTP has seen very little deployment, if anySlide5
DTLS over SCTP overcomes the limitations of TLS over SCTP
DTLS over SCTP supports all features SCTP support. Examples:
It does support the unordered delivery of SCTP user messages
It uses one DTLS connection per SCTP association
The IESG has recently approved it as a Proposed Standard and it will be published as a Standards Track RFC
Proposal: adopt DTLS over SCTP as a security mechanism for DiameterSlide6
Mapping of Diameter messages into SCTP streamsDiameter messages need to be mapped into SCTP streams in a way that avoids Head Of the Line (HOL) blocking
Mapping diameter messages into different SCTP streams could fulfill this requirement but some increase of processing delay might be incurred
Sending every Diameter message via the SCTP Stream ID zero with the “unordered” flag set leads to improved performance and simplicity
Proposal: “a Diameter entity SHOULD send every Diameter message over stream zero with the unordered flag set. On the receiving side, a Diameter entity MUST be ready to receive Diameter messages over any stream”Slide7
Questions to the WGIs this something we should work on?Where?
r
fc3588bis
vs
separate document