David A. Hayes

Researcher, Educator, Academic, Engineer
Home
Publications
Projects
CV

Issues with network address translation for SCTP

Journal article

D. A. Hayes, J. But, G. Armitage
ACM SIGCOMM Computer Communication Review,, vol. 39(1), 2008, pp. 23--33
DOI: 10.1145/1496091.1496095
Semantic Scholar DBLP DOI pdf
Cite

Cite

APA   Click to copy
Hayes, D. A., But, J., & Armitage, G. (2008). Issues with network address translation for SCTP. ACM SIGCOMM Computer Communication Review, 39(1), 23–33. https://doi.org/10.1145/1496091.1496095

Chicago/Turabian   Click to copy
Hayes, D. A., J. But, and G. Armitage. “Issues with Network Address Translation for SCTP.” ACM SIGCOMM Computer Communication Review, 39, no. 1 (2008): 23–33.

MLA   Click to copy
Hayes, D. A., et al. “Issues with Network Address Translation for SCTP.” ACM SIGCOMM Computer Communication Review, vol. 39, no. 1, 2008, pp. 23–33, doi:10.1145/1496091.1496095.

BibTeX   Click to copy 

@article{d2008a,
  title = {Issues with network address translation for SCTP},
  year = {2008},
  issue = {1},
  journal = {ACM SIGCOMM Computer Communication Review,},
  pages = {23--33},
  volume = {39},
  doi = {10.1145/1496091.1496095},
  author = {Hayes, D. A. and But, J. and Armitage, G.}
}

Abstract

A Stream Control Transmission Protocol (SCTP) capable Network Address Translation (NAT) device is necessary to support the wider deployment of the SCTP protocol. The key issues for an SCTP NAT are SCTP's control chunk multiplexing and multi-homing features. Control chunk multiplexing can expose an SCTP NAT to possible Denial of Service attacks. These can be mitigated through the use of chunk and parameter processing limits. Multiple and changing IP addresses during an SCTP association, mean that SCTP NATs cannot operate in the way conventional UDP/TCP NATs operate. Tracking these multiple global IP addresses can help in avoiding lookup table conflicts, however, it can also result in circumstances that can lead to NAT state inconsistencies. Our analysis shows that tracking global IP addresses is not necessary in most expected practical installations. We use our FreeBSD SCTP NAT implementation, alias_sctp to examine the performance implications of tracking global IP addresses. We find that typical memory usage doubles and that the processing requirements are significant for installations that experience high association arrival rates. In conclusion we provide practical recommendations for a secure stable SCTP NAT installation.

Share

Follow this website

You need to create an Owlstown account to follow this website.

Sign up

Already an Owlstown member?

Log in