Stream Control Transmission Protocol Overview

Stream Control Transmission Protocol (SCTP) is an IP Transport Layer protocol. SCTP is a reliable transport protocol operating on top of a connectionless packet network such as IP and supports data transfer across the network in single IP or multi-IP cases. SCTP provides the following services:

Aggregate Server Access Protocol (ASAP)
Bearer Independent Call Control (BICC)
Direct Data Placement Segment chunk (DDP-segment)
Direct Data Placement Stream session control (DDP-stream)
DPNSS/DASS 2 extensions to IUA Protocol (DUA)
Endpoint Handleescape Redundancy Protocol (ENRP)
H.248 Protocol (H248)
H.323 Protocol (H323)
ISDN User Adaptation Layer (IUA)
MTP2 User Peer-to-Peer Adaptation Layer (M2PA)
MTP2 User Adaptation Layer (M2UA)
MTP3 User Adaptation Layer (M3UA)
Q.IPC
Reserved
Simple Middlebox Configuration (SIMCO)
SCCP User Adaptation Layer (SUA)
Transport Adapter Layer Interface (TALI)
v5.2 User Adaptation Layer (V5UA)

SCTP can transport signaling messages to and from Signaling System 7 (SS7) for 3G mobile network through M3UA, M2UA or SUA. SCTP is a packet-based transport protocol. SCTP provide reliable and secure transport, minimized end-to-end delay, short failover time in case of network failures and both sequence and no-sequence transport.

Configuration Overview

You should configure at least one SCTP profile to enable the security device to perform stateful inspection on all SCTP traffic. The stateful inspection of SCTP traffic will drop some anomalous SCTP packets. The SCTP firewall supports deeper inspection:

Packet filtering—The profile configuration of drop packets for special SCTP payload protocol and M3UA service enables packet filtering.
Limit-rate—Controls the packets rate of SCCP in M3UA service..

The SCTP deeper inspection requires the following steps:

Creating an SCTP profile
Configuring the filtering and limiting parameters
Binding the SCTP profile to a policy

Note: The policy should permit SCTP traffic.