After SCTP conducts a successful handshake, the client and server endpoints each select the primary destination IP address to which they will send data until a network failure occurs. There may be more than one IP address from which to choose. The ability of an endpoint to support multiple IP addresses is known as multihoming, which means SCTP can transmit to an alternative IP address belonging to the endpoint in case of a network failure or adverse conditions. For example, if each endpoint had eight addresses, there would be 64 possible address pairs (sessions) allowed per association.

When you Configure SCTP Security on a Palo Alto Networks firewall, you can specify a number of IP (transport) addresses for multihoming. However, if you configure more than that number of IP addresses for an endpoint, the firewall generates an alert message (but does not enforce the IP address limit). The pairs of IP addresses can be any combination of IPv4 and IPv6 addresses. For example, in the use case of radio access network (RAN) security, the IP addresses belong to an eNodeB (Evolved Node B endpoint) and an MME (mobility management entity endpoint), between which an SCTP association is established.