SCTP multihoming allows endpoints to provide alternate
addresses for receiving data and specify the primary address to
send to, using a different address if needed.
After SCTP conducts a successful handshake, the client
and server endpoints each select the primary destination IP address
to which they will send data until a network failure occurs. There
may be more than one IP address from which to choose. The ability
of an endpoint to support multiple IP addresses is known as multihoming,
which means SCTP can transmit to an alternative IP address belonging
to the endpoint in case of a network failure or adverse conditions.
For example, if each endpoint had eight addresses, there would be
64 possible address pairs (sessions) allowed per association.
When you Configure
SCTP Security on a Palo Alto Networks firewall, you can specify
a number of IP (transport) addresses for multihoming. However, if
you configure more than that number of IP addresses for an endpoint,
the firewall generates an alert message (but does not enforce the
IP address limit). The pairs of IP addresses can be any combination
of IPv4 and IPv6 addresses. For example, in the use case of radio
access network (RAN) security, the IP addresses belong to an eNodeB
(Evolved Node B endpoint) and an MME (mobility management entity
endpoint), between which an SCTP association is established.