SCTP is not very much known and not used/deployed a lot because:

  • Widespread: Not widely integrated in TCP/IP stacks (in 2013: still missing natively in latest Mac OSX and Windows)
  • Libraries: Few high level bindings in easy to use languages
  • NAT: Doesn’t cross NAT very well/at all (less than 1% internet home & enterprise routers do NAT on SCTP).
  • Popularity: No general public app use it
  • Programming paradigm: it changed a bit: it’s still a socket, but you can connect many hosts to many hosts (multihoming), datagram is ordered and reliable, erc…
  • Complexity: SCTP stack is complex to implement (due to above)
  • Competition: Multipath TCP is coming and should address multihoming needs / capabilities so people refrain from implementing SCTP if possible, waiting for MTCP
  • Niche: Needs SCTP fills are very peculiar (ordered reliable datagrams, multistream) and not needed by much applications
  • Security: SCTP evades security controls (some firewalls, most IDSes, all DLPs, does not appear on netstat except CentOS/Redhat/Fedora…)
  • Audit-ability: Something like 3 companies in the world routinely do audits of SCTP security (Disclaimer: I work in one of them)
  • Learning curve: Not much toolchain to play with SCTP (check the excellent withsctp that combines nicely with netcat or use socat )

Reference