Tunneling IPX Traffic through IP Networks(rfc1234)
Network Working Group D. Provan
Request for Comments: 1234 Novell, Inc.
June 1991
Tunneling IPX Traffic through IP Networks
Status of this Memo
This memo describes a method of encapsulating IPX datagrams within
UDP packets so that IPX traffic can travel across an IP internet.
This RFC specifies an IAB standards track protocol for the Internet
community, and requests discussion and suggestions for improvements.
Please refer to the current edition of the "IAB Official Protocol
Standards" for the standardization state and status of this protocol.
Distribution of this memo is unlimited.
Introduction
Internet Packet eXchange protocol (IPX) is the internetwork protocol
used by Novell's NetWare protocol suite. For the purposes of this
paper, IPX is functionally equivalent to the Internet Datagram
Protocol (IDP) from the Xerox Network Systems (XNS) protocol suite
[1]. This memo describes a method of encapsulating IPX datagrams
within UDP packets [2] so that IPX traffic can travel across an IP
internet [3].
This RFC allows an IPX implementation to view an IP internet as a
single IPX network. An implementation of this memo will encapsulate
IPX datagrams in UDP packets in the same way any hardware
implementation might encapsulate IPX datagrams in that hardware's
frames. IPX networks can be connected thusly across internets that
carry only IP traffic.
Packet Format
Each IPX datagram is carried in the data portion of a UDP packet.
All IP and UDP fields are set normally. Both the source and the
destination ports in the UDP packet should be set to the UDP port
value allocated by the Internet Assigned Numbers Authority for the
implementation of this encapsulation method.
As with any UDP application, the transmitting party has the option of
avoiding the overhead of the checksum by setting the UDP checksum to
zero. Since IPX implementations never use the IPX checksum to guard
IPX packets from damage, UDP checksumming is highly recommended for
IPX encapsulation.
Provan [Page 1]
RFC 1234 IPX on IP June 1991
+---------------------+------------+-------------------------------+
| | | | |
| IP Header | UDP Header | IPX Header | IPX packet data |
| (20 or more octets) | (8 octets) | (30 octets) | |
| | | | |
+---------------------+------------+-------------------------------+
Figure 1: An IPX packet carried as data in a UDP packet.
Reserved Packets
The first two octets of the IPX header contain the IPX checksum. IPX
packets are never sent with a checksum, so every IPX header begins
with two octets of FF hex. Implementations of this encapsulation
scheme should ignore packets with any other value in the first two
octets immediately following the UDP header. Other values are
reserved for possible future enhancements to this encapsulation
protocol.
Unicast Address Mappings
IPX addresses consist of a four octet network number and a six octet
host number. IPX uses the network number to route each packet
through the IPX internet to the destination network. Once the packet
arrives at the destination network, IPX uses the six octet host
number as the hardware address on that network.
Host numbers are also exchanged in the IPX headers of packets of
IPX's Routing Information Protocol (RIP). This supplies end nodes
and routers alike with the hardware address information required for
forwarding packets across intermediate networks on the way towards
the destination networks.
For implementations of this memo, the first two octets of the host
number will always be zero and the last four octets will be the
node's four octet IP address. This makes address mapping trivial for
unicast transmissions: the first two octets of the host number are
discarded, leaving the normal four octet IP address. The
encapsulation code should use this IP address as the destination
address of the UDP/IP tunnel packet.
Broadcasts between Peer Servers
IPX requires broadcast facilities so that NetWare servers and IPX
routers sharing a network can find one another. Since internet-wide
IP broadcast is neither appropriate nor available, some other
mechanism is required. For this memo, each server and router should
maintain a list of the IP addresses of the other IPX servers and
Provan [Page 2]
RFC 1234 IPX on IP June 1991
routers on the IP internet. I will refer to this list as the "peer
list", to individual members as "peers", and to all the peers taken
together, including the local node, as the "peer group". When IPX
requests a broadcast, the encapsulation implementation simulates the
broadcast by transmitting a separate unicast packet to each peer in
the peer list.
Because each peer list is constructed by hand, several groups of
peers can share the same IP internet without knowing about one
another. This differs from a normal IPX network in which all peers
would find each other automatically by using the hardware's broadcast
facility.
The list of peers at each node should contain all other peers in the
peer group. In most cases, connectivity will suffer if broadcasts
from one peer consistently fail to reach some other peer in the
group.
The peer list could be implemented using IP multicast [4], but since
multicast facilities are not widely available at this time, no well-
known multicast address has been assigned and no implementations
using multicast exist. As IP multicast is deployed in IP
implementations, it can be used by simply including in the peer list
an IP multicast address for IPX servers and routers. The IP
multicast address would replace the IP addresses of all peers which
will receive IP multicast packets sent from this peer.
Broadcasts by Clients
Typically, NetWare client nodes do not need to receive broadcasts, so
normally NetWare client nodes on the IP internet would not need to be
included in the peer lists at the servers.
On the other hand, clients on an IPX network need to send broadcasts
in order to locate servers and to discover routes. A client
implementation of UDP encapsulation can handle this by having a
configured list of the IP addresses of all servers and routers in the
peer group running on the IP internetwork. As with the peer list on
a server, the client implementation would simulate the broadcast by
sending a copy of the packet to each IP address in its list of IPX
servers and routers. One of the IP addresses in the list, perhaps
the only one, could be a broadcast address or, when available, a
multicast address. This allows the client to communicate with
members of the peer group without knowing their specific IP
addresses.
It's important to realize that broadcast packets sent from an IPX
client must be able to reach all servers and routers in the server
Provan [Page 3]
RFC 1234 IPX on IP June 1991
peer group. Unlike IP, which has a unicast redirect mechanism, IPX
end systems are responsible for discovering routing information by
broadcasting a packet requesting a router that can forward packets to
the desired destination. If such packets do not tend to reach the
entire server peer group, resources in the IPX internet may be
visible to an end system, yet unreachable by it.
Maximum Transmission Unit
Although larger IPX packets are possible, the standard maximum
transmission unit for IPX is 576 octets. Consequently, 576 octets is
the recommended default maximum transmission unit for IPX packets
being sent with this encapsulation technique. With the eight octet
UDP header and the 20 octet IP header, the resulting IP packets will
be 604 octets long. Note that this is larger than the 576 octet
maximum size IP implementations are required to accept [3]. Any IP
implementation supporting this encapsulation technique must be
capable of receiving 604 octet IP packets.
As improvements in protocols and hardware allow for larger,
unfragmented IP transmission units, the 576 octet maximum IPX packet
size may become a liability. For this reason, it is recommended that
the IPX maximum transmission unit size be configurable in
implementations of this memo.
Security Issues
Using a wide-area, general purpose network such as an IP internet in
a position normally occupied by physical cabling introduces some
security problems not normally encountered in IPX internetworks.
Normal media are typically protected physically from outside access;
IP internets typically invite outside access.
The general effect is that the security of the entire IPX
internetwork is only as good as the security of the entire IP
internet through which it tunnels. The following broad classes of
attacks are possible:
1) Unauthorized IPX clients can gain access to resources through
normal access control attacks such as password cracking.
2) Unauthorized IPX gateways can divert IPX traffic to unintended
routes.
3) Unauthorized agents can monitor and manipulate IPX traffic
flowing over physical media used by the IP internet and under
control of the agent.
Provan [Page 4]
RFC 1234 IPX on IP June 1991
To a large extent, these security risks are typical of the risks
facing any other application using an IP internet. They are
mentioned here only because IPX is not normally suspicious of its
media. IPX network administrators will need to be aware of these
additional security risks.
Assigned Numbers
The Internet Assigned Numbers Authority assigns well-known UDP port
numbers. It has assigned port number 213 decimal to the IPX
encapsulation technique described in this memo [5].
Acknowledgements
This encapsulation technique was developed independently by Schneider
& Koch and by Novell. I'd like to thank Thomas Ruf of Schneider &
Koch for reviewing this memo to confirm its agreement with the
Schneider & Koch implementation and also for his other valuable
suggestions.
References
[1] Xerox, Corp., "Internet Transport Protocols", XSIS 028112, Xerox
Corporation, December 1981.
[2] Postel, J., "User Datagram Protocol", RFC 768, USC/Information
Sciences Institute, August 1980.
[3] Postel, J., "Internet Protocol", RFC 791, DARPA, September 1981.
[4] Deering, S., "Host Extensions for IP Multicasting", RFC 1112,
Stanford University, August 1989.
[5] Reynolds, J., and J. Postel, "Assigned Numbers", RFC-1060,
USC/Information Sciences Institute, March 1990.
Security Considerations
See the "Security Issues" section above.
Provan [Page 5]
RFC 1234 IPX on IP June 1991
Author's Address
Don Provan
Novell, Inc.
2180 Fortune Drive
San Jose, California, 95131
Phone: (408)473-8440
EMail:[email protected]
Provan [Page 6]
相關推薦
Tunneling IPX Traffic through IP Networks(rfc1234)
Network Working Group D. ProvanRequest for Comments: 1234 Novell
uva 1590 - IP Networks(IP地址)
32位 http sub sample com lock 就是 subst top 習題4-5 IP網絡(IP Networks, ACM/ICPC NEERC 2005, UVa1590) 可以用一個網絡地址和一個子網掩碼描述一個子網(即連續的IP地址範圍)。其中子網
1590 IP Networks java
udebug上的測試都通過了,提交uva,wrong answer,不知道哪錯了 package com.uva; import java.math.BigInteger; import java.util.Scanner; public class IpNetworks { pub
演算法競賽入門經典(第2版)習題4-5 IP網路 IP Networks UVa1590
這道題的邏輯很簡單,讀入所有的ip地址,確認總共32位二進位制數中最左一個不同是在哪裡出現的,然後按規則輸出網路地址與子網掩碼即可。 可上傳後我發現它就是wa...還是wa...總是wa...... 然後我在網上找到了例程,設想出了很多測試資料,用fc拍來拍去,總是報告“找
UVA1590-IP Networks
這個題沒什麼坑,不過還是寫了很長時間,因為交了一遍freopen還有全部相似的問題。 #include <bits/stdc++.h> #include<cstring> us
UVa 1590 IP Networks(IP 網路)
Alex is administrator of IP networks. His clients have a bunch of individual IP addresses and he decided to group all those IP addresses into the smalle
UVA 1590 IP Networks JAVA
works esc char ext 題意 har pen -s 什麽 題意:輸入m代表接下來的數據個數,計算接下來輸入數據的網絡掩碼,和最小網絡地址。思路:①子網掩碼:先將數據轉為二進制,判斷從哪一位開始有數據不一樣,記下下標index,則子網掩碼是index的前面是1,
Uva1590——IP networks
#include <iostream> #include <cstdio> #include <algorithm> using namespace std; s
1590 IP Networks
Alex is administrator of IP networks. His clients have a bunch of individual IP addresses and he decided to group all those IP addresses into the smalles
Uva 1590 IP Networks
題目:略(不會把PDF格式的題目直接轉過來,希望有大神可以指教一下) 心得: 1、讀題用了很久又到網上搜索了子網掩碼的百科才搞懂題目,唯一的思路是隻要找出給出的網路地址中二進位制位第一位不同的即可,難點是在實現的過程 2、我是把十進位制 -> 二進位制 -> 通
poj2799 IP Networks
IP和DNS都是由32位組成的,每8位決定一個數字0-255,IP地址的數量為2^n,n為IP的二進位制後n位,前32-n對於一個網路裡的ip都是一樣的,DNS直接決定了一個網路裡的ip的數量(前32-n位為1,後n位為0)。 有這些知識儲備以後,得出最長的公共串即可,只需
優雅競賽之 UVa 1590 IP Networks
IP網路 UVa 1590 來自 演算法入門 競賽經典 第二版 第四章 習題4-5 最初以為該題比較簡單,真正開始寫才遇到許多問題。 問題: 位操作不直觀,思考了一會 右移32位與沒有位移相同 優雅之處: 簡單易懂的位操作 簡單化
小紫書 4-5 UVA 1590 IP Networks
題解: 程式碼: #include <iostream> #include <cstdio> #include <cstdlib> #include <cs
UVA-IP Networks
Alex is administrator of IP networks. His clients have a bunch of individual IP addresses and he decided to group all those IP add
UVALive3520 UVa1590 POJ2799 IP Networks【進位制+位運算】
Time Limit: 1000MSMemory Limit: 65536KTotal Submissions: 2392Accepted: 919DescriptionAlex is administrator of IP networks. His clients hav
Linux 網絡流量查看 Linux ip traffic monitor
-- run about rom lar cat ext different log Network monitoring on LinuxThis post mentions some linux command line tools that can be used t
ISE中FIFO IP核的Standard FIFO和First-word-Fall-Through模式的模擬比較
ISE下的FIFO IP核有Standard FIFO和First-word-Fall-Through兩種模式,相對於標準模式FWFT(First-word-Fall-Through)可以不需要讀命令,自動的將最新資料放在dout上。 接下來分別對兩種模式下的FIFO進行模擬,testbench如
Block S3 Traffic from VPC or External IP Address
{ "Version": "2012-10-17", "Id": "VPCe and SourceIP", "Statement": [{ "Sid": "VPCe and SourceIP", "Effect": "Deny",
使用xilinx ip core FIFO First- World First-Through (FWFT)模式的注意事項
也許很多人知道xilinx ip core 中的fifo可以配成standard 模式和FWFT模式,並知道兩者的區別是:standard模式下,當rd為高時,fifo會延時一個時鐘輸出資料(時序邏輯);而在FWFT模式下,當rd為高時,fifo不需要延時一個時鐘,而是直
JavaScript遍歷IP段內所有IP
hive write ora cor script list urn get ray 思路:將兩個IP轉換為數字進行比較,小的那個慢慢加一,直到變成大的那個IP所轉換的數字,將這其中的數字再轉換為IP地址即為IP段內所有的IP。 1 //IP轉數字 2 functio