Network Working Group T. Sung Request for Comments: 1791 Novell, Inc. Category: Experimental April 1995 TCP And UDP Over IPX Networks With Fixed Path MTU Status of this Memo This document defines an Experimental Protocol for the Internet community. This does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. IESG Note: Internet Engineering Steering Group comment from the Area Director for Transport Services: Please note well that this memo is an individual product of the author. Implementation experience, particularly on the effectiveness of the protocols in dual-stack environments, is needed. 1. Introduction Most of network applications run on some sort of transports. And, if one is to let such applications to run over a foreign network protocol, the simplest way would be to allow the applications' transports to run over that network protocol. For TCP/IP applications, that transport is TCP or UDP. Hence, to let TCP/IP applications run over IPX, we would need to have TCP and UDP run over IPX. And, once TCP and UDP are allowed to run over IPX, all TCP and UDP based applications, such as HTTP for WWW, or NFS, can easily be made to work over IPX networks. DLsw is another example of such applications. As it is a TCP application (and TCP requires IP), the administrator is forced to run IP on his network in order to support DLsw. If the site was an IPX shop, it means that he now must manage IP protocol/addresses in addition to IPX. If TCP could be made to run on IPX, then he would not have to add IP to his repertoire of network protocols to manage. TCP/IPX allows TCP/IP applications to run over IPX networks by letting TCP and UDP run over IPX. And this memo specifies the packet format and operational procedures for running TCP and UDP over IPX. Sung [Page 1] RFC 1791 TCP And UDP Over IPX April 1995 2. Running UDP Over IPX Since UDP datagrams can be up to 64K octets long, and the size of IPX packet is limited to that of the path MTU, large UDP datagrams must be fragmented. And, since IPX does not support fragmentation, large UDP datagrams must be fragmented before they are passed to IPX. For that purpose, a new protocol called IPXF (IPX Fragmentation layer), is invented. UDP must run on IPXF rather than directly on IPX. IPXF layer is described in section 4. To IPXF service users, IPXF behaves just like IPX except that IPXF accepts datagram larger than the IPX path MTU. As such, we describe UDP in this section as if it is running on IPX. UDP must send and receive the packets on IPX/IPXF socket 0x9092. Though it may be possible to send a packet from sockets other than 0x9092, such sockets cannot receive UDP datagram destined to a well known socket 0x9092. Hence, the bidirectional communcation may not be established if a socket other than 0x9092 is used to send UDP datagram. For that reason. UDP/IPX does not allow source sockets other than 0x9092. If a datagram with source socket number other than 0x9092 is received, UDP/IPX should discard the packet silently. (And increment udpInDatagramErr MIB counter if it is instrumented.) UDP over IPX uses the IPX packet type 4, a normal IPX packet type. The IPX packet type has no meaning to TCP/IPX protocol. It simply is a number required by IPX for general IPX packets. See Appendix B.1 and B.2 for UDP over IPX packet format. The UDP/IPX checksum uses a pseudo header similar to UDP/IP pseudo header. The only difference is that IP addresses and protocol ID are replaced by IPX addresses and socket numbers. See Appendix B.3 for the UDP/IPX pseudo header format. 3. Running TCP Over IPX Unlike UDP, TCP runs directly over IPX. Since IPX does not support fragmentation, no TCP segment sent over IPX can be larger than the path MTU for the connection. The discovery of the path MTU is outside of scope of this paper. If the implementation does not have a way to dynamically determine the path MTU for each connection, it should at least allow a way to statically configure a reasonable value for all connections. For example, if the internetwork made of ethernets only, the user may configure the segment size to be 1470 including the TCP header. If the configuration of the segment size is not possible, the implementation should assume that the IPX path Sung [Page 2] RFC 1791 TCP And UDP Over IPX April 1995 MTU is 576 octects, and not send any TCP segment larger than 546 octets including TCP header. That will result in IPX packet of 576 octets which is the minimum path MTU for IPX. The implementation is then advised to comunicate the configured/default segment size to the peer TCP by exchanging MSS option. Note that this memo does not preclude the possibility of running TCP over IPXF instead of IPX. Running on IPXF can be done in the same manner as running UDP over IPXF. However, in general, TCP should refrain from sending large segments that may result in fragmentation. Hence, running TCP over IPXF is not recommended. The IPX socket number 0x9091 is reserved for the TCP. All TCP packets must be sent from and received on the socket 0x9091. If the received TCP/IPX packet has the source IPX socket number other than 0x9091, the packet should be discarded silently. (And increment tcpInErrs MIB counter if it is instrumented.) TCP, like UDP, uses IPX packet type 4. The IPX packet type has no meaning to TCP/IPX protocol. It is packet type required by IPX for general IPX packets. See appendix A.1 for TCP/IPX packet format. The TCP pseudo header, used in checksuming for TCP over IPX, is similar to TCP pseudo header for TCP over IP. Again, the difference is that IPX addresses and IPX socket number are substituted in place of IP addresses and IP protocol number. See Appendix A.2 for the TCP/IPX pseudo header format. 4. IPXF Layer A large UDP datagram cannot be sent directly over IPX as IPX does not support datagrams larger than the path MTU. Hence, large UDP datagrams must be fragmented before it can be sent over IPX. To have large UDP datagrams fragmented, UDP runs over IPXF layer instead of running directly IPX. IPXF users treats IPXF as if it is IPX layer. That is, they pass datagrams to IPXF specifying the destination IPX address/socket along with the packet. They also must set the source socket number of the datagram to its actual IPX socket number, as it would when sending packets to IPX layer. (For UDP, both source and destination sockets are 0x9092.) Datagrams passed to IPXF can be upto 64K octets long. Sung [Page 3] RFC 1791 TCP And UDP Over IPX April 1995 IPXF fragments a datagram as necessary, prepends each fragment with the IPXF header and send them to the IPX socket 0x9093 in the destination IPX address. The actual destination socket number (0x9092 for UDP) in the orignal IPX datagram is preserved in IPXF header. Refer to Appendix B.2 for UDP/IPXF/IPX packet format. The largest possible IPX datagram that can be sent over the IPX path is limited by the path MTU size. The mechanism to discover the path MTU is outside of the scope of the paper. If an IPXF implementation does not have a mean to determine the path MTU, it should assume that the largest IPX packet size is 576. In that case, any UDP datagram larger than 546 octects will have to be fragmented. If the datagram does not require fragmentation, IPXF acts as a null layer. That is, the whole packet is directly sent to the actual IPX destination socket without the IPXF fragmentation header. Refer to Appendix B.1 for UDP/IPX packet format without the IPXF header. An IPXF user receives datagrams by opening a socket with IPXF just as it would with IPX. For example, UDP opens the socket 0x9092 with IPXF to receive UDP datagrams. IPXF, in turn, opens IPX socket of the same number with IPX, so that unfragmented packets directed to that socket will be delivered by IPX directly to the IPXF user. IPXF fragments are received by IPXF on the IPX socket 0x9093. The receiving IPXF then reassembles the fragments into a complete IPX datagram, restores the actual detination IPX socket number from the IPXF header and delivers the reassembled IPX datagram to its actual recipient designated by the restored socket number. Upon receiving a fragment, IPXF must ignore the source socket number in the IPX header of the fragment. The source IPX socket field in IPX header contains the actual source of the IPX datagram. As such, the source IPX socket number in IPX header usually is not 0x9093, and it is meaningful only to the actual recepient of the assembled datagram. The fragmentation/reassembly algorithm used by IPXF is identical to that of IP, except for the following exceptions: 1) the offset of fragments are measured in units of octets rather than in units of 8 octets. 2) if the receiving IPXF does not have sufficient resource for the reassembly, it should discard fragments immediately. The receiving IPXF can determine if it has sufficient resources by looking at the length of the original datagram included in every fragment. Note that, though it is required only for UDP in this memo, IPXF can also be used by any protocol that requires IPX fragmentation support. Sung [Page 4] RFC 1791 TCP And UDP Over IPX April 1995 5. TCP/IPX Checksuming TCP/IPX is checksummed in exactly same manner as TCP/IP. It uses 16 bit 1's complement of 1's compliment sum of all 16 bit words in the pseudo header and text. See Appendix A.2 and B.3 for the pseudo header format for TCP and UDP. 6. Multiplexing TCP and UDP data over IPX are delivered to the application in the same manner as in TCP/IP. That is, they are delivered to the most specific matching endpoint, with the match made on local port, remote port, local IPX address and remote IPX address. When TCP or UDP is running over both IPX and IP, the connection endpoint also identifies the network layer on which the endpoint is. Hence, the triplet of network address, network address family, and the port number forms the socket. And, the endpoint match must be made on the the network address familty as well. For exmple, an endpoint bound to IPX network layer would be identified by AF_IPX, IPX address and TCP port number. On the other hand, endpoints bound to IP network layer would be identified by AF_IP, IP address, and TCP port. Finally, endpoints not bound to any network layer would be identified by AF_UNSPEC and TCP port. First, an attempt is made to deliver the data to the most specific endpoint that is bound to the network layer that the packet arrived from. If there is no such endpoint, then the packet is delivered to the best matching endpoint that is not bound to any network layer at all. For example, if the packet arrived over IPX network, then the packet is delivered to the most specific matching endpoint that is bound to IPX. If there is no matching endpoint over IPX, then it is delivered to an endpoint that did not specify any network layer. The use of endpoints not bound to any network layer is similar to TCP/IP endpoints with no IP address bound to it. Such endpoints are usually used for listening for connection requests from any of the interfaces within the host. Similarly, endpoints with no network layer bound to it are used to field the connection requests from any of the network layers. Acknowledgement The author wishes to thank following folks, in alphabetical order, and others for their helpful comments and contributions to the work: Lester Bird, Doug Kogan, Greg Minshall and Don Provan. Sung [Page 5] RFC 1791 TCP And UDP Over IPX April 1995 Security Considerations Security issues are not discussed in this memo. Author's Address Tae Sung Novell, Inc. 2180 Fortune Drive San Jose, California, 95131 Phone: (408)577-8439 EMail: tae@novell.Com Sung [Page 6] RFC 1791 TCP And UDP Over IPX April 1995 Appendix A.1 - TCP/IPX Packet Format A TCP/IPX Packet has following format: +-------+-------+-------+-------+ | IPX Checksum | IPX Pkt Len | +-------+-------+-------+-------+ | Zero |IPX PT | IPX Dest - +-------+-------+-------+-------+ Network | IPX Dest - +-------+-------+-------+-------+ Node | +-------+-------+-------+-------+ | IPX Dest Skt | IPX Src - +-------+-------+-------+-------+ Network | IPX Src - +-------+-------+-------+-------+ Node | +-------+-------+-------+-------+ | IPX Src Skt | TCP Header and +---------------+-------+-------+ Data... +----... IPX PT field contains the IPX packet type. It is set to 4 for TCP/IPX packet. Both Src Skt and Dest Skt field in IPX header must be set to 0x9091 for TCP/IPX packet. If the Src Skt is not set to 0x9091, the receiving TCP/IPX should discard the packet silently. (And increment tcpInErrs mib object if it is instrumented.) Sung [Page 7] RFC 1791 TCP And UDP Over IPX April 1995 Appendix A.2 - TCP/IPX Pseudo Header Format TCP/IPX uses following pseudo header to compute checksum: +-------+-------+-------+-------+ | IPX Src Network | +-------+-------+-------+-------+ | IPX Src Node +-------+-------+-------+-------+ | IPX Src Skt | +-------+-------+-------+-------+ | IPX Dest Network | +-------+-------+-------+-------+ | IPX Dest Node +-------+-------+-------+-------+ | IPX Dest Skt | +-------+-------+-------+-------+ | Zero | TCP Length | +---------------+---------------+ IPX Src/Dest Network/Node/Skt are the fields from the IPX header. TCP Length is the IPX Pkt Len minus the IPX header length in octets. Note that IPX Src Skt is expected to be 0x9091 for TCP. As such, one may insert 0x9091 in IPX Src Skt field rather than getting the value from IPX header. Then the implementation will not have to check the IPX Src Skt field in the fast path since the checksum failure will also cover the unexpected value. In that case, the implementation may want to examine if the checksum failure was due to the IPX Src Skt value other than 0x9091, so that it can increment appropriate counter, if proprietary counters other than tcpInErrs are used. Sung [Page 8] RFC 1791 TCP And UDP Over IPX April 1995 Appendix B.1 - UDP/IPX Packet Format without Fragmentation IPXF transmits UDP packets over IPX in this format if the UDP datagram does not have to be fragmented: +-------+-------+-------+-------+ | IPX Checksum | IPX Pkt Len | +-------+-------+-------+-------+ | Zero |IPX PT | IPX Dest - +-------+-------+-------+-------+ Network | IPX Dest - +-------+-------+-------+-------+ Node | +-------+-------+-------+-------+ | IPX Dest Skt | IPX Src - +-------+-------+-------+-------+ Network | IPX Src - +-------+-------+-------+-------+ Node | +-------+-------+-------+-------+ | IPX Src Skt | UDP Header and +---------------+-------+-------+ Data... +----... The IPX PT field contains IPX packet type. It should be set to 4 for all UDP/IPX packets. Both IPX Src Skt and IPX Dest Skt field must be set 0x9092. The receiving UDP/IPX should discard the packet silently if the IPX Src Skt field is not set to 0x9092. (And increment udpInErrors mib object if it is instrumented.) Sung [Page 9] RFC 1791 TCP And UDP Over IPX April 1995 Appendix B.2 - UDP/IPX Packet Format With Fragmentation IPXF transmits fragmented datagrams over IPX in the following format: +-------+-------+-------+-------+ | IPX Checksum | IPX Pkt Len | +-------+-------+-------+-------+ | Zero |IPX PT | IPX Dest - +-------+-------+-------+-------+ Network | IPX Dest - +-------+-------+-------+-------+ Node | +-------+-------+-------+-------+ IPX Dest Skt | IPX Src - +-------+-------+-------+-------+ Network | IPX Src - +-------+-------+-------+-------+ Node | +-------+-------+-------+-------+ | IPX Src Skt | IPXF Offset | +---------------+-------+-------+ | IPXF Frag Identification | +-------------------------------+ | IPXF Dest Skt | IPXF DG Len | +-------------------------------+ | UDP Header and Data ... +--------... The IPX PT field contains IPX packet type. It is set to the value set by the IPXF user in the IPX packet passed to IPXF. (UDP sets it to 4.) IPX Dest Skt field must be set to 0x9093 for all IPXF Packets. The value for IPX Src Skt field is variable, and must be set to the actual IPX socket number of the IPXF user. (For example, it must be set to 0x9092 for UDP.) IPXF Offset field indicates where the fragment belongs in the datagram. The offset is measured is octet from the begining of the UDP datagram. The first fragment has the offset of 0. IPXF Frag Identification field is assigned a same value by the sender for all fragements belonging to the same datagram. The receiver then uses this field to reassemble all fragments with same ID into a datagram. Sung [Page 10] RFC 1791 TCP And UDP Over IPX April 1995 IPXF Dest Skt field contains the IPX socket number of the actual recipient that the reassembled datagram will be delivered to. (It is 0x9092 for UDP.) All fragments of a datagram must have the same value in this field. IPXF DG Len field is the total length of the IPX datagram before the fragmentation. The sender should set it to the value of IPX Pkt Len of the original IPX datagram. All fragments of a IPX datagram must have the same value in this field. Sung [Page 11] RFC 1791 TCP And UDP Over IPX April 1995 Appendix B.3 - UDP/IPX Pseudo Header Format UDP/IPX uses following pseudo header for computing the checksum: +-------+-------+-------+-------+ | IPX Src Network | +-------+-------+-------+-------+ | IPX Src Node +-------+-------+-------+-------+ | IPX Src Skt | +-------+-------+-------+-------+ | IPX Dest Network | +-------+-------+-------+-------+ | IPX Dest Node +-------+-------+-------+-------+ | IPX Dest Skt | +-------+-------+-------+-------+ | Zero | UDP Length | +---------------+---------------+ IPX Src/Dest Network/Node/Skt fields are from the IPX packet. Note that, if UDP is running over IPXF, the IPX Dest Skt field in IPX packet header is copied over from IPXF header before the reassembled IPX packet is delivered to UDP, Hence, the pseudo header must be derived from the reassembled IPX header. UDP Length is from UDP header. Note that IPX Src Skt is expected to be 0x9092 for UDP. As such, one may insert 0x9092 in IPX Src Skt field rather than getting the value from IPX header. Then the implementation will not have to check the IPX Src Skt field in the fast path since the checksum failure will also cover the unexpected value. In that case, the implementation may want to examine if the checksum failure was due to the IPX Src Skt value other than 0x9092, so that it can increment appropriate counter, if proprietary counters other than udpInDatagramErr are Datagr Sung [Page 12]