A Made IT project



Short description
This document describes the protocol stacked used by Novell in their NetWare servers. Topics covered are: NDS, NetWare Life, NVT, NCP, SAP, Burst Mode, SPX, SPX2, RIP, NLSP, IPX.

Novell has developed his own network-protocol stack usually refered to as SPX/IPX, which is derived from the Xerox XNS network protocol family. Where IPX is the Network-Layer protocol and SPX is the Transport-layer protocol. To give you a better view of the Novell networking stack we will also describe the upper layer protocols.

An IPX network is a server-based network. Which means you always need atleast one server to have a functional network (ofcourse several workstations are possible). All interactions are handled by a server.

Nodes are identified by a 6 byte number and a 4 byte network ID. The node ID is assigned by the underlying layers (e.g. the MAC address from ethernet network cards).
The network ID is given by the Novell server to a workstation and has to be set in the file server by the administrator. The network number is also used by routers to forward packets to the right network.

The Node-ID of a server is usually 00-00-00-00-00-01.

Sockets are used to indicate different applications over the same network- and node-ID. IPX/SPX supports a maximum of 20 sockets on a single node.

Devices on a network

are those machines that supply functionality (services) to a network. This can be file-services, print-services, routing, etc. Servers have two network numbers. An Internal and an External. The Internal network number is used to address the file-server and the external number is used to address the network on an interface. A file-server acts as a router between the external and internal network, both addresses have a range of 1 to FFFFFFFE.
are workstations. These machines use the resources of the network, but do not provide any service to the network. They are addressed by the External network number of the file-server they are attached to and use the Internal network number of the file-server to attach to this file-server.
are all machines that are part of the IPX-network. This could be file-servers, print-servers, routers, workstations, etc.

Novell network compared to OSI

7Application Layer NDS NetWare Life NVT
6Presentation Layer NCP
5Session Layer SAP Burst Mode
4Transport Layer SPX SPX2
3Network Layer RIP NLSP

Layer 7
NDS (NetWare Directory Service) is a relational database that can be distributed across the network, which makes it possible to share services globaly.

NetWare Life [META]

NVT (NetWare Virtual Terminal)

Layer 6
NCP (NetWare Core Protocol) defines the control and service request encoding for the interaction between servers and clients.

Layer 5
SAP (Service Advertisement Protocol) allows nodes to advertise their IPX addresses and services. These packets are send every 60 seconds. Clients use SAP to request the 'nearest server' when first logging on to the network. And servers use SAP to advertise their services. A server sends SAP messages to advertising its services as living on its internal network. They also send out RIP packets announcing that they know how to get to this internal network. SAP service-numbers at ISI.EDU

Burst Mode [META]

Layer 4
SPX (Sequence Packet Exchange) is a connection oriented protocol that ensures correct data delivery. It controls the integrity of packets and acknowledges packets received. When no acknowledge is received a packet is retransmitted, until a fixed number of retransmits has been done. When there is still no acknowlegde a network failure is assumed and the connection broken. An SPX packet looks like this:

CC DST SrcConnID DestConnID SeqNr AckNr AllocNr data
1 bytes 1 bytes 2 bytes 2 bytes 2 bytes 2 byte 2 byte 534 bytes
Connection Control. Used by SPX to control the flow of data
Data-Stream Type. Information byte that can be used by the application for any purpose
Source Connection ID. Connection number of source node. Created by SPX for use by an application
Destination Connection ID. Connection number of destination node. Created by SPX for use by an application
Sequence Number. Used to keep the sequence of received and transmitted packets straight
Acknowledge Number. Acknowledge receipt of a packet
Allocation Number. Used by SPX to keep track of sent packets which are not acknowledged

SPX II is offered as of NetWare 4. It is backward compatible with SPX and offers additional true sliding-window flow-control mechanism. There is now also the possiblity to send a negative ACK (NAK).
Another change is the one in packet size. This is now as large as the supported system can handle, so no limit to 576 bytes. And last there is added more management features and options that allow future expansion of the protocol.

Layer 3
RIP (Routing Information Protocol) used for the exchange of routing information. It is not identical to the RIP implementation of TCP/IP. Novell has added an extra field, which is called 'Number of Ticks' to the official XNS-protocol. RIP uses IPX for addressing purposes. The Data part of an IPX-packet containing RIP looks like this:

2 bytes4 bytes2 bytes2 bytes
Indicates a request or response. A 1 in this field is a request and a 02 is a response.
A request contains only the NetID, the other fields are nulled out.
The response can be a periodic broadcast or a reply to a request.
Network Number. Indicates the network segment the packet will be send to
Number of Hops. The amount of routers needed to reach the destination
Number of Ticks. The amount of time needed to reach the destination segment (there are 18.21 ticks in a second and the number in the field is atleast 1)
The part after the Operation-field, can be repeated several times (max. 50), to contain the information of several network-segments.

NLSP (NetWare Link Services Protocol) is a Novell link state routing protocol for IPX networks. It is derived from the IS-IS protocol as defined by the ISO. Information is only broadcasted when a change occures, so no periodical broadcasts happen.

IPX (Internetwork Packet Exchange) is a peer-to-peer protocol. It was derived from the XNS Internet Datagram protocol. IPX is a connectionless protocol. It's only concern is internetwork addressing and intranode addressing (sockets). IPX completely relies on the network hardware for the actual node addressing. Novell has reserved several sockets. To name a view:

451hNetWare Core Protocol
452hService Advertising Protocol
453hRouting Information Protocol
4000h-6000hFree sockets, for interaction between file servers and other network communications

The IPX-header:

Checksum Length TC PktType DestNetID DestNodeID DestSocketID SrcNodeID SrcNetID SrcSocketID Data
2 bytes 2 bytes 1 bytes 1 bytes 4 bytes 6 byte 2 byte 4 bytes 6 bytes 2 bytes 546 bytes
Big endian checksum
Big endian length of entire IPX/SPX packet
Transport Control (age of packet)
Packet Type. Set by application to 4 for IPX and to 5 for SPX
Destination Network ID. Set by application if packet is being sent (talker). If set to 0 the current network is used
Destination Node ID. Set by application when being send (talker). Broadcast is all 0FFh's
Destination Socket ID. Set by IPX/SPX to the socket ID of the destination
Source network ID. Set by IPX/SPX to the network ID of the packets source
Source Node ID. Set by IPX/SPX to the Node ID of the packet source
Source Socket ID. Set by IPX/SPX to the socket ID of the source

Notes on IPX/SPX networking
Novell frame types on ethernet:

The original ethernet frame type as used by TCP/IP networks, DEC networks and AppleTalk phase I.
Destination AddressSource AddressTypeData Unit
6 bytes6 bytes2 bytes46-1500 bytes
Also called RAW or 802.3 RAW. Default for the Novell 3.12 and earlier servers. Only suitable for IPX networks.
Destination AddressSource AddressLengthData Unit
6 bytes6 bytes2 bytes46-1500 bytes
Fully IEEE802.2 compliant and default in NetWare4.
Destination AddressSource AddressLengthDSAPSSAPCONTROLData Unit
6 bytes6 bytes2 bytes1 byte1 byte1 or 2 bytes42-1496 bytes
Mainly used in AppleTalk phase II. It is the IEEE802.2 frame with a SNAP extension.
Destination AddressSource AddressLengthDSAP (AA)SSAP (AA)CONTROL (03)SNAPData Unit
6 bytes6 bytes2 bytes1 byte1 byte1 byte5 bytes38-1492 bytes