A Made IT project http://www.made-it.com info@made-it.com

Short description
This document describes the protocol stacked used by Novell in their NetWare servers. Topics covered are: NDS, NetWare Life, NVT, NCP, SAP, Burst Mode, SPX, SPX2, RIP, NLSP, IPX.

Introduction
Novell has developed his own network-protocol stack usually refered to as SPX/IPX, which is derived from the Xerox XNS network protocol family. Where IPX is the Network-Layer protocol and SPX is the Transport-layer protocol. To give you a better view of the Novell networking stack we will also describe the upper layer protocols.

An IPX network is a server-based network. Which means you always need atleast one server to have a functional network (ofcourse several workstations are possible). All interactions are handled by a server.

Addressing
Nodes are identified by a 6 byte number and a 4 byte network ID. The node ID is assigned by the underlying layers (e.g. the MAC address from ethernet network cards).
The network ID is given by the Novell server to a workstation and has to be set in the file server by the administrator. The network number is also used by routers to forward packets to the right network.

The Node-ID of a server is usually 00-00-00-00-00-01.

Sockets are used to indicate different applications over the same network- and node-ID. IPX/SPX supports a maximum of 20 sockets on a single node.

Devices on a network

Servers

are those machines that supply functionality (services) to a network. This can be file-services, print-services, routing, etc. Servers have two network numbers. An Internal and an External. The Internal network number is used to address the file-server and the external number is used to address the network on an interface. A file-server acts as a router between the external and internal network, both addresses have a range of 1 to FFFFFFFE.

Clients

are workstations. These machines use the resources of the network, but do not provide any service to the network. They are addressed by the External network number of the file-server they are attached to and use the Internal network number of the file-server to attach to this file-server.

Nodes

are all machines that are part of the IPX-network. This could be file-servers, print-servers, routers, workstations, etc.

Novell network compared to OSI

Layer 7
NDS (NetWare Directory Service) is a relational database that can be distributed across the network, which makes it possible to share services globaly.

NetWare Life [META]

NVT (NetWare Virtual Terminal)

Layer 6
NCP (NetWare Core Protocol) defines the control and service request encoding for the interaction between servers and clients.

Layer 5
SAP (Service Advertisement Protocol) allows nodes to advertise their IPX addresses and services. These packets are send every 60 seconds. Clients use SAP to request the 'nearest server' when first logging on to the network. And servers use SAP to advertise their services. A server sends SAP messages to advertising its services as living on its internal network. They also send out RIP packets announcing that they know how to get to this internal network. SAP service-numbers at ISI.EDU

Burst Mode [META]

Layer 4
SPX (Sequence Packet Exchange) is a connection oriented protocol that ensures correct data delivery. It controls the integrity of packets and acknowledges packets received. When no acknowledge is received a packet is retransmitted, until a fixed number of retransmits has been done. When there is still no acknowlegde a network failure is assumed and the connection broken. An SPX packet looks like this:

CC

Connection Control. Used by SPX to control the flow of data

DST

Data-Stream Type. Information byte that can be used by the application for any purpose

SrcConnID

Source Connection ID. Connection number of source node. Created by SPX for use by an application

DestConnID

Destination Connection ID. Connection number of destination node. Created by SPX for use by an application

SeqNr

Sequence Number. Used to keep the sequence of received and transmitted packets straight

AckNr

Acknowledge Number. Acknowledge receipt of a packet

AllocNr

Allocation Number. Used by SPX to keep track of sent packets which are not acknowledged

SPX II is offered as of NetWare 4. It is backward compatible with SPX and offers additional true sliding-window flow-control mechanism. There is now also the possiblity to send a negative ACK (NAK).
Another change is the one in packet size. This is now as large as the supported system can handle, so no limit to 576 bytes. And last there is added more management features and options that allow future expansion of the protocol.

Layer 3
RIP (Routing Information Protocol) used for the exchange of routing information. It is not identical to the RIP implementation of TCP/IP. Novell has added an extra field, which is called 'Number of Ticks' to the official XNS-protocol. RIP uses IPX for addressing purposes. The Data part of an IPX-packet containing RIP looks like this:

Operation

Indicates a request or response. A 1 in this field is a request and a 02 is a response.
A request contains only the NetID, the other fields are nulled out.
The response can be a periodic broadcast or a reply to a request.

NetID

Network Number. Indicates the network segment the packet will be send to

NrHops

Number of Hops. The amount of routers needed to reach the destination

NrTicks

Number of Ticks. The amount of time needed to reach the destination segment (there are 18.21 ticks in a second and the number in the field is atleast 1)

NLSP (NetWare Link Services Protocol) is a Novell link state routing protocol for IPX networks. It is derived from the IS-IS protocol as defined by the ISO. Information is only broadcasted when a change occures, so no periodical broadcasts happen.

IPX (Internetwork Packet Exchange) is a peer-to-peer protocol. It was derived from the XNS Internet Datagram protocol. IPX is a connectionless protocol. It's only concern is internetwork addressing and intranode addressing (sockets). IPX completely relies on the network hardware for the actual node addressing. Novell has reserved several sockets. To name a view:

The IPX-header:

Checksum

Big endian checksum

Length

Big endian length of entire IPX/SPX packet

TC

Transport Control (age of packet)

PktType

Packet Type. Set by application to 4 for IPX and to 5 for SPX

DestNetID

Destination Network ID. Set by application if packet is being sent (talker). If set to 0 the current network is used

DestNodeID

Destination Node ID. Set by application when being send (talker). Broadcast is all 0FFh's

DestSocketID

Destination Socket ID. Set by IPX/SPX to the socket ID of the destination

SrcNetID

Source network ID. Set by IPX/SPX to the network ID of the packets source

SrcNodeID

Source Node ID. Set by IPX/SPX to the Node ID of the packet source

SrcSocketID

Source Socket ID. Set by IPX/SPX to the socket ID of the source

Notes on IPX/SPX networking
Novell frame types on ethernet:

ETHERNET_II

The original ethernet frame type as used by TCP/IP networks, DEC networks and AppleTalk phase I.

Destination Address	Source Address	Type	Data Unit
6 bytes	6 bytes	2 bytes	46-1500 bytes

802.3

Also called RAW or 802.3 RAW. Default for the Novell 3.12 and earlier servers. Only suitable for IPX networks.

Destination Address	Source Address	Length	Data Unit
6 bytes	6 bytes	2 bytes	46-1500 bytes

802.2

Fully IEEE802.2 compliant and default in NetWare4.

Destination Address	Source Address	Length	DSAP	SSAP	CONTROL	Data Unit
6 bytes	6 bytes	2 bytes	1 byte	1 byte	1 or 2 bytes	42-1496 bytes

SNAP

Mainly used in AppleTalk phase II. It is the IEEE802.2 frame with a SNAP extension.

Destination Address	Source Address	Length	DSAP (AA)	SSAP (AA)	CONTROL (03)	SNAP	Data Unit
6 bytes	6 bytes	2 bytes	1 byte	1 byte	1 byte	5 bytes	38-1492 bytes

http://www.afsv.af.mil/NetAdminG/netoverC.stacks_ipx.html

IPX/SPX