GLOBAL KNOWLEDGE NETWORKä CERTIFICATION PRESS |
Chapter 7
Configuring Novell IPX
Certification Objectives
*IPX Addressing
*IPX Routing
*Internal Networks
*Novell Frame Type
*Ethernet_II
*Ethernet_802.3
*Ethernet_802.2
*Ethernet_SNAP
*Routing with Multiple Frame Types
*From the Classroom
*Four Encapsulations on an Ethernet: a Recipe for Networking Disaster
*SAP
*Periodic SAP Updates
*Get Nearest Server Queries
*SAP Response
*SAP Split Horizon
*RIP
*SAP and RIP Operation Example
*Preparation
*Enabling IPX and Configuring the Interfaces
*Confirming Operation
*Routing Protocols
*
Certification Objectives
The Internetwork Packet Exchange (IPX) protocol is the native networking protocol for Novell NetWare. It was designed by Novell based on Xerox Network System (XNS) protocols. While not particularly well suited to very large internetworks (especially those utilizing slow wide-area links), IPX is still a very popular protocol.
This chapter will familiarize you with the structure, purpose, and operation of IPX and the related protocols making up the IPX protocol stack. It will then show how to configure IPX using Cisco IOS.
IPX Protocol Stack
{Answer to Self Test Question #1}
IPX provides the basis for the stack of protocols designed by Novell to support NetWare. IPX provides only a connectionless, unreliable datagram service. The transmitting station sends packets, but has no way of knowing whether they are received at the destination. Error detection and recovery is left to other protocol layers. To add some reliability, and to provide more services than IPX can provide, a number of other protocols needed to be defined. Figure 7-1 shows how these protocols relate to IPX, and also how they relate to the various layers of the OSI model. (This mapping to the OSI model isn’t precise, and is open to interpretation.)
Figure 1 The IPX stack and its relationship to the OSI network model
The protocols shown in Figure 7-1 are described briefly here. Some of particular interest will be examined in more detail later in the chapter.
There are also a number of small protocols such as the Watchdog, Serialization, and Diagnostics packets defined by Novell. To the network these appear as IPX packets and are not treated any differently.
IPX Datagram
An IPX datagram consists of a 30-byte header followed by the user data. The IPX header contains these fields:
|
Checksum |
Normally set to 0xFFFF and not used. Detection of transmission errors is left to the MAC (Media Access Control) level checksum. {Answer to Self Test Question #6} |
|
Length (2 bytes) |
Shows the length of the packet, including the IPX header and the following data |
|
Transport Control (1 byte) |
Initialized to zero when the packet is generated, and is incremented every time the packet crosses a router. If the value reaches 16, the packet is discarded. This places a 16-hop limit on the diameter of an IPX internetwork. {Answer to Self Test Question #2} |
|
Packet Type (1 byte) |
Identifies the protocol of the packet. Common values are: |
|
Destination Address (12 bytes) |
Contains a full IPX internetwork address, complete with socket number |
|
Source Address (12 bytes) |
Also contains a full IPX internetwork address, complete with socket number |
{Answer to Self Test Question #3}
Each IPX network is given a 32-bit network number. These numbers are generated by network administrators and must be unique throughout the IPX internetwork. Network numbers are normally written in hexadecimal form, with any leading zeros being omitted. The network 00001200 would be written as 1200. The network numbered zero (00000000, or just ‘0’) is reserved. When a packet is addressed to network 0, it is taken as being addressed to the current network (the same IPX network as the transmitter).Each IPX-capable device has a 48-bit
node address. The node address is normally copied directly from the MAC (hardware) address of the network card, so doesn’t have to be manually assigned. The node address is written in hexadecimal form. To make reading easier, there is normally a period (.) inserted between every four digits. 0000.8012.5abc is a valid IPX node address. The address ffff.ffff.ffff is reserved as the broadcast address. A packet addressed to the broadcast address will be received by all IPX devices on the destination network.A network address together with a node address forms an IPX internetwork address, which is sufficient to locate a single node on an IPX internetwork.
A network device may have multiple processes communicating over IPX simultaneously. To allow the IPX stack to identify which process an incoming packet is destined for, each process is associated with a socket number. A socket is a 16-bit number. Some socket numbers are reserved by Novell for specific purposes; others are available for use dynamically by an IPX client.
{Answer to Self Test Question #4}
By specifying a network number, node address and socket number together, you can identify an individual process running on a single IPX node. Figure 7-2 shows an example of a fully specified IPX internetwork address, with socket number.
Figure 2 IPX addressing (written format)
Network cards and their low-level drivers only have knowledge of MAC-level addresses and protocols. MAC addresses are 48-bit addresses encoded into the network card on manufacture. MAC protocols only allow communications between devices on the same physical network segment. To pass packets between network segments, we need:
When an IPX node wishes to send a packet to a remote network, it must locate an IPX router that knows of a route to the network. When it finds the router, it forwards the packet to the router for delivery. The router receives the packet and retransmits it along the next hop towards its destination. Eventually the packet is delivered to its destination node. A packet may pass through multiple routers on its path between source and destination devices.
{Answer to Self Test Question #5}
NetWare file servers have an internal virtual IPX network. This network is purely logical and exists only inside the server. It is given a network address just like a "real" physical network, but there are no LAN cards or MAC addresses associated with it. The server is always node 0000.0000.0001 on its internal network.The internal network exists to simplify addressing. A device with multiple interfaces has a separate IPX internetwork address for each interface. In each case, the address is made up of the network number for the IPX network on that interface, together with the node address, which is the MAC address for the interface. By creating an internal network, the device can use its internal network address in all communications rather than having to use a different address depending on which interface it is communicating with.
The internal network behaves exactly like a "real" network. For a packet to get from the external (physical) network onto the internal network, there must be an IPX router between the two. Because of this, NetWare file servers are by definition IPX routers. They participate in the routing on the network exactly like other routers. Figure 7-3 shows a network with two routers. This figure also shows the internal network in the server.
Figure 3 IPX network showing two routers and a server internal network
The address Server1 uses in all communications is 3.0000.0000.0001. Packets flowing from PC1 to Server1 follow this path:
IPX Encapsulation Types
Before an IPX packet can be transmitted onto a network, it must be placed inside a MAC frame. A MAC frame is a Layer 2 frame that is dependent on the media type in use on a network. As the IPX packet travels through the network, each router that receives the packet will strip off the received MAC header and extract the IPX packet. When the packet is to be retransmitted, a new MAC frame, in a format suitable for transmission across the next hop, is generated for the packet. Figure 7-4 shows how an IPX packet is encapsulated in the Data field of a MAC frame.
Figure 4 Encapsulation of an IPX packet in a MAC frame
As is common in networking, over the years there have been multiple differing MAC frame types developed. On an Ethernet LAN, there are four types supported. {Answer to Self Test Question #26}These are Ethernet_II, Ethernet_802.2, Ethernet_802.3, and Ethernet_SNAP. For two devices to be able to communicate directly (without a router) they must be using the same frame type.
Novell and Cisco use different terminology in this area. What Novell refers to as a frame type, Cisco calls an encapsulation. The Cisco IOS configuration commands also use different names for the Novell frame types discussed.
{Answer to Self Test Question #34}
Table 7-1 associates the Novell frame type terminology with the applicable Cisco IOS encapsulation name.|
Cisco IOS Encapsulation Name |
|
|
Ethernet_II |
arpa |
|
Ethernet_802.2 |
SAP |
|
Ethernet_802.3 |
novell-ether |
|
Ethernet_SNAP |
SNAP |
Table 1 Novell Frame Types and Their Cisco IOS Equivalents
These are the encapsulations commonly used on IPX Ethernet interfaces. There are other encapsulations supported by IOS on various media that aren’t discussed here.
Ethernet_II was released around 1982. The frame format is as follows:
|
Destination Address |
A 48-bit MAC address |
|
Source Address (6 bytes) |
A 48-bit MAC address |
|
Type (2 bytes) |
Specifies which higher-level protocol is contained in the packet. For IPX this field contains 0x8137 (hexadecimal). |
|
Data (46 – 1500 bytes) |
The IPX packet is inserted into this portion of the packet. |
|
Frame Check Sequence (4 bytes) |
The frame check sequence (FCS) is a cyclic redundancy check (CRC) calculated on all fields from the Destination Address on. It is used to detect corrupted packets on the network. |
The Ethernet_802.3 frame is also called "802.3 raw" in some documentation. This is the default encapsulation for NetWare versions up to (and including) 3.11.
{Answer to Self Test Question #28}
The format of the Ethernet_802.3 frame is:|
Destination Address |
A 48-bit MAC address |
|
Source Address |
A 48-bit MAC address |
|
Length (2 bytes) |
The number of bytes in the Data field of the packet |
|
Data (46 – 1500 bytes) |
The IPX packet is inserted into this portion of the packet. If the packet is below the minimum size for a legal packet, extra bytes are added to the Padding field to expand the packet out to the minimum size. |
|
Frame Check Sequence (4 bytes) |
The frame check sequence is a cyclic redundancy check calculated on all fields from the Destination Address on. It is used to detect corrupted packets on the network. |
The Ethernet_802.2 frame type uses the same base frame format as Ethernet_802.3, but includes the LLC (802.2) information as well. This is the default encapsulation for NetWare 3.12 and 4.x.
Most of the fields are identical to the Ethernet_802.3 frame type. The additional three fields are described in the following list.
|
Destination Address |
A 48-bit MAC address |
|
Source Address (6 bytes) |
A 48-bit MAC address |
|
Length (2 bytes) |
The number of bytes in the Data field of the packet |
|
DSAP (1 byte) |
The Destination Service Access Point specifies which protocol is being carried. For IPX this field contains the number 0xE0. |
|
SSAP (1 byte) |
The Source Service Access Point also specifies which protocol is being carried. For IPX this field contains the number 0xE0. |
|
Control (1 byte) |
The Control byte always contains the number 0x03 when used by IPX. This specifies an unnumbered information frame. |
|
Data (43 – 1497 bytes) |
The IPX packet is inserted into this portion of the packet. |
|
Frame Check Sequence (4 bytes) |
The frame check sequence is a cyclic redundancy check calculated on all fields from the Destination Address on. It is used to detect corrupted packets on the network. |
The Ethernet_II frame uses a two-byte number to specify which upper-level protocol is contained within the frame. In the Ethernet_802.2 frame, there is only one byte available (the SSAP/DSAP fields). To allow protocols to continue to use the Ethernet_II packet type numbers, the Subnetwork Access Protocol (SNAP) was devised. This protocol uses the number 0xAA for the DSAP and SSAP fields. It then uses other fields to specify the protocol, including the original two-byte protocol number.
In the format for the Ethernet_SNAP, the fields up to the control byte are identical to the Ethernet_802.2 frame type.
|
Destination Address |
A 48-bit MAC address |
|
Source Address (6 bytes) |
A 48-bit MAC address |
|
Length (2 bytes) |
The number of bytes in the Data field of the packet |
|
DSAP (1 byte) |
Contains the number 0xAA. |
|
SSAP (1 byte) |
Contains the number 0xAA. |
|
Control (1 byte) |
The Control byte always contains the number 0x03 when used by IPX. This specifies an unnumbered information frame. |
|
Organization Code (3 bytes) |
The Organization Code for IPX packets contains all zero bytes. |
|
Ethernet Type (2 bytes) |
The same Novell Ethernet type number is used as in the Ethernet_II frame (0x8137). |
|
Data (38 – 1492 bytes) |
The IPX packet is inserted into this portion of the packet. |
Routing with Multiple Frame Types
{Answer to Self Test Question #7}
Multiple frame types can be in use on one physical network segment. Doing this effectively splits the network into logically separate networks. Devices on the network can only communicate directly with other devices that use the same frame type. The only way for users of different frame types to communicate is through a router.Using multiple frame types complicates the administration of network numbers, as each frame type in use on a network requires its own network number. It is useful to reserve one digit of the IPX network number to specify the frame type. You then only need to generate a single base IPX network number for each network, and modify it in a standard way to generate the IPX network number for each frame type in use.
As an example, you could decide to use the last digit of the IPX network number to specify the frame type. A "1" could represent Ethernet_II, "2" could be Ethernet_802.2, "3" Ethernet_802.3, and "4" Ethernet_SNAP.
Applying this scheme to two IPX networks with base numbers of 400 and 500 would give IPX network numbers for the four frame types as described in Table 7-2.
|
Network |
Frame Type |
IPX Network |
|
400 |
Ethernet_II |
401 |
|
400 |
Ethernet_802.2 |
402 |
|
400 |
Ethernet_802.3 |
403 |
|
400 |
Ethernet_SNAP |
404 |
|
500 |
Ethernet_II |
501 |
|
500 |
Ethernet_802.2 |
502 |
|
500 |
Ethernet_802.3 |
503 |
|
500 |
Ethernet_SNAP |
504 |
Table 2 Multiple Frame Types on Two Networks
Using a standard like this makes it easier to remember which numbers to configure for which frame types, and also makes it easier to spot mistakes.
{Answer to Self Test Question #8}, {Answer to Self Test Question #21}
Figure 7-5 shows a single network containing a server, a workstation, and a router. The server is using the Ethernet_802.3 frame type, and is configured so that this network is IPX network number 503. The router is configured to use both Ethernet_SNAP and Ethernet_802.3 frame types on the same physical port. To do this, it must use a different IPX network number for each frame type. In this case it is using Network 503 for the Ethernet_802.3 Frame Type, and Network 504 for the Ethernet_SNAP frame type. The PC is using Ethernet_SNAP. At initialization it discovers it is on Network 504.
Figure 5 Use of multiple frame types on a single network
Although PC1 and Server1 are physically connected to the same network, they cannot communicate directly because they are using different frame types. When PC1 looks up the address of Server1, and finds that the server is located on Network 503, it must find a path to this network. The router can provide the path, as it has interfaces on both Networks 503 and Network 504. The fact that both these interfaces are the same physical port doesn’t make any difference to the operation of the protocol.
All traffic between PC1 and Server1 must flow through the router. Obviously this isn’t very efficient, and normally this situation would be avoided by ensuring that devices on the same physical segment are using the same frame type.
Remember that running multiple frame types on the same physical network effectively divides the network into multiple, separate IPX networks.
Four Encapsulations on an Ethernet: a Recipe for Networking Disaster
One of the questions that comes up frequently in the classroom is, "Can you have more than one encapsulation simultaneously on an Ethernet interface?" The answer is yes. The bigger question is, can you afford to do it?
Early on in my networking career I encountered a campus network environment where various organizations were tied together over a campus-wide fiber backbone. The backbone and the routers were maintained by one organization, and the others had no control over how the routers were configured. Most of the servers were Novell NetWare of one flavor or another, and there were well over 300 of them.
The group I was working with had its own 10-Mbps Ethernet "backbone" separated from the fiber backbone by a Cisco router. Hanging off this local Ethernet backbone were 16 NetWare 3.1x file servers, each with two LAN connections, which acted as routers for IPX traffic from the local backbone onto another Ethernet, where the 60 or so users for that server were located.
The network was installed in the very early 1990s, when the frame type of choice for clients was Ethernet_802.3 (novell-ether encapsulation, in Cisco terms), so many of the PCs were using it quite happily. They had started to upgrade hardware and software, though, so the newer PCs were using Ethernet_802.2 (SAP encapsulation on the Cisco router, not to be confused with Service Advertising Protocol), which became the default starting with NetWare 3.12. Presently, they wanted to add IP connectivity to their network, which required the PCs to add Ethernet_II (arpa encapsulation, for us Cisco folks) to the frame type soup. Then, there were a few of the networks with Macintosh users, so the servers needed Ethernet_SNAP (SNAP encapsulation). That made as many as four encapsulations on a single Ethernet, each constituting a different logical IPX network. Hold that thought while we look at RIPs and SAPs.
The Cisco router was picking up all the RIP and SAP traffic for those 300 servers and building its internal IPX routing table and SAP table, just as every good IPX router should, and broadcasting them every 60 seconds onto the local Ethernet backbone. Each NetWare server on the local backbone was picking up the RIP and SAP broadcasts from the router, and building its own internal IPX routing table and SAP table, then broadcasting those entries out onto the local Ethernet, the one with the users. 300 servers doesn’t sound like so many, does it? Well, each Novell server typically advertises between four and ten services, and these were no exception; the SAP tables on our servers contained over 2,500 entries. The IPX routing tables contained over 1,400 entries. When those broadcasts came across the backbone, the servers’ CPU utilization went up to 100 percent and stayed there for several seconds while they processed all that information. This happened every 60 seconds.
Remember the four encapsulations? When it came time for the servers to broadcast the RIP and SAP information out onto the local Ethernet, it now had to do it once for each encapsulation. Why? Because each encapsulation is a separate logical network, even though it is sharing the same physical wire. The RIP broadcasts weren’t so bad; 1,400 entries could fit into 28 RIP packets, so even with four encapsulations there were just over 100 packets each minute that were wasting bandwidth and CPU cycles in the users’ PCs; but the SAPs are another story. Only seven SAP entries can fit in a packet, so it took 358 packets to accommodate the full table, and with four encapsulations that’s 1,432 packets taking up bandwidth and CPU cycles on PCs that couldn’t use the information anyway. Novell clients don’t listen to periodic SAP broadcasts.
To be fair to Novell, newer versions of NetWare have some sophisticated features built in for filtering RIP and SAP traffic that existed only in the Cisco router software when I encountered this network of horrors. The moral of the story is that back then, we could have used some help from our router administrators. IPX is still out there, and you can still find networks like this, especially where the network was put in by the lowest bidder! So pay close attention when we look at SAP filtering in Chapter 9.
—By Pamela Forsyth, CCIE, CCSI, CNX
SAP and RIP
The last few examples have spoken about the workstation finding a route to a remote network and looking up the address for a server, but haven’t described how these processes work. This section will fill in the missing pieces.
To provide information on the topology of the network, and the services available on it, IPX servers, routers, and clients use two protocols: Service Advertising Protocol (SAP), and Routing Information Protocol (RIP). Both these protocols use IPX broadcasts to propagate information around the network.
{Answer to Self Test Question #30}
SAP allows servers to advertise the services they provide on the network. There are three types of SAP packets defined: periodic updates, service queries, and service responses. SAP packets can be identified by a value of 0x452 in the source or destination socket number.{Answer to Self Test Question #10}, {Answer to Self Test Question #39}
When a server has a service to advertise, it sends a SAP broadcast listing the service’s name, type, and IPX internetwork address (including the socket number that this service is listening on). IPX routers listen for these broadcasts and add the advertised services to an internal database. Routers periodically broadcast these databases onto all their directly attached networks, so that the advertisements propagate across the network. By default these broadcasts are sent every 60 seconds.{Answer to Self Test Question #9}, {Answer to Self Test Question #22}
When a NetWare client is initializing, it needs to locate a server to connect to. To do this it sends a SAP Get Nearest Server (GNS) query. This query is a broadcast, and all routers and servers that know of at least one suitable server respond. The response includes the full IPX internetwork address and the socket number for the client to use in connecting with the server. Once the client is connected to a NetWare server, it can query the server directly using NCP requests to obtain the same information. (The SAP Get Nearest Server requests are also known as Nearest Service queries.){Answer to Self Test Question #23}
Note that because the GNS request is a broadcast, it doesn’t travel off the network on which it was generated. This means that the client will only get responses from servers and routers connected to the same IPX network as the client. To make it possible to locate servers on other networks, IPX routers respond to GNS requests on behalf of remote servers.{Answer to Self Test Question #29}
The SAP query fits into the Data field of the IPX packet, and holds only two fields:|
Packet Type |
Can be "3", for a Nearest Service query, or "1" for a general service query. |
|
Service Type (2 bytes) |
Contains the number of the service type requested (0x0004 for a NetWare server, or 0x0047 for a print server). These numbers are allocated by Novell. |
The SAP response is also contained in the Data portion of an IPX packet. Each response packet can contain up to seven records. The format of the SAP response is:
{Answer to Self Test Question #38}
When sending SAP updates and responses, a router advertises onto each IPX network to which it is directly connected all services it knows about, except for services it learned about from updates received on this same network. Put another way, a router will not re-advertise a service back onto the network it learned it from. This function is called split horizon, and is used with RIP and other routing protocols, as well as with SAP. Its purpose is to avoid retransmitting information onto networks where it is already known.SAP packets can be a source of worry on large internetworks, especially where slow wide-area links are in use. When there are a large number of servers on the network, the bandwidth used by SAP packets can be a significant part of the available bandwidth. The problem is worse when using multiple frame types on each network segment, as the updates are transmitted separately over each frame type.
{Answer to Self Test Question #11}
While SAP advertises and distributes service information, RIP is used to propagate IPX routing information. IPX routers send RIP broadcasts to advertise the IPX networks to which they know routes. In the broadcasts, each router advertises networks it is directly connected to, as well as networks it has learned from other routers. To avoid routing loops, a router will never advertise a learned route back onto the network that it learned the route from. This is the same split-horizon principle mentioned in the preceding section.RIP is a distance vector protocol, which means that it bases its choice of the best route to a given destination on the distance to the destination via the route. The parameters it uses to measure the distance are hop count (the number of routers a packet must cross to reach the network) and time ticks (the number of 1/18-second intervals a packet will take to reach the network). The operation of IPX RIP is similar to the RIP protocol used with TCP/IP.
The flow of routing information is shown in Figure 7-6, where two routers and three networks are interconnected.
The arrows represent the periodic RIP updates being transmitted by each router. The associated numbers show which network numbers are being advertised on each interface. Although both routers will hold a RIP database containing Networks 1, 2, and 4, the routers only advertise routes that didn’t originate from the target network. Because Router1 receives the updates for Network 2 from Network 4, it doesn’t retransmit the Network 2 updates onto Network 4, only onto Network 1. This is the same split-horizon functionality as was described under SAP.
RIP packets are transmitted in the Data field of a standard IPX packet. The IPX socket number used is 0x0453.
IPX routers using RIP broadcast their routing tables every 60 seconds. They also transmit when initializing to request RIP information from other routers, and when their routing table changes. If being "downed" cleanly, a router will send packets advising all other IPX routers that it can no longer provide routes to the networks it has been advertising. Other routers can then purge the routes from their tables.
{Answer to Self Test Question #40}
Workstations and other end devices send RIP request packets whenever they need to locate a route to a remote IPX network.The packet format for RIP requests and responses are identical, although some fields are only valid in responses.
|
Packet Type |
The Packet Type for a request packet is 0x0001; for a response it is 0x0002. |
|
Network Number (4 bytes) |
The Network Number field holds the IPX network number being searched for (in requests), or advertised (in responses). |
|
Hops Away (2 bytes) |
Hops Away is a count of the number of routers a packet has to cross to get to this network. This field is valid only in response packets. In request packets, it should contain the value 0xFFFF. |
|
Time Ticks (2 bytes) |
Time Ticks measures the time to reach the remote network. Approximately 18.2 ticks make up one second. This field is valid only in response packets. In request packets, it should contain the value 0xFFFF. |
|
... Repeated ... |
A single IPX packet can hold up to 49 RIP entries. For each entry, all the fields from Network Address to Time Ticks (inclusive) are repeated. |
As with SAP, RIP transmissions can be a problem on large networks, especially where there are multiple encapsulations in use. The RIP information is broadcast separately onto each locally attached IPX network. With multiple encapsulations, each encapsulation in use is configured as a separate IPX network, and so receives its own copy of any updates.
{Answer to Self Test Question #33}
There is one limiting factor on how far a route will be advertised. A hop count of 16 specifies that a network is unreachable. If a router receives a RIP advertisement for a network that is 16 hops away, it discards the route.As an example of how SAP and RIP work together on a network, consider the case of a NetWare client workstation booting up. It needs to find a server to connect to, and then find a route to the server. Remember that even if the workstation and server are on the same network, the address the server advertises is its internal network address, so the workstation still needs to find a route to the internal network.
In the network shown in Figure 7-7, there is a workstation (PC1) connected to IPX Network 1, and the file server’s internal network number is 3.
Figure 7 Sample IPX network
PC1 sends a GNS request looking for a server of the type 0x0004 (NetWare file server). The request will look like this:
Packet Type = 0x0003
Service Type = 0x0004
Router1 has received SAP updates from Router2, advertising Server1 with a Service Type of 4, so Router1 sends a SAP reply to PC1 containing this information:
Packet Type = 0x0004
Service Type = 0x0004
Server Name = ‘SERVER1’
Server Address = 3.0000.0000.0001:451 (NCP)
Intermediate Networks = 0x0003
PC1 now has the IPX address for Server1, so it needs to find a route to network 3. PC1 sends a RIP request:
Packet Type = 0x0001
Network Address = 3
Hops Away = 0xFFFF
Time (ticks) = 0xFFFF
Router1 has received RIP updates from Router2, advertising Network 3 as a reachable network, so Router1 responds with a RIP Response packet:
Packet Type = 0x0002
Network Address = 3
Hops Away = 0x0003
Time (ticks) = 0x0001
The workstation now builds a connection packet and addresses it to the IPX destination address received in the SAP response: 3.0000.0000.0001:451. It places a packet inside a MAC frame of the appropriate type and sends this MAC frame addressed to the MAC address of Router1’s interface on Network 1.
When the server needs to respond to the workstation, it must locate a route to the workstation’s network. It uses its internal routing table to locate this route.
IPX Configuration
Now that we have been over the operation of IPX, we get down to actually configuring it using Cisco IOS.
{Answer to Self Test Question #15}
Before you start to configure IPX, you need to either obtain or generate a plan for the network. You need to know which encapsulations and IPX network numbers to use. If it is a new installation in an isolated network, you can pick your own numbers. But if it is an established network, or one that will have connections to other IPX networks, you will need to have numbers allocated by the responsible administrator.If the network has existing routers, you will also need to know what routing protocols are in use, and the associated parameters. In particular you’ll need to know any of the settings that have been changed from the defaults, so that you can set the new router to match. Having mismatched routing parameters in a network leads to unreliable routing.
For our purposes we will re-use our sample network from Figure 7-7. We will develop a configuration file for Router1 in that diagram. Assume that the left-hand interface on Router1 in the figure is Ethernet 0, and the right-hand interface is Ethernet 1. We’ll also assume that all networks are using arpa encapsulation. The configuration details for Router 1 are:
|
Interface |
Network |
Encapsulation |
|
Ethernet 0 |
1 |
arpa |
|
Ethernet 1 |
4 |
arpa |
Enabling IPX and Configuring the Interfaces
Once you have the required configuration details, you can begin to configure the router.
{Answer to Self Test Question #12}
The first step is to enable IPX routing using the IOS command IPX ROUTING. This command is issued in the global configuration mode.{Answer to Self Test Question #16}
Now that you have IPX enabled, you can configure the router interfaces. You need to assign the network number, and optionally the encapsulation, to each interface as you enable it. If you don’t specify the encapsulation, a default is used. For Ethernet, this default is novell-ether. This is not what we want, so we will have to specify the encapsulation. This configuration sample configures Router 1 as per our requirements.cisco(config)#ipx routing
cisco(config)#interface ethernet 0
cisco(config-if)#ipx network 1 encapsulation arpa
The router will start transmitting RIP updates on an interface as soon as the interface has a network number assigned.
{Answer to Self Test Question #13}
If you need to use multiple encapsulations on each physical interface, you need to use either subinterfaces or secondary networks.cisco(config)#ipx routing
cisco(config)#interface ethernet 0.1
cisco(config-subif)#ipx network 101 encapsulation arpa
cisco(config)#interface ethernet 0.2
cisco(config-subif)#ipx network 102 encapsulation snap
This script has defined two subinterfaces, Ethernet 0.1 and 0.2. Subinterface Ethernet 0.1 is using IPX network 101 with Ethernet_II encapsulation. Subinterface Ethernet 0.2 is using IPX network 102 with Ethernet_SNAP encapsulation.
{Answer to Self Test Question #41}
The syntax for configuring multiple encapsulations using primary and secondary networks is:cisco(config)#interface ethernet 1
cisco(config-if)#ipx network 201 encapsulation novell-ether
cisco(config-if)#ipx network 202 encapsulation sap secondary
{Answer to Self Test Question #35}
If you attempt to configure an IPX network number that is already in use on another interface, or you attempt to use the same encapsulation type on more than one subinterface of the same physical interface, IOS will issue an error message and ignore the change.{Answer to Self Test Question #37}, {Answer to Self Test Question #19}
IOS forwards packets along the least-cost path to a destination. If there are multiple paths available of equal cost, it will by default only keep one in the routing table, and discard the others. All traffic to the network is then forwarded along this one path. By using the ipx maximum-paths <number> command, you can configure IOS to hold up to a maximum of <number> equal-cost paths to each destination network. If multiple paths to a destination do exist, traffic will be shared among the paths in a round-robin fashion. ipx maximum paths is a global configuration command.Once the router has been up and running for a couple of minutes, its internal SAP and RIP databases should have had enough time to discover any other SAP or RIP devices on the network. There are a number of IOS commands available to check the configuration and operation of IPX.
The Show ipx interface command allows you to check the configuration of the interface. It shows the configured network numbers, encapsulation types, and operational status of the interface. If the interface is not specified, all IPX interfaces are listed. The lines of most interest from the output of this command are as follows.
cisco#show ipx interface ethernet 0
Ethernet0 is up, line protocol is up
IPX address is 1.00e0.b064.2892, ARPA [up] line-up, RIPPQ: 0, SAPPQ: 0
Delay of this IPX network, in ticks is 1 throughput 0 link delay 0
....
RIP packets received 0, RIP packets sent 5
SAP packets received 0, SAP packets sent 1
{Answer to Self Test Question #20}
The full output can contain a lot more detail than required. To provide a concise listing of each interface, and its IPX configuration, you can use the ipx interface brief variant of this command.cisco#show ipx interface brief
Interface IPX Network Encapsulation Status IPX State
Ethernet0 1 ARPA up [up]
Ethernet1 4 ARPA up [up]
Serial0 unassigned not config'd administratively down n/a
Serial1 unassigned not config'd administratively down n/a
Once you know that the interfaces are configured correctly, you can use the show ipx traffic command to look at the amount of activity on the network. This command shows the number of packets sent and received. Of most interest at the moment will be the SAP and RIP counters, which will allow you to see whether the router is successfully receiving IPX traffic from the network.
cisco#show ipx traffic
System Traffic for 0.0000.0000.0001 System-Name: cisco
Rcvd: 42 total, 55 format errors, 0 checksum errors, 0 bad hop count,
2 packets pitched, 40 local destination, 0 multicast
Bcast: 35 received, 74 sent
Sent: 74 generated, 0 forwarded
0 encapsulation failed, 0 no route
SAP: 4 SAP requests, 0 SAP replies, 2 servers
18 SAP advertisements received, 20 sent
0 SAP flash updates sent, 0 SAP format errors
RIP: 4 RIP requests, 0 RIP replies, 9 routes
14 RIP advertisements received, 18 sent
16 RIP flash updates sent, 0 RIP format errors
Echo: Rcvd 0 requests, 0 replies
Sent 0 requests, 0 replies
0 unknown: 0 no socket, 0 filtered, 0 no helper
0 SAPs throttled, freed NDB len 0
Watchdog: 0 packets received, 0 replies spoofed
Queue lengths:
IPX input: 0, SAP 0, RIP 0, GNS 0
SAP throttling length: 0/(no limit), 0 nets pending lost route reply
Delayed process creation: 0
{Answer to Self Test Question #14}
The show ipx servers command shows the SAP database in the router. You should be able to see any local servers you have running in the list. Each entry appears on a line by itself.Type Name Net Address Port Route Hops Itf
P 4 SERVER1 C0A80201.0000.0000.0001:0451 2/01 1 Et1.1
In this example, there is a file server (type 4) called SERVER1 at IPX address C0A80201.0000.0000.0001, listening on socket 0x451. You should recognize this IPX address as the internal network address of a file server (due to the node address). The P at the start of the line shows that this is a periodic entry—it was learned from the network via a periodic SAP broadcast.
The show ipx route command will display the IPX routing table.
C 501 (ARPA), Et1.1
R 201 [02/01] via 501.0260.8c6b.a7a3, 8s, Et1.1
The first line shows a directly connected network (C) number 501. It is located on interface Ethernet 1.1. The bottom line shows network 201, which has been learned from RIP (R), and is reachable via the router at 501.0260.8c6b.a7a3.
If you don’t see the services and routes you expect, check the encapsulations and network numbers you have configured for the interfaces. If you have any NetWare servers running on the network, they may show error messages to the effect that, "Router at aaaaaaaaaaaa claims IPX Network XXXXXXXX should be YYYYYYYY". If you see this, it means that at least one router on the network is configured with the wrong IPX network number/encapsulation combination. It you have just configured a new router, that’s probably the one!
If RIP or SAP updates aren’t working as you expect, you may have to look deeper into the operation of these protocols. This is possible through two debug commands, debug ipx routing activity and debug ipx sap activity.
The debug ipx routing activity command allows you to see the routing updates as they are being sent and received. In the example below, the first two IPXRIP: lines show an update being broadcast by the router onto its interface, Ethernet 1. The third IPXRIP: line shows an update being received from router 504.0260.8c6b.a7a3, and the lines following show the contents of the received update. The first of these lines shows a route to network number C0A80201, which is one router hop away. The other is for network 201, which is also one hop away.
cisco#debug ipx routing activity
IPX routing debugging is on
cisco#terminal monitor
cisco#
IPXRIP: positing full update to 504.ffff.ffff.ffff via Ethernet1 (broadcast)
IPXRIP: sending update to 504.ffff.ffff.ffff via Ethernet1
IPXRIP: update from 504.0260.8c6b.a7a3
C0A80201 in 1 hops, delay 2
201 in 1 hops, delay 2
Finally, to allow monitoring of the operation of the SAP protocol, you can use the debug ipx sap activity command:
cisco#debug ipx sap activity
IPX service debugging is on
cisco#terminal monitor
cisco#
IPXSAP: at 00095450:
I SAP Response type 0x2 len 96 src:504.0260.8c6b.a7a3 dest:504.ffff.ffff.ffff(452)
type 0x4, "DAVENW", C0A80201.0000.0000.0001(451), 1 hops
IPXSAP: at 00094520:
I SAP Response type 0x2 len 96 src:504.0260.8c6b.a7a3 dest:504.ffff.ffff.ffff(452)
type 0x640, "DAD", 202.0000.1b32.9e17(E885), 2 hops
This example shows a SAP update being received from router 504.0260.8c6b.a7a3, containing advertisements for two servers. DAVENW is a server of type 4 at address C0A80201.0000.0000.0001, listening on socket 0x452. DAD, is a server type 0x640 with an address of 202.0000.1b32.9e17, listening on socket 0xE885.
Some common problems or questions you may come across are:
|
When I plug my new router into the network, all the NetWare servers start beeping… |
This is normally caused by a mismatch in network numbers. Check that the network numbers you have configured match the server’s configurations. |
|
The router is not listing my servers when I use the show ipx servers command… |
Check that the server is using the same frame type as the router interface on the network. If they’re not using the same frame types, they won’t be able to see each other. |
|
When I use the show ipx route command, I can’t see any remote networks… |
Remember that it can take a minute or so for the routes to show up. |
|
How do I configure the clients with their IPX address? |
The client addressing with IPX is pretty much automatic. You normally configure the router and servers with the correct network address and encapsulation, and as long as you have the correct encapsulation configured on the clients, they will detect their network number. Of course, the node address is automatically generated from the MAC address in the LAN card. |
{Answer to Self Test Question #17}, {Answer to Self Test Question #36}
RIP is the default routing protocol when IPX routing is enabled. There are other protocols available that can be configured to make more effective use of bandwidth, and allow larger networks to be built than with RIP alone.NetWare Link Services Protocol (NLSP) is a link-state protocol similar to the OSPF protocol used with TCP/IP. Each NLSP router builds up a database recording the states of links between routers in the network. This database gives a view of the network topology and allows calculation of the best routes to any given destination. Routing tables aren’t broadcast as with RIP, but changes in the state of links are advertised as they occur.
Enhanced Interior Gateway Routing Protocol (EIGRP) is a distance vector protocol, but has been designed to cause less overhead on the network than RIP. Like NSLP, updates are only sent when something changes.
It is also possible to designate static routes. These are routes that aren’t learned or calculated using a routing protocol, but are manually entered into the router’s configuration. The syntax to do this is:
ipx route
network destination [floating-static]This is a global configuration command in which network specifies the target network for this route. It can be in three forms.
Destination specifies where to send the packet. It can be the IPX address of another router, or an interface name for serial interfaces.
{Answer to Self Test Question #18}
Appending floating-static marks the entry as floating, which means that it can be overridden if a dynamic route is learned covering the same network.Certification Summary
This chapter has shown the IPX protocol stack, with an overview of the main protocols. It has explained the IPX network.node.node.node:socket addressing, and how routers provide paths to allow packets to travel between different networks, and how RIP is used to pass routing updates around the network. The operation of the various SAP packet types was also discussed.
Remember that every IPX network number in the internetwork must be unique, and that when using multiple encapsulation types on the same interface (with subinterfaces or primary/secondary networks), a unique network number must be configured for each one.
The most useful commands for monitoring the network and confirming its operation are the show ipx traffic, show ipx interface, debug ipx routing activity, and debug ipx sap activity commands.
Two-Minute Drill
The Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully, as there may be more than one correct answer. Choose all correct answers for each question.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
B. IPX only provides an unreliable, connectionless datagram service.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
D. To communicate directly, nodes must be running the same frame type.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. Workstations, servers, and routers all use RIP to locate routes to remote networks.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
the contents of the SAP table.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
D. The SAP update contains the full internetwork address, with socket number for the server.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
D. SAP announcements are broadcast by servers to advertise their services.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. The FCS is used to detect corrupted packets, and checks all the IPX packet fields.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. The DSAP field is in the Ethernet_802.2 frame and not in the Ethernet_802.3 frame.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. The Service Type field contains a number assigned buy Novell.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
Control byte in an Ethernet_802.2 frame. 0x0453 is used as a socket number in RIP frame.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. A single IPX packet can hold up to 49 RIP entries.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
B. In RIP a hop count of 16 specifies that a network is unreachable.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
A-2, B-1, C-4, D-3. These equivalents are described in Table 7-1.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
A. RIP is the default routing protocol when IPX is enabled.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
B. By default periodic RIP updates are sent every 60 seconds.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
B. Workstations use RIP to locate routes to remote networks.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407