Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!SPIDER.CO.UK!keith
From: keith@SPIDER.CO.UK (Keith Mitchell)
Newsgroups: comp.protocols.tcp-ip
Subject: Re:  IP over X.25 (request for info)
Message-ID: <8902071459.AA22881@redrump.spider.co.uk>
Date: 7 Feb 89 14:59:55 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 56



I am nearing completion of a Unix V.3 STREAMS-based implementation of
IP over X.25, which is part of our SpiderTCP and SpiderX.25 protocol
software products. We call it IXE (IP/X.25 Encapsulation).

It fits into the STREAMS protocol stack as a multiplexing driver
underneath IP and above our X.25 stack. It conforms fully to the
rather skimpy RFC 877 spec, and although at present it will only
work with CCITT-flavour X.25 PDNs, DDN support is on the way. (CCITT
is a lot more in demand in Europe than DDN, obviously). On the other
hand, it *does* work with both the 1980 and 1984 flavours of X.25.
Clearing down of idle X.25 calls and pre-emption of these when
resources are scarce are implemented.

Address mapping for this stuff is something of an issue. At present
we use a lookup table, which is the only way of really doing the
job, but if you have a lot of WAN destinations to talk to then there
is a danger of guzzling up lots of kernel memory.  Some kind of
address resolution protocol would be nice, but another way to look
at it is from a security point of view.

If you are connected to a public network, then anyone could call you
up and claim to be some host with a remote IP address that higher-
level software trusts.  This leaves you wide open to spoofing by
Public Data Network hackers. On the other hand, PDNs are usually set
up so you can trust the X.25 calling address, so we use this to look
back into the table and check that the remote IP host is who it
claims to be.

Using the CUDF field for address resolution does not seem like a
good idea to me.  I would prefer the use of X.25 facilities for
this, most specifically the extended addressing one of X.25(1984).
When used for the ISO CONS, this carries an NSAP. It is interesting
to note that a scheme for encoding IP addresses into NSAPs already
exists (RFC 986), at least for the connection-less world.  Some
scheme along these lines would thus bypass the need for table
lookup, and I think is probably the right approach. (Again you have
to trust the address you get from the PDN).

It strikes me that generally RFC 877 leaves a lot of issues
unanswered, and the introduction of the 1984 (and now 1988)
standards for X.25 have aggravated this. Is is perhaps time for a
new standard in this area ?  Any such work probably ought to take
into account using ISO IP (or CLNP) over X.25 circuits as well. Does
anyone have any thoughts on this ?

Keith Mitchell

Spider Systems Ltd.        Spider Systems Inc.
65 Bonnington Road        12 New England Executive Park
Edinburgh, Scotland        Burlington, MA 01803
+44 31-554 9424            +1 (617) 270-3510

keith@spider.co.uk        keith%spider.co.uk@uunet.uu.net
keith@uk.co.spider        ...!uunet!ukc!spider!keith