idnits 2.17.1 draft-learmonth-intarea-rfc1226-bis-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 23, 2021) is 1031 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group I. Learmonth 3 Internet-Draft HamBSD 4 Obsoletes: 1226 (if approved) May 23, 2021 5 Intended status: Experimental 6 Expires: November 24, 2021 8 Internet Protocol Encapsulation of AX.25 Frames 9 draft-learmonth-intarea-rfc1226-bis-03 11 Abstract 13 This document describes a method for the encapsulation of AX.25 Link 14 Access Protocol for Amateur Packet Radio frames within IPv4 and IPv6 15 packets. Obsoletes RFC1226. 17 Note 19 Comments are solicited and should be addressed to the author(s). 21 The sources for this draft are at: 23 https://github.com/irl/draft-rfc1226-bis 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at https://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on November 24, 2021. 42 Copyright Notice 44 Copyright (c) 2021 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (https://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 1. Introduction 59 This document describes a method for the encapsulation of AX.25 Link 60 Access Protocol for Amateur Packet Radio [AX.25] frames within IPv4 61 and IPv6 packets. It obsoletes [RFC1226]. 63 AX.25 is a data link layer protocol originally derived from layer 2 64 of the X.25 protocol suite and designed for use by amateur radio 65 operators. It is used extensively by amateur packet radio networks 66 worldwide. 68 In addition to specifying how packets should be encapsulated, it 69 gives recommendations for DiffServ codepoint marking of the 70 encapsulating headers based on the AX.25 frame content and provides 71 security considerations for the use of this encapsulation method. 73 2. Terminology 75 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 76 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 77 document are to be interpreted as described in [RFC2119]. 79 3. Internet Protocol Encapsulation 81 Each AX.25 frame is encapsulated in one IPv4 or IPv6 datagram using 82 protocol number 93 as assigned in the Assigned Internet Protocol 83 Numbers registry [protocol-numbers]. For AX.25 version 2.0, the 84 maximum frame size expected is 330 bytes and implementations MUST be 85 prepared to handle frames of this size. Higher frame sizes can be 86 negotiated by AX.25 version 2.2 and so this is a minimum requirement 87 and not a limit. 89 HDLC framing elements (flags and zero-stuffing) are omitted, as the 90 IP datagram adequately delimits the beginning and end of each AX.25 91 frame. The CRC-16-CCITT frame check sequence (normally generated by 92 the HDLC transmission hardware) is included trailing the information 93 field. In all other respects, AX.25 frames are encapsulated 94 unaltered. 96 3.1. Priority Frames 98 In normal operation, the DiffServ codepoint field [RFC2474] in the 99 encapsulating IP header SHOULD be set to best effort (BE). The 100 exception to this is "priority frames" as specified for AX.25 version 101 2.2, including acknowledgement and digipeat frames, which SHOULD have 102 the DiffServ codepoint set to AF21 [RFC2597]. A slot is reserved on 103 the radio channel for the transmission of these frames and the use of 104 this codepoint will permit the frames to arrive promptly at the 105 station for transmission. 107 For the avoidance of doubt: on decapsulation the AX.25 frame MUST NOT 108 be modified based on the DiffServ codepoint on the received 109 encapsulating IP header. The receiver MUST NOT use the DiffServ 110 codepoint to infer anything about the nature of the encapsulated 111 packet. It has been shown that while the AF21 codepoint may be 112 remarked while crossing administrative boundaries, it is unlikely 113 that priority inversion will occur due to remarking where such 114 remarking occurs [CUST18]. 116 3.2. Automatic Packet Reporting System 118 Automatic Packet Reporting System [APRS] is an amateur radio-based 119 system for real time digital communications for local situational 120 awareness. APRS uses AX.25 frames for addressing, and additionally 121 assigns special meaning to some of the reserved bits of an AX.25 122 frame header. 124 As a special case, when used with the Automatic Packet Reporting 125 System [APRS], priority frames will not occur. If a tunnel is 126 configured as carrying APRS data, the DiffServ codepoint SHOULD by 127 default be set to AF11 [RFC2597]. Where the "Precedence Bit" 128 [RR-bits] is set (i.e. it is zero) in an APRS packet, the DiffServ 129 codepoint should be set to BE. Where the "Operator Present Bit" 130 [RR-bits] is set (i.e. it is zero), the DiffServ codepoint MAY be set 131 to AF21 [RFC2597]. 133 Again, for the avoidance of doubt: on decapsulation the AX.25 frame 134 MUST NOT be modified based on the DiffServ codepoint on the received 135 encapsulating IP header. The receiver MUST NOT use the DiffServ 136 codepoint to infer anything about the nature of the encapsulated 137 packet. It has been shown that while AF codepoints may be remarked 138 while crossing administrative boundaries, it is unlikely that 139 priority inversion will occur, either with the BE traffic or between 140 AF PHBs due to remarking where such remarking occurs [CUST18]. 142 It is possible depending on the nature of the tunnel that 143 decapsulated packets would need to be treated as third-party traffic 144 according to the APRS specification [APRS]. In this case, the Third- 145 Party Network Identifier "IPENC" SHOULD be used. This is to 146 differentiate traffic using IP encapsulation from APRS-IS traffic 147 [APRS-IS] and other third-party networks. 149 4. Security Considerations 151 With the exception of control signals exchanged between earth command 152 stations and space stations in the amateur-satellite service, amateur 153 radio transmissions cannot be encoded for the purpose of obscuring 154 their meaning. In essence, this means that cryptography that 155 requires the use of secrets to decipher a message cannot be used 156 where the possibility exists that a packet will be transmitted by an 157 amateur radio station [Part97.113][OfcomTerms]. 159 The CRC-16-CCITT provides for an integrity check but does not 160 guarantee the authenticity of the packet. In many jurisdictions it 161 is a requirement for amateur radio stations that are Internet 162 connected that they verify that packets for transmission have 163 originated from licensed radio amateurs [Part97.111][OfcomTerms]. 165 In order to provide this guarantee, IPSec [RFC4301] SHOULD be 166 employed to provide authentication of packets. The neogtiated SA 167 SHOULD use transport mode with ESP [RFC4303] to limit the packet size 168 overhead incurred by use of IPSec. The traffic selector MUST match 169 packets with IP protocol number 93. An authentication algorithm MUST 170 be selected to provide data origin authentication. 172 The encryption algorithm MUST NOT provide confidentiality for tunnels 173 that will traverse an amateur radio link (i.e. the encapsulated 174 packets will be transmitted by an amateur radio station). The use of 175 the NULL algorithm [RFC2410] is RECOMMENDED for tunnels that will 176 traverse an amateur radio link. In cases where traffic can be known 177 or reasonably expected to not traverse an amateur radio link, an 178 encryption algorithm that provides confidentiality is RECOMMENDED. 180 Wrapped ESP [RFC5840] MAY be used to explicitly indicate where 181 "integrity-only" security is provided without data confidentiality. 183 When transmitted by an amateur radio station, many propagation modes 184 will permit wide reception of a packet. As such, receivers MUST 185 implement anti-replay protection by verifying received sequence 186 numbers [RFC4303]. The size of the anti-replay window may need to be 187 scaled to account not only for the speed of the link, but also for 188 packet loss that may occur on amateur radio links. Following 189 extended packet loss a sender may have advanced the sequence number 190 beyond the window size allowed. Dead peer detection [RFC7296] can be 191 used to renegotiate SAs in this case and so SHOULD be enabled for any 192 SA expected to traverse an amateur radio link that is expected to 193 have varying propagation charachteristics. 195 Given the need for anti-replay protection, it is not possible to 196 manually key the SAs. IKEv2 [RFC7296] SHOULD be used to establish 197 SAs. Beyond the above, the exact details of the automatic keying 198 protocol to use and its paramaters are not specified in this 199 document. 201 5. IANA Considerations 203 Protocol number 93 is assigned in [protocol-numbers] and should be 204 updated to point to this document. 206 6. Acknowledgements 208 The author would like to acknowledge the work of Brian Kantor who 209 authored the original specification [RFC1226] that this document 210 updates. 212 7. References 214 7.1. Normative References 216 [AX.25] Tucson Amateur Packet Radio Corporation, "AX.25 Link 217 Access Protocol for Amateur Packet Radio Version 2.2", 218 July 1998, . 220 [protocol-numbers] 221 IANA, "Assigned Internet Protocol Numbers", 222 . 225 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 226 Requirement Levels", BCP 14, RFC 2119, 227 DOI 10.17487/RFC2119, March 1997, 228 . 230 [RFC2410] Glenn, R. and S. Kent, "The NULL Encryption Algorithm and 231 Its Use With IPsec", RFC 2410, DOI 10.17487/RFC2410, 232 November 1998, . 234 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, 235 "Definition of the Differentiated Services Field (DS 236 Field) in the IPv4 and IPv6 Headers", RFC 2474, 237 DOI 10.17487/RFC2474, December 1998, 238 . 240 [RFC2597] Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski, 241 "Assured Forwarding PHB Group", RFC 2597, 242 DOI 10.17487/RFC2597, June 1999, 243 . 245 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 246 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 247 December 2005, . 249 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", 250 RFC 4303, DOI 10.17487/RFC4303, December 2005, 251 . 253 [RFC5840] Grewal, K., Montenegro, G., and M. Bhatia, "Wrapped 254 Encapsulating Security Payload (ESP) for Traffic 255 Visibility", RFC 5840, DOI 10.17487/RFC5840, April 2010, 256 . 258 [RR-bits] Bruninga, B., "APRS Future Use of AX.25 SSID RR Bits", 259 December 2012, . 261 7.2. Informative References 263 [APRS] Wade, I., Ed., "APRS Protocol Reference", August 2000, 264 . 266 [APRS-IS] Loveall, P., "APRS-IS", . 268 [CUST18] Custura, A., Secchi, R., and G. Fairhurst, "Exploring DSCP 269 modification pathologies in the Internet", Computer 270 Communications Vol. 127, pp. 86-94, 271 DOI 10.1016/j.comcom.2018.05.016, September 2018. 273 [OfcomTerms] 274 Ofcom, "UK Amateur Radio Licence Section 2", 275 . 278 [Part97.111] 279 e-CFR, "Electronic Code of Federal Regulations Title 47, 280 Part 97.111 - Authorized transmissions", 281 . 284 [Part97.113] 285 e-CFR, "Electronic Code of Federal Regulations Title 47, 286 Part 97.113 - Prohibited transmissions", 287 . 290 [RFC1226] Kantor, B., "Internet protocol encapsulation of AX.25 291 frames", RFC 1226, DOI 10.17487/RFC1226, May 1991, 292 . 294 [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. 295 Kivinen, "Internet Key Exchange Protocol Version 2 296 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 297 2014, . 299 Author's Address 301 Iain R. Learmonth 302 HamBSD 304 Email: irl@hambsd.org