Internet-Draft AX.25 over IP May 2021
Learmonth Expires 24 November 2021 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-learmonth-intarea-rfc1226-bis-03
Obsoletes:
1226 (if approved)
Published:
Intended Status:
Experimental
Expires:
Author:
I. R. Learmonth
HamBSD

Internet Protocol Encapsulation of AX.25 Frames

Abstract

This document describes a method for the encapsulation of AX.25 Link Access Protocol for Amateur Packet Radio frames within IPv4 and IPv6 packets. Obsoletes RFC1226.

Note

Comments are solicited and should be addressed to the author(s).

The sources for this draft are at:

https://github.com/irl/draft-rfc1226-bis

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 24 November 2021.

Table of Contents

1. Introduction

This document describes a method for the encapsulation of AX.25 Link Access Protocol for Amateur Packet Radio [AX.25] frames within IPv4 and IPv6 packets. It obsoletes [RFC1226].

AX.25 is a data link layer protocol originally derived from layer 2 of the X.25 protocol suite and designed for use by amateur radio operators. It is used extensively by amateur packet radio networks worldwide.

In addition to specifying how packets should be encapsulated, it gives recommendations for DiffServ codepoint marking of the encapsulating headers based on the AX.25 frame content and provides security considerations for the use of this encapsulation method.

2. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

3. Internet Protocol Encapsulation

Each AX.25 frame is encapsulated in one IPv4 or IPv6 datagram using protocol number 93 as assigned in the Assigned Internet Protocol Numbers registry [protocol-numbers]. For AX.25 version 2.0, the maximum frame size expected is 330 bytes and implementations MUST be prepared to handle frames of this size. Higher frame sizes can be negotiated by AX.25 version 2.2 and so this is a minimum requirement and not a limit.

HDLC framing elements (flags and zero-stuffing) are omitted, as the IP datagram adequately delimits the beginning and end of each AX.25 frame. The CRC-16-CCITT frame check sequence (normally generated by the HDLC transmission hardware) is included trailing the information field. In all other respects, AX.25 frames are encapsulated unaltered.

3.1. Priority Frames

In normal operation, the DiffServ codepoint field [RFC2474] in the encapsulating IP header SHOULD be set to best effort (BE). The exception to this is "priority frames" as specified for AX.25 version 2.2, including acknowledgement and digipeat frames, which SHOULD have the DiffServ codepoint set to AF21 [RFC2597]. A slot is reserved on the radio channel for the transmission of these frames and the use of this codepoint will permit the frames to arrive promptly at the station for transmission.

For the avoidance of doubt: on decapsulation the AX.25 frame MUST NOT be modified based on the DiffServ codepoint on the received encapsulating IP header. The receiver MUST NOT use the DiffServ codepoint to infer anything about the nature of the encapsulated packet. It has been shown that while the AF21 codepoint may be remarked while crossing administrative boundaries, it is unlikely that priority inversion will occur due to remarking where such remarking occurs [CUST18].

3.2. Automatic Packet Reporting System

Automatic Packet Reporting System [APRS] is an amateur radio-based system for real time digital communications for local situational awareness. APRS uses AX.25 frames for addressing, and additionally assigns special meaning to some of the reserved bits of an AX.25 frame header.

As a special case, when used with the Automatic Packet Reporting System [APRS], priority frames will not occur. If a tunnel is configured as carrying APRS data, the DiffServ codepoint SHOULD by default be set to AF11 [RFC2597]. Where the "Precedence Bit" [RR-bits] is set (i.e. it is zero) in an APRS packet, the DiffServ codepoint should be set to BE. Where the "Operator Present Bit" [RR-bits] is set (i.e. it is zero), the DiffServ codepoint MAY be set to AF21 [RFC2597].

Again, for the avoidance of doubt: on decapsulation the AX.25 frame MUST NOT be modified based on the DiffServ codepoint on the received encapsulating IP header. The receiver MUST NOT use the DiffServ codepoint to infer anything about the nature of the encapsulated packet. It has been shown that while AF codepoints may be remarked while crossing administrative boundaries, it is unlikely that priority inversion will occur, either with the BE traffic or between AF PHBs due to remarking where such remarking occurs [CUST18].

It is possible depending on the nature of the tunnel that decapsulated packets would need to be treated as third-party traffic according to the APRS specification [APRS]. In this case, the Third-Party Network Identifier "IPENC" SHOULD be used. This is to differentiate traffic using IP encapsulation from APRS-IS traffic [APRS-IS] and other third-party networks.

4. Security Considerations

With the exception of control signals exchanged between earth command stations and space stations in the amateur-satellite service, amateur radio transmissions cannot be encoded for the purpose of obscuring their meaning. In essence, this means that cryptography that requires the use of secrets to decipher a message cannot be used where the possibility exists that a packet will be transmitted by an amateur radio station [Part97.113][OfcomTerms].

The CRC-16-CCITT provides for an integrity check but does not guarantee the authenticity of the packet. In many jurisdictions it is a requirement for amateur radio stations that are Internet connected that they verify that packets for transmission have originated from licensed radio amateurs [Part97.111][OfcomTerms].

In order to provide this guarantee, IPSec [RFC4301] SHOULD be employed to provide authentication of packets. The neogtiated SA SHOULD use transport mode with ESP [RFC4303] to limit the packet size overhead incurred by use of IPSec. The traffic selector MUST match packets with IP protocol number 93. An authentication algorithm MUST be selected to provide data origin authentication.

The encryption algorithm MUST NOT provide confidentiality for tunnels that will traverse an amateur radio link (i.e. the encapsulated packets will be transmitted by an amateur radio station). The use of the NULL algorithm [RFC2410] is RECOMMENDED for tunnels that will traverse an amateur radio link. In cases where traffic can be known or reasonably expected to not traverse an amateur radio link, an encryption algorithm that provides confidentiality is RECOMMENDED.

Wrapped ESP [RFC5840] MAY be used to explicitly indicate where "integrity-only" security is provided without data confidentiality.

When transmitted by an amateur radio station, many propagation modes will permit wide reception of a packet. As such, receivers MUST implement anti-replay protection by verifying received sequence numbers [RFC4303]. The size of the anti-replay window may need to be scaled to account not only for the speed of the link, but also for packet loss that may occur on amateur radio links. Following extended packet loss a sender may have advanced the sequence number beyond the window size allowed. Dead peer detection [RFC7296] can be used to renegotiate SAs in this case and so SHOULD be enabled for any SA expected to traverse an amateur radio link that is expected to have varying propagation charachteristics.

Given the need for anti-replay protection, it is not possible to manually key the SAs. IKEv2 [RFC7296] SHOULD be used to establish SAs. Beyond the above, the exact details of the automatic keying protocol to use and its paramaters are not specified in this document.

5. IANA Considerations

Protocol number 93 is assigned in [protocol-numbers] and should be updated to point to this document.

6. Acknowledgements

The author would like to acknowledge the work of Brian Kantor who authored the original specification [RFC1226] that this document updates.

7. References

7.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC2410]
Glenn, R. and S. Kent, "The NULL Encryption Algorithm and Its Use With IPsec", RFC 2410, DOI 10.17487/RFC2410, , <https://www.rfc-editor.org/info/rfc2410>.
[RFC2474]
Nichols, K., Blake, S., Baker, F., and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, DOI 10.17487/RFC2474, , <https://www.rfc-editor.org/info/rfc2474>.
[RFC2597]
Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski, "Assured Forwarding PHB Group", RFC 2597, DOI 10.17487/RFC2597, , <https://www.rfc-editor.org/info/rfc2597>.
[RFC4301]
Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, , <https://www.rfc-editor.org/info/rfc4301>.
[RFC4303]
Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, DOI 10.17487/RFC4303, , <https://www.rfc-editor.org/info/rfc4303>.
[RFC5840]
Grewal, K., Montenegro, G., and M. Bhatia, "Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility", RFC 5840, DOI 10.17487/RFC5840, , <https://www.rfc-editor.org/info/rfc5840>.
[AX.25]
Tucson Amateur Packet Radio Corporation, "AX.25 Link Access Protocol for Amateur Packet Radio Version 2.2", , <https://www.tapr.org/pdf/AX25.2.2.pdf>.
[protocol-numbers]
IANA, "Assigned Internet Protocol Numbers", <http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>.
[RR-bits]
Bruninga, B., "APRS Future Use of AX.25 SSID RR Bits", , <http://aprs.org/aprs12/RR-bits.txt>.

7.2. Informative References

[CUST18]
Custura, A., Secchi, R., and G. Fairhurst, "Exploring DSCP modification pathologies in the Internet", Computer Communications Vol. 127, pp. 86-94, DOI 10.1016/j.comcom.2018.05.016, , <https://doi.org/10.1016/j.comcom.2018.05.016>.
[RFC1226]
Kantor, B., "Internet protocol encapsulation of AX.25 frames", RFC 1226, DOI 10.17487/RFC1226, , <https://www.rfc-editor.org/info/rfc1226>.
[RFC7296]
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, , <https://www.rfc-editor.org/info/rfc7296>.
[APRS]
Wade, I., Ed., "APRS Protocol Reference", , <http://www.aprs.org/doc/APRS101.PDF>.
[APRS-IS]
Loveall, P., "APRS-IS", <http://www.aprs-is.net/>.
[Part97.111]
e-CFR, "Electronic Code of Federal Regulations Title 47, Part 97.111 - Authorized transmissions", <https://www.ecfr.gov/cgi-bin/text-idx?node=pt47.5.97&rgn=div5#se47.5.97_1111>.
[Part97.113]
e-CFR, "Electronic Code of Federal Regulations Title 47, Part 97.113 - Prohibited transmissions", <https://www.ecfr.gov/cgi-bin/text-idx?node=pt47.5.97&rgn=div5#se47.5.97_1113>.
[OfcomTerms]
Ofcom, "UK Amateur Radio Licence Section 2", <https://www.ofcom.org.uk/__data/assets/pdf_file/0027/62991/amateur-terms.pdf>.

Author's Address

Iain R. Learmonth
HamBSD