Network Working Group                                       I. Learmonth
Internet-Draft                                                    HamBSD
Obsoletes: 1226 (if approved)                          November 19, 2020
Intended status: Experimental
Expires: May 23, 2021


            Internet Protocol Encapsulation of AX.25 Frames
                 draft-learmonth-intarea-rfc1226-bis-02

Abstract

   This document describes a method for the encapsulation of AX.25 Link
   Access Protocol for Amateur Packet Radio frames within IPv4 and IPv6
   packets.  Obsoletes RFC1226.

Note

   Comments are solicited and should be addressed to the author(s).

   The sources for this draft are at:

   https://github.com/irl/draft-rfc1226-bis

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 23, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents



Learmonth                 Expires May 23, 2021                  [Page 1]


Internet-Draft                AX.25 over IP                November 2020


   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

1.  Introduction

   This document describes a method for the encapsulation of AX.25 Link
   Access Protocol for Amateur Packet Radio [AX.25] frames within IPv4
   and IPv6 packets.  It obsoletes [RFC1226].

   AX.25 is a data link layer protocol originally derived from layer 2
   of the X.25 protocol suite and designed for use by amateur radio
   operators.  It is used extensively by amateur packet radio networks
   worldwide.

   In addition to specifying how packets should be encapsulated, it
   gives recommendations for DiffServ codepoint marking of the
   encapsulating headers based on the AX.25 frame content and provides
   security considerations for the use of this encapsulation method.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Internet Protocol Encapsulation

   Each AX.25 frame is encapsulated in one IPv4 or IPv6 datagram using
   protocol number 93 as assigned in the Assigned Internet Protocol
   Numbers registry [protocol-numbers].  For AX.25 version 2.0, the
   maximum frame size expected is 330 bytes and implementations MUST be
   prepared to handle frames of this size.  Higher frame sizes can be
   negotiated by AX.25 version 2.2 and so this is a minimum requirement
   and not a limit.

   HDLC framing elements (flags and zero-stuffing) are omitted, as the
   IP datagram adequately delimits the beginning and end of each AX.25
   frame.  The CRC-16-CCITT frame check sequence (normally generated by
   the HDLC transmission hardware) is included trailing the information
   field.  In all other respects, AX.25 frames are encapsulated
   unaltered.





Learmonth                 Expires May 23, 2021                  [Page 2]


Internet-Draft                AX.25 over IP                November 2020


3.1.  Priority Frames

   In normal operation, the DiffServ codepoint field [RFC2474] in the
   encapsulating IP header SHOULD be set to best effort (BE).  The
   exception to this is "priority frames" as specified for AX.25 version
   2.2, including acknowledgement and digipeat frames, which SHOULD have
   the DiffServ codepoint set to AF21 [RFC2597].  A slot is reserved on
   the radio channel for the transmission of these frames and the use of
   this codepoint will permit the frames to arrive promptly at the
   station for transmission.

   For the avoidance of doubt: on decapsulation the AX.25 frame MUST NOT
   be modified based on the DiffServ codepoint on the received
   encapsulating IP header.  The receiver MUST NOT use the DiffServ
   codepoint to infer anything about the nature of the encapsulated
   packet.  It has been shown that while the AF21 codepoint may be
   remarked while crossing administrative boundaries, it is unlikely
   that priority inversion will occur due to remarking where such
   remarking occurs [Cust18].

3.2.  Automatic Packet Reporting System

   Automatic Packet Reporting System [APRS] is an amateur radio-based
   system for real time digital communications for local situational
   awareness.  APRS uses AX.25 frames for addressing, and additionally
   assigns special meaning to some of the reserved bits of an AX.25
   frame header.

   As a special case, when used with the Automatic Packet Reporting
   System [APRS], priority frames will not occur.  If a tunnel is
   configured as carrying APRS data, the DiffServ codepoint SHOULD by
   default be set to AF11 [RFC2597].  Where the "Precedence Bit"
   [RR-bits] is set (i.e. it is zero) in an APRS packet, the DiffServ
   codepoint should be set to BE.  Where the "Operator Present Bit"
   [RR-bits] is set (i.e. it is zero), the DiffServ codepoint MAY be set
   to AF21 [RFC2597].

   Again, for the avoidance of doubt: on decapsulation the AX.25 frame
   MUST NOT be modified based on the DiffServ codepoint on the received
   encapsulating IP header.  The receiver MUST NOT use the DiffServ
   codepoint to infer anything about the nature of the encapsulated
   packet.  It has been shown that while AF codepoints may be remarked
   while crossing administrative boundaries, it is unlikely that
   priority inversion will occur, either with the BE traffic or between
   AF PHBs due to remarking where such remarking occurs [Cust18].

   It is possible depending on the nature of the tunnel that
   decapsulated packets would need to be treated as third-party traffic



Learmonth                 Expires May 23, 2021                  [Page 3]


Internet-Draft                AX.25 over IP                November 2020


   according to the APRS specification [APRS].  In this case, the Third-
   Party Network Identifier "IPENC" SHOULD be used.  This is to
   differentiate traffic using IP encapsulation from APRS-IS traffic
   [APRS-IS] and other third-party networks.

4.  Security Considerations

   With the exception of control signals exchanged between earth command
   stations and space stations in the amateur-satellite service, amateur
   radio transmissions cannot be encoded for the purpose of obscuring
   their meaning.  In essence, this means that cryptography that
   requires the use of secrets to decipher a message cannot be used
   where the possibility exists that a packet will be transmitted by an
   amateur radio station [Part97.113][OfcomTerms].

   The CRC-16-CCITT provides for an integrity check but does not
   guarantee the authenticity of the packet.  In many jurisdictions it
   is a requirement for amateur radio stations that are Internet
   connected that they verify that packets for transmission have
   originated from licensed radio amateurs [Part97.111][OfcomTerms].

   In order to provide this guarantee, IPSec [RFC4301] SHOULD be
   employed to provide authentication of packets.  The neogtiated SA
   SHOULD use transport mode with ESP [RFC4303] to limit the packet size
   overhead incurred by use of IPSec.  The traffic selector MUST match
   packets with IP protocol number 93.  An authentication algorithm MUST
   be selected to provide data origin authentication.

   The encryption algorithm MUST NOT provide confidentiality for tunnels
   that will traverse an amateur radio link (i.e. the encapsulated
   packets will be transmitted by an amateur radio station).  The use of
   the NULL algorithm [RFC2410] is RECOMMENDED for tunnels that will
   traverse an amateur radio link.  In cases where traffic can be known
   or reasonably expected to not traverse an amateur radio link, an
   encryption algorithm that provides confidentiality is RECOMMENDED.

   Wrapped ESP [RFC5840] MAY be used to explicitly indicate where
   "integrity-only" security is provided without data confidentiality.

   When transmitted by an amateur radio station, many propagation modes
   will permit wide reception of a packet.  As such, receivers MUST
   implement anti-replay protection by verifying received sequence
   numbers [RFC4303].  The size of the anti-replay window may need to be
   scaled to account not only for the speed of the link, but also for
   packet loss that may occur on amateur radio links.  Following
   extended packet loss a sender may have advanced the sequence number
   beyond the window size allowed.  Dead peer detection [RFC7296] can be
   used to renegotiate SAs in this case and so SHOULD be enabled for any



Learmonth                 Expires May 23, 2021                  [Page 4]


Internet-Draft                AX.25 over IP                November 2020


   SA expected to traverse an amateur radio link that is expected to
   have varying propagation charachteristics.

   Given the need for anti-replay protection, it is not possible to
   manually key the SAs.  IKEv2 [RFC7296] SHOULD be used to establish
   SAs.  Beyond the above, the exact details of the automatic keying
   protocol to use and its paramaters are not specified in this
   document.

5.  IANA Considerations

   Protocol number 93 is assigned in [protocol-numbers] and should be
   updated to point to this document.

6.  Acknowledgements

   The author would like to acknowledge the work of Brian Kantor who
   authored the original specification [RFC1226] that this document
   updates.

7.  References

7.1.  Normative References

   [AX.25]    Tucson Amateur Packet Radio Corporation, "AX.25 Link
              Access Protocol for Amateur Packet Radio Version 2.2",
              July 1998, <https://www.tapr.org/pdf/AX25.2.2.pdf>.

   [protocol-numbers]
              IANA, "Assigned Internet Protocol Numbers",
              <http://www.iana.org/assignments/protocol-numbers/
              protocol-numbers.xhtml>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC2410]  Glenn, R. and S. Kent, "The NULL Encryption Algorithm and
              Its Use With IPsec", RFC 2410, DOI 10.17487/RFC2410,
              November 1998, <https://www.rfc-editor.org/info/rfc2410>.

   [RFC2474]  Nichols, K., Blake, S., Baker, F., and D. Black,
              "Definition of the Differentiated Services Field (DS
              Field) in the IPv4 and IPv6 Headers", RFC 2474,
              DOI 10.17487/RFC2474, December 1998,
              <https://www.rfc-editor.org/info/rfc2474>.




Learmonth                 Expires May 23, 2021                  [Page 5]


Internet-Draft                AX.25 over IP                November 2020


   [RFC2597]  Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski,
              "Assured Forwarding PHB Group", RFC 2597,
              DOI 10.17487/RFC2597, June 1999,
              <https://www.rfc-editor.org/info/rfc2597>.

   [RFC4301]  Kent, S. and K. Seo, "Security Architecture for the
              Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
              December 2005, <https://www.rfc-editor.org/info/rfc4301>.

   [RFC4303]  Kent, S., "IP Encapsulating Security Payload (ESP)",
              RFC 4303, DOI 10.17487/RFC4303, December 2005,
              <https://www.rfc-editor.org/info/rfc4303>.

   [RFC5840]  Grewal, K., Montenegro, G., and M. Bhatia, "Wrapped
              Encapsulating Security Payload (ESP) for Traffic
              Visibility", RFC 5840, DOI 10.17487/RFC5840, April 2010,
              <https://www.rfc-editor.org/info/rfc5840>.

   [RR-bits]  Bruninga, B., "APRS Future Use of AX.25 SSID RR Bits",
              December 2012, <http://aprs.org/aprs12/RR-bits.txt>.

7.2.  Informative References

   [APRS]     Wade, I., Ed., "APRS Protocol Reference", August 2000,
              <http://www.aprs.org/doc/APRS101.PDF>.

   [APRS-IS]  Loveall, P., "APRS-IS", <http://www.aprs-is.net/>.

   [Cust18]   Custura, A., Secchi, R., and G. Fairhurst, "Exploring DSCP
              modification pathologies in the Internet", Computer
              Communications Vol. 127, pp. 86-94,
              DOI 10.1016/j.comcom.2018.05.016, September 2018.

   [OfcomTerms]
              Ofcom, "UK Amateur Radio Licence Section 2",
              <https://www.ofcom.org.uk/__data/assets/
              pdf_file/0027/62991/amateur-terms.pdf>.

   [Part97.111]
              e-CFR, "Electronic Code of Federal Regulations Title 47,
              Part 97.111 - Authorized transmissions",
              <https://www.ecfr.gov/cgi-bin/text-
              idx?node=pt47.5.97&rgn=div5#se47.5.97_1111>.








Learmonth                 Expires May 23, 2021                  [Page 6]


Internet-Draft                AX.25 over IP                November 2020


   [Part97.113]
              e-CFR, "Electronic Code of Federal Regulations Title 47,
              Part 97.113 - Prohibited transmissions",
              <https://www.ecfr.gov/cgi-bin/text-
              idx?node=pt47.5.97&rgn=div5#se47.5.97_1113>.

   [RFC1226]  Kantor, B., "Internet protocol encapsulation of AX.25
              frames", RFC 1226, DOI 10.17487/RFC1226, May 1991,
              <https://www.rfc-editor.org/info/rfc1226>.

   [RFC7296]  Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
              Kivinen, "Internet Key Exchange Protocol Version 2
              (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
              2014, <https://www.rfc-editor.org/info/rfc7296>.

Author's Address

   Iain R. Learmonth
   HamBSD

   Email: irl@hambsd.org






























Learmonth                 Expires May 23, 2021                  [Page 7]