Novell IPX

Novell's IPX is still a prevalent protocol because NetWare was the leading Networking Operating System in the late 1980's and early 1990's.  IPX was the default protocol for NetWare during those days.  However TCP/IP is now the default protocol for NetWare 5.

IPX Protocol Stack
Protocol Function
IPX IPX(Internetwork Packet eXchange) functions at layer 3 and 4 of the OSI model.  It controls the assignment of IPX addresses (software addresses) on individual nodes, governs packet delivery across internetworks, and makes routing decisions based on information provided by the routing protocols RIP and NLSP (NetWare Link State Protocol).  IPX is connectionless so no acknowledgments are needed.  IPX uses sockets, analogous to TCP/IP ports, to communicate with upper-layer protocols.
SPX SPX (Sequenced Packet Exchange) works at layer 4 of the OSI model and adds connection-oriented communications to the otherwise connectionless IPX. Through it, upper-layer protocols can ensure data delivery between source and destination nodes. SPX works by creating virtual circuits or connections between devices, with each connection having a specific connection ID in the SPX header.
RIP RIP (Routing Information Protocol) is a distance-vector routing protocol used to discover IPX routes through internetworks. It employs ticks (the time in 1/18ths of a second it takes to get to a remote network) and hop counts as metrics for determining preferred routes.
SAP SAP (Service Advertising Protocol) is used to advertise and request services. Servers use it to advertise the services they offer and clients use it to locate network services.
NLSP NLSP (NetWare Link State Protocol) is an advanced link-state routing protocol developed by Novell. It's intended to replace both RIP and SAP.
NCP NCP (NetWare Core Protocol) provides clients with access to server resources; functions such as file access, printing, synchronization, and security are all handled by NCP.

IPX Socket Numbers
Socket Service Description
0451 NCP NetWare Core Protocol
0452 SAP Service Advertising Protocol
0453 RIP Routing Information Protocol
0455 NetBIOS NetBIOS over IPX
0456 Diag. Packet Server Diagnostic Packet
0457 Serial # check License serial number check between servers
4000-8000 reply Upper reply socket randomly assigned by client

Client-Server Communications

In a Novell NetWare environment, a node is either a client or a server not both.  Servers provide the following services: file, print, messaging, application, and database.  NetWare clients need servers to locate these resources.  The NetWare servers build SAP (Service Advertising Protocol) tables containing all the resources they know about on the internetwork.  When clients need a resource, they send an IPX broadcast packet called a GNS (Get Nearest Server) request so they can locate a NetWare server that provides the needed resource.  The servers receive the GNS and check their SAP tables to locate a NetWare server that matches the specific request.  They respond to the client with a GNS reply.  The GNS reply points the client to a specific server to contact for the resource it requested.  If none of the servers know of the resource, they don't respond and the client can't access the resource.

Cisco Routers' SAP Tables

Cisco routers build SAP tables also, and can respond to GNS requests.  They don't offer services, but they can direct the client to the correct server for the desired resource.  If a local NetWare server isn't present on the local subnet the router can give a GNS reply for a server on another subnet.  This reduces the need to have a remote NetWare server respond to the request and also saves WAN bandwidth.

Server-Server Communication

Servers are responsible for maintaining tables of all available network resources, regardless of whether those resources are local to the server or not.  The server must be able to locate any resource on the network.  Servers exchange two types of information using two separate protocols SAP and RIP.  SAP communicates the service information and RIP communicates routing information.


NetWare servers use SAP to advertise their available services by sending out SAP broadcasts every 60 seconds.  The broadcast sends information about services that it has learned about from other servers as well.  All servers that receive the broadcast incorporate the new SAP information into their own SAP tables.  Eventually all the servers know about all the other servers' services.  When new services are added to the network, the SAP broadcasts include the new information and eventually updates all the other servers.  SAP broadcasts won't cross a Cisco router by default, but the router will listen to all the broadcasts on a network and add them to its own SAP table; it will then broadcast the SAP table information every 60 seconds out all interfaces that have IPX enabled, to the other routers.

Common SAP Services
Hex Number SAP Description
0004 NetWare file server
0007 Print server
0024 Router
039B Lotus Notes server


RIP information is broadcast the same way the SAP information is.  Servers build routing tables that contain entries for the networks they're directly connected to, they then broadcast this information to all IPX enabled interfaces.  IPX RIP information is broadcast every 60 seconds.  When the other servers receive the updates, they send them to their connected networks and all the servers are gradually updated.

IPX Addressing

IPX addresses use 80 bits (10 bytes) of data.  An IPX network address consists of a network number and a node number expressed in the format network.node .

Network Numbers

The network number identifies a physical network. It is a 4-byte (32-bit) quantity that must be unique throughout the entire IPX internetwork.  The network number is expressed as hexadecimal digits.  The maximum number of digits allowed is eight.  The Cisco IOS software does not require that you enter all eight digits; you can omit leading zeros.

Node Numbers

The node number identifies a node on the network.  It is a 48-bit quantity, represented by dotted triplets of four-digit hexadecimal numbers.  If you do not specify a node number for a router to be used on WAN links, the Cisco IOS software uses the hardware Media Access Control (MAC) address currently assigned to it as its node address.  This is the MAC address of the first Ethernet, Token Ring, or FDDI interface card.  If there are no valid IEEE interfaces, then the Cisco IOS software randomly assigns a node number using a number that is based on the system clock.

IPX Address Example

The following is an example of an IPX network address:


In this example, the network number is 4a (more specifically, it is 0000004a), and the node number is 0000.0c00.23fe.  All digits in the address are hexadecimal.


Encapsulation or framing, is the process of taking packets from upper-layer protocols and building frames to transmit them across the network.  In regards to IPX, encapsulation is the process of taking IPX datagrams and placing them in layer 2 frames for one of the supported media.  IPX packets can be encapsulated for Ethernet, Token Ring, or FDDI.  Routers are important to IPX because IPX supports multiple frame types for the different media that are incompatible with each other.  If a router supports both frame types for two client with different frame types, then they will be able to communicate with each other via the router.  For each different frame type on the internetwork, there is a unique network number for it.  If you have multiple different frame types and therefore different IPX networks in an internetwork and you can't use one frame type (recommended), you can use a router to connect the dissimilar networks.

IPX Encapsulation Types

Novell NetWare IPX supports multiple encapsulation schemes on a single router interface, provided that multiple network numbers are assigned.  NetWare supports the following four encapsulation schemes:

  • Novell Proprietary---Also called "802.3 raw" or Novell Ethernet_802.3, Novell proprietary serves as the initial encapsulation scheme Novell uses. It includes an Institute of Electrical and Electronic Engineers (IEEE) 802.3 Length field but not an IEEE 802.2 (LLC) header. The IPX header immediately follows the 802.3 Length field.
  • 802.3---Also called Novell_802.2, 802.3 is the standard IEEE 802.3 frame format.
  • Ethernet Version 2---Also called Ethernet-II or ARPA, Ethernet Version 2 includes the standard Ethernet Version 2 header, which consists of Destination and Source Address fields followed by an EtherType field.
  • SNAP---Also called Ethernet_SNAP, SNAP extends the IEEE 802.2 header by providing a type code similar to that defined in the Ethernet Version 2 specification.
Novell Frame Encapsulation
NetWare Frame Type Cisco Keyword
Ethernet Frames
Ethernet_802.3 novell-ether (default)
Ethernet_802.2 sap
Ethernet_II arpa
Ethernet_SNAP snap
Token Ring Frames
Token-Ring sap (default)
Token-Ring_snap snap
FDDI Frames
Fddi_snap snap (default)
Fddi_802.2 sap
Fddi_raw novell-fddi

Configuring IPX on a router.