home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
teaminfo
/
nist
/
csl06_92.txt
< prev
next >
Wrap
Text File
|
1994-07-02
|
20KB
|
377 lines
******************** CSL Bulletin *******************
June 1992
TCP/IP or OSI? CHOOSING A STRATEGY FOR OPEN SYSTEMS
The drive of users toward open systems reflects requirements to
integrate information processing resources and to make automated
information available throughout the organization. Standards-
based products that fit into an open systems infrastructure are
key to meeting these user requirements. Since complete open
solutions are not yet available, users planning open systems have
to choose strategies that will support their current systems as
well as future systems.
This bulletin provides information on data communications
protocols that enable computer systems to communicate with other
systems in an open environment. It discusses the choices that
are available to users in the selection of network protocols for
open systems and provides guidance for making selections to
support both current and future systems. Federal agencies should
consider these choices in the development of their policies for
open systems.
The Diversity of Computing
Computer networks are becoming an indispensable component of
computing. Today office workers, scientists, and engineers
depend upon personal computers and workstations that are
interconnected through local area networks (LANs). To share data
with other users and to access data within the organization,
users want to interconnect their personal computers, different
LANs, mainframes, minicomputers, and perhaps supercomputers and
parallel processors. Networking technologies for tying these
various systems together are diverse, complex, and often
incompatible.
Standards for data communications are part of the solution to the
problems of incompatible, heterogeneous computer systems. Today,
two principal suites of standard data communications protocols
are available to users, the Transmission Control
Protocol/Internet Protocol (TCP/IP) and Open Systems
Interconnection (OSI).
Why Two Protocol Suites?
Both TCP/IP and OSI provide many of the same capabilities: the
interconnection of computers, local area, wide area, and other
networks; the routing of information in packets or datagrams
between networks; reliable data transmission; file transfers;
remote log-in to a computer; and electronic mail. There are some
differences, however, with respect to deployment, availability of
applications, and technical features of the two suites.
The federal government has helped to support the development of
both TCP/IP and OSI. The government provided direct financial
support to the development of TCP/IP as an early solution to
incompatible networked systems. The government also has been
collaborating with industry to develop and implement voluntary
international standards for OSI to foster global open systems.
The Development of TCP/IP
The TCP/IP suite of protocols, which is older than OSI, has been
used for about 10 years. TCP/IP is implemented on the Internet,
a concatenation of about 5,000 networks and a million computers
that are used by researchers in corporations, universities, and
government laboratories for information exchange and
collaborations. TCP/IP is included in Berkeley Software
Distribution (BSD) UNIX, which is the fundamental operating
system software for popular workstations used for scientific,
engineering, and graphics applications.
The federal government funded the development of BSD UNIX, and
continues to support TCP/IP indirectly through the National
Science Foundation Network (NSFnet), the NASA Science Internet
(NSI), the Energy Sciences Network (ESnet), and through Defense
Advanced Research Projects Agency (DARPA)-sponsored research for
enhanced network services. BSD UNIX and TCP/IP have been used by
students in universities, especially in the United States, for
about a decade; as a result, TCP/IP is understood by many users,
systems integrators, and developers.
TCP/IP is more widely implemented than OSI. The Department of
Commerce's International Trade Administration estimates that
worldwide expenditures for TCP/IP hardware and software were $1.2
billion in 1991, while the world market for OSI products reached
$550 million (U.S. Industrial Outlook-1992). This popularity may
stem from the easy availability of the TCP/IP implementations to
commercial suppliers who can provide TCP/IP networks without a
major investment in protocol software development. With an
immediate revenue stream, suppliers can concentrate resources on
improving the usability of their TCP/IP networking products.
The Development of OSI
The success of TCP/IP as a solution for data communications among
heterogeneous computers may be slowing the deployment of OSI
applications. OSI is the accepted international standard for
data communications, however, and it is expected to become the
replacement for TCP/IP. OSI is specified for use by a growing
number of governments around the world: the European Community
legislates OSI; the United States Government mandates OSI (and
the state governments are following); the Commonwealth of
Australia has adopted OSI, as have Japan, Taiwan, and the Nordic
Countries. OSI is also accepted by other groups with
international scope, such as the World Federation of MAP/TOP User
Groups.
OSI standards are created and evolve in an open process, visible
to users and suppliers throughout the world. The standards-
development work is organized and scheduled so that plans can be
drawn up for developing and deploying solutions that use the
resulting standards. In addition, OSI standards are augmented by
a rigorous testing process that improves the quality of OSI
products and aids in managing the evolution of change.
Advantages and Disadvantages of TCP/IP and OSI
TCP/IP and OSI both facilitate data communications among
heterogeneous computers. TCP/IP and OSI, which can interoperate
via gateways, complement each other. The OSI protocol for
routing packets (CLNP), which corresponds to IP, is deployed in a
significant and growing segment of the Internet composed of
largely TCP/IP-based computers and routers. CLNP is a more
robust protocol than IP and has a larger and more versatile
addressing field. A number of gateways exist for interoperation
of TCP/IP mail (SMTP) with Message Handling Systems (X.400);
TCP/IP file transfers (FTP) occur routinely on the Internet; OSI
protocols for file transfer, access and management (FTAM) are
also used on the Internet; some of the earliest pilots for the
OSI directory service (X.500) are being conducted on the
Internet.
One reason for TCP/IP popularity may be its well-known
application programming interfaces (API): sockets and streams.
Proprietary products have been implemented using TCP/IP to
distribute services across a network; for example, structured
query language (SQL) access to relational databases, network file
services allowing remote mounting of file systems, and remote
windowing for bit-mapped graphics displays. X Window (which is
part of NIST's Application Portability Profile) and proprietary
window systems operate over TCP/IP.
OSI can provide equivalent APIs that can be used by the same
third-party software vendors to provide the same added features.
For some of the features, such as SQL access and windowing,
standard specifications are being developed to integrate the
services into the OSI architecture in a standard manner, and to
achieve more robust and complex services.
TCP/IP application services are simple mail transfer (SMTP), file
transfer (FTP), and remote log-in (Telnet). The OSI application
services currently provide increased functionality over these
services. The OSI mail service (X.400) provides an extensible
framework for carrying information of all kinds, not simply
personal mail messages. The OSI virtual terminal service supports
more than simple character or line terminals: forms, page, and
scroll modes are also supported. The OSI distributed directory
service (X.500) is far more capable than the equivalent TCP/IP
centralized directory service (Whois).
OSI also provides enhanced technical capabilities over TCP/IP.
For example, the TCP/IP address space encompasses 32 bits and is
rapidly approaching exhaustion, while an OSI network address
comprises 160 bits, a size that will provide global addressing
into the foreseeable future. In addition, the routing protocols
used with TCP/IP are constrained by the flat, 32-bit address so
that the routing tables maintained in Internet switching nodes
are growing quite large and, thus, becoming unwieldy. OSI
routing protocols support a form of hierarchical routing so that
address information can be more efficiently represented in
summary form, reducing the amount of routing information that
flows in the network and that must be stored in the switching
nodes. OSI switching services should provide a natural
transition path on the Internet as the TCP/IP address space
limits are reached.
Building for the future, OSI existing applications are being
enhanced and new applications are being developed to provide
additional user services. Message handling system (MHS, X.400)
applications will soon provide standard security and directory
services, along with the ability to interchange electronic data
(EDI). FTAM applications are being enhanced to support transfer
of additional document types, to facilitate remote file directory
operations, and to supply restart and recovery operations.
Virtual terminal applications are being extended with additional
terminal types.
Other new OSI applications include directory services (X.500),
which will enable retrieval of information from locally
maintained directory servers distributed throughout a network.
Remote database access (RDA) products will extend SQL access
across a network of heterogeneous databases. The distributed
transaction processing (DTP) service will provide synchronized
transactions, distributed across a set of network nodes.
Implementations of the manufacturing messaging specification
(MMS) allow real-time access to variables in process-control
devices connected to a network.
More Improvements Needed
Both TCP/IP and OSI suites need improved upper-layer
architectures and services. TCP/IP uses an antiquated upper-
layers protocol encoding technique that is inferior to the OSI
solution (ASN.1). TCP/IP uses well-known addresses for
connecting to network services; OSI relies on a directory of
names to find the address for a needed service. OSI forces an
arbitrary three-layer structure (session, presentation, and
application) onto the upper layers, creating built-in
inefficiencies and making certain operations, such as encryption,
more difficult than necessary. Neither architecture provides the
desired flexibility to construct new application services by
combining existing, refined, or newly defined components into a
bundle of cooperating objects.
Both TCP/IP and OSI have deficiencies regarding system-level
issues, such as security, multi-casting, and multimedia.
TCP/IP-related specifications (called RFCs or Request For
Comments) are being developed for privacy-enhanced mail,
including a system for distributing certificates in support of a
general authentication service, and RFCs are also under
consideration to provide security services for network management
and routing. Kerberos, a secret-key authentication, integrity,
and confidentiality system, has been developed at the
Massachusetts Institute of Technology (MIT) under Project Athena
and is being deployed in portions of the Internet. OSI standards
are under development for authentication, confidentiality, and
integrity at the network, transport, link, and application
layers, but solutions are several years away.
Wide-area multi-casting protocols are being considered for the
Internet. OSI has a rich set of multimedia capabilities embedded
in the electronic mail standard, while TCP/IP is just developing
such extensions for SMTP. Neither TCP/IP nor OSI standards have
capabilities for real-time, multimedia services.
Both TCP/IP and OSI application services face increasing
competition from LAN operating systems, from other proprietary
protocols, and from market solutions such as those endorsed by
the Open Software Foundation, Unix International, and X/Open.
TCP/IP and OSI, while providing a wide array of the most useful
networking functions and services, as well as a base on which to
build other services, will never embody every new feature that
users might employ -- at least not until the data network is
viewed as a utility akin to the electric power grid or the voice
telephone network.
Guidance on Acquisition of Future Systems
NIST recommends that agencies installing a new network or
acquiring new data communications services specify and implement
OSI as the standard protocol for multivendor information
exchange. Where there are specific requirements that go beyond
the capabilities available in OSI products today, OSI should be
augmented with other network protocols as needed to meet such
additional requirements. Usually this means accepting
proprietary solutions. However, solicitations should make clear
the agency's intent to reduce proprietary enhancements over time,
and its plans to require the inclusion of additional OSI services
in products as OSI specifications continue to mature.
There may be instances where procuring TCP/IP products is
sensible; for example, to add to an already existing large TCP/IP
network. However, if the procurement is of significant size,
then the systems should be purchased with a dual-stack capability
to handle both TCP/IP and OSI, and routers should be upgraded to
route both TCP/IP and OSI data. Further, systems (often called
`dual-suited hosts') should include software to relay between
TCP/IP and OSI applications. These capabilities are often called
`application gateways' or, more specifically, `SMTP-X.400
Gateways' for electronic mail and `FTP-FTAM Gateways' for file
transfer. These steps will prepare networks to support OSI and
TCP/IP traffic and to facilitate interchange of information
between OSI and TCP/IP computers. Once these capabilities are in
place, future acquisitions can be converted to require OSI in
lieu of TCP/IP.
Sometimes, installing TCP/IP together with OSI might make sense
in the procurement of a new network; for example, the acquisition
of a large network of routers, servers, and workstations that has
to integrate some older existing computers into the network.
Often, TCP/IP implementations may exist for older computers for
which no OSI implementation exists and for which no OSI
implementation is planned. In this case, the migration path is
straightforward: procure routers (often called `dual-suited
routers') capable of switching both OSI and TCP/IP data and add
some number of dual-suited hosts with application gateways. The
new network will then support information exchange between old
existing computers and the newly procured, OSI-capable equipment.
Some vendors are developing OSI upper layer implementations such
as FTAM and X.400 that run over TCP/IP. These developments will
bear watching by Federal users.
Summary
The procurement of OSI products is recommended when a new network
is acquired or when a significant upgrade is made to an existing
network. The acquisition of TCP/IP protocols, in addition to
OSI, is recommended only when the network being upgraded is
already a TCP/IP network or when TCP/IP provides the only means
of integrating older, existing computers into a new network.
Acquiring TCP/IP alone is recommended only when the acquisition
involves buying a single computer or a few workstations to
connect to an existing large TCP/IP network, such as the
Internet. Even here, since the Internet is adding support for
OSI coexistence and interoperation with TCP/IP, procuring OSI in
addition to TCP/IP makes good sense.
In the 1990s we can expect that changes in technology will result
in many more activities being automated, decentralized, and
distributed geographically throughout an organization. Increased
processing power, faster data networks, high-capacity data
storage, expert systems, and neural networks are some of the
technologies that will be available. New technology will have to
coexist with existing technology. Data communications protocols
are an essential component of the open systems environments that
will make it possible for users to achieve multivendor systems
with a full range of computing resources.
In a box separated from rest of text:
The Government Open Systems Interconnection Profile (GOSIP)
defines a common set of data communications protocols that enable
systems developed by different vendors to interoperate and the
users of different applications on those systems to exchange
information. GOSIP is based on national and international
voluntary industry standards, and on implementation agreements
developed by the OSI Implementors Workshop (co-sponsored by NIST
and the Institute of Electrical and Electronics Engineers
Computer Society).
The initial version (Version 1) of GOSIP was issued in August
1990 as Federal Information Processing Standard (FIPS) 146.
Version 1 supported electronic mail and file transfer, access and
management applications, and the interconnection of networking
technologies for CCITT Recommendation X.25, Carrier Sense
Multiple Access with Collision Detection, Token Bus, and Token
Ring. Use of Version 1 protocols is mandatory for federal
government agencies that acquire computer networking products and
services, and communications systems or services, that provide
equivalent functionality to the protocols defined in the
standard.
Version 2 of GOSIP, which was issued in April 1991 as FIPS 146-
1, adds the virtual terminal service as a application and
provides for the interconnection of Integrated Services Digital
Network (ISDN) as a networking technology. Other additions in
Version 2 include provisions for transfer of Office Document
Architecture (ODA) formats, the end system to intermediate system
protocol, and options for connectionless and connection-oriented
services. The additional protocols in Version 2 may be cited in
solicitations and contracts now, and will become mandatory for
federal agency use in October 1992 when the systems to be
acquired require functionality equivalent to the Version 2
protocols.
NIST is collaborating with several industry groups to develop a
common OSI specification that will consolidate the requirements
of major U.S. computer users. The planned industry and
government open systems specification (IGOSS) will enable these
computer users to speak with one voice to vendors and to make up
a large market for OSI products. In 1993, NIST expects to
propose the IGOSS as Version 3 of GOSIP.
Government Open Systems Interconnection Profile (FIPS 146-1) is
available from the National Technical Information Service,
Springfield, VA 22161. Telephone: 703-487-4650. FAX: 703-
321-8547.
NIST operates a database system that provides online information
about GOSIP tests, testing laboratories, and tested products.
The database can be accessed by:
Using the Internet address 129.6.48.100 and logging on under
the user-name gosip-db. No password is necessary.
Via a modem by dialing the phone number (301) 869-0096. Log
in using the user-name gosip-db. No password is necessary.
Recommended modem configuration is 8-bits, 1 stop bit, no
parity and baud rates of 1200 or 2400 speed.