How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 2129 http://tools.ietf.org/html/rfc2129

The Flow Attribute Notification Protocol is a protocol between neighbor modes which manages cut-through packet forwarding functionalities. In cut-through packet forwarding, a router doesnít perform conventional IP packet processing for received packets. FANP indicates mapping information between a datalink connection and a packet flow to the neighbor node. It helps a pair of nodes manage mapping information. By using FANP, routers such as the CSR (Cell Switch Router) can forward incoming packets based on their datalink-level connection identifiers, bypassing usual IP packet processing. FANP has the following characteristics:

  • Soft-state, cut-through path (Dedicated-VC) management
  • Protocol between neighbor nodes instead of end-to-end
  • Applicable to any connection-oriented, datalink platform.

FANP generally runs on ATM networks.

There are 7 FANP control messages. They are encapsulated into IP packets, apart from the PROPOSE message which uses an extended ATM ARP message format. The destination IP address in the IP packet header signifies the neighbor nodeís IP address. The source IP address is the senderís IP address. The IP protocol ID is 110.
The following message format exists for: Offer, Ready and Error messages. Propose Ack, Remove and Remove Ack messages do not have the flow ID field.

8 16 24 32 bits
Version OpCode Checksum
VCID type Flow ID Reserved/Refresh int./Error code
VCID
Flow ID

Version
The Version number. This version is version 1.

OpCode

This is the message operation code. The following OpCode values exist:
1    Propose Ack
2    Offer
3    Ready
4    Error
5    Remove
6    Remove ACK

Checksum
A 16 bit checksum for the whole message.

VCID type
The type of VCID. The current value is defined as 1. The VCID uniquely identifies the datalink connection between neighbor nodes.

Flow ID
The value of the Flow ID field determines the Flow ID field format. If the Flow ID is 0, then the flow ID field is null. If the Flow ID is 1, then the Flow ID field described below is present.

Reserved
This field is reserved. In Offer messages the Refresh Timer field appears here. In error messages, the Error code field appears here.

Refresh timer

The interval of the Refresh timer, in seconds. (Only appears in Offer messages.) The recommended value is 120.

Error code
Only appears in Error Messages. The following error codes exist:
1 Unknown VCID type
2 Unknown Flow-ID type
3 Unknown VCID
4 Resource unavailable
5 Unavailable Refresh Interval offered
6 Refuse by policy

Flow ID

The Flow ID field does not appear in propose ACK, Remove and Remove Ack messages. When there is a flow ID type value of 1, this field contains the source and destination IP addresses of the flow.
 

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT