Editing IPX/SPX (section)

==Legacy==
IPX usage has declined in recent years, as the rise of the Internet has made TCP/IP ubiquitous. Novell's initial attempt to support TCP/IP as a client protocol, called NetWare/IP, simply [[Tunneling protocol|"tunneled"]] IPX within IP packets, allowing NetWare clients and servers to communicate over pure TCP/IP networks. However, due to complex implementation and a significant loss in performance due to the tunnelling overhead, NetWare/IP was largely ignored, except as a mechanism to route IPX through TCP/IP-only routers and WAN links. NetWare&nbsp;5.x introduced native support for [[NetWare Core Protocol|NCP]] over TCP/IP, which is now the preferred configuration. The successor to NetWare, [[Open Enterprise Server]], comes in two flavors: [[Open Enterprise Server#OES-NetWare|OES-NetWare]], which provides legacy support for IPX/SPX (deprecated), and [[Open Enterprise Server#OES-Linux|OES-Linux]], which only supports TCP/IP.

Both Microsoft and Novell have provided support (through [[Microsoft Internet Security and Acceleration Server|Proxy Server/ISA Server]] and [[BorderManager]] respectively) for IPX/SPX as an intranet protocol to communicate through a [[Firewall (networking)|firewall]]. This allows a machine using client software to access the Internet without having TCP/IP installed locally; the client software emulates a native TCP/IP stack and provides [[WinSock]] support for local applications (e.g. web browsers), but actually communicates with the firewall over IPX/SPX. In addition to simplifying migration for legacy IPX LANs, this provides a measure of security, as the use of the IPX protocol on the internal network provides a natural barrier against intruders, should the firewall be compromised.

One area where IPX remains useful is for bypassing [[Virtual private network|VPN connections]] with security policies that prohibit communication with other LAN devices (such as printers and [[network-attached storage]]) via TCP/IP.{{citation needed|date=July 2013}}