From owner-freebsd-net Wed Mar 14 22:22:23 2001 Delivered-To: freebsd-net@freebsd.org Received: from online.tmx.com.au (online.tmx.com.au [192.150.129.1]) by hub.freebsd.org (Postfix) with ESMTP id 4E2BC37B71A; Wed, 14 Mar 2001 22:21:37 -0800 (PST) (envelope-from mtaylor@bytecraft.com.au) Received: from melexc01.bytecraft.com.au ([203.9.250.249]) by online.tmx.com.au (8.9.3/8.8.8) with ESMTP id RAA19871; Thu, 15 Mar 2001 17:21:29 +1100 (EST) Received: by MELEXC01 with Internet Mail Service (5.5.2448.0) id ; Thu, 15 Mar 2001 17:23:04 +1100 Message-ID: <710709BB8B02D311942E006067441810544295@MELEXC01> From: Murray Taylor To: "'freebsd-net@freebsd.org'" , "'freebsd-questions@freebsd.org'" Cc: "'Julian Elischer'" Subject: The Frame Relay setup / tutorial example revised Date: Thu, 15 Mar 2001 17:22:31 +1100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a re-write of the network setup I am devising with fixes suggested by Julian Elisher (many thanks) There are still some questions though .... which anybody is welcome to take a shot at.... RTFMs used - man netgraph, ng_frame_relay, ng_lmi, ng_iface, ng_rfc1490, ng_bridge - /usr/share/examples/netgraph/* - Daemonnews 200003 netgraph article by Archie Cobbs - previous freebsd-questions and -net mailings O'Reilly - DNS and BIND - Getting Connected - The internet at 56K and up Addison-Wesley - Practical Internetworking with TCP/IP and UNIX Other factoids about the networks - The melbourne net is Win 9x/NT centric and almost all addresses are served up by DHCP from the NT PDC - The FreeBSD boxen are being used for the frame relay/ webserving application only at present. - The FreeBSD boxen run Samba at the os level = 0 and other appropriate settings to avoid interaction with the Browse master election waffle of M$ land This is still theoretical, as I am still waiting for the copper connection ;-) ! But it is RSN !! (I got the NTU in my hands today!) -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- The Questions: For the initial setup [1] ANSWERED Given the settings from Telstra for the Management protocol, do I need the netgraph ng_lmi module? yes FreeBSD will be happy without it but the telstra end will not enable the link unless it get's the regular link-ok packets that the lmi module sends. You can use any management protocol. the lmi module understands all three. (connect it to dlci0 and dlci1023 at once and it will try all possible combinations of dlci and protocol, or, use a specific protcol, attached to a praticular dlci as directed by the telstra instructions.. i.e AnnexA<---->dlci0 ANSI-AnnexD Iso/Ieee Annex D LMI- (sometimes refered to as "group-of-4") For the WAN setup [1] Given that I understand that establishing the permanent virtual circuit (PVC) to the Sydney office will assign another DLCI number to us, is the netgraph extension I have made in start_if.ng1 (melbourne setup) correct? [2] ANSWERED Do I need to add a router daemon to the melbourne system now? probably not. More difficult questions (given DHCP nature of the network) [3] MORE DETEAIL GIVEN Do I need to fully populate the /etc/hosts table now? If the DHCP server is also the NDS server, probably not. Unfortunately the DHCP server is an NT box totally unrelated to the FreeBSD boxen (in fact it is 302 feet away on a CAT5 in the main company server room). I am running only a small /etc/hosts and DNS table configuration so that I can manage virtual hosts on Apache and give the web designers access to the web sites being developed Any one have more detail on managing / merging DHCP & DNS & hosts ?? [4] Do I need to fully populate the DNS table in Spyder? Other questions (bonus points!) [1] if I need to bring out other xxx.yyy.zzz.0/26 addresses 'out-the-side' of Spyder for other 'net visible machines, how should it be done? There is'nt any lower / upper hooks on the ng_iface node to attach a ng_bridge. I assume that this would be the connections point as it is the 'effective ethernet port' that one normally hooks to, is it not? -=-=-=-=-=-=-=-= Selected other comments by Julian (hopefully placed in enuf context) (on the netgraph I was using that used the auto0 and auto1023 hooks on the ng_lmi node) (...) if the telstra equipment also allows all management protocols the one you end up with is a roll of the dice.. you may prefer to use the specific protocol hooks for the lmi module attached to dlci0 now using specific protocol (on setting up initial routing on the netgraph frame relay interface) use the remote address for default.. i.e. the address at the telstra end. If in doubt as to what it is, set it to a random address in the ifconfig, make it the default route and then do a traceroute. It'll respond with it's correct address. Set that in as the remote address. (and more on the same routing) NO NO NO it is point-to-point link ifconfig ng0 MYADDRESS REMOTEADDRESS there is no netmask.. (I didn't know netgraph did this) The lmi module will log the DLCIs that it finds in the dmesg and /var/log/messages. Murray Taylor Project Engineer Bytecraft P/L +61 3 9587 2555 +61 3 9587 1614 fax mtaylor@bytecraft.com.au ============================================ THE REVISED SYSTEM SETUP ============================================ Initial setup -- Internet Access from ByteMelb for website - select Management Protocol ITU-T (CCITT) Q933 Annex A no ANSI T1.617 Annex D yes (Telstra default) LMI (FRF Doc#001-208966) no - select physical interface X.21bis/V35 no X.21 yes G.704 no - Telstra assignments xxx.yyy.zzz.0/26 network DLCI 16 Internet link (Telstra 'Big Pond') - Hardware card WANic 405 with X21 interface uses sr(4) driver - kernel compiled with NETGRAPH - hardware setup ng0 ip fxp0 ip xxx.yyy.zzz.1 SPYDER 10.1.2.30 +----------+ | | +---+ |-+-+ +-| frame | N | X21 |s|n| |f| 100BaseT =======| T |========|r|g| |x|~~~~~~~~~~~~ relay | U | |0|0| |p| +---+ |-+-+ |0| | +-| | | | | | | | | +----------+ Netgraph setup for Internet access <<<<<<< mod [ ] [ lmi ](annexD) --------+ [ ] | | [ sr0 ] [ ](dlci0) ---+ [ phys ](rawdata) --- (downstream)[ frame_relay ] [ ] [ ](dlci16)--+ | +---------------------------------------------------------+ | | { ] [ ng0 ] +--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] xxx.yyy.zzz.1 [ ] [ ] Desired Initial Routing default TELSTRA_GATEWAY UGSc ng0 <<<<<<<< mod 127.0.0.1 127.0.0.1 UH lo0 10.1.2.0 ff:ff:ff:ff:ff:ff UHLWb fxp0 10.1.2 link#1 UC fxp0 - - - - so the following is done in this sequence via rc.conf (written in the sequence that rc.network will process them) =============== network portions of rc.conf ========================== # # set up my hostname # hostname="spyder.bytecraft.au.com" # # network setup # network_interfaces="lo0 ng0 fxp0" # # (NB more needed in man pages re start_if.* files) # # start_if.ng0 file is run here automagically # ifconfig_lo0="inet 127.0.0.1" ifconfig_fxp0="inet 10.1.2.30 netmask 255.255.0.0" ifconfig_ng0="inet xxx.yyy.zzz.1 TELSTRA-GATEWAY" <<<<<<<< mod # # firewall # ipfw_enable="YES" ipfw_flags="/etc/firewall/rules" # # NAT setup here # natd_enable="YES" natd_interfaces="ng0" # # static routes <<<<<<<< mod down to gateway section # # route(8) # A destination of default is a synonym for -net 0.0.0.0, which is the de- # fault route. # # If the destination is directly reachable via an interface requiring no # intermediary system to act as a gateway, the -interface modifier should # be specified; the gateway given is the address of this host on the common # network, indicating the interface to be used for transmission. Alter- # nately, if the interface is point to point the name of the interface it- # self may be given, in which case the route remains valid even if the lo- # cal or remote addresses change. # static_routes="ng0" # default route set to point out the frame relay link to big pond route_ng0="-net 0.0.0.0 -interface ng0" # # gateway enable # gateway_enable="YES" # # ----- end of netpass 1 # # named enable # named_enable="YES" named_flags="-u bind -g bind /etc/namedb/sandbox/named.conf" # # ----- end of netpass 2 # # sshd # sshd_enable="YES" # # ----- end of netpass 3 # # inetd flags # inetd_flags="" ============= end of network part of rc.conf ======================== the start_if.ng0 script ( basically a modified copy of the frame relay example file in /usr/share/examples/netgraph ) ================ start_if.ng0 ============================= #!/bin/sh # script to set up a frame relay link on the sr card. # The dlci used is selected below. The default is 16 # WANic 405 CARD=sr0 DLCI=16 # create a frame_relay type node and attach it to the sync port. ngctl mkpeer ${CARD}: frame_relay rawdata downstream # Attach the dlci output of the (de)multiplexor to a new <<<<<<<< mod # Link management protocol node using ANSI AnnexD ngctl mkpeer ${CARD}:rawdata lmi dlci0 annexD <<<<<<<< mod deleted dlci1023 hook # Attach the DLCI(channel) the Telco has assigned you to # a node to hadle whatever protocol encapsulation your peer # is using. In this case rfc1490 encapsulation. ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream # Attach the ip (inet) protocol output of the protocol mux to the ip (inet) # input of a netgraph "interface" node (ifconfig should show it as "ng0"). ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet ================end of start_if.ng0 ========================== windoze machines that need internet access have their gateway set to 10.1.2.30 ** NOTE most internet access is inwards to apache webserver running on spyder ===================================================================== VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV ===================================================================== Then when Sydney comes online as a WAN extension to the ByteMelb net Assumptions Private Virtual Circuit (PVC) defined as : DLCI 17 at bytemelb DLCI 16 at bytesyd MELBOURNE - hardware setup ng0 ip fxp0 ip xxx.yyy.zzz.1 SPYDER 10.1.2.30 ng1 ip +----------+ 10.1.2.250 | +-+ | | |n| | +---+ |-+g| +-| frame | N | X21 |s|0| |f| 100BaseT =======| T |========|r|-| |x|~~~~~~~~~~~~ relay | U | |0|n| |p| +---+ |-+g| |0| | |1| +-| | +-+ | | | | | | | +----------+ Netgraph redefined to this configuration [ ] [ lmi ](annexD) --------+ [ ] | | [ sr0 ] [ ](dlci0) ---+ [ phys ](rawdata) --- (downstream)[ frame_relay ] [ ] [ ](dlci16) ---+ [ ](dlci17) --+| || +----------------------------------------------------------+| |+----------------------------------------------------------+ || || { ] [ ng0 ] |+--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] 203.39.118.1 | [ ] [ ] | | [ ] [ ng1 ] +---- (downstream)[ rfc1490 ](inet) --- (inet)[ iface ] 10.1.2.250 [ ] [ ] Desired Initial Routing default TELSTRA-GATEWAY UGSc ng0 <<<<<<<< mod 127.0.0.1 127.0.0.1 UH lo0 10.1.7/24 10.1.7.250 UGS ng1 -- added WAN link 10.1.2.0 ff:ff:ff:ff:ff:ff UHLWb fxp0 10.1.2 link#1 UC fxp0 --- SYDNEY - hardware setup ng0 ip fxp0 ip 10.1.7.250 SYDGATE 10.1.7.1 +----------+ | | +---+ |-+-+ +-| frame | N | X21 |s|n| |f| 100BaseT =======| T |========|r|g| |x|~~~~~~~~~~~~ relay | U | |0|0| |p| +---+ |-+-+ |0| | +-| | | | | | | | | +----------+ Netgraph will be similar to original ByteMelb setup [ ] [ lmi ](annexD) --------+ [ ] | | [ sr0 ] [ ](dlci0) ---+ [ phys ](rawdata) --- (downstream)[ frame_relay ] [ ] [ ](dlci16)--+ | +---------------------------------------------------------+ | | { ] [ ng0 ] +--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] 10.1.7.250 [ ] [ ] Desired Initial Routing default 10.1.2.250 UGSc ng0 <<<<<<<< mod 127.0.0.1 127.0.0.1 UH lo0 10.1.7.0 ff:ff:ff:ff:ff:ff UHLWb fxp0 10.1.7 link#1 UC fxp0 - - - - so the setups now are this (written in the sequence that rc.network will process them) =bytMelb==== WAN ===network portions of rc.conf ============== # # changes / additions marked by --------- WAN # # set up my hostname # hostname="spyder.bytecraft.au.com" # # network setup # network_interfaces="lo0 ng0 ng1 fxp0" ---------- WAN # # start_if.ng0 file is run here automagically # start_if.ng1 is run also ---------- WAN # ifconfig_lo0="inet 127.0.0.1" ifconfig_fxp0="inet10.1.2.30 netmask 255.255.0.0" # setup point to point link to Telstra <<<<<<<< mod ifconfig_ng0="inet xxx.yyy.zzz.1 TELSTRA-GATEWAY" # setup point to point link to BytSyd <<<<<<<< mod ifconfig_ng1="inet 10.1.2.250 10.1.7.250" ---------- WAN # # firewall # ipfw_enable="YES" # # NAT setup here # natd_enable="YES" natd_interfaces="ng0" # # static routes # <<<<<<<< mod down to gateway section # route(8) # A destination of default is a synonym for -net 0.0.0.0, which is the de- # fault route. # # If the destination is directly reachable via an interface requiring no # intermediary system to act as a gateway, the -interface modifier should # be specified; the gateway given is the address of this host on the common # network, indicating the interface to be used for transmission. Alter- # nately, if the interface is point to point the name of the interface it- # self may be given, in which case the route remains valid even if the lo- # cal or remote addresses change. static_routes="ng0 ng1" ---------- WAN # default route set to point out the frame relay link to big pond route_ng0="-net 0.0.0.0 -interface ng0" # sydney route set to the frame relay link to BytSyd route_ng1="-net 10.1.7.0/16 -interface ng1" # # gateway enable # gateway_enable="YES" # # ----- end of netpass 1 # # named enable # named_enable="YES" named_flags="-u bind -g bind /etc/namedb/sandbox/named.conf" # # ----- end of netpass 2 # # sshd # sshd_enable="YES" # # ----- end of netpass 3 # # inetd flags # inetd_flags="" ============= end of network part of rc.conf ======================== the start_if.ng0 script ( basically a copy of the frame relay example file in /usr/share/examples/netgraph ) ===bytMelb== WAN =========== start_if.ng0 ========================== ----------- WAN no changes ============== end of start_if.ng0 =============================== ===bytMelb== WAN =========== start_if.ng1 ========================== #!/bin/sh # script to set up an additional frame relay link on the sr card. # WANic 405 CARD=sr0 # # WAN link to sydney DLCI=17 # Attach the DLCI(channel) the Telco has assigned you to # a node to handle whatever protocol encapsulation your peer # is using. In this case rfc1490 encapsulation. ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream # Attach the ip (inet) protocol output of the protocol mux to the ip (inet) # input of a netgraph "interface" node (ifconfig should show it as "ng1"). ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet ====bytMelb== WAN ==========end of start_if.ng1 =================== windoze machines that need internet access have their gateway set to 10.1.2.30 other windoze machines should pass through to bytSyd OK due to netmask value 255.255.0.0 ???? ====bytSyd === WAN == network portions of rc.conf ================= # # set up my hostname # hostname="sydgate.bytecraft.au.com" # # network setup # network_interfaces="lo0 ng0 fxp0" # # start_if.ng0 file is run here automagically # ifconfig_lo0="inet 127.0.0.1" ifconfig_fxp0="inet 10.1.7.1 netmask 255.255.0.0" # setup point to point link to BytMelb ifconfig_ng0="inet 10.1.7.250 10.1.2.250" <<<<<<<< mod # # firewall # ipfw_enable="NO" # # NAT setup here # natd_enable="NO" # # static routes # # <<<<<<<< mod down to gateway section # route(8) # A destination of default is a synonym for -net 0.0.0.0, which is the de- # fault route. # # If the destination is directly reachable via an interface requiring no # intermediary system to act as a gateway, the -interface modifier should # be specified; the gateway given is the address of this host on the common # network, indicating the interface to be used for transmission. Alter- # nately, if the interface is point to point the name of the interface it- # self may be given, in which case the route remains valid even if the lo- # cal or remote addresses change. static_routes="ng0" route_ng0="-net 0.0.0.0 -interface ng0" # # gateway enable # gateway_enable="NO" # # ----- end of netpass 1 # # named enable # named_enable="NO" # # ----- end of netpass 2 # # sshd # sshd_enable="YES" # # ----- end of netpass 3 # # inetd flags # inetd_flags="" ===bytSyd== WAN == end of network part of rc.conf ====== the start_if.ng0 script ===bytSyd== WAN ==== start_if.ng0 ===================== #!/bin/sh # script to set up a frame relay link on the sr card. # The dlci used is selected below. The default is 16 # WANic 405 CARD=sr0 DLCI=16 # create a frame_relay type node and attach it to the sync port. ngctl mkpeer ${CARD}: frame_relay rawdata downstream # Attach the dlci output of the (de)multiplexor to a new # Link management protocol node. ngctl mkpeer ${CARD}:rawdata lmi dlci0 annexD # Attach the DLCI(channel) the Telco has assigned you to # a node to hadle whatever protocol encapsulation your peer # is using. In this case rfc1490 encapsulation. ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream # Attach the ip (inet) protocol output of the protocol mux to the ip (inet) # input of a netgraph "interface" node (ifconfig should show it as "ng0"). ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet ===bytSyd== WAN ====end of start_if.ng0 ====================== windoze machines that need internet access have their gateway set to 10.1.2.30 windoze machines should see melb system OK due to netmask value default route through ng0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message