From owner-freebsd-net Thu May 24 16:40:26 2001 Delivered-To: freebsd-net@freebsd.org Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197]) by hub.freebsd.org (Postfix) with ESMTP id AF81737B423 for ; Thu, 24 May 2001 16:40:21 -0700 (PDT) (envelope-from gunther@aurora.regenstrief.org) Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38]) by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f4ONh9X07900 for ; Thu, 24 May 2001 18:43:09 -0500 Message-ID: <3B0D9BE4.80CB1E35@aurora.regenstrief.org> Date: Thu, 24 May 2001 23:40:20 +0000 From: Gunther Schadow Organization: Regenstrief Institute for Health Care X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: NetWare / IPX routing facts and a question Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, (sheesh, I received 17000 messages through all the freebsd groups since April!!!! How can anyone read this?) To the point: this message contains a little give and take. GIVE: A quick report of what is possible with IPX/Netware stuff in FreeBSD. TAKE: Looking for people who use the FreeBSD IPX/Netware stuff for production and can lend a hand with some of IPX weirdnesses. Please write to me directly (in addition to copying the list, I may not find your answer otherwise.) Here goes ... GIVE: I have set up a series of small PCs (Flytech 533 MHz Celeron with 8 MB DiskOnChip, 64 MB RAM, and the SOEKRIS board with AMD i486 class PC on a chip, 133 MHz, 8 MB CompactFlash, 32 MB RAM) with FreeBSD. I started with PicoBSD but have developed my own Makefile based environment to build the images for these boxes. Very slick. My boxes are VPN tunnel endpoints, routers, NAT boxes, firewalls, traffic conditioner and shaper all in one. I do IPX routing including tunneling through the VPN. VPN is IPsec in tunnel mode (without gif as it's meant to be.) I don't do IKE (racoon) just yet, but soon. For IPX I have to deal with 802.2 Ethernet frame types, so I use the pseudo-device ef(4) to handle those frame types. IPXrouted runs of course. For the tunneling of IPX traffic I use Boris Popov's experimental if_nwip.[hc] driver. I build only static kernels without dynamic module stuff, so I hooked the if_nwip stuff into the /sys/conf/files and options lists and it works. There is a problem with the BPF hooks and I have reported a kernel bug (kern/27601) on some other strangeness, which doesn't become manifest if I have two or more different ethernet device types in my kernel (even though I use only one of them.) Once the nwip device is known to the kernel I use the nwipcfg tool (also from Boris Popov) to set up the tunnel through the IPsec tunnel. The IPX packets are simply forwarded using UDP to the other side. I also planned to do this using the tap(4) device, but why reimplementing nwip if it works? Physicians now do video conferences from home through cable internet. They see patients at a nursing home at night. This works very nicely through the FreeBSD goodies. It was absolutely crucial for us to use the great ALTQ traffic shaping stuff with class based queueing to allow good audio and control connections through the bottlenecked outgoing channel. ALTQ has done miracles for us. I can give more specifics about all of these things if you want. Ask me if you have questions or problems with any of this. I plan on publishing a bit more about it. FreeBSD is great! TAKE: Now the problem. IPX acts very strangely. Oftentimes I can connect to the main IPX network and sometimes Novell servers aren't seen. They appear in the server list (nlist, or SAP stuff) but as soon as you try connecting to them they sometimes can't be connected. We have a large campus network with thousands of Novell servers. All of them are supposed to use 802.2 and almost all of them do. Certainly the servers I'm interested in use the right frame type. The systems that talk though the FreeBSD router are DOS, Novell, and Windows machines. We run a Revelation data base over IPX and it sometimes will do fine and sometimes fail to start. I am sure there is something completely stupid going on. I assume that the FreeBSD's IPX routing works flawlessly for every connection because why should it not? Yet sometimes it seems to not work. Is there some timeout I need to change on clients or servers? The randomness of the problem points toward some random timing problems. But I am really not an IPX guru and I don't know all the little corners I should be looking at. I did change all clients to use the 802.2 frame type only and that seemed to help things a little. But there are still those episodes of not-workingness, where one can't login to a server, or even if one did login, the Revelation IPX stuff would fail and die. Also the machine's booting appears overall slower. I know this is not a Windows helpdesk, but you know how these things are, the first one who gets blamed is this self-made little "Linux-box". And I want the victory be FreeBSD's! So, whoever works with IPX and FreeBSD as IPX router, please contact me so I can pick your brain! thanks, -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message