Date: Tue, 13 Mar 2001 08:53:10 -0800 From: Julian Elischer <julian@elischer.org> To: Murray Taylor <mtaylor@bytecraft.com.au> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org> Subject: Re: Frame Relay setup questions (and basis for tutorial?) Message-ID: <3AAE5076.BF85C06@elischer.org> References: <710709BB8B02D311942E00606744181054428D@MELEXC01>
next in thread | previous in thread | raw e-mail | index | archive | help
Murray Taylor wrote:
>
> This loooong email will hopefully allow the netgraph - network gurus to
> A: answer my remaining questions
> and
> B: grab this and make a tutorial 'worked example' (unless it is total blech
> of course)
>
> So to those who have already earned their stripes from one looking for his
> first
> (hopefully, not to painful) stripe.....
>
> RTFMs used
> - man netgraph, ng_frame_relay, ng_lmi, ng_iface, ng_rfc1490, ng_bridge
> - /usr/share/examples/netgraph/*
> - Daemonnews 200003 netgraph article by Archie Cobbs
> - previous freebsd-questions and -net mailings
> O'Reilly
> - DNS and BIND
> - Getting Connected - The internet at 56K and up
> Addison-Wesley
> - Practical Internetworking with TCP/IP and UNIX
>
> Other factoids about the networks
> - The melbourne net is Win 9x/NT centric and almost all addresses are served
> up by DHCP from the NT PDC
> - The FreeBSD boxen are being used for the frame relay/ webserving
> application
> only at present.
> - The FreeBSD boxen run Samba at the os level = 0 and other appropriate
> settings to
> avoid interaction with the Browse master election waffle of M$ land
>
> This is still theoretical, as I am still waiting for the copper connection
> ;-) !
> But it is RSN !!
>
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
> The Questions:
> For the initial setup
>
> [1] Given the settings from Telstra for the Management protocol, do I need
> the
> netgraph ng_lmi module?
yes
FreeBSD will be happy without it but the telstra end will not
enable the link unless it get's the regular link-ok packets that
the lmi module sends.
You can use any management protocol. the lmi module understands all three.
(connect it to dlci0 and dlci1023 at once and it will try
all possible combinations of dlci and protocol, or, use a specific
protcol, attached to a praticular dlci as directed by the telstra
instructions.. i.e AnnexA<---->dlci0
ANSI-AnnexD
Iso/Ieee Annex D
LMI- (sometimes refered to as "group-of-4")
>
> For the WAN setup
> [1] Given that I understand that establishing the permanent virtual circuit
> (PVC)
> to the Sydney office will assign another DLCI number to us, is the netgraph
> extension I have made in start_if.ng1 (melbourne setup) correct?
>
> [2] Do I need to add a router daemon to the melbourne system now?
probably not.
>
> More difficult questions (given DHCP nature of the network)
> [3] Do I need to fully populate the /etc/hosts table now?
If the DHCP server is also the NDS server, probably not.
>
> [4] Do I need to fully populate the DNS table in Spyder?
>
> Other questions (bonus points!)
> [1] if I need to bring out other xxx.yyy.zzz.0/26 addresses 'out-the-side'
> of Spyder for other 'net visible machines, how should it be done?
> There is'nt any lower / upper hooks on the ng_iface node to attach a
> ng_bridge. I assume that this would be the connections point as it
> is the 'effective ethernet port' that one normally hooks to, is it not?
>
> Murray Taylor
> Project Engineer
>
> Bytecraft P/L +61 3 9587 2555
> +61 3 9587 1614 fax
> mtaylor@bytecraft.com.au
>
> -o-o-o-o-o-o-o-o-o-o-o-o-o--o-o-o-o-o-o-o-o-o-o-o-o
> The 2 setups to be examined w.r.t. the above questions
>
> Initial setup -- Internet Access from ByteMelb for website
>
> - select Management Protocol
> ITU-T (CCITT) Q933 Annex A no
> ANSI T1.617 Annex D yes (Telstra default)
> LMI (FRF Doc#001-208966) no
>
> - select physical interface
> X.21bis/V35 no
> X.21 yes
> G.704 no
>
> - Telstra assignments
> xxx.yyy.zzz.0/26 network
> DLCI 16 Internet link (Telstra 'Big Pond')
>
> - Hardware card WANic 405 with X21 interface
> uses sr(4) driver - kernel compiled with NETGRAPH
>
> - hardware setup
>
> ng0 ip fxp0 ip
> xxx.yyy.zzz.1 SPYDER 10.1.2.30
> +----------+
> | |
> +---+ |-+-+ +-|
> frame | N | X21 |s|n| |f| 100BaseT
> =======| T |========|r|g| |x|~~~~~~~~~~~~
> relay | U | |0|0| |p|
> +---+ |-+-+ |0|
> | +-|
> | |
> | |
> | |
> | |
> +----------+
>
> Netgraph setup for Internet access
>
> [ ](auto1023) -------+
> [ lmi ](auto0) ---------+|
> [ ] ||
> ||
> [ sr0 ] [ ](dlci0) ---+|
> [ phys ](rawdata) --- (downstream)[ frame_relay ](dlci1023) -+
> [ ] [ ](dlci16)--+
> |
> +---------------------------------------------------------+
> |
> | { ] [ ng0 ]
> +--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] xxx.yyy.zzz.1
> [ ] [ ]
>
excellent, but if the telstra equipment also allows all management protocols
the one you end up with is a roll of the dice..
you may prefer to use the specific protocol hooks for the lmi module attached to
dlci0
> Desired Initial Routing
>
> default xxx.yyy.zzz.1 UGSc ng0
use the remote address for default.. i.e. the address at the telstra end.
If in doubt as to what it is, set it to a random address in the ifconfig,
make it the default route and then do a traceroute. It'll respond with
it's correct address.
Set that in as the remote address.
> 127.0.0.1 127.0.0.1 UH lo0
> 10.1.2.0 ff:ff:ff:ff:ff:ff UHLWb fxp0
> 10.1.2 link#1 UC fxp0
>
> - - - - so the following is done in this sequence via rc.conf
> (written in the sequence that rc.network will process them)
>
> =============== network portions of rc.conf ==========================
> #
> # set up my hostname
> #
> hostname="spyder.bytecraft.au.com"
> #
> # network setup
> #
> network_interfaces="lo0 ng0 fxp0"
> #
> # (NB more needed in man pages re start_if.* files)
> #
> # start_if.ng0 file is run here automagically
> #
> ifconfig_lo0="inet 127.0.0.1"
> ifconfig_fxp0="inet 10.1.2.30 netmask 255.255.0.0"
> ifconfig_ng0="inet xxx.yyy.zzz.1 netmask 255.255.255.192"
NO NO NO
it is point-to-point link
ifconfig ng0 MYADDRESS REMOTEADDRESS
there is no netmask..
> #
> # firewall
> #
> ipfw_enable="YES"
> ipfw_flags="/etc/firewall/rules"
> #
> # NAT setup here
> #
> natd_enable="YES"
> natd_interfaces="ng0"
> #
> # static routes
> #
> static_routes="ng0"
> route_ng0="-net 0.0.0.0 xxx.yyy.zzz.1"
is this the same as 'default'?
> #
> # gateway enable
> #
> gateway_enable="YES"
> #
> # ----- end of netpass 1
> #
> # named enable
> #
> named_enable="YES"
> named_flags="-u bind -g bind /etc/namedb/sandbox/named.conf"
> #
> # ----- end of netpass 2
> #
> # sshd
> #
> sshd_enable="YES"
> #
> # ----- end of netpass 3
> #
> # inetd flags
> #
> inetd_flags=""
>
> ============= end of network part of rc.conf ========================
>
> the start_if.ng0 script
> ( basically a copy of the frame relay example file in
> /usr/share/examples/netgraph )
>
> ================ start_if.ng0 =============================
> #!/bin/sh
> # script to set up a frame relay link on the sr card.
> # The dlci used is selected below. The default is 16
>
> # WANic 405
> CARD=sr0
> DLCI=16
>
> # create a frame_relay type node and attach it to the sync port.
> ngctl mkpeer ${CARD}: frame_relay rawdata downstream
>
> # Attach the dlci output of the (de)multiplexor to a new
> # Link management protocol node.
> ngctl mkpeer ${CARD}:rawdata lmi dlci0 auto0
>
> # Also attach dlci 1023, as it needs both to try autoconfiguring.
> # The Link management protocol is now alive and probing..
> ngctl connect ${CARD}:rawdata ${CARD}:rawdata.dlci0 dlci1023 auto1023
>
> # Attach the DLCI(channel) the Telco has assigned you to
> # a node to hadle whatever protocol encapsulation your peer
> # is using. In this case rfc1490 encapsulation.
> ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream
>
> # Attach the ip (inet) protocol output of the protocol mux to the ip (inet)
> # input of a netgraph "interface" node (ifconfig should show it as "ng0").
> ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet
>
> ================end of start_if.ng0 ==========================
>
> windoze machines that need internet access have their gateway
> set to 10.1.2.30
>
> ** NOTE most internet access is inwards to apache webserver
> running on spyder
>
> =====================================================================
> VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
> =====================================================================
> Second Setup
>
> Then when Sydney comes online as a WAN extension to the ByteMelb net
>
> Assumptions
> Private Virtual Circuit (PVC) defined as :
> DLCI 17 at bytemelb
> DLCI 16 at bytesyd
>
> MELBOURNE
> - hardware setup
>
> ng0 ip fxp0 ip
> xxx.yyy.zzz.1 SPYDER 10.1.2.30
> ng1 ip +----------+
> 10.1.2.250 | +-+ |
> | |n| |
> +---+ |-+g| +-|
> frame | N | X21 |s|0| |f| 100BaseT
> =======| T |========|r|-| |x|~~~~~~~~~~~~
> relay | U | |0|n| |p|
> +---+ |-+g| |0|
> | |1| +-|
> | +-+ |
> | |
> | |
> | |
> +----------+
>
> Netgraph redefined to this configuration
>
> [ ](auto1023) -------+
> [ lmi ](auto0) ---------+|
> [ ] ||
> ||
> [ sr0 ] [ ](dlci0) ---+|
> [ phys ](rawdata) --- (downstream)[ frame_relay ](dlci1023) -+
> [ ] [ ](dlci16) ---+
> [ ](dlci17) --+|
> ||
> +----------------------------------------------------------+|
> |+----------------------------------------------------------+
> ||
> || { ] [ ng0 ]
> |+--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] 203.39.118.1
> | [ ] [ ]
> |
> | [ ] [ ng1 ]
> +---- (downstream)[ rfc1490 ](inet) --- (inet)[ iface ] 10.1.2.250
> [ ] [ ]
>
> Desired Initial Routing
>
> default xxx.yyy.zzz.1 UGSc ng0
No, the default route is the IP address at the ISP end of the link, not at your
end,
(though in fact they could be the same address and it would still work.)
Point-to-point interface routing decisions are made using the remote address.
otherwise I thin you have it just right.
The lmi module will log the DLCIs that it finds in the dmesg and
/var/log/messages.
> 127.0.0.1 127.0.0.1 UH lo0
> 10.1.7/24 10.1.2.250 UGS ng1 --
> added WAN link
> 10.1.2.0 ff:ff:ff:ff:ff:ff UHLWb fxp0
> 10.1.2 link#1 UC fxp0
>
> ---
> SYDNEY
>
> - hardware setup
>
> ng0 ip fxp0 ip
> 10.1.7.250 SYDGATE 10.1.7.1
> +----------+
> | |
> +---+ |-+-+ +-|
> frame | N | X21 |s|n| |f| 100BaseT
> =======| T |========|r|g| |x|~~~~~~~~~~~~
> relay | U | |0|0| |p|
> +---+ |-+-+ |0|
> | +-|
> | |
> | |
> | |
> | |
> +----------+
>
> Netgraph will be similar to original ByteMelb setup
>
> [ ](auto1023) -------+
> [ lmi ](auto0) ---------+|
> [ ] ||
> ||
> [ sr0 ] [ ](dlci0) ---+|
> [ phys ](rawdata) --- (downstream)[ frame_relay ](dlci1023) -+
> [ ] [ ](dlci16)--+
> |
> +---------------------------------------------------------+
> |
> | { ] [ ng0 ]
> +--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] 10.1.7.250
> [ ] [ ]
>
> Desired Initial Routing
>
> default 10.1.7.250 UGSc ng0
> 127.0.0.1 127.0.0.1 UH lo0
> 10.1.7.0 ff:ff:ff:ff:ff:ff UHLWb fxp0
> 10.1.7 link#1 UC fxp0
>
> - - - - so the setups now are this
> (written in the sequence that rc.network will process them)
>
> =bytMelb==== WAN ===network portions of rc.conf ==============
> #
> # changes / additions marked by --------- WAN
> #
> # set up my hostname
> #
> hostname="spyder.bytecraft.au.com"
> #
> # network setup
> #
> network_interfaces="lo0 ng0 ng1 fxp0" ---------- WAN
> #
> # start_if.ng0 file is run here automagically
> # start_if.ng1 is run also ---------- WAN
> #
> ifconfig_lo0="inet 127.0.0.1"
> ifconfig_fxp0="inet 10.1.2.30 netmask 255.255.0.0"
> ifconfig_ng0="inet xxx.yyy.zzz.1 netmask 255.255.255.192"
no as above,
ifconfig ng0 MYADDRESS TELSRAADDRESS
ifconfig ng1 10.1.2.250 10.1.7.250
At sydney:
ifconfig ng0 10.1.7.250 10.1.2.250
> ifconfig_ng1="inet 10.1.2.250 netmask 255.255.0.0" ---------- WAN
> #
> # firewall
> #
> ipfw_enable="YES"
> #
> # NAT setup here
> #
> natd_enable="YES"
> natd_interfaces="ng0"
> #
> # static routes
> #
> static_routes="ng0 ng1" ---------- WAN
> route_ng0="-net 0.0.0.0 -interface ng0"
> route_ng1="-net 10.1.7.0 10.1.2.250 255.255.0.0" ---------- WAN
> #
> # gateway enable
> #
> gateway_enable="YES"
> #
> # ----- end of netpass 1
> #
> # named enable
> #
> named_enable="YES"
> named_flags="-u bind -g bind /etc/namedb/sandbox/named.conf"
> #
> # ----- end of netpass 2
> #
> # sshd
> #
> sshd_enable="YES"
> #
> # ----- end of netpass 3
> #
> # inetd flags
> #
> inetd_flags=""
>
> ============= end of network part of rc.conf ========================
>
> the start_if.ng0 script
> ( basically a copy of the frame relay example file in
> /usr/share/examples/netgraph )
>
> ===bytMelb== WAN =========== start_if.ng0 ==========================
>
> ----------- WAN no changes
>
> ============== end of start_if.ng0 ===============================
>
> ===bytMelb== WAN =========== start_if.ng1 ==========================
>
> #!/bin/sh
> # script to set up an additional frame relay link on the sr card.
>
> # WANic 405
> CARD=sr0
> #
> # WAN link to sydney
> DLCI=17
>
> # Attach the DLCI(channel) the Telco has assigned you to
> # a node to handle whatever protocol encapsulation your peer
> # is using. In this case rfc1490 encapsulation.
> ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream
>
> # Attach the ip (inet) protocol output of the protocol mux to the ip (inet)
> # input of a netgraph "interface" node (ifconfig should show it as "ng1").
> ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet
>
> ====bytMelb== WAN ==========end of start_if.ng1 ===================
>
> windoze machines that need internet access have their gateway
> set to 10.1.2.30
>
> other windoze machines should pass through to bytSyd OK due to netmask
> value 255.255.0.0 ????
>
> ====bytSyd === WAN == network portions of rc.conf =================
> #
> # set up my hostname
> #
> hostname="sydgate.bytecraft.au.com"
> #
> # network setup
> #
> network_interfaces="lo0 ng0 fxp0"
> #
> # start_if.ng0 file is run here automagically
> #
> ifconfig_lo0="inet 127.0.0.1"
> ifconfig_fxp0="inet 10.1.7.1 netmask 255.255.0.0"
> ifconfig_ng0="inet 10.1.7.250 netmask 255.255.0.0"
ng interfaces are P2P
> #
> # firewall
> #
> ipfw_enable="NO"
> #
> # NAT setup here
> #
> natd_enable="NO"
> #
> # static routes
> #
> static_routes="ng0"
> route_ng0="-net 0.0.0.0 -interface ng0"
> #
> # gateway enable
> #
> gateway_enable="NO"
> #
> # ----- end of netpass 1
> #
> # named enable
> #
> named_enable="NO"
> #
> # ----- end of netpass 2
> #
> # sshd
> #
> sshd_enable="YES"
> #
> # ----- end of netpass 3
> #
> # inetd flags
> #
> inetd_flags=""
>
> ===bytSyd== WAN == end of network part of rc.conf ======
>
> the start_if.ng0 script
> ( basically a copy of the frame relay example file in
> /usr/share/examples/netgraph )
>
> ===bytSyd== WAN ==== start_if.ng0 =====================
> #!/bin/sh
> # script to set up a frame relay link on the sr card.
> # The dlci used is selected below. The default is 16
>
> # WANic 405
> CARD=sr0
> DLCI=16
>
> # create a frame_relay type node and attach it to the sync port.
> ngctl mkpeer ${CARD}: frame_relay rawdata downstream
>
> # Attach the dlci output of the (de)multiplexor to a new
> # Link management protocol node.
> ngctl mkpeer ${CARD}:rawdata lmi dlci0 auto0
>
> # Also attach dlci 1023, as it needs both to try autoconfiguring.
> # The Link management protocol is now alive and probing..
> ngctl connect ${CARD}:rawdata ${CARD}:rawdata.dlci0 dlci1023 auto1023
>
> # Attach the DLCI(channel) the Telco has assigned you to
> # a node to hadle whatever protocol encapsulation your peer
> # is using. In this case rfc1490 encapsulation.
> ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream
>
> # Attach the ip (inet) protocol output of the protocol mux to the ip (inet)
> # input of a netgraph "interface" node (ifconfig should show it as "ng0").
> ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet
>
> ===bytSyd== WAN ====end of start_if.ng0 ======================
>
> windoze machines that need internet access have their gateway
> set to 10.1.2.30
>
> windoze machines should see melb system OK due to netmask value
> 255.255.0.0 ????
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AAE5076.BF85C06>