Date: Thu, 15 Mar 2001 17:22:31 +1100 From: Murray Taylor <mtaylor@bytecraft.com.au> To: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Cc: "'Julian Elischer'" <julian@elischer.org> Subject: The Frame Relay setup / tutorial example revised Message-ID: <710709BB8B02D311942E006067441810544295@MELEXC01>
next in thread | raw e-mail | index | archive | help
This is a re-write of the network setup I am devising with fixes suggested
by Julian Elisher (many thanks)
There are still some questions though .... which anybody is welcome to take
a
shot at....
RTFMs used
- man netgraph, ng_frame_relay, ng_lmi, ng_iface, ng_rfc1490, ng_bridge
- /usr/share/examples/netgraph/*
- Daemonnews 200003 netgraph article by Archie Cobbs
- previous freebsd-questions and -net mailings
O'Reilly
- DNS and BIND
- Getting Connected - The internet at 56K and up
Addison-Wesley
- Practical Internetworking with TCP/IP and UNIX
Other factoids about the networks
- The melbourne net is Win 9x/NT centric and almost all addresses are served
up by DHCP from the NT PDC
- The FreeBSD boxen are being used for the frame relay/ webserving
application only at present.
- The FreeBSD boxen run Samba at the os level = 0 and other appropriate
settings to
avoid interaction with the Browse master election waffle of M$ land
This is still theoretical, as I am still waiting for the copper connection
;-) !
But it is RSN !! (I got the NTU in my hands today!)
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
The Questions:
For the initial setup
[1] ANSWERED
Given the settings from Telstra for the Management protocol, do I need
the
netgraph ng_lmi module?
<julian>
yes
FreeBSD will be happy without it but the telstra end will not
enable the link unless it get's the regular link-ok packets that
the lmi module sends.
You can use any management protocol. the lmi module understands all three.
(connect it to dlci0 and dlci1023 at once and it will try
all possible combinations of dlci and protocol, or, use a specific
protcol, attached to a praticular dlci as directed by the telstra
instructions.. i.e AnnexA<---->dlci0
ANSI-AnnexD
Iso/Ieee Annex D
LMI- (sometimes refered to as "group-of-4")
</julian>
For the WAN setup
[1] Given that I understand that establishing the permanent virtual circuit
(PVC)
to the Sydney office will assign another DLCI number to us, is the netgraph
extension I have made in start_if.ng1 (melbourne setup) correct?
[2] ANSWERED
Do I need to add a router daemon to the melbourne system now?
<julian>
probably not.
</julian>
More difficult questions (given DHCP nature of the network)
[3] MORE DETEAIL GIVEN
Do I need to fully populate the /etc/hosts table now?
</julian>
If the DHCP server is also the NDS server, probably not.
</julian>
<murray responds>
Unfortunately the DHCP server is an NT box totally unrelated
to the FreeBSD boxen (in fact it is 302 feet away on a CAT5 in
the main company server room). I am running only a small /etc/hosts
and DNS table configuration so that I can manage virtual hosts on
Apache and give the web designers access to the web sites being
developed
Any one have more detail on managing / merging DHCP & DNS & hosts ??
</murray responds>
[4] Do I need to fully populate the DNS table in Spyder?
Other questions (bonus points!)
[1] if I need to bring out other xxx.yyy.zzz.0/26 addresses 'out-the-side'
of Spyder for other 'net visible machines, how should it be done?
There is'nt any lower / upper hooks on the ng_iface node to attach a
ng_bridge. I assume that this would be the connections point as it
is the 'effective ethernet port' that one normally hooks to, is it not?
-=-=-=-=-=-=-=-=
Selected other comments by Julian (hopefully placed in enuf context)
(on the netgraph I was using that used the auto0 and auto1023 hooks
on the ng_lmi node)
(...) if the telstra equipment also allows all management protocols
the one you end up with is a roll of the dice..
you may prefer to use the specific protocol hooks for the lmi module
attached to
dlci0 <murray> now using specific protocol </murray>
(on setting up initial routing on the netgraph frame relay interface)
use the remote address for default.. i.e. the address at the telstra end.
If in doubt as to what it is, set it to a random address in the ifconfig,
make it the default route and then do a traceroute. It'll respond with
it's correct address.
Set that in as the remote address.
(and more on the same routing)
NO NO NO
it is point-to-point link
ifconfig ng0 MYADDRESS REMOTEADDRESS
there is no netmask..
(I didn't know netgraph did this)
The lmi module will log the DLCIs that it finds in the dmesg and
/var/log/messages.
Murray Taylor
Project Engineer
Bytecraft P/L +61 3 9587 2555
+61 3 9587 1614 fax
mtaylor@bytecraft.com.au
============================================
THE REVISED SYSTEM SETUP
============================================
Initial setup -- Internet Access from ByteMelb for website
- select Management Protocol
ITU-T (CCITT) Q933 Annex A no
ANSI T1.617 Annex D yes (Telstra default)
LMI (FRF Doc#001-208966) no
- select physical interface
X.21bis/V35 no
X.21 yes
G.704 no
- Telstra assignments
xxx.yyy.zzz.0/26 network
DLCI 16 Internet link (Telstra 'Big Pond')
- Hardware card WANic 405 with X21 interface
uses sr(4) driver - kernel compiled with NETGRAPH
- hardware setup
ng0 ip fxp0 ip
xxx.yyy.zzz.1 SPYDER 10.1.2.30
+----------+
| |
+---+ |-+-+ +-|
frame | N | X21 |s|n| |f| 100BaseT
=======| T |========|r|g| |x|~~~~~~~~~~~~
relay | U | |0|0| |p|
+---+ |-+-+ |0|
| +-|
| |
| |
| |
| |
+----------+
Netgraph setup for Internet access <<<<<<< mod
[ ]
[ lmi ](annexD) --------+
[ ] |
|
[ sr0 ] [ ](dlci0) ---+
[ phys ](rawdata) --- (downstream)[ frame_relay ]
[ ] [ ](dlci16)--+
|
+---------------------------------------------------------+
|
| { ] [ ng0 ]
+--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] xxx.yyy.zzz.1
[ ] [ ]
Desired Initial Routing
default TELSTRA_GATEWAY UGSc ng0 <<<<<<<< mod
127.0.0.1 127.0.0.1 UH lo0
10.1.2.0 ff:ff:ff:ff:ff:ff UHLWb fxp0
10.1.2 link#1 UC fxp0
- - - - so the following is done in this sequence via rc.conf
(written in the sequence that rc.network will process them)
=============== network portions of rc.conf ==========================
#
# set up my hostname
#
hostname="spyder.bytecraft.au.com"
#
# network setup
#
network_interfaces="lo0 ng0 fxp0"
#
# (NB more needed in man pages re start_if.* files)
#
# start_if.ng0 file is run here automagically
#
ifconfig_lo0="inet 127.0.0.1"
ifconfig_fxp0="inet 10.1.2.30 netmask 255.255.0.0"
ifconfig_ng0="inet xxx.yyy.zzz.1 TELSTRA-GATEWAY" <<<<<<<< mod
#
# firewall
#
ipfw_enable="YES"
ipfw_flags="/etc/firewall/rules"
#
# NAT setup here
#
natd_enable="YES"
natd_interfaces="ng0"
#
# static routes <<<<<<<< mod down to gateway section
#
# route(8)
# A destination of default is a synonym for -net 0.0.0.0, which is the
de-
# fault route.
#
# If the destination is directly reachable via an interface requiring no
# intermediary system to act as a gateway, the -interface modifier
should
# be specified; the gateway given is the address of this host on the
common
# network, indicating the interface to be used for transmission. Alter-
# nately, if the interface is point to point the name of the interface
it-
# self may be given, in which case the route remains valid even if the
lo-
# cal or remote addresses change.
#
static_routes="ng0"
# default route set to point out the frame relay link to big pond
route_ng0="-net 0.0.0.0 -interface ng0"
#
# gateway enable
#
gateway_enable="YES"
#
# ----- end of netpass 1
#
# named enable
#
named_enable="YES"
named_flags="-u bind -g bind /etc/namedb/sandbox/named.conf"
#
# ----- end of netpass 2
#
# sshd
#
sshd_enable="YES"
#
# ----- end of netpass 3
#
# inetd flags
#
inetd_flags=""
============= end of network part of rc.conf ========================
the start_if.ng0 script
( basically a modified copy of the frame relay example file in
/usr/share/examples/netgraph )
================ start_if.ng0 =============================
#!/bin/sh
# script to set up a frame relay link on the sr card.
# The dlci used is selected below. The default is 16
# WANic 405
CARD=sr0
DLCI=16
# create a frame_relay type node and attach it to the sync port.
ngctl mkpeer ${CARD}: frame_relay rawdata downstream
# Attach the dlci output of the (de)multiplexor to a new <<<<<<<< mod
# Link management protocol node using ANSI AnnexD
ngctl mkpeer ${CARD}:rawdata lmi dlci0 annexD
<<<<<<<< mod deleted dlci1023 hook
# Attach the DLCI(channel) the Telco has assigned you to
# a node to hadle whatever protocol encapsulation your peer
# is using. In this case rfc1490 encapsulation.
ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream
# Attach the ip (inet) protocol output of the protocol mux to the ip (inet)
# input of a netgraph "interface" node (ifconfig should show it as "ng0").
ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet
================end of start_if.ng0 ==========================
windoze machines that need internet access have their gateway
set to 10.1.2.30
** NOTE most internet access is inwards to apache webserver
running on spyder
=====================================================================
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
=====================================================================
Then when Sydney comes online as a WAN extension to the ByteMelb net
Assumptions
Private Virtual Circuit (PVC) defined as :
DLCI 17 at bytemelb
DLCI 16 at bytesyd
MELBOURNE
- hardware setup
ng0 ip fxp0 ip
xxx.yyy.zzz.1 SPYDER 10.1.2.30
ng1 ip +----------+
10.1.2.250 | +-+ |
| |n| |
+---+ |-+g| +-|
frame | N | X21 |s|0| |f| 100BaseT
=======| T |========|r|-| |x|~~~~~~~~~~~~
relay | U | |0|n| |p|
+---+ |-+g| |0|
| |1| +-|
| +-+ |
| |
| |
| |
+----------+
Netgraph redefined to this configuration
[ ]
[ lmi ](annexD) --------+
[ ] |
|
[ sr0 ] [ ](dlci0) ---+
[ phys ](rawdata) --- (downstream)[ frame_relay ]
[ ] [ ](dlci16) ---+
[ ](dlci17) --+|
||
+----------------------------------------------------------+|
|+----------------------------------------------------------+
||
|| { ] [ ng0 ]
|+--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] 203.39.118.1
| [ ] [ ]
|
| [ ] [ ng1 ]
+---- (downstream)[ rfc1490 ](inet) --- (inet)[ iface ] 10.1.2.250
[ ] [ ]
Desired Initial Routing
default TELSTRA-GATEWAY UGSc ng0 <<<<<<<< mod
127.0.0.1 127.0.0.1 UH lo0
10.1.7/24 10.1.7.250 UGS ng1 -- added WAN link
10.1.2.0 ff:ff:ff:ff:ff:ff UHLWb fxp0
10.1.2 link#1 UC fxp0
---
SYDNEY
- hardware setup
ng0 ip fxp0 ip
10.1.7.250 SYDGATE 10.1.7.1
+----------+
| |
+---+ |-+-+ +-|
frame | N | X21 |s|n| |f| 100BaseT
=======| T |========|r|g| |x|~~~~~~~~~~~~
relay | U | |0|0| |p|
+---+ |-+-+ |0|
| +-|
| |
| |
| |
| |
+----------+
Netgraph will be similar to original ByteMelb setup
[ ]
[ lmi ](annexD) --------+
[ ] |
|
[ sr0 ] [ ](dlci0) ---+
[ phys ](rawdata) --- (downstream)[ frame_relay ]
[ ] [ ](dlci16)--+
|
+---------------------------------------------------------+
|
| { ] [ ng0 ]
+--- (downstream)[ rcf1490 ](inet) --- (inet)[ iface ] 10.1.7.250
[ ] [ ]
Desired Initial Routing
default 10.1.2.250 UGSc ng0 <<<<<<<< mod
127.0.0.1 127.0.0.1 UH lo0
10.1.7.0 ff:ff:ff:ff:ff:ff UHLWb fxp0
10.1.7 link#1 UC fxp0
- - - - so the setups now are this
(written in the sequence that rc.network will process them)
=bytMelb==== WAN ===network portions of rc.conf ==============
#
# changes / additions marked by --------- WAN
#
# set up my hostname
#
hostname="spyder.bytecraft.au.com"
#
# network setup
#
network_interfaces="lo0 ng0 ng1 fxp0" ---------- WAN
#
# start_if.ng0 file is run here automagically
# start_if.ng1 is run also ---------- WAN
#
ifconfig_lo0="inet 127.0.0.1"
ifconfig_fxp0="inet10.1.2.30 netmask 255.255.0.0"
# setup point to point link to Telstra <<<<<<<< mod
ifconfig_ng0="inet xxx.yyy.zzz.1 TELSTRA-GATEWAY"
# setup point to point link to BytSyd <<<<<<<< mod
ifconfig_ng1="inet 10.1.2.250 10.1.7.250" ---------- WAN
#
# firewall
#
ipfw_enable="YES"
#
# NAT setup here
#
natd_enable="YES"
natd_interfaces="ng0"
#
# static routes
# <<<<<<<< mod down to gateway section
# route(8)
# A destination of default is a synonym for -net 0.0.0.0, which is the
de-
# fault route.
#
# If the destination is directly reachable via an interface requiring no
# intermediary system to act as a gateway, the -interface modifier
should
# be specified; the gateway given is the address of this host on the
common
# network, indicating the interface to be used for transmission. Alter-
# nately, if the interface is point to point the name of the interface
it-
# self may be given, in which case the route remains valid even if the
lo-
# cal or remote addresses change.
static_routes="ng0 ng1" ---------- WAN
# default route set to point out the frame relay link to big pond
route_ng0="-net 0.0.0.0 -interface ng0"
# sydney route set to the frame relay link to BytSyd
route_ng1="-net 10.1.7.0/16 -interface ng1"
#
# gateway enable
#
gateway_enable="YES"
#
# ----- end of netpass 1
#
# named enable
#
named_enable="YES"
named_flags="-u bind -g bind /etc/namedb/sandbox/named.conf"
#
# ----- end of netpass 2
#
# sshd
#
sshd_enable="YES"
#
# ----- end of netpass 3
#
# inetd flags
#
inetd_flags=""
============= end of network part of rc.conf ========================
the start_if.ng0 script
( basically a copy of the frame relay example file in
/usr/share/examples/netgraph )
===bytMelb== WAN =========== start_if.ng0 ==========================
----------- WAN no changes
============== end of start_if.ng0 ===============================
===bytMelb== WAN =========== start_if.ng1 ==========================
#!/bin/sh
# script to set up an additional frame relay link on the sr card.
# WANic 405
CARD=sr0
#
# WAN link to sydney
DLCI=17
# Attach the DLCI(channel) the Telco has assigned you to
# a node to handle whatever protocol encapsulation your peer
# is using. In this case rfc1490 encapsulation.
ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream
# Attach the ip (inet) protocol output of the protocol mux to the ip (inet)
# input of a netgraph "interface" node (ifconfig should show it as "ng1").
ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet
====bytMelb== WAN ==========end of start_if.ng1 ===================
windoze machines that need internet access have their gateway
set to 10.1.2.30
other windoze machines should pass through to bytSyd OK due to netmask
value 255.255.0.0 ????
====bytSyd === WAN == network portions of rc.conf =================
#
# set up my hostname
#
hostname="sydgate.bytecraft.au.com"
#
# network setup
#
network_interfaces="lo0 ng0 fxp0"
#
# start_if.ng0 file is run here automagically
#
ifconfig_lo0="inet 127.0.0.1"
ifconfig_fxp0="inet 10.1.7.1 netmask 255.255.0.0"
# setup point to point link to BytMelb
ifconfig_ng0="inet 10.1.7.250 10.1.2.250" <<<<<<<< mod
#
# firewall
#
ipfw_enable="NO"
#
# NAT setup here
#
natd_enable="NO"
#
# static routes
#
# <<<<<<<< mod down to gateway section
# route(8)
# A destination of default is a synonym for -net 0.0.0.0, which is the
de-
# fault route.
#
# If the destination is directly reachable via an interface requiring no
# intermediary system to act as a gateway, the -interface modifier
should
# be specified; the gateway given is the address of this host on the
common
# network, indicating the interface to be used for transmission. Alter-
# nately, if the interface is point to point the name of the interface
it-
# self may be given, in which case the route remains valid even if the
lo-
# cal or remote addresses change.
static_routes="ng0"
route_ng0="-net 0.0.0.0 -interface ng0"
#
# gateway enable
#
gateway_enable="NO"
#
# ----- end of netpass 1
#
# named enable
#
named_enable="NO"
#
# ----- end of netpass 2
#
# sshd
#
sshd_enable="YES"
#
# ----- end of netpass 3
#
# inetd flags
#
inetd_flags=""
===bytSyd== WAN == end of network part of rc.conf ======
the start_if.ng0 script
===bytSyd== WAN ==== start_if.ng0 =====================
#!/bin/sh
# script to set up a frame relay link on the sr card.
# The dlci used is selected below. The default is 16
# WANic 405
CARD=sr0
DLCI=16
# create a frame_relay type node and attach it to the sync port.
ngctl mkpeer ${CARD}: frame_relay rawdata downstream
# Attach the dlci output of the (de)multiplexor to a new
# Link management protocol node.
ngctl mkpeer ${CARD}:rawdata lmi dlci0 annexD
# Attach the DLCI(channel) the Telco has assigned you to
# a node to hadle whatever protocol encapsulation your peer
# is using. In this case rfc1490 encapsulation.
ngctl mkpeer ${CARD}:rawdata rfc1490 dlci${DLCI} downstream
# Attach the ip (inet) protocol output of the protocol mux to the ip (inet)
# input of a netgraph "interface" node (ifconfig should show it as "ng0").
ngctl mkpeer ${CARD}:rawdata.dlci${DLCI} iface inet inet
===bytSyd== WAN ====end of start_if.ng0 ======================
windoze machines that need internet access have their gateway
set to 10.1.2.30
windoze machines should see melb system OK due to netmask value
default route through ng0
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?710709BB8B02D311942E006067441810544295>