GEustace@massey.ac.nz (Glen Eustace) (11/24/89)
Please excuse my ignorance, but we have been unable to work out how to set things up. We have got D.Comer's book on networking and it didn't help. Here is a diagram of what we want to achieve; +---------+ SLIP +----------+ | Pyramid | ---------------------------------- | PC #1 | | 9815 | 130.123.100.1 130.123.100.2 +----------+ | | SLIP +----------+ | | ---------------------------------- | PC #2 | | | 130.123.101.1 130.123.101.2 +----------+ | | | | ---------------+ +---------+ 130.123.3.1 | ETHERNET +----------+ +------------------ | Host 1 | | 130.123.4.1 +----------+ | +----------+ +------------------ | Host 2 | | 130.123.4.2 +----------+ | +----------+ +------------------ | PC-Route | 130.123.5.1 | vers 2 | +------------------ | | | 130.123.6.1 +----------+ | | More hosts on 130.123.6 This is a cut down version of what we want but can't seem to work out how to do. We want to be able to run 10 SLIP lines from the Pyramid, interfaces sl0-sl9 We have two ethernet controllers but currently are only using one. We want to isolate each of our laboratories with a PC running PC-Route version 2 so that all traffic between the lab hosts and their server does not flood the backbone. We have a NIC registration for 130.123, can anyone help us with the above situation. -- Glen Eustace, Software Manager, Computer Centre, Massey University, Palmerston North, New Zealand. Phone: +64 63 69099 x7440 GMT+12 E-Mail via Internet: G.Eustace@massey.ac.nz <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
david@ms.uky.edu (David Herron -- One of the vertebrae) (12/05/89)
In article <401@massey.ac.nz> GEustace@massey.ac.nz (Glen Eustace) writes: >Please excuse my ignorance, but we have been unable to work out how to >set things up. We have got D.Comer's book on networking and it didn't >help. That's a shame since it's such a good book. I did find it was helpful to be comparing between the book & source code & RFC's ... made my comprehenshion much better .. Anyway, here's what I've either done or understand will work. This is a bit difficult since you don't describe what your problem is, only what your desired goal is. First, you want to be running with submasks everywhere, apparently at the 8-bit boundry (from your numbers). An example which will set that using BSD derived software is ifconfig <device> 130.123.<n>.<h> netmask 255.255.255.0 -trailers up arp route add net 130.123.<n> 130.123.<n>.<h> 0 Which first sets up the device and second sets up a route for that network. (The "route add net" may be optional, I wouldn't be surprised if it were.) It's instructional to look at "ifconfig" and "netstat -r" output to see the different settings.. >We want to be able to run 10 SLIP lines from the Pyramid, interfaces sl0-sl9 You want to set up routes to both the 'network' and the host on the other end of the SLIP link. This is true for all point-point network links. Example ifconfig sl0 130.123.1.1 netmask 255.255.255.0 -trailers up route add net 130.123.1.0 0 route add host 130.123.1.1 0 route add host 130.123.1.2 1 e.g. specify route to the network, then to each end of the network. Again, the first "route add host" may be superfluous ... The metrics may be off ... finally, this is probably all embedded within the system software which handles SLIP lines. For instance, on Ultrix most of that is embedded in /etc/sliphosts. The explicitness of the "route add net" command is necessary, at least some versions of route will see the class B address "130.123.1" and assume the poor luser is really meaning the host "130.123.0.1" ... Hopefully the SLIP on Pyramids works better than the one in Ultrix. In Ultrix you cannot run >1 SLIP interface, rather you can't on either v3.0 or v3.1, haven't tried since then. (Pardon me if I have version numbers wrong ... I mean v3.0 and then the next pseudo- major release, has there been one since then?) Aside: Think about implementing the subnet mask for your SLIP links a little bit differently. Instead of using netmasks at an 8-bit boundry (which gives you a 256 host subnet of which you're only using 2 hosts, 99% wastage there!) use a 2-bit host-part for the SLIP networks. This gives you "<net>.0" to refer to the net, "<net>.3" to refer to the broadcast address on the net and "<net>.1" and "<net>.2" to refer to each end of the net. No wastage. >We have two ethernet controllers but currently are only using one. This is simply a matter of ifconfig'ing the device then route-add'ing routes as above. In your example picture I read it to say you wanted multiple subnets on one physical wire. That's a little strange and the guys over at Rutgers say to only do that rarely, but if you must: ifconfig <interface> 130.123.3.1 netmask ... route add net 130.123.3.0 130.123.3.1 0 route add net 130.123.4.0 130.123.3.1 1 route add net 130.123.5.0 130.123.3.1 1 That is, for the "other" networks you pretend you're gatewaying through yourself. >We want to isolate each of our laboratories with a PC running PC-Route >version 2 so that all traffic between the lab hosts and their server does >not flood the backbone. Good idea. However I don't know anything about how to configure PC-Route but it's going to be vaguely similar to the above. An alternate, that's *far* simpler to administer, is to use a learning bridge to isolate your networks. The primary example of learning bridges is DEC's LANBridge 100. What it does is listen to the host addresses mentioned in packets on each of its interfaces. As it watches packets it learns which host addresses are where and starts being able to forward packets only when necessary. The learning bridges also have a spanning-tree protocol they run to map out ways through an arbitrary net of ethernet segments connected with these things. However, as I understand it, there's an IEEE protocol for the spanning tree protocol but that DEC doesn't use that protocol (because it was first and therefore it's protocol was set in silicon?). Possibly I'm wrong on that last, it's something I've never bothered to track down anyway. Learning bridges don't provide any protocol level filtering. Therefor you loose whatever loose sense of security you have by being behind a router. You also loose some of the control you'd have behind a router. But the things just kind of take care of themselves, y'know? Lastly there's routing protocols to use. Which one to use is up to you and your local information. All the ones which I'm familiar with, other than the transparent arp scheme(s) described in some RFC's in the early 900's, pass around information like <network> <reachability metric> A host receiving a routing packet generally looks through its routing table and for each network compares the metric it has with the metric claimed by the gateway, and uses the lower of the two. The routing protocol most used, because it's in the BSD distribution, is RIP (Routing Information Protocol) which is embodied in /etc/routed. It is an IGP (Interior Gateway Protocol). routed tands to just take care of itself. However you have to be prepared for it to be installing all the routes your gateway to the outside world advertises. Here at uky.edu our machines routinely have 500 routing table entries. On our sequent where each routing table entry takes up an mbuf, well, we kinda ran out of mbufs ... Hope this helps ... -- <- David Herron; an MMDF guy <david@ms.uky.edu> <- ska: David le casse\*' {rutgers,uunet}!ukma!david, david@UKMA.BITNET <- <- New official address: attmail!sparsdev!dsh@attunix.att.com