TITLE: IPX over Frame-Relay between Portmaster
products
DATE: August 3, 1996
PURPOSE: This documents the method to connect
multiple Portmaster routers over a frame-relay network
using IPX. A Frame-Relay network represents two or
more routers interconnected by a Frame-Relay cloud.
Each router on the frame-relay cloud is connected to the
frame network has a PVC which is then connected to a
frame-relay switch that connects them to the frame-relay
cloud. Data moves from a router over a PVC to a
frame-relay switch, using DLCI's that point to other PVC's
data moves through the cloud. By associating ip addresses
with DLCI numbers we establish an network.
FOR THE FOLLOWING MODELS:
Each of the following models are equiped with sychronous
ports that can be used as WAN interfaces. The
sychronous ports for each unit are listed.
PM2R, W1
PM2ER, W1
IRX211, S1
IRX111, S1
IRX112, S1,S2
IRX114, S1,S2,S3,S4
OR-LS, W1
OR-HS, W1
SUMMARY:
The basic idea behind routing both IP and IPX over
frame-relay is summed up in two points
1 - Let the DLCI numbers for IP routing be learned
dynamically via LMI polling.
Every few seconds the router will poll the switch with a
query and the switch responds to that query. Every so
often the switch, in addition to its normal response, will
send a full DLCI list back with its response. The
Portmaster will dynamically build a DLCI list from this
information.
By letting the DLCI list for the IP connections be learned
you can then use the DLCI number in the "static" DLCI list
to be associated with the IPX connection.
2 - Let the DLCI numbers in the static DLCI list represent
the IPX connections.
We get the IP address representing the the IPX connection
from the ethernet address which is described in detail later.
This address is then associated with the DLCI number in
the static DLCI list on the WAN port.
NOTE: IPX over frame-relay uses a proprietary
numbering scheme so IPX over frame-realy will ONLY
function between portmasters.
IP NET: 192.168.1.0/24
IPX NET: C0A80100
====ETHERNET======================
|
| E0 IP: 192.168.1.1
+-----+-----+
| E0 |
| ROUTER A |
| S1 |
+-----+-----+
|S1 IP: 192.168.100.1
|
|
|DLCI 16:192.168.100.2 FR-IP NET: 192.168.100.0/24
|DLCI 17:192.168.100.3 FR-IPX NET: C0A86400
===============================FRAME RELAY CLOUD====
|DLCI 100:192.168.100.1 |DLCI 112:192.168.100.1
| |
| |
|S1 IP: 192.168.100.2 |S1 IP: 192.168.100.3
+-----+-----+ +-----+-----+
| S1 | | S1 |
| ROUTER B | | ROUTER B |
| E0 | | E0 |
+-----+-----+ +-----+-----+
|E0 IP: 192.168.2.1 |E0 IP: 192.168.3.1
| |
===========ETHERNET== |
IP NET:192.186.2.0/24 =============ETHERNET====
IPX NET: C0A80200 IP NET: 192.168.3.0/24
IPX NET: C0A80300
BEFORE YOU START:
1 - CSU/DSU configured for external clock.
2 - V.35 cable to connect the Livingston's synchronus port
to the CSU/DSU
3 - Frame-Relay line
CONFIGURING:
1 - Get IP routing over frame-relay using LMI instead of a
static DLCI list. This will keep the static DLCI list free for
IPX.
This is a really good idea since you'll be able to use telnet
and ping to troubleshoot and make configurations.
NOTE: The IP network for the frame-relay network must
be different and unique from any other ip network on your
system.
This means that IP will be relying on the response from a
DLCI list returned by the switch.
The interface or port used to connect the router to the
frame-relay network is called a frame-realy interface and
each frame-relay interface must have an ip address.
- Each router is a node on your frame-relay network.
- The frame-relay network has its own ip network number
that is usually a class c or a subnet of a class c that is
unique from other subnets in the system.
- Each router's frame-relay interface (port) is assigned an
ip address from the frame-relay network's subnet, thus the
netmask for each frame interface on each router on the
frame-relay network is the same.
- DLCI numbers are used to point from your frame-relay
switch, found at the phone company, to the PVC of a
router(s) on the other side of the frame cloud.
Example:
A sample port configuration follows using the following
assumptions:
- the frame-relay interface on this router is S1
- the ip address of the frame-relay on this router is
192.168.1.1
Command> set s1 address 192.168.1.1 # this is the local ip address for the
frame network
Port S1 local address changed from 0.0.0.0 to 192.168.1.1
Command> set s1 netmask 255.255.255.0 # this is the netmask for the frame
network
Port S1 netmask changed from 0.0.0.0 to 255.255.255.0
Command> set s1 lmi 10 # here the frame switch will be polled 1ce every 10
seconds
LMI keepalive timer for S1 changed from 10 to 10
Command> set s1 modem on
CD required for port S1 changed from on to on
Command> set s1 protocol frame
Protocol for port S1 changed from ppp to frame_relay
Command> save all
Command> reset s1
Your port will then look similar to the following:
Command> show s1
----------------------- Current Status - Port S1 ---------------------------
Status: CONNECTING
Input: 0 Abort Errors: 0
Output: 13 CRC Errors: 0
Pending: 0 Overrun Errors: 0
TX Errors: 0 Frame Errors: 0
Active Configuration Default Configuration
-------------------- ---------------------
Port Type: Netwrk Netwrk (Hardwired)
Line Speed: Ext Clock Ext Clock
Modem Control: on on
Local Address: 192.168.1.1 192.168.1.1
Netmask: 255.255.255.0 255.255.255.0
Interface: Unassigned (FRM,Routing (FRM,Routing)
Mtu: 1500 0
LMI Poll Int: 10 (seconds)
DLCI List:
3 - Set the Frame-Relay interface's IPX network number.
As each IPX ethernet needs to have its own system-unique
IPX number so does the frame-relay network. Each router
directly attached to the frame-relay network will need to
have the same IPX network for its frame-relay interface.
Example:
Command> set s1 ipxnet 000000AA
Port S1 ipxnet changed from 00000000 to 000000AA
2 - Get the MAC address (aka ethernet address) of each
machine and convert the last 4 hex quads to a dotted
decimal ip address.
Example:
Command> show ether0
Ethernet Status: IP - Enabled IPX - Enabled
Interface Addr: 10.0.0.1
Netmask: 255.255.255.0
Broadcast Address: 10.0.0.0
IPX Network: 00000008
IPX Frame Type: ETHERNET_802.3
Ethernet Address: 00:c0:05:00:1c:19 <----- MAC or Ethernet address
Routing: Broadcast, Listen (On)
Input Filter:
Output Filter:
Take the 05:00:1c:19 portion of the address and convert
each quad from hex to decimal.
05 -> 5
00 -> 0
1c -> 28
19 -> 25
--------
5.0.28.25
Which gives us a dotted decimal ip address of 5.0.28.25.
This ip address will be used in the static DLCI lists to route
IPX.
3 - Build static DLCI lists from the ip addresses derived in
step 2.
Associate the DLCI pointing from your switch to the other
router's PVC with the converted address of that router.
So if we are configuring 'Router A', and the DLCI pointing
to 'Router B' is 16, and the ip address of the converted
MAC address is 5.0.28.25 then we issue the following
command.
Command> set s1 dlci 16:5.0.28.25
If you had more than one other router on the frame-relay
network you would simply follow the first DLCI on the
same command line separated by spaces.
4 - issue the 'save all' command on all routers', then reset
the wan ports.
NOTE: IPX will come up before IP since the IPX is static
and the IP has to get its DLCI from the switch which can
take a few seconds longer.
DEBUGGING TOOLS:
Getting the DLCI list
There are three ways to get a list of DLCI numbers
pointing to other PVC's from your switch.
1 - Get it from the phone company. Frame-relay
terminlogy can be confusing and it is easy to get the DLCI
numbers backwards. Sometimes the phone company gives
you the wrong DLCI numbers.
2 - Use the 0x51 debug mask, turn on the console and
watch. After about a half dozen exchanges the Frame
switch will return all the DLCI numbers programmed into
it.
# Sample LMI packet exchange
(W1) LMI: Sending Sequence Exchange - Sequence 174
(W1) LMI: Received Sequence Exchange - Sequence 173
(W1) LMI: Sending Sequence Exchange - Sequence 175
(W1) LMI: Received Sequence Exchange - Sequence 174
(W1) LMI: Sending Full Status Enquiry - Sequence 176
(W1) LMI: Received Full Status - Sequence 175
DLCI List: 16
(W1) LMI: Sending Sequence Exchange - Sequence 177
(W1) LMI: Received Sequence Exchange - Sequence 176
(W1) LMI: Sending Sequence Exchange - Sequence 178
(W1) LMI: Received Sequence Exchange - Sequence 177
3 - Use the 'show arp frm1' command. This will show the
DLCI numbers associated with their ip addresses. If you
have a static DLCI list then these numbers will also appear
here. The 'frm1' is the name of the interface. To get a list of
all active or suspended interfaces on a Portmaster type
'ifconfig'.
Monitoring LMI Packets
Setting a debug with a mask of 0x51 will show LMI
packets being sent and receivied. You need three
successful exhchanges (sent and received) to ESTABLISH
a connection.
TIP: If you set the polling interval to be once a second
then it speeds up the troubleshooting process. Be sure to
set it back when you are done debugging since polling the
switch once a second isn't very considerate of others
sharing the same frame switch at the phone company.
Command> set console
Setting CONSOLE to admin session
Command> set debug 0x51
Setting debug value to 0x51
# Sample LMI packet exchange
(W1) LMI: Sending Sequence Exchange - Sequence 174
(W1) LMI: Received Sequence Exchange - Sequence 173
(W1) LMI: Sending Sequence Exchange - Sequence 175
(W1) LMI: Received Sequence Exchange - Sequence 174
(W1) LMI: Sending Full Status Enquiry - Sequence 176
(W1) LMI: Received Full Status - Sequence 175
DLCI List: 16
(W1) LMI: Sending Sequence Exchange - Sequence 177
(W1) LMI: Received Sequence Exchange - Sequence 176
(W1) LMI: Sending Sequence Exchange - Sequence 178
(W1) LMI: Received Sequence Exchange - Sequence 177
To turn it off:
Command> reset console
Console RESET
Command> set debug
Setting debug value to 0x0
Packet filter to watch IPX packets
This packet filter will show all IPX packets passing through
the Portmaster. It will NOT show IPX packets orginating
from the Portmaster.
Command> add filter seeipx
New Filter successfully added
Command> set ipxfilter seeipx 1 permit
Filter seeipx updated
Command> set console
Setting CONSOLE to admin session
Command> ptrace seeipx
Packet Tracing Enabled
# Example ptrace output
IPX from 00000008:0000C06F195C:0455 to 00000008:FFFFFFFFFFFF:0455
IPX from 00000008:0000C06F195C:0553 to 00000008:FFFFFFFFFFFF:0553
IPX from 00000008:0000C06F195C:0455 to 00000008:FFFFFFFFFFFF:0455
IPX from 00000008:0000C06F195C:0553 to 00000008:FFFFFFFFFFFF:0553
To turn off...
Command> ptrace
Packet Tracing Disabled
Command> reset console
Console RESET
IPX packets are represented in the following format:
[8 digit network number]:[12 digit node address]:[4 digit
socket number]
- All F's for a "to" address represents a broadcast to entire
network.
Common Socket Numbers:
0451 = Netware Core protocol
0452 = SAP
0453 = RIP (Routing protocol)
0455 - Netbios packet
0457 = Serialization (Novell Licensing)
0456 = Diagnostic Packet
4000-8000 = Sourc sockets dynamically assigned by
workstations
Packet filter to watch pings (icmp packets)
This packet filter will show all pings passing through the
livingston it is running on. It will NOT show pings
orginating from the Livingston.
Command> add filter p
New Filter successfully added
Command> set filter p 1 permit icmp
Filter p updated
Command> set console
Setting CONSOLE to admin session
Command> ptrace p
Packet Tracing Enabled
# Example ptrace output
icmp from 10.0.0.10 to 10.0.0.1 type Echo Request
icmp from 10.0.0.10 to 10.0.0.1 type Echo Request
icmp from 10.0.0.10 to 10.0.0.1 type Echo Request
icmp from 10.0.0.10 to 10.0.0.1 type Echo Request
To turn off...
Command> ptrace
Packet Tracing Disabled
Command> reset console
Console RESET
TROUBLESHOOTING:
If the port does not have an "ESTABLISHED"
status do the following...
Command> set console
Setting CONSOLE to admin session
Command> set deb 0x51
Setting debug value to 0x51
If you see LMI packets being sent but none being received
which looks the like the following sample then do the
following:
Command> reset s1
Resetting port S1
Command> Enabling port S1 (DMA) # Port being started
(S1) LMI: Sending Full Status Enquiry - Sequence 2
(S1) LMI: Sending Full Status Enquiry - Sequence 3
(S1) LMI: Sending Full Status Enquiry - Sequence 4
Put the CSU/DSU into a local loopback. This will cause
each packet sent to the CSU/DSU to e reflected back to
the WAN port. This is for testing only, the line will not
function while the CSU/DSU is in a local loopback. If you
see "LCP: Apparent Loop" Then you know the following:
1 - The WAN port on the Livingston is sending and
receiving data.
2 - The cable and connectors between the Livingston and
the CSU/DSU are OK.
3 - The DTE port on the CSU/DSU is ok.
4 - THE LIVINGSTON IS FUNCTIONING AS IT
SHOULD
If you don't get apparent loops
1 - Check that the RS232-V.35 dip switch next to the
WAN port is set correctly, (usually v.35)
2 - That all cables are securely connected.
3 - Check that they are using the V.35 cable that came
with the unit.
4 - Start swapping stuff, cable, CSU/DSU, etc.
If you get apparent loops and the status is not
"ESTABLISHED"
1 - Check the CSU/DSU settings. Things like clocking,
etc. Almost always the CSU/DSU should be set for
external clocking. The Telco provides the clock. Its never
a bad idea to verify your CSU/DSU settings with the
manufacturer.
2 - Have their telephone carrier test the line. Asking for a
hard copy of the test results will often get you a better test.
If the port status is "ESTABLISHED" but you can't
ping the other side.
1 - Double check settings. Make sure that the ip address
for the WAN ports on both sides are in the same subnet.
- Make sure you have the right signalling type. Since there
are only two types of signalling, LMI and Annex-d, it is not
a big deal to try both. Be sure to reset the port after each
setting.
2 - Do a traceroute from your workstation at livingston to
the router in trouble. Then do a traceroute from the router
in trouble (assuming you can get to it) back to your
workstation. The problem will lie in the gap between the
two traceroutes.
3 - Make sure the "set gateway" is set to the upstream
router.
Can't see IPX over link or can't get a SLIST of
Netware servers.
1 - List the IPX routing table.
You should see a list of IPX routes and where they are
being routed to.
Command> show ipxroute
Network Gateway Flag Met Ticks Interface
-------- --------------------- ---- --- ----- ---------
00000008 00000008:00C005001C19 NLC 1 1 ether0
0A000100 0A000100:00C005001C19 NLC 1 1 ether1
Routing Table Flags:
H = Host route
N = Network route
L = Network is directly connected
S = Route was added manually
D = Route was learned by using RIP (IP udp/520, IPX
0453)
C = Changed recently but not yet propagated using RIP
O = Obsolete, Marked for deletion
2 - If the first entry has 'NS' flags (standing for network
static) then reset your IPX gateway. Rarely if ever will you
want to set an IPX gateway.
NOTE: After resetting the IPX gateway you have to
reboot to clear the routing table.
Command> show ipxroute
Network Gateway Flag Met Ticks Interface
-------- --------------------- ---- --- ----- ---------
00000000 00000008:00C005001C19 NS 1 0 ether0
00000008 00000008:00C005001C19 NLC 1 1 ether0
0A000100 0A000100:00C005001C19 NLC 1 1 ether1
Command> set ipxgateway 00000000:000000000000
IPX gateway reset
Command> save all
Command> reboot
3 - Show SAP table and check for entries coming from
other side.
The "Interface" column will show where the SAP packet
came from. Over the frame-relay network, over the
ethernet or from itself.
Command> show sap
Server Svc Network Host Sock Hops Interface
------------------------ ---- -------------------------- ---- ---------
tie 5F2 000000AA:00C0050101B2:066B 1 frm1
ywing 5F2 00000008:00C0050161A7:066B 1 ether0
xwing 5F2 00000008:00C00501200E:066B 1 ether0
falcon 5F2 000000AA:00C005021D12:066B 1 frm1
calamari 5F2 00000008:00C005001C19:066B 0 Internal
Key to SAP numbers.
If you see SAP's from the other side then you have your
Portmasters configured correctly.
4 - Set up IPX packet traces (see above) on both ends of
frame-relay and see exactly what the packets are doing.
--- jstorms@livingston.com So much to do, so litt...[Hold on a sec]