This document describes how to configure machines to be production workstations, experimental workstations, routers, and proxy-arp servers for FreeBSD, Windows (3.11), and AIX. There is a section on each machine class with subsections for the various operating systems.
Recall that production machines are on the 137A network, and have one of two configurations:
netmask 0xffff0000 defaultrouter="152.2.254.254"
or
netmask 0xfffff000 route add default interface
In FreeBSD you need to edit /etc/sysconfig and change the following parameters:
# Since we're on the 137 net we can use the short name, taz hostname="taz.cs.unc.edu" # This stuff gets set up at configuration time, just note that lo0 is # the loop back device, and vx0 is the real ethernet card (lots of our # freeBSD machines have ed0 as their ethernet device. See # /usr/src/sys/i386/conf/LINT or the handbook for more information. # network_interfaces="vx0 lo0" # There are ifconfig lines for every network_interface, in this case vx0. # The inet keyword specifies the next argument is the ip address # Similiarly for netmask. ifconfig_vx0="inet 152.2.137.24 netmask 0xfffff000" # You can only specify an address for the default router here. Since # we want to specify an interface we have to do it in /etc/rc.local defaultrouter="NO"
In /etc/rc.local:
# This uses the route command at boot time to make the link associated # with /dev/vx0 the default router. route add default -interface vx0Specifying a default router
If you want to set up the machine to use a real router instead of an interface as the default route, This is what you do. /etc/sysconfig is largely the same as above except for the netmask and the specification of a default router instead of none.
/etc/sysconfig:
ifconfig_vx0=inet 152.2.137.24 netmask 0xffff0000 defaultrouter="152.2.254.254"
In /etc/rc.local you do NOT want to specify a route add line.
Our experimental workstations are connected to one of our hubs or switches, which a router is also connected to. The end-station must specify the default router and the netmask for its network. In addition to the local configuration on each machine, the appropriate proxy arp entry must be made as well. See the proxy arp section below.
Consider the example of goober139, a FreeBSD machine on the 139A subnet, with taz as its router. It's /etc/sysconfig should have the following lines:
# Use the 139 name to match the 139A subnet address. hostname="goober139.cs.unc.edu" # The ethernet device is ed0, goober's ip address is 152.2.139.1 and # we are using a 25 bit netmask. ifconfig_ed0=inet 152.2.139.1 netmask 0xffffff80 # Taz has at least two interfaces, non 139A packets get routed to its # 139 address. defaultrouter="152.2.139.24"
We have used AIX machines as proxy-arp servers in the past. We currently use a FreeBSD machine (taz) to proxy arp for our 139{A,B} subnets and a Solaris machine (topsecret) to proxy arp for our other subnets. The procedure is largely the same for all three: create a file that associates ip addresses with the hardware address of the appropriate router's interface to the department and use "arp -f" to read the file in at system startup.
There is some question of whether the proxy-arp server should also be the router for the machines it is proxy-arping for. The problem is that the router will wind up with two arp table entries for the experimental machines, the proxy arp entry which it reads from the table and the real entry which it learns of in response to arp requests on the experimental subnet. Further, if care is not taken, the router may also proxy arp onto the experimental subnet. If you want the router to be the proxy-arp server you must have two entries in the arp.table file, "public" ones which those used to proxy-arp on the departmental network, and "private" ones which match ip addresses to the real hardware addresses of the machine. It is probably better to have simply have the proxy-arp machine be one that is not connected to the experimental networks.
Note that the decision of which machine to use as a proxy arp server has no relation to the type of machine being proxy-arp'd for. We could have our solaris, FreeBSD, or AIX machine proxy arp for any or all of our experimental machines. We have separated this service purely for ease of administration.
As noted above, our current FreeBSD proxy-arp server is also a router. This requires us to have the "permanent" entries shown below. If the proxy-arp server were not the router, we would only need the pub entries. The following is the content of the file, /etc/arp.table on taz:
152.2.139.24 0:a0:24:6b:6c:ce pub 152.2.139.8 0:a0:24:6b:6c:ce pub 152.2.139.7 0:a0:24:6b:6c:ce pub 152.2.139.1 0:a0:24:6b:6c:ce pub 152.2.139.3 0:a0:24:6b:6c:ce pub 152.2.139.8 8:0:5a:7f:41:b7 permanent 152.2.139.1 10:0:5a:14:95:bb permanent 152.2.139.7 10:0:5a:ba:f0:4f permanent
The first entry on each line is the ip address of a machine on the 139A subnet. The next entry is the hardware address that this machine will respond to ARP requests with. This is the hardware address of the router's ethernet card which is connected directly to the departmental ethernet. The pub parameter this is a proxy-arp entry, i.e. this machine should respond to ARP requests for the ip address with this hardware address. The lines with out the pub keyword are not used for proxy arp, but their permanent keyword indicates they take precedence for local ip address to hardware address assignments (as packets are sent onto the 139A subnet).
This file is used to initialize the arp table at bootup via the following line in /etc/rc.local:
# This proxy arps for the machines I have on the 139A subnet so that taz # can route their packets off of the department subnet. /usr/sbin/arp -f /etc/arp.table
Tip:You can get the hardware address for a card one of several ways:
For the machines we use as routers, their configuration varies widely. The one thing that should be noted is that the 6611's are trouble, particularly because of the limitations on the number of static routes you can set up. Another important note: we don't use any routing protocol (e.g. RIP, OSPF) in the department or in the DiRT lab. The route a packet takes within the department is based on the settings for "default router", static routes, and proxy-arps. Don't try to enable gated or routed on any of these machines unless you REALLY know that's what you want to do. You'll probably just corrupt your routing table and have to reboot the machine.
Our FreeBSD machines come ready to route packets between interfaces or back out over the same interface if it receives a packet in error. All that you have to do is set up the interfaces with their netmasks, etc., specify a default router, and set the gateway variable to YES in /etc/sysconfig.
For example, taz is the router for the 139A subnet so it has one interface (vx0) setup to be a normal connection to the department and the other interface (ep0) setup as a connection to an experimental network, as shown above. The essential parts of its /etc/sysconfig are as follows:
# If you want this host to be a gateway, set to YES. gateway="YES" network_interfaces="vx0 ep0 lo0" #connected to the department (netmask) with a 137 address ifconfig_vx0="inet 152.2.137.24 netmask 255.255.240.0" #connected to the 139A subnet ifconfig_ep0="inet 152.2.139.24 netmask 255.255.255.0" #There is no default route. (using /etc/rc.local instead) defaultrouter="NO"along with this line in /etc/rc.local:
/sbin/route add default -interface vx0With this setup and a proxy arp as above, all packets received for a 139A address are forwarded onto the 139 subnet (if their is an arp-table entry for it) and everything else is forwarded out through the vx0 interface.
This information is in a separate document: Configuring the 6611 Routers