-------------------------------------------------------- BRIDGING.DOC -- 19980108 -- Info on NetWare 4.x Bridging -------------------------------------------------------- Feel free to add or edit this document and then email it back to faq@jelyon.com Date: Wed, 22 May 1996 08:52:18 +0200 From: Henno Keers Subject: Re: Token Ring Bridging >We have a large token ring network that is currently attached directly to >a 3.11 server which also supports an ethernet network. > >I am trying to bridge the token ring away from the server as we are >having many server crashes that seem to coincide with an increase of soft >errors on the token ring. > >I successfully installed Router.exe on a Compaq 486 machine but found >that it only provides routing services for native IPX/SPX - we also need >to route IP to the 3.11 server. Correct. Router.exe is a dedicated IPX/SPX router based on NetWare 2.x code (NetWare 286), which is ancient and not anymore supported. >Does anyone know is there a way to configure router.exe (v 1.0) to route >IP or IS there any shareware out there to provide token ring / ethernet >bridging for IP and IPX? There is no way with router.exe. >The IP Router shareware I have seen to date seems to either only support >IP or only ethernet to ethernet. Correct, some may. You may want to have a peek at KarlBridge, see the snip below this message. Disadvantage is (again) the ethernet- ethernet thing. >We run 802.3 / ethernet_II on the ethernet and token-ring / >token-ring_snap on the token ring. > >I need to provide a quick solution to ensure this IS why the server is >crashing before throwing money at a dedicated bridge / router. My advice would be to look into the health of your net using a network analyser like Data General's Sniffer of Novell's LANalyser for Windows. LANalyser for Windows runs over a promiscious ODI driver and thus supports Ethernet and Tokenring. Soft errors are easily traced back to a mac address and thus offending PC, where you cab dith this particular NIC. We have done this at a client a couple of weeks ago at a client and the $800 US for the LANalyser is worth it. I would also advice in bringing the 3.11 server up to current patch- and security (those old SEC*.* files and all other 3.11 updates) level with packet- burst/LIP and the latest .LAN drivers from LANDR5. I would then spilt up the tokenring and plug in more NIC's in the server. After these actions I would look at a good router, names like Cisco/3Com or Bay spring into mind. These boxes are highly configurable and will outperform the Kbridge any time, but cost some more money. Regards, Henno. ------------------------------------------------------------ If you're using ethernet, here a possible alternative to trying to subnet a subnet... Use a protocol filtering bridge. Doug Karl of Ohio State has writen an excellent software only one. What this can do for you is to make two separate IPX networks appear to be one physical IP network. Here's a picture to make it a little clearer: Workstation #1 Novell WorkStation #2 IP addr= x.x.1.1 File Server IP addr = x.x.1.2 IPX addr 1 : MAC & IPX router IPX addr = 2 : MAC | | | | IPX Net #1 | | IPX Net #2 | +----------------------+-+ +-+-----------------+ IP Subnet x.x.1 | | IP Subnet x.x.1 | | KarlBridge Filtering Bridge set to pass only IP packets This has been very helpful to us because it lets us keep our IPX traffic separate (90+% of our work) for performance but yet spread our IP subnet numbers around. This would probably not be a good thing to do if your IP traffic was heavy. Want more info? Below my signature is the README file for the package. Greg Monroe Duke's Fuqua School of Business Durham, NC 27708-0114 PS. There is a newer version of KarlBridge. - GM ====================================================================== OSU KarlBridge V1.33 (Released July 9'th 1992) (Check: "History of bug fixes and enhancements" Below) Approximatly 2000 people worldwide are now using OSU KarlBridge! Thanks for making it such a success! Doug Karl ====================================================================== Cleanup your network with The OSU KarlBridge Version 1.33 (now has full SNMP support) The OSU KarlBridge is a program, that runs on a 286 or 386 clone. It provides a unique and inexpensive Ethernet to Ethernet bridge that performs very sophisticated protocol filtering. The bridge filters packets based upon ANY Ethernet protocol such as IP, XNS, DECNET, AppleTalk, 3-Com, Novell, etc. In addition it will filter IP packets based upon IP address, IP network, IP subnet, and/or socket. It will also filter DECNET packets based upon DECNET address, area, Object number and Object name and AppleTalk packets based upon file server name, printer name, and/or zone name. Some Examples: You can use KarlBridge as a standard medium to high performance MAC layer Ethernet to Ethernet bridge with SNMP (MIB II, EtherMIB, BridgeMIB & SNMP MIB) You can assemble your own bridge or buy the inexpensive commercial version. You can configure KarlBridge to restrict traffic from your public computer labs or dial-in-lines to subnets within your campus, thereby prohibiting unauthorized access to the Internet in conformance with RFC 1173). You can configure KarlBridge to keep public computer lab users from telneting to the SMTP socket and sending bogus e-mail or from ftping into or out of your lab. You can configure KarlBridge to keep file and print servers (Apple, Novell, Banyan, and etc.) on the same network from interacting with each other in undesirable ways. Join thousands of people worldwide who are using the OSU KarlBridge to solve some of their networking challanges. The KarlBridge is the most flexible and easily configured bridge you have ever seen! Get a copy, read the README file, run the configuration program on your favorite PC, and let me know what you think. The OSU KarlBridge can be obtained via anonymous ftp from: nisca.acs.ohio-state.edu, 128.146.1.7, in the directory /pub/kbridge. Please send e-mail to kbridge@osu.edu with questions, comments, etc. Doug Karl Senior Computer Specialist The Ohio State University - - - - - - - - - - - - - Quick Overview - - - - - - - - - - - - - - - What do I need if I want to build my own? 1) 286 or 386SX clone (with no keyboard or monitor) 2) Two SMC (formerly Western Digital) Elite 16 Ethernet cards 8013EPC 3) OSU KarlBridge software How do I make it work? 1) Obtain a good reliable clone 2) Install the Ethernet cards 3) Configure a floppy with the software, on your favorite PC 4) Insert floppy in clone 5) Connect clone to your network 6) Power it up! - - - - - - - How To Quickly Evaluate the OSU KarlBridge - - - - - - - FTP and de-archive kbridge133.arc or kbridge133.zip, they both contain the following files: kbconfig.exe - OSU KarlBridge Configuration Program. kbridge.com - Executable image of OSU KarlBridge for WD/SMC Elite 8 or 16 boards with the WD83C690 chip. kbridge1.com - Executable image of OSU KarlBridge for WD8003 (Not Recomended! Really just for evaluation) readme - An additional copy of this file. Kbpaper.txt - A paper that I am writing about the OSU KarlBridge. kbmanual.txt - An ASCII'ized version of the commercial manual (looks bad in ASCII but great in print). Issue the following command on your PC: kbconfig kbridge.com This will start up the bridge configuration program. This program modifies the actual bridge program file "kbridge.com". Several menus will appear with instructions on the bottom of the screen. This will demonstrate the many configuration possibilities. NOTE: The term "Remote" in this program refers to machines that are connected to the bridge's Port 0 (Ethernet Board I/O address 280). The term "Local" refers to machines that are connected to the bridge's Port 1 (Ethernet Board I/O address 2A0). - - - - - - - - - - - Questions and Answers - - - - - - - - - - - - 1) Don't all bridges filter? Yes & No; All bridges filter based upon Ethernet source and destination address. Protocol filtering bridges like the OSU KarlBridge not only filter based upon Ethernet address but also based upon the protocol that is being passed. This allows greater flexibility in filtering out specific protocols. In addition the KarlBridge also filters out IP, DECNET and AppleTalk that set up the connections to particular servers, printers and services. 2) Some bridges claim to filter based upon any bit pattern in the Ethernet packet, what makes the OSU KarlBridge so special? Although it is true that some bridges have this feature it has been our experience that they are hard to configure and limited in comparison to the OSU KarlBridge. This is because the OSU KarlBridge has algorithm- based filters as opposed to bitmask-based filters. If the algorithm is flexible enough then it will solve 90% of the needs much easier than the bit mask approach. 3) I don't need protocol filtering, is the OSU KarlBridge still a good choice? Yes, in most situations. The OSU KarlBridge is a very low cost bridge. It can clean up your network by filtering packets based upon: Whether the packet is a broadcast, not needed by some protocols. Whether the packet is a multicast, not needed by IP protocols. Whether the packet is from an invalid source address (ie broadcast or multicast address). Whether the packet is going to a "not yet learned" destination address. 4) When is it not a good idea to use the OSU KarlBridge? The OSU KarlBridge is not as fast at forwarding packets as some commercial bridges. This extra speed may be needed in some situations where there is very heavy file server traffic. Frankly it has been our experience that in all situations tested the speed difference is not noticeable (assuming the bridge is built with Elite 16 Ethernet cards and a fast motherboard). 5) Is a 286 or 386SX really a good platform to build a bridge on? It as been our experience (40+ bridges installed for over a year) that it is a good platform. We have had to overcome a lot of pitfalls of the standard clone that the average vendor offers. It has been our experience that the average systems integrator or computer store does not supply hardware that is capable of withstanding heat, dust, restarting after power failures, and consistent network traffic for months at a time that a bridge requires. We have spent a lot of time to find a good, consistent and reliable manufacturer of mother boards, with good BIOS, reliable design. We have also set our supplier up to burn in the boards in a heat chamber (not done by your basic clone retailer). We have also insisted on our supplier running special tests for several weeks prior to shipping the bridge. They have done enhancements to the hardware themselves and have a commercial KarlBridge product. 6) If I make my own bridge do I have to use the SMC Elite 16 cards? No. You must use SMC Elite 8 or Elite 16 bit Elite cards with the 83C690 chip (all new cards have this chip). The Elite 16 is HIGHLY recommended due to its superior speed. There is a version of the OSU KarlBridge program that is designed to replace Northwestern University's PCBRIDGE program which uses the older discontinued WD8003 cards. The WD8003 cards are NOT!! recommended because they have the 8390 Ethernet chip which locks up under heavy network load when it is used in a bridging application. 7) I like OSU KarlBridge but I am concerned about building my network on PC clones. Understood. We are on 24 hour call to repair any of the 50 KarlBridges we have installed. We therefore buy the commercial version from our supplier of KarlBridge systems. They are setup to sell very reasonably priced high quality nice looking hardware. The philosophy behind KarlBridge is to supply much needed boxes with modern features to the worldwide networking community at a price below the cheapest standard bridge available. ------------------------------ Date: Sat, 26 Oct 96 15:26:48 -0700 From: Randy Grein To: "NetWare 4 list" Subject: Re: bridges >I need some advice on purchasing a bridge. I need to get a bridge to segment >a 4.1 network of about 70 users. I'd like to hear some recommendations on >what bridge to buy (ie: brand) based on the following criteria: > >1) ease of installation >2) reliability >3) reasonable price > >Also, in order to do this, do I need to add a second NIC to the server? > >PS: Is there any performance benefit to adding a second NIC to the server >_without_ using a bridge? Shawn, exactly WHAT are you trying to do here? the correct answer depends absolutely on this: A bridge is one of several ways to segement network traffic; it operates at layer 2 of the OSI model. A switch is closely related; in fact most switches are exactly bridges; the rest are a minor variant when dealing strictly with the bridging function. A router is the other way to segregate network traffic; they operate at layer 3 (network). Because of the greater abstraction a router takes more processing power and always have greater latency (time delay in moving the packet across). A bridge forwards broadcast traffic and is protocol independent, a router blocks broadcasts and is protocol dependent. IOW, NETBEUI packets won't go through a router, neither will nondirected netbios advertisements. We won't discuss adding features of one product to another, but most devices on the market have at least some features of each product. NOW, if you have a single server, ALL traffic goes to the server - any intermediate device will have to pass all the traffic forward anyway. IOW, bridges, switches, and routers will all be totally useless. A better solution would be to add additional NICs to the server - Novell has built routing functions into netware for years. It's cheap, easy and scales well. Connect each NIC to a separate hub, load and bind the network cards, and you're done. This solution MAY work if you have 2 or more servers; the crossover can be difficult to determine. A problem exists, however if you need to use a nonroutable protocol across the entire network, such as NETBEUI (primarily used for WFW, NT, and Win95. In this case you'd be better off using IPX or TCP (if you're good with the MS implementation for TCP) for the MS networking. Otherwise a switch might be a good option. Many switches come with one or more fast ethernet ports; replace the NIC in the server with a fast ethernet card to connect to the switch, and you should be able to support nearly any configuration of 70 users. There's other issues, but these are the most important. ------------------------------ Date: Sun, 27 Oct 1996 00:14:28 +0100 From: "Arthur" To: Subject: Re: bridges A bridge will only help you if your bridging networks using the same frame. Also you must be able to split your network looking at functionality and hardware. So you need more then one fileserver (unless you have only one fileserver but with multiple NICs and are able to tune the internal router of Netware). Do you need an extra NIC? No (multi fileservers), but maybe an extra hub. You connect the users using ServerA thru HubA. The other users using ServerB thru HubB. Between HubA and HubB you place the bridge. That's it. What you want to achieve is that packets that are only of concern to ServerA never reach ServerB unless thay are specificly directed to ServerB. Use a top name-brand bridge. You don't wanna cut costs here. When you decide on which bridge make sure it's a self-learning one and that the maximum allowed MAC addresses is *well* within your needs. Furthermore (if not overkill) you could think about purchasing a router that can also be a bridge and/or a gateway. They are pricy but give a huge range of possibilities. One drawback: what will you do if the thing goes KLUNK on you? Replace it with the spare one? ------------------------------ Date: Tue, 12 Nov 1996 18:56:05 -0600 From: Joe Doupnik Subject: Re: IP Bridging >Is there any way using NetWare 4.1 to have 2 NIC's on separate networks >but the same IP network? >I have a server with a 100Base-T and a 10Base-T connection with users on >both legs. The 100Base-T side is already using IP and I need to enable IP >for the users on the 10Base-T side but I don't want to subnet another >network for 2-3 users. Is this possible? ---------- Normally the answer is nope, NW servers route IP and not bridge IP. I haven't tried this, so I may be way off base with the suggestion, but there is now the facility to support "proxy ARP" with some versions of the TCP/IP material on servers. That means the server answers ARP requests on behalf of clients living on the other side of the server, and by so doing assumes the burden of relaying packets across itself in the right direction. Whether comms proceed smoothly or it I don't know. If your environment is completely isolated from the rest of the world, and goodness knows how long that could be maintained, then you can use one of the IP address groups devoted to private networks. Generally this is a dead-end. You might ask for a new Class C address. Finally, Novell supports faking IP across local wiring by putting material into IPX packets between client and server and then have the server own the only (and single) IP address for them all. The well known product of this kind is Novix from FireFox Inc. Naturally, there is a fake TCP/IP stack in each client which does the packaging, and an unwrapper in the server which feeds material into its TCP/IP stack. Joe D. ------------------------------ Date: Fri, 9 Jan 1998 09:58:00 -0700 From: Hansang Bae Subject: Re: Removing a bridge >> Node
() claims net addr 710 should be 700 >>on all servers. We're stumped for where to look. Does anyone have any >>ideas of what the problem might be? "Baird, John" wrote: >In addition to reconfiguring any IPX routers which are configured to >use 710 you should reboot all print servers previously on 710. Well, you have the node address, that should help. As John mentioned, print servers (even external stand-alones like netport, jetdirect et al) need to be reboot. And *ALL* Macs should be turned off for about 10 mins as well. Those peskey PRAMs will get you everytime. ------------------------------