How To TCP-IP with FlexNet How-to install MFNOS on a pc-FlexNet link Drafted by N1URO and edited by K2MF Requires: MFNOS 1.29.2 or greater, or Linux, and an AmprNet IP March 21, 2003 ver-1.0.7 ========================================= As we all know, there have been issues with linking MFNOS into a Flex-net machine, and running TCP/IP successfully through Flexnet. After many hours spent, much debating, and some decent code modifications by K2MF to MFNOS to include yet another kluge for the behavior of Flex-net, N1URO discovered some interesting things (some of which make sense, some do not) that severely affected the behavior of using an IP-VC or an AX.25 virtual circuit IP mode. Whether you are using an AXIP link from NOS to Flexnet, a KISS serial link from NOS to Flexnet or an RF AX.25 path from NOS to digipeat through a Flexnet machine there are many new things to consider due to the dynamic behaviors of how pc-Flexnet operates. Now to configure! Simply connect NOS to pc-Flexnet as you normally would. I personally happen to use the IPPD module for Flexnet and use AXIP over ethernet between my MFNOS and Flexnet, however a KISS serial interface may be treated in an identical fashion. In Flexnet, it is BEST to configure the NOS link so that NOS' SSID is independent of the Flexnet machine. If you don't, then it is quite possible (and very probable) that Flexnet's kernel may try to take control over the link layer 2 processes and prohibit the IP-VC from getting through to NOS as shown below: 797: S2 P9 : N1URO-6>WA2SNA-1 v WA2SNA-6* 796: S0 P7 : WA2SNA-1>N1URO-6 v WB2ZII-9 Here we have an attempt to create an IP-VC through WA2SNA's Flexnet from N1URO-6 [44.88.44.1] however because the NOS SSID (WA2SNA-1) is aliased within the range of Flexnet (WA2SNA 0-14), the kernel is responding quicker than NOS is and grabs control of the link layer 2. You will notice above in process number 796 where the digipeater WA2SNA-6* is omitted as proof of my theory. It is my personal suggestion from many tests that (depending on your individual configuration) if you are going to add an IP gateway using MFNOS to your Flex-net site you plan out your SSID range in Flexnet so that one non-user SSID (0 or 15) is allocated for the MFNOS node. If you are going to allocate your Flexnet SSID range from 1-14, I would suggest using -1 for MFNOS, and then set your SSID range in Flexnet from 2-14 instead. This way if MFNOS unfortunately locks up, freezes, vanishes, etc. for whatever reason, or is overburdoned with another process at the same time an IP-VC request comes in, the Flexnet kernel will not answer the incoming request and create a bogus link layer 2 connection. Here I have Flexnetconfigured as N1URO (1-4) with NOS having the next available SSID which is 5. NOTE: Remember that in a pc-Flexnet network, when a machine vanishes from the direct link, Flexnet will tell the WAN to delete that machine from the Flexnet destination lists, which also will successfully disconnect the VC to the remote NOS machine. On a wired AX.25 link, Flexnet will poll NOS approximately every 2-3 minutes, so if you have a batch file to restart NOS, you may wish to add a timer using the DOS CHOICE command which will wait 3 minutes before reloading NOS. This will give Flexnet a chance to see that NOS is down and Flexnet will force a flush of VC links to all other remote NOS ends. I personally observed this one night where the path from K2BJG-8 to N1URO-5 failed during a TCP connection. While the fault was within the Flexnet WAN cloud, Flexnet did disconnect the VC at both NOS machines which automatically re-established itself without disrupting the TCP connection when the Flexnet path was restored. Now let's first configure Flexnet properly. Step 1: Create your SSID range properly. The first SSID you configure in Flexnet is also the node's primary SSID Since I will give MFNOS an SSID of 5, I will configure Flexnet to have the SSID range of 1-4 as follows: =>mycall n1uro 1 4 Remember, if you are also a user on the network, do *not* assign your nodes with an SSID of 0 or 15 or you will lock yourself out of the network! Step 2: Configure your pc-Flexnet machine with a link to NOS as a non-Flexnet destination that is routable within the Flexnet WAN. You may do so by telling Flexnet to link the interface number to NOScall-SSID. In my example, NOS links on interface 3 so my link statement in pc-Flexnet is: =>L 3 N1URO-5 @ <-- @ = routable non-Flexnet aware machine Step 3: You have to give the interface an SSID to enable connections through the Flexnet digipeater. This must be an unused interface SSID within the SSID range you specified for Flexnet. You do this by using the parameter command in Flexnet. In my example I will set an SSID of 2 to interface 3: =>P S 2 3 Failure to do so will cause Flexnet to deny any and all outbound link requests from NOS! Flexnet's side is now complete. Now let's configure NOS. I personally use independent interface .src files for managing interfaces on my copy of MFNOS which I call using the 'source ' command in autoexec.nos. The following exam- ples are from my file called 'flexnet.src' in which I name the interface "FlexNet". You will have to adjust your timers accordingly to your specific needs. The example below shows TCP settings for my interface with an initial retry timer of 20 seconds (if no TCP ACK is received) and it will use a linear timer type to back itself off to a retry time of 1 full minute in case the network is busy with other traffic such as PBBS mail forwarding connections. The retries setting of 8 will let TCP retry a maximum of 8 times in case the IP-VC fails for whatever reason and needs restarting... thus allowing TCP to pick up where it left off and not totally time out. Using your existing 'ifconfig ' commands modify the following: ifconfig FlexNet tcp blimit 3 ifconfig FlexNet tcp irtt 20000 ifconfig FlexNet tcp maxwait 60000 ifconfig FlexNet tcp retries 8 ifconfig FlexNet tcp timertype linear Similar settings for the AX.25 layer can also be applied to the interface. The example below shows that on link layer 2, it will initially retry the packet within 5 seconds if it has not heard an ACK. This will give Flexnet more than enough time to digipeat the packet for you. The check timer is almost void since in reality all it will be doing is checking the process link to Flexnet, not the *real* virtual circuit. Flexnet itself will check the IP-VC circuit to see whether or not the processes are still valid and if not will close them. Again, you will have to adjust these pending your own specific tests. It is quite possible that your link to Flexnet itself is very rapid however if the direct neighbor *to* the Flexnet link is slow then we don't wish to flood the network with retries too fast. ifconfig FlexNet ax25 blimit 3 ifconfig FlexNet ax25 check 60000 ifconfig FlexNet ax25 irtt 5000 ifconfig FlexNet ax25 retries 10 ifconfig FlexNet ax25 timertype linear Now let's tell AX.25 in NOS how to deal with the interface, and add other things Flexnet likes such as digipeating, etc.: ax25 digipeat FlexNet on This enables digipeating on the interface. ax25 mode FlexNet vc Set the default IP mode to virtual circuit. This also forces any connections on this interface to prohibit a mailbox server from launching unless the user 'kicks' the mailbox with a packet having a Text PID (by pressing the [Enter] key). This also blocks Flexnet's link polling connections from showing up as user logins by you! In a 24 hour time period Flexnet can login as you to your NOS mailbox over 200 times! That is just simply annoying and irritating and presents you with bogus mailbox login statistics. It is also a requirement of the kluge code (see K2MF's modifications in 1.29.2). Now add a route to the local Flexnet machine and let the VC default IP mode comply with anti-polling/login kluges. If there is no pre-existing AX.25 connection from Flexnet to NOS, Flexnet will check the link by issuing an SABM (connect request) packet to NOS. In compliance with normal AX.25 specifications, NOS will send a UA (unnumbered acknowledgement) packet back to Flexnet which verifies to Flexnet that the link is still valid and to which Flexnet will then immediately send a DISC (disconnect request) packet to NOS. ax25 route perm n1uro-1 FlexNet # Add a route to FlexNet N1URO (1-4) ax25 hport FlexNet on # Log callsigns heard ip hport FlexNet on # Log IP addresses heard In autoexec.nos, be sure to have the following set: ax25 jumpstart on Jumpstart being on when the IP mode is VC has no meaning during the initial setup of the VC but it is now necessary for the K2MF kluge code to work properly. Now let's configure the routing. Personally, I keep all IP routing commands in a seperate file called 'iproutes.src' (like with my interface configuration commands). If you used the install.bat file, you will notice that these commands (as with the interface commands) were included in autoexec.nos. Either will work, but if you call routines from external files they must be loaded with the 'source ://.src' command in NOS. With that said, let's create an IP route through N1URO (1-4) Flexnet to IPUE:AA1UE-8 MFNOS using the following commands: ax25 route perm aa1ue-8 FlexNet n1uro-1 This configures an AX.25 digipeated route to AA1UE-8 through Flexnet. It also raises the question, if the Flexnet port SSID is -2, why did we use -1? This simply helps NOS tap into the power of Flexnet's dynamic routing. When a packet is received by Flexnet, it looks at four possible ways to route it! First, it checks its Link list to determine whether or not the callsign belongs to a direct neighboring link. If it doesn't, then Flexnet checks its Destinations list for the callsign. If the callsign is not on the Destinations list, then Flexnet checks its Mheard list for the callsign. If the callsign is not on the Mheard list, then Flexnet will attempt to connect to the callsign through all interfaces that have SSIDs attached to them until the request times out or the remote machine sends an acknowledgement to Flexnet, which then puts the callsign on the MHeard list and Flexnet will start to route to it that way. Also, remember that the first SSID configured in Flexnet is its primary SSID. ax25 jumpstart exclude aa1ue-8 Ignore any I (information) frame that contains a Text PID from AA1UE-8 and also prohibit the mailbox server from ever spawning to AA1UE-8, unless the source connection is from a human (see K2MF's release notes for 1.29.2). arp add 44.88.40.42 ax25 aa1ue-8 FlexNet Create an ARP list entry to which the 'next IP gateway', in this case 44.88.40.42, may be resolved. route add 44.88.40.42/32 FlexNet 44.88.40.42 Create an IP route to this single machine using the FlexNet interface. If 44.88.40.42 was routing for a larger block, then that entire block may be added to the route list instead. Now load NOS and let's attempt to ping AA1UE-8 [44.88.40.42] over my 1k2 user interface: ipuro-R> ping aa1ue ipuro-R> 44.88.40.42: rtt = 2680 ms Let's also check the AX.25 virtual circuit: ipuro-R> ax25 status 74e2 0 0 N1URO-5 AA1UE-8 FlexNet Connected and the AX.25 route: ipuro-R> ax25 route AA1UE-8 FlexNet Perm default N1URO-1 At this point, all should be fine! I hope this "How-to" helps you in not only successfully routing IP through a Flexnet WAN cloud, but also gives you some basic understanding as to how Flexnet handles the link layer 2 encapsulation of IP frames through a Flexnet digipeater node. Flexnet is much more dynamic and robust in how it handles its AX.25 routing, and unlike our previous TheNet/X1J network is more of a real time router where nodes come and go quickly throughout the WAN. Also, in this configuration, the Net/Rom layer 3 has been eliminated (which is good in the sense that there is less packet overhead and more room for data). Comments are always welcomed. 73 de Barry K2MF Brian N1URO eof >>