• SNA and I Systems

    From CENTRINO@21:1/5 to All on Thu Nov 28 10:53:11 2019
    We have a communications infrastructure based on SNA between 3 old AS/400.

    We are to upgrade to latest versions. Is SNA still supported by the
    latest OS ?

    Thanks in advance.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonathan Bailey@21:1/5 to CENTRINO on Fri Nov 29 05:38:03 2019
    On Thursday, 28 November 2019 10:53:13 UTC, CENTRINO wrote:
    We have a communications infrastructure based on SNA between 3 old AS/400.

    We are to upgrade to latest versions. Is SNA still supported by the
    latest OS ?

    Thanks in advance.

    I have never setup SNA since getting access, only IP. I am at 7.3 now but all those SNA commands I never used still look like they are there. All the parameters for eg CRTDEVPRT look like they exist for SNA as well as the twinax settings - although I
    read the twinax controllers were going away by about 7.1.
    You had better read the memo to users for each of the versions you are passing eg SF98116
    I only see a few mentions of SNA in the memos for 7.1, 7.2 & 7.3

    There is a lot of other stuff in there over about 200 pages. I dont remember being much worried by anything except the loss of twinax console on the way from 5.4 to 7.1. The LAN console was a great improvement if anything allowing remote access, but the
    new HMC we now have is just a waste of everything AFAICS. In fact to update the 1 set of firmware I have its actually painfule compared with getting the fix in the cum package & applying like any other PTF.

    Happy reading,
    Jonathan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to CENTRINO on Tue Dec 3 21:50:18 2019
    CENTRINO <none@nonelandia.com> wrote:

    We have a communications infrastructure based on SNA between 3 old AS/400.

    We are to upgrade to latest versions. Is SNA still supported by the
    latest OS ?

    Thanks in advance.

    Yes, it's certainly supported. With a quirk:

    Older machines were talking SNA directly to the physical layer, Token Ring or Ethernet. This "direct" approach is supported only with certain network adapters and with and IOP on these. A 2838 works fine, while a Gigabit Adapter cannot be configured for it and can only utilize IP connectivity.

    Newer releases of the OS (V5R3 or V5R4, I think) have introduced a feature called enterprise extender. This is an encapsulation of SNA APPN frames into IP/UDP. Since IP is the real transport protocol (and APPN runs on top of this "fake" link), there is no restriction about adapters, etc. Drawback is that older releases of the OS don't know about this EE feature and so can't be networked with EE only machines.

    From here, you have a few otions to migrate data. If you want more advice, please provide more details what exactly needs to be done with the data and the old machines.

    :wq! PoC

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to poc@pocnet.net on Tue Dec 3 17:15:30 2019
    On 12/3/19 2:50 PM, poc@pocnet.net wrote:
    Yes, it's certainly supported. With a quirk:

    :-)

    I'm a n00b. I know very little about mainframes and even less about
    AS/400s. (I'm that name to match the newsgroup.)

    But, I do like to learn by reading what others say. And I have some
    questions:

    Older machines were talking SNA directly to the physical layer, Token
    Ring or Ethernet. This "direct" approach is supported only with certain network adapters and with and IOP on these. A 2838 works fine, while
    a Gigabit Adapter cannot be configured for it and can only utilize
    IP connectivity.

    Okay.

    I'd love to know more about the differences. I immediately have lots of questions as I'm dealing with TCP/IP on Ethernet II a.k.a. DIX vs 802.2
    LLC w/ SNAP on my P/390-E.

    So the IBM i operating system still supports SNA. But it's dependent on
    the hardware. (Back to questions about supported framing for 2838 vs
    Gigabit Adapter.)

    Newer releases of the OS (V5R3 or V5R4, I think) have introduced a
    feature called enterprise extender. This is an encapsulation of SNA
    APPN frames into IP/UDP. Since IP is the real transport protocol (and
    APPN runs on top of this "fake" link), there is no restriction about adapters, etc. Drawback is that older releases of the OS don't know
    about this EE feature and so can't be networked with EE only machines.

    Does Enterprise Extender have a remote hardware component that will de-encapsulate SNA out of the UDP/IP for local non-EE aware systems? Or
    is EE only meant to be between two systems running EE to transfer SNA
    traffic across a non-SNA capable interconnection?

    Does IBM i support DLSw? My understanding is that DLSw can take
    encapsulated traffic and de-encapsulate it for local SNA systems. I
    think both Cisco and Juniper make gear that does this.

    From here, you have a few otions to migrate data. If you want more
    advice, please provide more details what exactly needs to be done
    with the data and the old machines.

    :wq! PoC

    I like the signature.

    Sorry for all the mainframe references. I'm very much aware that AS/400
    / iSeries / IBM i are decidedly different than the mainframe.
    Unfortunately, mainframe is where my minimal knowledge comes from. Save
    for "wrkwrt" from 20+ years ago as an junior operator.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From CENTRINO@21:1/5 to All on Wed Dec 4 11:20:41 2019
    Thanks !

    We are using ANYNET that's SNA over tcpip an older form of enterprise
    extender I think ... Hope this will work too with the new machine adapters.


    El 03/12/2019 a las 21:50, poc@pocnet.net escribió:
    CENTRINO <none@nonelandia.com> wrote:

    We have a communications infrastructure based on SNA between 3 old AS/400. >>
    We are to upgrade to latest versions. Is SNA still supported by the
    latest OS ?

    Thanks in advance.

    Yes, it's certainly supported. With a quirk:

    Older machines were talking SNA directly to the physical layer, Token Ring or Ethernet. This "direct" approach is supported only with certain network adapters and with and IOP on these. A 2838 works fine, while a Gigabit Adapter
    cannot be configured for it and can only utilize IP connectivity.

    Newer releases of the OS (V5R3 or V5R4, I think) have introduced a feature called enterprise extender. This is an encapsulation of SNA APPN frames into IP/UDP. Since IP is the real transport protocol (and APPN runs on top of this
    "fake" link), there is no restriction about adapters, etc. Drawback is that older releases of the OS don't know about this EE feature and so can't be networked with EE only machines.

    From here, you have a few otions to migrate data. If you want more advice, please provide more details what exactly needs to be done with the data and the
    old machines.

    :wq! PoC


    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to Grant Taylor on Wed Dec 4 22:00:04 2019
    Grant Taylor <gtaylor@tnetconsulting.net> wrote:

    I'm a n00b. I know very little about mainframes and even less about
    AS/400s. (I'm that name to match the newsgroup.)

    No problem. I also started as a noob about 10 years ago, but I'm primarily interested in this platform for hobbyist purposes.

    I'm also not fluent with Mainframes but I have a basic understanding about zOS (or MVS, as formally called). Search for Hercules and tk4-, so you'll find a readymade ZIP to extract and run a complete distro of the last Public Domain Mainframe OS Release by IBM. You just need a 3270 terminal emulator. It comes with RAKF, as no-cost RACF replacement and you can install KICKS for TSO to run CICS applications. Or create these yourself. That for now, to not be too offtopic in here. ;-)

    Older machines were talking SNA directly to the physical layer, Token
    Ring or Ethernet. This "direct" approach is supported only with certain
    network adapters and with and IOP on these. A 2838 works fine, while
    a Gigabit Adapter cannot be configured for it and can only utilize
    IP connectivity.
    Okay.
    I'd love to know more about the differences.

    Differences between what exactly?

    I immediately have lots of questions as I'm dealing with TCP/IP on Ethernet II a.k.a. DIX vs 802.2 LLC w/ SNAP on my P/390-E.

    Sounds reasonable. Congrats to your P/390-E. I envy you a bit. But not if I think about the power dissipation. ;-)

    Seems to be a really nice playground for making IBM i talk to it's older sibling. IBM i knows about SNADST and also has RJE (Remote Job Entry)
    available for sending batch jobs and data back and forth between IBM i and MVS/zOS. Can't do that with Hercules, which emulates communication lines via TCP ports.

    So the IBM i operating system still supports SNA. But it's dependent on
    the hardware. (Back to questions about supported framing for 2838 vs
    Gigabit Adapter.)

    Yes and no. It supports SNA as a protocol, basically. SNA transport via Ethernet SNAP frames are possible with older network IOA only. Newer IOAs are only supported with IP, mostly but not limited to "IOP-less" IOAs. To enable "old" applications to talk to each other via APPC, IBM created Enterprise Extender, which is basically APPN over UDP.

    It should be possible to build a connection to a hierarchical SNA network, but without EE: I don't think EE can cope with non APPN connections. zOS also knows about APPN, so maybe network both machines is easier than anticipated. Don't know which version is necessary, though. For older releases you maybe need a 37xx frontend controller. Same goes for EE (Enterprise Extender), which
    enables you to talk betwen IBM i and zOS without SNA frames
    but with IP as transport.

    As far as I understand, IBM i knows about APPC Controllers which reflect PU
    2.1 network endpoints, and APPC Devices which are LU 6.2 endpoints. It's possible to create an APPC controller type "host" which I guess is the right PU type to get an hierarchical uplink to MVS/zOS. I don't know much about hierarchical SNA with numerous different PU and LU levels, though.

    Does Enterprise Extender have a remote hardware component that will de-encapsulate SNA out of the UDP/IP for local non-EE aware systems?

    Not that I'm aware of. Maybe the newer 37xx frontend controllers can do that. I'm not aware of any HW support for IBM i.

    I know that Cisco still supports numerous SNA features in IOS for "bigger" (aka: 19" rackmount) routers. 2600, 2800 and 2900 series come to mind. Also, old 4000, 4500 and 4700 can handle that but these draw about 60..70W depending on cards which is too much for my taste nowadays.

    I've been running IBM i 7.2 connected via EE to a 2901 with SNAsw over an IPSEC VPN. This 2901 had a Virtual Token Ring Interface (as a second SNAsw port) bridged to a 2613 with a real Token Ring Interface connected to a 9401-150. It ran basically, I could do aping but it wasn't simply possible to transfer data: The connection would hang. It feels like an MTU issue but I couldn't get a grip on it.

    I was trying to get rid of the 2613 in the row and now I have a name resolution problem. The v7.1 box can aping the router. The 150 can aping the router. Both IBMs can't aping each other. I was trying to switch roles of both machines to EN, NN, BEX, tried dynamic and static configuration on the 2901. No avail. I have no clue what I'm doing wrong. This might also be due to I really don't understand what exactly BEX is supposed to do.

    Earlier I was experimenting with IBM i 7.2 connected to a local 2901 via EE running SNAsw. This one was connected to two other 2901 via IPSEC VPN and all of them had Virtual Token Ring Interfaces with RSRB (Remote Source Route Bridging). Code seems to be mostly untested because randomly the 2901 would simply halt. Not crash and do an automatic reload. No. Just halt. Please power cycle to make them behave. Thanks. Still didn't have the time to rebuild that scenario and bug Cisco with a TAC about that. I wonder if they still have programmers who know about SNA. :-)

    Or is EE only meant to be between two systems running EE to transfer SNA traffic across a non-SNA capable interconnection?

    I think that's the main reason for it to exist.

    Does IBM i support DLSw?

    Yes, that is exactly what I was talking about "SNA frames directly on Ethernet SNAP". See above: Depends on your available IOA.

    My understanding is that DLSw can take encapsulated traffic and de-encapsulate it for local SNA systems. I think both Cisco and Juniper make gear that does this.

    Nope. DLSw is achieving something *similar* to EE but is in fact not compatible with EE. SNAsw is what you're looking for in Cisco gear. (Don't know the Juniper stuff.) You can define multiple "ports", bound directly to L3 interfaces or an UDP port on any L3 interface with an IP address (for EE). It's not a dumb bridge but a complete APPN implementation for accepting and forwarding APPC sessions, do prevent broadcast traffic over dumb bridges packing VPN links tight.

    :wq! PoC
    I like the signature.

    Thanks. I'm doing this for ages. :-) I've been tinkering with a lot of different systems until I got bored with them. I'm not yet bored with the IBM stuff. ;-)

    Sorry for all the mainframe references. I'm very much aware that AS/400 / iSeries / IBM i are decidedly different than the mainframe. Unfortunately, mainframe is where my minimal knowledge comes from. Save for "wrkwrt" from 20+ years ago as an junior operator.

    No problem. In fact, after knowing the AS/400 relatively well and with increasing knowledge in MVS, I've come to the conclusion that the AS/400 could have been the "next" mainframe platform. If IBM marketing would have done it right. OS/400 feels much more engineered in one go. Smoother in a way. More logical when working with it. MVS feels like numerous independent stuff has been added over time but never really tightly integrated. HASP, RACF, CICS
    come to mind. Of course a lot of backwards compatibility needs limit actual possibilities to integrate stuff more smoothly.

    If you know about files and members in MVS, you'll feel mostly at home in IBM i also. If you know about the basics of 3270-forms-press-enter-to-send, you'll be at home with 5250 AS/400 display files.

    A lot of my affection for OS/400 stems from my earlier struggles to have some Curses frontends for MySQLish tasks on Linux. Curses and cursing sounds similar and I'm convinced not by chance. Comparing that labor with creating a phsyical file, a display file and a more or less "intelligent" driver to copy data back and forth between these two is just marvellous.

    Maybe you want to have a look at https://try-as400.pocnet.net for a start. I'm also glad to have people helping extend that Wiki.

    :wq! PoC

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to CENTRINO on Wed Dec 4 22:01:25 2019
    CENTRINO <none@nonelandia.com> wrote:

    We are using ANYNET that's SNA over tcpip an older form of enterprise extender I think ... Hope this will work too with the new machine adapters.

    EE replaced AnyNet. It's not compatible with each other.

    :wq! PoC

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to poc@pocnet.net on Wed Dec 4 17:00:43 2019
    On 12/4/19 3:00 PM, poc@pocnet.net wrote:
    No problem. I also started as a noob about 10 years ago, but I'm
    primarily interested in this platform for hobbyist purposes.

    I am interested in System/36 (?) / AS/400 / IBM i but I've not scratched
    that itch yet. (Was System/36 the 3x model that proceeded the AS/400?
    Or was it 32 or 34?)

    I'm also not fluent with Mainframes but I have a basic understanding
    about zOS (or MVS, as formally called). Search for Hercules and tk4-,
    so you'll find a readymade ZIP to extract and run a complete distro
    of the last Public Domain Mainframe OS Release by IBM.

    Yep. I'm familiar with tk3 / tk4- (not quite tk4). I believe it's MVS
    3.8j with all the public patches and modifications, like RAKF (vs RACF)
    and KICKS (vs CICS).

    You just need a 3270 terminal emulator. It comes with RAKF, as
    no-cost RACF replacement and you can install KICKS for TSO to run
    CICS applications. Or create these yourself. That for now, to not be
    too offtopic in here. ;-)

    I get the impression that we might have more to talk about, but comp.sys.ibm.as400.misc might not be the best venue. ;-)

    Is your email valid?

    Differences between what exactly?

    What the network adapters are actually doing. I'm wondering if the 2838
    only supports things via 802.2 LLC w/ SNAP, thus can do SNA directly,
    and the Gigabit Adapter only supports Ethernet II used by the rest of
    the world for TCP/IP over Ethernet. (I assume that you're talking about Ethernet as I think that Gigabit Token Ring never got out of the lab.)

    What are the nitty-gritty details? }:-)

    Sorry, too much time spent pontificating Ethernet II / 802.3 "Raw" /
    802.2 "LLC" / (802.2 LLC w/) "SNAP" Ethernet frame format (as NetWare
    calls them). I recently learned that what OS/2 calls "802.3" in the
    TCP/IP Configuration is really 802.2 LLC w/ SNAP. So this all ties in together.

    Side question: Do you know what frame format was used for TCP/IP on the
    2838? Was it also 802.2 LLC w/ SNAP? (Like OS/2 and AIX can do.) Or
    was it Ethernet II, a.k.a. Digital / Intel / Xerox (DIX)?

    Sounds reasonable. Congrats to your P/390-E. I envy you a bit. But
    not if I think about the power dissipation. ;-)

    Thank you. The wonderful thing about the P/390-E is that it's a PCI
    card that you put in a normal PC running OS/2 Warp or an RS/600 running
    AIX. So, it doesn't have NEARLY the power draw that traditional IBM
    mainframes have. Yet it's a full legitimate S/390 processor and main
    storage (memory). Purportedly it's only 7 MIPS. But that's enough to
    run OS/390 / z/OS (≤1.5) or VM.

    Seems to be a really nice playground for making IBM i talk to it's
    older sibling.

    :-)

    IBM i knows about SNADST and also has RJE (Remote Job Entry) available
    for sending batch jobs and data back and forth between IBM i and
    MVS/zOS.

    I'm not familiar with SNADST. I know of RJE and NJE. I'm not sure what
    the underlying technology differences are between the two. It's on my
    list to learn.

    Can't do that with Hercules, which emulates communication lines via
    TCP ports.

    Ya. Hercules purportedly doesn't currently support SNA. I think that
    means that it doesn't support 802.2 LLC w/ SNAP.

    But I /strongly/ suspect that Hercules would happily pass the IP traffic between the OS running in it and a Cisco configured as a DLSw endpoint.
    Thereby providing the necessary support for 802.2 LLC w/ SNAP needed
    for SNA. — Yes, this is on my short list to dig into. — I'd love to
    get NJE working between OS/390 running on my P/390-E and something
    running in Hercules.

    Yes and no. It supports SNA as a protocol, basically. SNA transport via Ethernet SNAP frames are possible with older network IOA only.

    Hence the "yes". ;-)

    Newer IOAs are only supported with IP, mostly but not limited to
    "IOP-less" IOAs.

    I/O Adapter?

    To enable "old" applications to talk to each other via APPC, IBM
    created Enterprise Extender, which is basically APPN over UDP.

    I thought — though I could easily be wrong — Enterprise Extender / APPN
    / APPC is more of an active participant in the SNA network.

    Likewise, I thought — … — that DLSw was a lower layer that avoided the SNA network layer. I similarly think that NetBIOS via NetBEUI can also
    work via DLSw, and that is decidedly NOT SNA.

    It should be possible to build a connection to a hierarchical SNA
    network, but without EE: I don't think EE can cope with non APPN
    connections.

    I need to do some more reading to figure out what SNAsw / AnyNet /
    Enterprise Extender / et al. are. I have a vague idea, but that's bad
    to make assumptions based on.

    I should also learn more about APPN vs APPC.

    zOS also knows about APPN, so maybe network both machines is easier
    than anticipated. Don't know which version is necessary, though. For
    older releases you maybe need a 37xx frontend controller. Same goes
    for EE (Enterprise Extender), which enables you to talk betwen IBM
    i and zOS without SNA frames but with IP as transport.

    I'm surprised that EE is /needed/ for contemporary IBM i and z/OS to
    talk to each other /without/ SNA.

    I naively assumed that they could talk /something/ IBM across IP without resorting to non-IBM things like FTP / SMTP / etc.

    As far as I understand, IBM i knows about APPC Controllers which
    reflect PU 2.1 network endpoints, and APPC Devices which are LU 6.2 endpoints. It's possible to create an APPC controller type "host"
    which I guess is the right PU type to get an hierarchical uplink
    to MVS/zOS. I don't know much about hierarchical SNA with numerous
    different PU and LU levels, though.

    I recognize many of those terms, but I don't yet understand them.

    Lots more learning to do.

    Not that I'm aware of. Maybe the newer 37xx frontend controllers can
    do that. I'm not aware of any HW support for IBM i.

    ACK

    I find "newer" in reference to 37xx Communications / Multiprotocol
    Controllers is somewhat funny. I believe that IBM stopped selling them
    back in the early 2000s and is now ending support for them. There is
    now apparently a product that runs on Linux on Z that has taken over
    much, but not all, of their functionality. ;-)

    I know that Cisco still supports numerous SNA features in IOS for
    "bigger" (aka: 19" rackmount) routers. 2600, 2800 and 2900 series
    come to mind. Also, old 4000, 4500 and 4700 can handle that but these
    draw about 60..70W depending on cards which is too much for my taste nowadays.

    I keep forgetting that Cisco has smaller things that aren't (readily)
    rack mountable. I'm used to 1U Cisco / Juniper gear being small. My
    employer has some Cisco & Juniper gear that is taller than I am and
    draws multiple kW of power and puts out comparable BTUs of heat.

    I've been running IBM i 7.2 connected via EE to a 2901 with SNAsw
    over an IPSEC VPN.

    Please wait a moment. I want to make sure that I correctly understand
    what you're saying.

    You are running EE, on IBM i v2r2, and it is connected to a Cisco 2901
    router with SNAsw software? (This traffic also happens to be over an
    IPsec VPN.)

    Please clarify what the purpose of having EE connect to SNAsw on the
    2901 is.

    This 2901 had a Virtual Token Ring Interface (as a second SNAsw port)
    bridged to a 2613 with a real Token Ring Interface connected to a
    9401-150.

    (I think) I get the Virtual Token Ring in the 2901. But how are you
    bridging / connecting that vTR to a 2613 with a real Token Ring?

    Where the 2613 is physically connected via MAU to a 9401-150.

    Am I unpacking that correctly?

    What is the physical connection and line protocol between the 2901 and
    the 2613?

    Am I correct in assuming that the 2901 doesn't have a physical Token
    Ring interface? And that the 2613 doesn't have the SNAsw software /
    feature? Thus you need to combine the 2901 and 2613 to get the solution
    you need?

    It ran basically, I could do aping but it wasn't simply possible to
    transfer data: The connection would hang. It feels like an MTU issue
    but I couldn't get a grip on it.

    Ya. Just a little bit of room for problems there.

    I was trying to get rid of the 2613 in the row and now I have a name resolution problem. The v7.1 box can aping the router. The 150 can
    aping the router. Both IBMs can't aping each other.

    :-(

    I was trying to switch roles of both machines to EN, NN, BEX, tried
    dynamic and static configuration on the 2901. No avail. I have no
    clue what I'm doing wrong. This might also be due to I really don't understand what exactly BEX is supposed to do.

    aping / EN / NN / BEX are all new terms to me.

    Earlier I was experimenting with IBM i 7.2 connected to a local 2901
    via EE running SNAsw. This one was connected to two other 2901 via
    IPSEC VPN and all of them had Virtual Token Ring Interfaces with RSRB
    (Remote Source Route Bridging). Code seems to be mostly untested
    because randomly the 2901 would simply halt. Not crash and do an
    automatic reload. No. Just halt. Please power cycle to make them
    behave. Thanks. Still didn't have the time to rebuild that scenario
    and bug Cisco with a TAC about that. I wonder if they still have
    programmers who know about SNA. :-)

    Ya. I'm finding that features that might have been more common in the
    '90s are are now largely unused, so bugs have found their way into new code.

    I think that's the main reason for it to exist.

    Is there not an IP based way to do these connections? Or is EE the
    intended method?

    Encapsulating something, SNA, in another protocol, UDP/IP, seems like a
    bit of a kludge to me. I would have really expected something more
    native to exist. Like TN3270 / TN5250 vs SNA over 802.2 LLC w/ SNAP.

    Yes, that is exactly what I was talking about "SNA frames directly
    on Ethernet SNAP". See above: Depends on your available IOA.

    Okay.

    I think we may be talking past each other.

    I get the SNA support as in 802.2 LLC w/ SNAP. But to me, DLSw is
    something different.

    My understanding is that DLSw is a way for devices; Cisco routers,
    servers, etc., to be able to take 802.2 LLC w/ SNAP frames, encapsulate
    them in TCP/IP to send them to a counterpart, where they are
    decapsulated and sent back out as the 802.2 LLC w/ SNAP on the other
    side. Thus DLSw is being used to bridge the separate 802.2 LLC w/ SNAP
    LANs across an IP only intermediate connection.

    If IBM i can act as a DLSw endpoint, then I'd think that you could use a (Cisco) device as a DLSw bridge to get the SNA traffic into the new
    Gigabit Ethernet interface as IP traffic. Then IBM i would decapsulate
    it and deal with it as SNA. Thus bridging the SNA / 802.2 LLC w/ SNAP
    on one side through the IP only Gigabit Ethernet interface, into IBM i.

    Maybe. Or so I was wondering.

    Nope. DLSw is achieving something *similar* to EE but is in fact
    not compatible with EE.

    I agree that DLSw is not compatible with EE, and that they both do
    something similar.

    SNAsw is what you're looking for in Cisco gear. (Don't know the
    Juniper stuff.) You can define multiple "ports", bound directly to
    L3 interfaces or an UDP port on any L3 interface with an IP address
    (for EE). It's not a dumb bridge but a complete APPN implementation
    for accepting and forwarding APPC sessions, do prevent broadcast
    traffic over dumb bridges packing VPN links tight.

    Some quick Googleing makes me think that SNAsw is Cisco's counterpart to
    IBM's EE. Thus SNAsw and EE can talk to each other.

    Thanks. I'm doing this for ages. :-) I've been tinkering with a lot
    of different systems until I got bored with them. I'm not yet bored
    with the IBM stuff. ;-)

    I get it.

    I'm looking at Mainframe b/c I'm bored with much of the Windows / Linux
    / (some) Unix world. There's OS/2 (et al.) and NetWare too. Mostly
    things that run on PCs.

    No problem. In fact, after knowing the AS/400 relatively well and
    with increasing knowledge in MVS, I've come to the conclusion that the
    AS/400 could have been the "next" mainframe platform. If IBM marketing
    would have done it right.

    Maybe.

    I think there is much to be said for compatibility to run software from
    50 years ago on current machines. Maybe AS/400 can also run that
    software. My ignorance of such a feature doesn't preclude it from existing.

    I agree that the AS/400 is like Mainframe 2.0. I just don't know if the compatibility is there to make the user base happy.

    OS/400 feels much more engineered in one go. Smoother in a way. More
    logical when working with it. MVS feels like numerous independent stuff
    has been added over time but never really tightly integrated. HASP,
    RACF, CICS come to mind. Of course a lot of backwards compatibility
    needs limit actual possibilities to integrate stuff more smoothly.

    Not only is the underlying technology a concern, but you need to make
    sure that the concepts are close enough to keep the people using and administering them happy.

    If you know about files and members in MVS, you'll feel
    mostly at home in IBM i also.

    I know some about (Partitioned) Data Sets. I'm sort of explaining PDSs
    to others as something akin to a zip file that you files (not
    directories) into. And that the mainframe has a collection of these
    (and other) files. There really isn't any hierarchy to them like people
    are used to on PCs. (I'm ignoring HFS for USS for now.)

    The archives (data sets) are named with some guidelines to make things
    easier, but they are really in a flat grouping.

    At least that's my current working understanding.

    If you know about the basics of 3270-forms-press-enter-to-send,
    you'll be at home with 5250 AS/400 display files.

    I use (TN)3270 (emulators) and know some fundamentals but no real
    details. I've been likening them to an HTML form. You fill things in,
    there may be hidden fields, some of which have security implications,
    and you "Submit" (Enter) when you are done.

    A lot of my affection for OS/400 stems from my earlier struggles to
    have some Curses frontends for MySQLish tasks on Linux. Curses and
    cursing sounds similar and I'm convinced not by chance.

    ~chuckle~

    The joke about BSD and LSD coming out of Berkley comes to mind.

    Comparing that labor with creating a phsyical file, a display file
    and a more or less "intelligent" driver to copy data back and forth
    between these two is just marvellous.

    ~chuckle~

    Maybe you want to have a look at https://try-as400.pocnet.net for a
    start. I'm also glad to have people helping extend that Wiki.

    I'll check that out.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dr.UgoGagliardelli@21:1/5 to All on Thu Dec 5 07:35:13 2019
    Il 05.12.2019 01.00, Grant Taylor ha scritto:
    On 12/4/19 3:00 PM, poc@pocnet.net wrote:
    No problem. I also started as a noob about 10 years ago, but I'm
    primarily interested in this platform for hobbyist purposes.

    I am interested in System/36 (?) / AS/400 / IBM i but I've not scratched
    that itch yet.  (Was System/36 the 3x model that proceeded the AS/400?
    Or was it 32 or 34?)

    It's true that the as/400 was released with a S/36 environment, but the
    real inheritance comes from S/38.

    [...]

    zOS also knows about APPN, so maybe network both machines is easier
    than anticipated. Don't know which version is necessary, though. For
    older releases you maybe need a 37xx frontend controller. Same goes
    for EE (Enterprise Extender), which enables you to talk betwen IBM i
    and zOS without SNA frames but with IP as transport.

    I'm surprised that EE is /needed/ for contemporary IBM i and z/OS to
    talk to each other /without/ SNA.

    If you don't need SNA thus you don't need EE, assuming that tne network
    is TCP/IP based. Both i and z/os support socket based application.
    APPC over TCP is indeed a socket based application, that's supported
    also by newere IBM i, what I don't know is whether it's also supported
    by z/os.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to Grant Taylor on Thu Dec 5 12:27:18 2019
    First, let me explain that I try to shorten the communications by omitting stuff where I don't see need to comment on.


    Grant Taylor <gtaylor@tnetconsulting.net> wrote:

    No problem. I also started as a noob about 10 years ago, but I'm
    primarily interested in this platform for hobbyist purposes.
    I am interested in System/36 (?) / AS/400 / IBM i but I've not scratched
    that itch yet. (Was System/36 the 3x model that proceeded the AS/400?
    Or was it 32 or 34?)

    Nope, it was S/38, as Dr.UgoGagliardelli already pointed out. Have a look at Wikipedia in regard to that. The articles on all-things-computer are mostly very extensive and fulfilling knowledge needs.

    I get the impression that we might have more to talk about, but comp.sys.ibm.as400.misc might not be the best venue. ;-)

    You're right. I'm not sure where to split, though. I guess talk about SNA and how to network *may* be interesting in here for others, too. Even for bein archived and searched up later.

    Is your email valid?

    Yes.

    What the network adapters are actually doing. I'm wondering if the 2838
    only supports things via 802.2 LLC w/ SNAP, thus can do SNA directly,
    and the Gigabit Adapter only supports Ethernet II used by the rest of
    the world for TCP/IP over Ethernet.

    You got me. :-) I'm not all too much into details here. I also remember the confusion by Novell naming a proprietary framing format like the official IEEE one.

    Allow me to clarify: The 2838 IOA can talk both IP *and* "native SNA"
    (directly on Ethernet).

    Also, to correct a former error of myself: This adapter supports Ethernet standards 802.3 and Ethernet II. I think, SNAP was used on Token Ring, maybe I confused that. Sorry for that!

    I assume that you're talking about Ethernet as I think that Gigabit Token Ring never got out of the lab.

    Assumption correct. Besides that, I find 100M Token Ring boring: It's running in full-duplex-mode and needs an active component on the other end (no more simple MAU). I hope I'm remembering right. So the most interesting part part compared to initial Thick- or Thin- or Hub-based Ethernet is negated: No CSMA/CD but everybody please talk in an orderly fashion. 100M TR and
    "switched" Ethernet are just mere point to point links and so it's no
    emotional struggle for me to just use Ethernet, then. :-)

    Sorry, too much time spent pontificating Ethernet II / 802.3 "Raw" /
    802.2 "LLC" / (802.2 LLC w/) "SNAP" Ethernet frame format (as NetWare
    calls them).

    Aah, the good old days. ;-) I'm still running a heavily bugfix-NLM-loaded 3.12 on my ESXi. When I'll feel bored in the distant future, I want to have a look into Netware for SAA.

    Meanwhile, this is mostly serving stuff for an old 386 running DOS (mainly for EPROM burner) and older Macs, via AppleTalk. Novell had the fastest
    transfer rates on a 486DX2 compared to File Sharing in 68040 based Macs and Windows NT Services for Macintosh on the same 486. :-)

    The DOS box is attached to Token Ring, the mentioned 2613 routes between Ethernet and Ring. IP, IPX and AppleTalk. Maybe somewhat later I'll also do DECNET but that's on my list for when I'll be bored with the IBM stuff. ;-)

    I also learned that despite Cisco claiming "not supported", if you add a
    simple Fast Ethernet Network Module to the 2613 (must be one WITHOUT WIC slots), it's indeed supported and running fine. So I'm getting the real 16M Ring performance, without 10M Ethernet being a bottleneck!

    I recently learned that what OS/2 calls "802.3" in the
    TCP/IP Configuration is really 802.2 LLC w/ SNAP. So this all ties in together.

    Now, I'm confused. :-) Novell called SNAP an additional frame format besides 802.2 (which is "true" 802.3). Hmm. Maybe I need to re-read a bit and refresh my memories over the weekend.

    Side question: Do you know what frame format was used for TCP/IP on the 2838? Was it also 802.2 LLC w/ SNAP?

    I think it's Ethernet II. I once remember to set support from default (both)
    to Ethernet II only and so I wasn't able to talk SNA on Ethernet directly anymore. IP worked, though.

    At least with V4R5 you can't change the setting in the line description once set. You need to vary off, delete and recreate the line desc.

    Sounds reasonable. Congrats to your P/390-E. I envy you a bit. But
    not if I think about the power dissipation. ;-)
    Thank you. The wonderful thing about the P/390-E is that it's a PCI
    card that you put in a normal PC running OS/2 Warp or an RS/600 running
    AIX. So, it doesn't have NEARLY the power draw that traditional IBM mainframes have.

    I know. :-) And you maybe have the additional benefit that you can utilize
    OS/2 as an integrated Service Element to IPL the board. :-)

    IBM i knows about SNADST and also has RJE (Remote Job Entry) available
    for sending batch jobs and data back and forth between IBM i and
    MVS/zOS.
    I'm not familiar with SNADST.

    If you remember UUCP, you'll be very familiar with SNADST.

    I know of RJE and NJE. I'm not sure what the underlying technology differences are between the two. It's on my list to learn.

    Never heard of NJE. RJE is the IBM i part and JES2 the zOS part of these two talking together.

    Can't do that with Hercules, which emulates communication lines via
    TCP ports.
    Ya. Hercules purportedly doesn't currently support SNA. I think that
    means that it doesn't support 802.2 LLC w/ SNAP.

    As far as I'm aware, MVS 3.8j simply doesn't know about the OSA, Hercules is emulating. That old MVS is relying on an old 37xx to do the network processing stuff. Hercules 4 has some limited support for an emulated 37xx but according to J?rgen Winkelmann (TK4- maintainer). Code is said to be somewhat cude and support is limited to SNA attached 3270 terminals. All virtual within
    Hercules. Maybe it *is* possible to have Hercules talk SNA over 802.2 with newer MVS or zOS releases which support the OSA.

    Newer IOAs are only supported with IP, mostly but not limited to
    "IOP-less" IOAs.
    I/O Adapter?

    Yes. The AS/400 inherited part of the concept of I/O handling from the
    IBM 360/370: There are IOAs which provide physical attachment from the system bus to devices like hard disks, network, serial lines, etc. On older hardware, these IOAs were always driven by an I/O-Processor (IOP).

    Usually, the system board contained one PPC Chip with RAM and whatnot to support basic IOAs like SCSI and Twinax to have the machine successfully IPL and be able to talk to console.

    "Larger" boxes like the 9406-600 or anything in a similar case had one dedicated slot to put an additional IOP board driving the four immediate adjacent PCI slots to that slot. Newer machines like the 800 utilize a PCI based IOP. For all these reasons, just plugging some cards somewhere and
    hoping it will work most likely doesn't yield the expected results. :-)

    See the System Builder PDFs on the IBM Website for more details.

    I thought though I could easily be wrong Enterprise Extender / APPN
    / APPC is more of an active participant in the SNA network.

    To clarify:

    EE is "just" an encapsulation into UDP, to create virtual "SNA" Point to Point links.

    APPN (Advanced Peer to Peer Networking) is a protocol enhancement from IBM to lessen configuration labor in comparison to previous (hierarchical) SNA networks. It's somewhat similar to the IP layer, but including name resolution.

    APPC (Advanced Program to Program Communications) can be roughly seen as an equivalent to sockets in IP networking.

    Likewise, I thought that DLSw was a lower layer that avoided the
    SNA network layer.

    Cisco DLSw+ is a generic way to move LLC based (unroutable) protocols like "direct" SNA Frames and NetBEUI (NetBIOS Frames) over an IP backbone.

    See "Bridging and IBM Networking Configuration Guide" from Cisco. Very extensive!

    I similarly think that NetBIOS via NetBEUI can also work via DLSw, and that is decidedly NOT SNA.

    Yes, you're right. See above.

    I need to do some more reading to figure out what SNAsw / AnyNet /
    Enterprise Extender / et al. are. I have a vague idea, but that's bad
    to make assumptions based on.
    I should also learn more about APPN vs APPC.

    I support that decision. :-)

    Make heavy use of Wikipedia, that helped me a lot.

    zOS also knows about APPN, so maybe network both machines is easier
    than anticipated. Don't know which version is necessary, though. For
    older releases you maybe need a 37xx frontend controller. Same goes
    for EE (Enterprise Extender), which enables you to talk betwen IBM
    i and zOS without SNA frames but with IP as transport.
    I'm surprised that EE is /needed/ for contemporary IBM i and z/OS to
    talk to each other /without/ SNA.

    See comment from Dr.UgoGagliardelli.

    Besides, EE is part of SNA (as a collection of protocol descriptions).

    I naively assumed that they could talk /something/ IBM across IP without resorting to non-IBM things like FTP / SMTP / etc.

    Yes, and that something exactly *is* EE.

    As far as I understand, IBM i knows about APPC Controllers which
    reflect PU 2.1 network endpoints, and APPC Devices which are LU 6.2
    endpoints. It's possible to create an APPC controller type "host"
    which I guess is the right PU type to get an hierarchical uplink
    to MVS/zOS. I don't know much about hierarchical SNA with numerous
    different PU and LU levels, though.

    I recognize many of those terms, but I don't yet understand them.

    Lots more learning to do.

    I've gone through the same. Sorry to have overwhelmed you with IBM-technobabble. Please read the Wikipedia article about SNA to get a basic understanding of terms. In short:

    PU (Physical Unit) is a term I'd translate into "the networking stack in a hardware device" while as LU (Logical Unit) is to me something like Sockets in the IP world.

    APPC and APPN: See above.

    I find "newer" in reference to 37xx Communications / Multiprotocol Controllers is somewhat funny.

    Being used how crazy the invention-obsolescence-wheel is spinning in the PC world: Yes, it is. Clocks in the Mainframe and Midrange Worlds from IBM tick
    at a fraction of that. End result: Mainframes and AS/400's are old and
    outdated stuff to those who keep the wheel spinning at it's incredible speed. The guys who administer the IBM boxes are used to keep availability and performance at premium. Having the lastest and greates features and invention in "regular" computing is most often just not necessary.

    I believe that IBM stopped selling them back in the early 2000s and is now ending support for them. There is now apparently a product that runs on Linux on Z that has taken over much, but not all, of their functionality.
    ;-)

    Yap. But this could just to because the newer z's now have proper network adapter hardware.

    Did you know that Cisco once had a CIP for some enterprise class routers, to allow IOS to to some stuff the 37xx normally do? :-)

    You are running EE, on IBM i v2r2, and it is connected to a Cisco 2901
    router with SNAsw software?

    Yes. 7.2 but yes.

    Please clarify what the purpose of having EE connect to SNAsw on the 2901
    is.

    I want to use the 2901 as a translation device between EE (which is the only protocol/encapsulation I can use with 7.2 on the 8203-Hardware without adding further hardware) and 802.2 SNA on Ethernet.

    This 2901 had a Virtual Token Ring Interface (as a second SNAsw port)
    bridged to a 2613 with a real Token Ring Interface connected to a
    9401-150.
    (I think) I get the Virtual Token Ring in the 2901. But how are you
    bridging / connecting that vTR to a 2613 with a real Token Ring?

    Both the 2901 and the 2613 are connected to a common Ethernet segment. Sorry for leaving that out.

    Where the 2613 is physically connected via MAU to a 9401-150.
    Am I unpacking that correctly?

    So far: Yes.

    What is the physical connection and line protocol between the 2901 and
    the 2613?

    Basically Fast- and Gigabit Ethernet, see above. I don't know about exact
    frame formats, though. But it doesn't matter, since direct SNA frames are not involved.

    Am I correct in assuming that the 2901 doesn't have a physical Token
    Ring interface?

    Yes. I fact, the old NM-1E1R2W aren't supported in 2800 and 2900 routers anymore.

    And that the 2613 doesn't have the SNAsw software / feature?

    Also: Yes. Cleverly deducted! There's no IOS Image with SNA support *and* "Desktop protocol" support (IPX, AppleTalk). But (R)SRB is supported with the Desktop-Image.

    Thus you need to combine the 2901 and 2613 to get the solution you need?

    Exactly!

    Ya. I'm finding that features that might have been more common in the '90s are are now largely unused, so bugs have found their way into new code.

    I'm not sure. I think that code haven't been touched in ages and also testing could have been somewhat limited, for whatever reason. Maybe some scenarios I tried out were just uncommon.

    Is there not an IP based way to do these connections? Or is EE the intended method?

    The latter is true, I think.

    Encapsulating something, SNA, in another protocol, UDP/IP, seems like a
    bit of a kludge to me. I would have really expected something more
    native to exist. Like TN3270 / TN5250 vs SNA over 802.2 LLC w/ SNAP.

    Try to put the invention of EE into context of the 1990's. IP was "suddenly" some kind of lingua franca for machines normally talking each manufacturer's proprietary implementation of the OSI model. SNA and separate leased lines to support just SNA traffic over SDLC was on the decline. Bosses were arguing that having two separate leased lines for "just" terminals somewhere and also supporting eMail (Pop3, SMTP) is too expensive. Cisco collaborated with IBM to create solutions and I'm not quite sure if EE was indeed done by IBM
    *together* with Cisco.

    So, yes, it was a kludge but a less ugly one compared what we're facing today in enterprise networking. Have a look at Ivan Pepelnjak's blog (https://blog.ipspace.net) and archived articles there for some ugly insights.

    IBM created AnyNet to encapsulate "any" of SNA, IP and IPX into each other for WAN transport over just one leased line. But it was ugly to configure (you had to "fake" hostnames in ibm.com namespace to utilize IP transport) and it also wasn't very good in handling outages of connections between two machines. Often, there was need to manually vary off/on controller descriptions on both sides to make the connection work again.

    On a side note, Apple also was Collaborating with IBM at the beginning of the 1990's, at the advent of System 7. They tasked Orion software to create a
    piece of Mac Software called SNA.ps to encapsulate APPC sessions (not APPN traffic!) into AppleTalk with accompanying 3270- and 5250 terminal emulators and printer session support. The SNA-Part of that software ran on a separate 68000 CPU on the Token Ring/Serial/Coax NuBus Card for these old Macs. There also were API linkable libraries and header files to do your own client. Totally crazy! I was searching for *years* for that software and got hold of
    it just about 2 years ago. :-)

    On a side note to the side note, did you ever hear about DAL (Data Access Language)? Also a brainchild of the said collaboration. Kind of a predecessor to ODBC, but done right: The translator is on the host, not on the client.
    I haven't found the server side stuff (OS/400) yet.

    I think we may be talking past each other.

    Unfortunately, that's really easy to achieve. :-/

    I get the SNA support as in 802.2 LLC w/ SNAP. But to me, DLSw is something different.

    Yes, it is. DLSw(+) is a way to connect disadjacent nodes talking over 802.2 LLC.

    My understanding is that DLSw is a way for devices; Cisco routers,
    servers, etc., to be able to take 802.2 LLC w/ SNAP frames, encapsulate
    them in TCP/IP to send them to a counterpart, where they are
    decapsulated and sent back out as the 802.2 LLC w/ SNAP on the other
    side. Thus DLSw is being used to bridge the separate 802.2 LLC w/ SNAP
    LANs across an IP only intermediate connection.

    As far as I'm aware: Correct. AFAIR this capability is *not* built into IBM i nor zOS but just Cisco IOS (and maybe Juniper).

    If IBM i can act as a DLSw endpoint, then I'd think that you could use a (Cisco) device as a DLSw bridge to get the SNA traffic into the new
    Gigabit Ethernet interface as IP traffic.

    Since this "if" evaluates to "false": Nope. :-)

    Some quick Googleing makes me think that SNAsw is Cisco's counterpart to IBM's EE. Thus SNAsw and EE can talk to each other.

    In a way it is. But SNAsw can do more than EE. EE is a transport facility. SNAsw can be seen as an (APPC) session router: It terminates a LU-LU session from one node and forwards that session to the destination PU. Roughly, it's a bit like a TCP proxy (as found in Xinetd).

    I'm looking at Mainframe b/c I'm bored with much of the Windows / Linux
    / (some) Unix world. There's OS/2 (et al.) and NetWare too. Mostly
    things that run on PCs.

    I've never done Windows in a serious way. I grew up when PCs and Windows were an inferior "copy" of the Mac. :-) I never found interest in OS/2 but I really can't explain the "why". My first "look at this huge thing" experience at a former employer in the late 1990s with an old AS/400 B30 also triggered no further interest. Maybe I was just content mastering Linux, back then. :-)

    I did my first true network experiences with Netware, though. And Cheapernet.

    I think there is much to be said for compatibility to run software from
    50 years ago on current machines. Maybe AS/400 can also run that
    software. My ignorance of such a feature doesn't preclude it from existing.

    Maybe this ignorance also stems from the fact that the need to run such
    ancient stuff is rare to find. The more time passes, the more rare it is.

    I agree that the AS/400 is like Mainframe 2.0. I just don't know if the compatibility is there to make the user base happy.

    There's no real compat to classical mainframe MVS. It's not even sufficient to "just recompile". 3270- and 5250 screen creation are completely different beasts. Interestingly, did a "CICS for AS/400" somewhen. Never saw it myself, though. Maybe it simply was too expensive and admins were reluctant to
    exchange the impressing huge S/370 with that tiny 9406-890 they don't know yet how to administer.

    Not only is the underlying technology a concern, but you need to make
    sure that the concepts are close enough to keep the people using and administering them happy.

    Good point!

    I know some about (Partitioned) Data Sets.

    That's the equivalent of having multiple members in physical files (aka: database files). There also are source physical files with a prefefined record format for text (source) files. Dunno if these are special on MVS, though.

    I'm sort of explaining PDSs to others as something akin to a zip file that you files (not directories) into.

    Similar to how I explain. I'm explaining with tar files, since zip usually compresses. :-) Also, members in a file share certain attributes such as
    record format.

    There really isn't any hierarchy to them like people are used to on PCs.
    The archives (data sets) are named with some guidelines to make things easier, but they are really in a flat grouping.

    Yes, I already observed in Hercules MVS. The AS/400 has kind of multiple filesystems, but the most important one knows about just Libraries (a one
    level deep virtual folder structure) and therein are other "objects", files, programs, etc.

    At least that's my current working understanding.

    Same here.

    I've been likening them to an HTML form.

    Also that's perfectly good. The only drawback is that there is no "Java
    Script" like in modern browsers. :-) So you're often limited when it comes to "making stuff feel more interactive". For me, this lack is not a restriction but a challenge. :-)

    Allow me to close with a big "thanks". It's been a while I had such an enjoyable conversation.

    :wq! PoC

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Dr.UgoGagliardelli on Thu Dec 5 19:07:53 2019
    On 12/4/19 11:35 PM, Dr.UgoGagliardelli wrote:
    It's true that the as/400 was released with a S/36 environment,
    but the real inheritance comes from S/38.

    Thank you for the clarification.

    I forgot about the System/38.

    If you don't need SNA thus you don't need EE, assuming that tne network
    is TCP/IP based. Both i and z/os support socket based application.

    Sure. Bit I was looking for something a bit less Open Systems, if you
    will, than FTP / Telnet. (More below.)

    APPC over TCP is indeed a socket based application, that's supported
    also by newere IBM i, what I don't know is whether it's also supported
    by z/os.

    This is more what I was thinking about and looking for. I don't know if APPC/TCP is supported by z/OS or not. I'll find out at some point in
    the future.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to poc@pocnet.net on Thu Dec 5 22:25:42 2019
    On 12/5/19 5:27 AM, poc@pocnet.net wrote:
    First, let me explain that I try to shorten the communications by
    omitting stuff where I don't see need to comment on.

    Fair enough.

    Sometimes I do, sometimes I don't. I'll try to make a point to do so.

    Nope, it was S/38, as Dr.UgoGagliardelli already pointed
    out. Have a look at Wikipedia in regard to that. The articles
    on all-things-computer are mostly very extensive and fulfilling
    knowledge needs.

    I view Wikipedia as a wonderful /initial/ source. I think it's great to
    get an introduction and summary of things to research and find more authoritative source. I know multiple people that don't consider
    Wikipedia to be an authoritative / primary source.

    You're right. I'm not sure where to split, though. I guess talk
    about SNA and how to network *may* be interesting in here for others,
    too. Even for bein archived and searched up later.

    I'm sort of inclined to keep discussing it here. At least until someone
    asks us to stop. Also, as long as we don't obfuscate our subject and /
    or alter Message-ID / References, people can ignore this (sub)thread.

    I vote ask for forgiveness, if necessary, instead of permission on this
    issue.

    Yes.

    :-)

    You got me. :-) I'm not all too much into details here. I also remember
    the confusion by Novell naming a proprietary framing format like the
    official IEEE one.

    Hum.

    Are you saying that what Novell calls 802.2 LLC is what the IEEE calls
    802.3?

    I'm used to 802.3 being a reference to Ethernet and / or Novell's use of
    raw Ethernet frames.

    Also, to correct a former error of myself: This adapter supports
    Ethernet standards 802.3 and Ethernet II.

    I think I'm being handicapped by Novell's terminology. (See Novell
    802.3 vs IEEE 802.3 above.)

    I think, SNAP was used on Token Ring, maybe I confused that. Sorry
    for that!

    I believe that TCP/IP on Token Ring (802.5) did in fact use 802.2 LLC w/
    SNAP frames.

    I also believe that IBM used 802.2 LLC w/ SNAP for TCP/IP on some
    Ethernet networks. Hence how TCP/IP in 802.2 LLC w/ SNAP frames could
    easily be bridged between Token Ring and Ethernet. The frame format was
    the same. (Admittedly, Token Ring had bigger MTU ~> frame support.)

    I am seeing TCP/IP in 802.2 LLC w/ SNAP Ethernet frames coming from my
    P/390-E. I'm currently using an OS/2 VM to route between TCP/IP in
    802.2 LLC w/ SNAP Ethernet frames to TCP/IP in Ethernet II frames for
    the rest of my network.

    It seems as if OS/2 refers to 802.2 LLC w/ SNAP as "IEEE 802.3" and
    Ethernet II as "DIX".

    I get the Digital Intel Xerox being Ethernet II. (I think Ethernet I
    was the 3 Mbps experimental Ethernet.) But "IEEE 802.3" vs "Novell
    802.3" is new to me. But this new information does make some things
    make a little bit more sense. Like AIX's "et" interfaces being "IEEE
    802.3" (802.2 LLC w/ SNAP) and "en" interfaces being "DIX" (Ethernet II).

    As I type this, I'm inclined to believe that "IEEE 802.3" ≠ "Novell 802.3".

    Like I said before, more questions.

    Assumption correct. Besides that, I find 100M Token Ring boring:
    It's running in full-duplex-mode and needs an active component on
    the other end (no more simple MAU). I hope I'm remembering right. So
    the most interesting part part compared to initial Thick- or Thin-
    or Hub-based Ethernet is negated: No CSMA/CD but everybody please
    talk in an orderly fashion. 100M TR and "switched" Ethernet are just
    mere point to point links and so it's no emotional struggle for me
    to just use Ethernet, then. :-)

    ~chuckle~

    That makes sense.

    Aah, the good old days. ;-) I'm still running a heavily
    bugfix-NLM-loaded 3.12 on my ESXi.

    Do you have a CPU Idle NLM? Or are you burning a core? I know that
    there are NWIdle.NLMs for NW4 & NW5. (I've used them.)

    When I'll feel bored in the distant future, I want to have a look
    into Netware for SAA.

    SAA?

    … Googling …

    Systems Application Architecture

    /me sighs heavily. Now I have something else to mess with.

    Thank you. :-)

    Meanwhile, this is mostly serving stuff for an old 386 running DOS
    (mainly for EPROM burner) and older Macs, via AppleTalk. Novell had the fastest transfer rates on a 486DX2 compared to File Sharing in 68040
    based Macs and Windows NT Services for Macintosh on the same 486. :-)

    I get it.

    I'm thinking seriously about putting a NetWare 4.x or 5.x online (it's
    what I know) using IPX for DOS / Windows 3.x / Windows 9x / DOSBox
    machines. (I'd probably use Ethernet II frame format or whatever IPX's
    default is for 802.5.)

    The DOS box is attached to Token Ring, the mentioned 2613 routes
    between Ethernet and Ring. IP, IPX and AppleTalk.

    :-)

    What Ethernet frame formats are you using for IPX on Ethernet?

    Maybe somewhat later I'll also do DECNET but that's on my list for
    when I'll be bored with the IBM stuff. ;-)

    I've dabbled with DECnet Phase IV but have thus far avoided Phase V
    (~OSI). I even got DECnet Phase IV working between Linux systems.

    I also learned that despite Cisco claiming "not supported", if you add
    a simple Fast Ethernet Network Module to the 2613 (must be one WITHOUT
    WIC slots), it's indeed supported and running fine. So I'm getting
    the real 16M Ring performance, without 10M Ethernet being a bottleneck!

    Nice!

    Ya, there's "supported" as in TAC will (would) hold your hand to
    configure something, and then there's "supported" as in it works?
    Great! #hazFun Read: TAC won't hold your hand.

    I'm contemplating using a NetWare box as a router between 16 Mbps Token
    Ring, 10 Mbps Thicknet (10Base5), and 100 Mbps Ethernet.

    I /might/ use a Cisco router for that. Especially if I need it for the
    DLSw+ and / or SNASw.

    Now, I'm confused. :-) Novell called SNAP an additional frame format
    besides 802.2 (which is "true" 802.3). Hmm. Maybe I need to re-read
    a bit and refresh my memories over the weekend.

    Ya. I'm confused too.

    I've spent a fair bit of time reading and re-reading this page:

    https://support.novell.com/techcenter/articles/ana19930905.html

    I'm aware of four Ethernet frame formats:

    *Ethernet II* a.k.a. Digital Intel Xerox (DIX) used by TCP/IP

    *802.3* a.k.a. raw only used by IPX

    *802.2* LLC can be used by a number of things

    802.2 LLC w/ *SNAP* is used by a number of things

    Asterisk / bolding around the NetWare names.

    I think it's Ethernet II. I once remember to set support from default
    (both) to Ethernet II only and so I wasn't able to talk SNA on Ethernet directly anymore. IP worked, though.

    That makes sense. Almost everything uses Ethernet II for TCP/IP on
    Ethernet. SNA needs 802.2 LLC w/ SNAP. So making the interface
    exclusively Ethernet II would be incompatible with SNA.

    At least with V4R5 you can't change the setting in the line description
    once set. You need to vary off, delete and recreate the line desc.

    Hum.

    I can STOP TCPIP (from the master console), modify the proper data set,
    and START TCPIP to change things like that. Granted, that doesn't mean
    that what I change them to will work.

    I know. :-) And you maybe have the additional benefit that you can
    utilize OS/2 as an integrated Service Element to IPL the board. :-)

    OS/2 (or AIX) is actually more critical than /just/ a Support Element.
    Drivers and applications emulate the rest of the mainframe hardware.
    The PCI card really is just thee S/390 CPU and memory.

    If you remember UUCP, you'll be very familiar with SNADST.

    I remember UUCP. I've configured a small UUCP network using SSH as a
    transport }:-) I've still got it configured on a couple of systems, but
    I'm not currently using it.

    Never heard of NJE.

    Network Job Entry.

    I don't know the particulars of it. I do know that a few other OSs
    supported NJE. I think that (Open)VMS had support for it. I'm not sure
    what else.

    I'm even more confused about thee differences between NJE and RJE after
    reading the first paragraph of this page:

    https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa800/j2nje.htm

    As far as I'm aware, MVS 3.8j simply doesn't know about the OSA,
    Hercules is emulating.

    I don't know.

    I'll just leave this here:

    MVS38j TCP/IP
    - http://cbttape.org/~jmorrison/mvs38j-ip/

    See "Bridging and IBM Networking Configuration Guide" from Cisco. Very extensive!

    I'll look that up.

    Besides, EE is part of SNA (as a collection of protocol descriptions).

    Yes, and that something exactly *is* EE.

    ACK

    I naively thought EE was an add-on and did not realize that it was more
    of a core component.

    I've gone through the same. Sorry to have overwhelmed you with IBM-technobabble. Please read the Wikipedia article about SNA to get
    a basic understanding of terms. In short:

    Apology returned to sender as unnecessary.

    I'm choosing to dive head first into the mainframe world. I expect to
    be overwhelmed with IBM-technobabble.

    The wonderful thing about email / newsgroups is that I can find
    previously unknown things that I need / want to learn about. Learn
    about them. Grow and learn new things based on them. :-)

    PU (Physical Unit) is a term I'd translate into "the networking stack
    in a hardware device" while as LU (Logical Unit) is to me something
    like Sockets in the IP world.

    Is it acceptable to (naively) equate PU to the lower layers of the OSI
    stack and LU to the upper layers of the OSI stack? - I won't even
    bother trying to define the transition point.

    Being used how crazy the invention-obsolescence-wheel is spinning
    in the PC world: Yes, it is. Clocks in the Mainframe and Midrange
    Worlds from IBM tick at a fraction of that. End result: Mainframes
    and AS/400's are old and outdated stuff to those who keep the wheel
    spinning at it's incredible speed.

    I agree.

    I was referring to the fact that IBM has discontinued sale of the 3745 &
    3746 and replaced them with Communications Controller for Linux (on Z).
    As in the mainframe speed wheel has replaced something. I think as of
    the early 2000s.

    The guys who administer the IBM boxes are used to keep availability
    and performance at premium. Having the lastest and greates features
    and invention in "regular" computing is most often just not necessary.

    I completely agree.

    My biggest reason for a contemporary PC is for better virtualization
    support so that I can play with operating systems from the '90s.

    Yap. But this could just to because the newer z's now have proper
    network adapter hardware.

    Hum.

    I'll have to pontificate what "proper network adapter" means,
    particularly what was improper / less proper than a LAN Channel Station
    or a channel attached 3172 (?) and the likes.

    Did you know that Cisco once had a CIP for some enterprise class
    routers, to allow IOS to to some stuff the 37xx normally do? :-)

    Yep. I think you can put a Channel Interface Processor in a Cisco 7000
    / 7500 series router. I think that @FaultyWarrior has one and is
    planning on hooking it up to his z890. He might need to go through an
    ESCON to Channel adapter to do so.

    Yes. 7.2 but yes.

    With EE being an integral component, this makes more sense.

    I want to use the 2901 as a translation device between EE (which is
    the only protocol/encapsulation I can use with 7.2 on the 8203-Hardware without adding further hardware) and 802.2 SNA on Ethernet.

    I figured that's what you were wanting to do.

    Both the 2901 and the 2613 are connected to a common Ethernet
    segment. Sorry for leaving that out.

    Thank you for clarifying.

    I'm trying to build a mental model and wondered what the link was that I
    knew existed.

    Basically Fast- and Gigabit Ethernet, see above. I don't know about
    exact frame formats, though.

    Fair enough.

    Since you "".

    But it doesn't matter, since direct SNA frames are not involved.

    This doesn't make sense to me. You recently stated "I want to use the
    2901 as a translation device between EE and 802.2 SNA on Ethernet."

    So, how are direct SNA frames not involved? Or are you saying that they
    aren't involved on the Gigabit Adapter?

    It seems to me like you have the following:

    IBM i w/ EE --- Gigabit Adapter --- EE encapsulated SNA --- 2901 w/
    SNASw --- SNA on Ethernet --- 2613 --- Token Ring --- SNA.

    Where did I go wrong?

    Yes. I fact, the old NM-1E1R2W aren't supported in 2800 and 2900
    routers anymore.

    I'm not surprised.

    I wonder if I'm going to be looking at a 3600 for some of the previously mentioned routing. (I think 2600 is fixed at one NM while some 3600s
    can take multiple.)

    Also: Yes. Cleverly deducted!

    :-)

    I'm trying to unpack things and learn vicariously through your efforts.

    I hope you don't mind.

    There's no IOS Image with SNA support *and* "Desktop protocol" support
    (IPX, AppleTalk). But (R)SRB is supported with the Desktop-Image.

    That's good to know. I may run into that very issue with a 2600 / 3600.

    So, are you using the (Remote) Source Route Bridging to craft (source
    route) SNA (802.2 LLC w/ SNAP) frames that come out of the SNASw and
    then get Route Bridged via the 2613?

    Somehow I was not aware that (R)SRB applied to Ethernet too. For some
    reason I thought it only applied to Token Ring. Maybe because that's
    the only context I've ever heard it discussed in.

    But, if it's applying to the SNA (802.2 LLC w/ SNAP) frames, I can see
    how it would be equally applicable to Token Ring and Ethernet and any
    other 802.2 compliant network. (FDDI?)

    Exactly!

    :-)

    I'm not sure. I think that code haven't been touched in ages and also
    testing could have been somewhat limited, for whatever reason. Maybe
    some scenarios I tried out were just uncommon.

    I'm of the opinion that a LOT of people only stuck with a few of the
    common known to work solutions and never really tried to make the
    systems do what they advertise they can do.

    The latter is true, I think.

    Noted.

    Try to put the invention of EE into context of the 1990's. IP was
    "suddenly" some kind of lingua franca for machines normally talking
    each manufacturer's proprietary implementation of the OSI model.

    Wasn't there a governmental mandate that computer systems be "Open" and
    able to communicate with other "Open" systems? As in "Open Systems Interconnection"?

    After reading the message I'm replying to, I wonder if the OSA gets it's
    name from the same "Open Systems" mentality.

    …I'm not quite sure if EE was indeed done by IBM *together*
    with Cisco.

    I wouldn't be surprised.

    So, yes, it was a kludge but a less ugly one compared what we're facing
    today in enterprise networking.

    I'm not sure /which/ particular kludge you're referring to. But Q-in-Q
    / VXLAN / Geneve / MPLS / etc. come to mind. How many different ways do
    we need to solve the same or very similar problems.

    Have a look at Ivan Pepelnjak's blog (https://blog.ipspace.net)
    and archived articles there for some ugly insights.

    I'm familiar with Ivan's work and periodically read his blog. I
    occasionally listen to Packet Pushers too. LOTS of good information.
    Much of it over my head and out of the realm of what I need or want to know.

    IBM created AnyNet to encapsulate "any" of SNA, IP and IPX into
    each other for WAN transport over just one leased line.

    For some reason I thought AnyNet encapsulated IP and / or IPX onto SNA.
    But I can't find what I was reading that gave me that impression.

    The only other protocol hybridization that I was aware of was Novell's
    TCP/IPX & UDP/IPX solution, and I think Apple has a TCP/DDP solution.

    But it was ugly to configure (you had to "fake" hostnames in ibm.com namespace to utilize IP transport) and it also wasn't very good
    in handling outages of connections between two machines. Often,
    there was need to manually vary off/on controller descriptions on
    both sides to make the connection work again.

    Yuck.

    On a side note, Apple also was Collaborating with IBM at the
    beginning of the 1990's, at the advent of System 7. They tasked
    Orion software to create a piece of Mac Software called SNA.ps to
    encapsulate APPC sessions (not APPN traffic!) into AppleTalk with accompanying 3270- and 5250 terminal emulators and printer session
    support. The SNA-Part of that software ran on a separate 68000 CPU on
    the Token Ring/Serial/Coax NuBus Card for these old Macs.

    Please clarify, was the Coax the coax that 3270 terminals used? Or was
    it Ethernet (10Base2)?

    Token Ring and 10Base2 Ethernet were common networks at the time. What
    I've learned from a friend is that it was common for Apple's & Macs to
    use serial as a daisy chain network. So, with that in mind, Token Ring
    / Serial / Coax (10Base2?) makes perfect sense.

    ... After thinking more, I'm now wondering if the serial was more like
    the serial for SDLC.

    Was this card meant to be used as a gateway for a network of Apples /
    Macs? Or was it meant as an interface for the computer that it was in?
    Much like the 3270 cards that you could get for PCs.

    There also were API linkable libraries and header files to do your
    own client. Totally crazy! I was searching for *years* for that
    software and got hold of it just about 2 years ago. :-)

    Nice!

    I'd love to get my hands on PROFS / OfficeVision, preferably for OS/390.

    On a side note to the side note, did you ever hear about DAL (Data
    Access Language)?

    Nope.

    $ReadingList++

    Also a brainchild of the said collaboration. Kind of a predecessor to
    ODBC, but done right: The translator is on the host, not on the client.
    I haven't found the server side stuff (OS/400) yet.

    Interesting.

    Aside: *Open* Database Connectivity. (Is this a case of everything
    looks like an "Open" nail while I'm holding an "Open" hammer?)

    Unfortunately, that's really easy to achieve. :-/

    <monotone>ya</monotone>

    As far as I'm aware: Correct. AFAIR this capability is *not* built
    into IBM i nor zOS but just Cisco IOS (and maybe Juniper).

    I went back and looked for documentation talking about it and I couldn't
    find anything specific talking about it on the host. So it may well be
    just on routers between the host and the SNA device.

    In a way it is. But SNAsw can do more than EE. EE is a transport
    facility. SNAsw can be seen as an (APPC) session router: It
    terminates a LU-LU session from one node and forwards that session
    to the destination PU. Roughly, it's a bit like a TCP proxy (as found
    in Xinetd).

    I like the TCP proxy analogy. That makes sense.

    My first "look at this huge thing" experience at a former employer
    in the late 1990s with an old AS/400 B30 also triggered no further
    interest. Maybe I was just content mastering Linux, back then. :-)

    Fair enough. The vast majority of the last 20 years of my career have
    been extremely Linux heavy with some other OSs thrown in on the side.
    Mainly what was necessary to make them play nice with Linux.

    I did my first true network experiences with Netware, though. And
    Cheapernet.

    I dabbled with 10Base2. I did get my hands on a 10Base5 segment with
    taps and transceivers. I just need AUI cables. Some, but not much,
    NetWare. Most of my interest in NetWare has been in the last five
    years, as I've been doing more retro-computing.

    Maybe this ignorance also stems from the fact that the need to run
    such ancient stuff is rare to find. The more time passes, the more
    rare it is.

    I largely agree.

    There's no real compat to classical mainframe MVS.

    It may largely be a perceived need being leveraged as a marketing ploy.

    It's not even sufficient to "just recompile". 3270- and 5250 screen
    creation are completely different beasts.
    I was referring to what ran on the 360 also ran on the 370 also ran on
    the 390 also ran on the z.

    I wasn't thinking about going from ES/9000 to AS/400.

    Interestingly, did a "CICS for AS/400" somewhen. Never saw it myself,
    though.

    I've seen, but can't find again, a lapel pin that is CICS on six (or
    eight?) platforms.

    Maybe it simply was too expensive and admins were reluctant to exchange
    the impressing huge S/370 with that tiny 9406-890 they don't know
    yet how to administer.

    Maybe. WAY TOO MANY people equate the physical size of the machine with capability.

    Good point!

    :-)

    That's the equivalent of having multiple members in physical files
    (aka: database files). There also are source physical files with a
    prefefined record format for text (source) files. Dunno if these are
    special on MVS, though.

    If I'm thinking of the correct thing, a file with defined fields in it,
    sort of tangentially like objects in OO programming; I think that
    (Open)VMS may have had something similar. But I'm not (yet) aware of
    anything like that on the mainframe.

    Similar to how I explain. I'm explaining with tar files, since
    zip usually compresses. :-) Also, members in a file share certain
    attributes such as record format.

    True!

    Though I don't think the people I've been explaining to would recognize
    tar, much less understand the difference.

    Yes, I already observed in Hercules MVS. The AS/400 has kind of
    multiple filesystems, but the most important one knows about just
    Libraries (a one level deep virtual folder structure) and therein
    are other "objects", files, programs, etc.

    Would you please elaborate on what you mean by multiple filesystems?

    How do you differentiate between them?

    Also that's perfectly good. The only drawback is that there is no
    "Java Script" like in modern browsers. :-) So you're often limited
    when it comes to "making stuff feel more interactive". For me, this
    lack is not a restriction but a challenge. :-)

    ~chuckle~ }:-)

    Allow me to close with a big "thanks". It's been a while I had such
    an enjoyable conversation.

    You're welcome.

    Thank you!

    I enjoy good technical conversations.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to Grant Taylor on Fri Dec 6 17:27:31 2019
    Grant Taylor <gtaylor@tnetconsulting.net> wrote:

    Sometimes I do, sometimes I don't. I'll try to make a point to do so.

    Do as you please. I just wanted to make you aware that I will do so.

    You're right. I'm not sure where to split, though. I guess talk
    about SNA and how to network *may* be interesting in here for others,
    too. Even for bein archived and searched up later.
    I'm sort of inclined to keep discussing it here. At least until someone
    asks us to stop. Also, as long as we don't obfuscate our subject and /
    or alter Message-ID / References, people can ignore this (sub)thread.

    I think alike.

    Are you saying that what Novell calls 802.2 LLC is what the IEEE calls
    802.3?

    AFAIR yes. To sound more official, Novell called their IPX-only framing 802.3 but in fact, it isn't the official 802.3.

    Also, to correct a former error of myself: This adapter supports
    Ethernet standards 802.3 and Ethernet II.
    I think I'm being handicapped by Novell's terminology. (See Novell
    802.3 vs IEEE 802.3 above.)

    Maybe, I'm, too.

    I think, SNAP was used on Token Ring, maybe I confused that. Sorry
    for that!
    I believe that TCP/IP on Token Ring (802.5) did in fact use 802.2 LLC w/
    SNAP frames.

    Honestly, I don't know which frame formats are defined for Token Ring at all. Unfortunately ESXi doesn't provide virtual Token Ring NICs. What a shame!

    I also believe that IBM used 802.2 LLC w/ SNAP for TCP/IP on some
    Ethernet networks. Hence how TCP/IP in 802.2 LLC w/ SNAP frames could
    easily be bridged between Token Ring and Ethernet. The frame format was
    the same. (Admittedly, Token Ring had bigger MTU ~> frame support.)

    Hmm. Honestly, I never thought about that. Using Linux, Cisco, Solaris, MacTCP, OpenVMS, OS/400, OS X (to name a few), it just works. On Ethernet as well as on Token Ring (if HW and driver support are available, though). The only think I had to cope with frame formats was Netware. For IP, I configured Ethernet II because I read that this one is "standard" for IP. I can't recall the source for that claim, though. Beware, it's ancient knowledge, I'm repeating here.

    Because of that difference in maximum MTUs, I'm reluctant to bridge in favor of routing. If it's possible, though.

    I am seeing TCP/IP in 802.2 LLC w/ SNAP Ethernet frames coming from my P/390-E. I'm currently using an OS/2 VM to route between TCP/IP in
    802.2 LLC w/ SNAP Ethernet frames to TCP/IP in Ethernet II frames for
    the rest of my network.

    Huh! This seems strange to me, Why would IBM do that? Thanks for implicitly confirming that EthII is the normal way to go.

    To throw in even more confusion, IBM i line descriptions have configurable
    SSAP values: 04 for SNA, C8 for HPR and 12 and AA for "non sna". This setting is essentially the same for TR and Ethernet.

    Reading https://en.wikipedia.org/wiki/IEEE_802.2, it seems that 0xAA defines the addition of a SNAP header ("Ethertype"), 0x4 is SNA path control. No more matches. I haven't found out what stuff is transferred in the SNAP prepended packets on IBM i, though.

    I get the Digital Intel Xerox being Ethernet II. (I think Ethernet I
    was the 3 Mbps experimental Ethernet.) But "IEEE 802.3" vs "Novell
    802.3" is new to me. But this new information does make some things
    make a little bit more sense. Like AIX's "et" interfaces being "IEEE
    802.3" (802.2 LLC w/ SNAP) and "en" interfaces being "DIX" (Ethernet II).

    As I type this, I'm inclined to believe that "IEEE 802.3" "Novell
    802.3".

    Like I said before, more questions.

    https://en.wikipedia.org/wiki/Ethernet_frame sheds some light. Maybe I
    confused 802.2 frame format with the 802.3 ethernet working group and also the 802.3 "dumb" format used by Netware.

    Aah, the good old days. ;-) I'm still running a heavily bugfix-NLM-loaded
    3.12 on my ESXi.
    Do you have a CPU Idle NLM? Or are you burning a core? I know that
    there are NWIdle.NLMs for NW4 & NW5. (I've used them.)

    Thanks for the hint. Yes, I searched and found a nw4-idle NLM which runs on 3.12. This breaks the cpu usage display on monitor.nlm, though and altough I never did precise measurements, I feel that transfers are slower with cpuidle. Maybe due to the cooperative multitasking scheme the server.exe kernel supports.

    Systems Application Architecture
    /me sighs heavily. Now I have something else to mess with.
    Thank you. :-)

    You're welcome. I love to inspire people. :-D

    ATM I don't run it but I have an old NT 4 Server running on my ESXi and MS SNA server on top of that. So I can do tn5250 => SNA server => Ethernet 802.2 => 9401-150. I can't prove it, I never measured but it feels screens appear a
    tiny but faster compared to tn5250 directly to the 150.

    Even if I'm wrong, the "why do you do that" can be answered almost anytime
    with "because I can".

    I'm thinking seriously about putting a NetWare 4.x or 5.x online (it's
    what I know) using IPX for DOS / Windows 3.x / Windows 9x / DOSBox
    machines.

    Let's say: It's of great help especially for any flavor of DOS on PCs. I never found enough patience to get a whole IP-with-NetBIOS running on DOS for directly accessing Samba shares. Netware is a good compromise, since it also can talk FTP and even NFS if one want's to do that.

    What Ethernet frame formats are you using for IPX on Ethernet?

    SNAP.

    Maybe somewhat later I'll also do DECNET but that's on my list for
    when I'll be bored with the IBM stuff. ;-)
    I've dabbled with DECnet Phase IV but have thus far avoided Phase V
    (~OSI). I even got DECnet Phase IV working between Linux systems.

    Nice! Never played with that and want to postpone until I start to seriously tinker with VMS.

    Btw., a few years ago I was thinking about adapting inetd to additionally support not just IP (and maybe IPv6) mit also AppleTalk sockets. I have a "Helios Terminal" application somewhere which would have been put to some use by that. After considering that afterwards, I'd probably started to crave for an FTP client for AppleTalk on old Macs, I tried to forget about that whole thing.

    Ya, there's "supported" as in TAC will (would) hold your hand to
    configure something, and then there's "supported" as in it works?
    Great! #hazFun Read: TAC won't hold your hand.

    Yes, I know.

    I'm contemplating using a NetWare box as a router between 16 Mbps Token
    Ring, 10 Mbps Thicknet (10Base5), and 100 Mbps Ethernet.

    Might draw considerable power and create more noise than possible otherwise. But would be really cool!

    I /might/ use a Cisco router for that. Especially if I need it for the
    DLSw+ and / or SNASw.

    Remember: If you're only into IP, no problem. If you want to support more protocols: I'm not sure if there once was an IOS image supporting SNA *and* desktop protocols.
    [...]
    Cisco Feature Navigator says, adventerprise *with* SNAsw images were available for 28[125]1, 38[24]5, 7200 and 7301 routers (12.4(24)T8). 12.4(15)T14 additionally was available for 2600XM and 2691 as well as 3660. AFAIR that one was the last image before Cisco decided to kick AppleTalk support from their entire IOS code base.

    Actually, I have a 3660 sitting around. That thing is drawing at least 40W
    from mains, while the 2613 just needs 17W.

    https://kb.pocnet.net/wiki/Modell?bersicht_Cisco_Router:3600er_Serie https://kb.pocnet.net/wiki/Modell?bersicht_Cisco_Router:2600er_Serie

    It's good to note things down.

    I'm aware of four Ethernet frame formats:

    *Ethernet II* a.k.a. Digital Intel Xerox (DIX) used by TCP/IP

    *802.3* a.k.a. raw only used by IPX

    *802.2* LLC can be used by a number of things

    802.2 LLC w/ *SNAP* is used by a number of things

    Yes, I can confirm that from memory. Plus, see above: SNAP is almost the same as 802.2.

    I can STOP TCPIP (from the master console), modify the proper data set,
    and START TCPIP to change things like that. Granted, that doesn't mean
    that what I change them to will work.

    Duh. I'm not deep enough into zOS to mess with that, ATM. IBM i is a bit different: There's ENDTCP and STRTCP but this doesn't vary off the line (eth, trn, whatever) to make changes in the according line description.

    I know. :-) And you maybe have the additional benefit that you can
    utilize OS/2 as an integrated Service Element to IPL the board. :-)
    OS/2 (or AIX) is actually more critical than /just/ a Support Element. Drivers and applications emulate the rest of the mainframe hardware.
    The PCI card really is just thee S/390 CPU and memory.

    Thanks for clarifying. I wasn't really aware.

    If you remember UUCP, you'll be very familiar with SNADST.
    I remember UUCP. I've configured a small UUCP network using SSH as a transport }:-)

    How did you set up ssh transport? I was reading about that and found a lot of people put considerable effort to first creating a TCP tunnel with and ssh connection and then run uucp over tcp through that tunnel. Since I know that UUCP can also be used with stdin/stdout, there's no need to pre-establish a
    ssh session. Just create a new port definition type "pipe" in port and there you go.

    <https://kb.pocnet.net/wiki/UUCP-Mail-News-FAQ#UUCP_ist_ein_Klartextprotokoll._Was_ist_mit_der_Security.3F>

    I think you can guess stuff without need to translate from German.

    I've still got it configured on a couple of systems, but
    I'm not currently using it.

    Hah! Same here. Sometimes I'm using UUCP to actually copy files when a source can't reach the destination directly with ssh (scp).

    I'm even more confused about thee differences between NJE and RJE after reading the first paragraph of this page:

    https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa800/j2nje.htm

    Hm. It helped me to understand what NJE does. But yes, after thinking a bit more, I'm also somewhat confused. Maybe N is not only for network but also for new? I *guess* that RJE is a kludge to misuse a terminal line for remote job entry while NJE utilizes network protocols more directly and eliminates the terminal line stuff.

    MVS38j TCP/IP
    - http://cbttape.org/~jmorrison/mvs38j-ip/

    I know that something like that exists. AFAIK it's not yet incorporated into TK4- and while it's nice to have a way to load stuff directly into a DS via FTP, there is still the emulated card reader which does about the same. More slow and with some preparation necessary, though. ;-)

    I naively thought EE was an add-on and did not realize that it was more
    of a core component.

    On newer hardware, you'll have no other chance to get SNA in/out thru a NIC (IOA). On these, EE is the only way without trying to plug older cards with
    OS support for SNA on 802.2.

    On older machines, with the proper NICs (IOAs), one can do very well without EE.

    The interesting part starts when it comes to network an old machine (OS release, to be precise) who doesn't know about EE to a newer machine who's hardware doesn't support SNA on 802.2 but runs an OS release with EE.

    That's what I want to accomplish with my Cisco gear in the long run. Earlier, there has been a second 150 at a friends location but somehow he's not using
    it anymore, so no need create a more-complex-than-necessary scenario with bridging.

    I've gone through the same. Sorry to have overwhelmed you with
    IBM-technobabble. Please read the Wikipedia article about SNA to get
    a basic understanding of terms. In short:
    Apology returned to sender as unnecessary.

    Noted. :-)

    The wonderful thing about email / newsgroups is that I can find
    previously unknown things that I need / want to learn about. Learn
    about them. Grow and learn new things based on them. :-)

    That's true. You're probably thinking about Netware for SAA? ;-)

    PU (Physical Unit) is a term I'd translate into "the networking stack
    in a hardware device" while as LU (Logical Unit) is to me something
    like Sockets in the IP world.
    Is it acceptable to (naively) equate PU to the lower layers of the OSI
    stack and LU to the upper layers of the OSI stack? - I won't even
    bother trying to define the transition point.

    Same here. Thus I prefer my (more vague) analogy. If you take a look at the mountains of documentation from IBM regarding SNA, maybe you'll come to a similar conclusion, until you've actually climbed these mountains. I didn't.

    I was referring to the fact that IBM has discontinued sale of the 3745 &
    3746 and replaced them with Communications Controller for Linux (on Z).

    Yes. Btw., a very special way of copy protection, since source code isn't available and binaries are for 390 instruction set.

    As in the mainframe speed wheel has replaced something. I think as of
    the early 2000s.

    Now I understand. Okay, maybe the wheel doesn't spin *that* slow. IBM i
    learned to cope with XML data a while ago, wwhen it was still called i5/OS and I guess some zOS facilities, too.

    My biggest reason for a contemporary PC is for better virtualization
    support so that I can play with operating systems from the '90s.

    Perfectly valid reason. For me, I'd add:
    - Less electrical power needed,
    - much easier to handle than anything LPAR on anyhing IBM. :-)

    I'll have to pontificate what "proper network adapter" means,
    particularly what was improper / less proper than a LAN Channel Station
    or a channel attached 3172 (?) and the likes.

    Ethernet or Token Ring. Sorry if I was too unspecific. I'm not sure that exactly Hercules supports. Looking at this one: <https://hercules-390.github.io/html/herctcp.html>
    it seems, it's not a real Ethernet Adapter.

    Since I never tried to run Linux for z on Hercules, I'm really out of
    knowledge here.

    More reading here: <https://github.com/hercules-390/hyperion/wiki/Network-access-for-operating-systems-running-on-Hercules>

    Yep. I think you can put a Channel Interface Processor in a Cisco 7000
    / 7500 series router. I think that @FaultyWarrior has one and is
    planning on hooking it up to his z890. He might need to go through an
    ESCON to Channel adapter to do so.

    Now *that* is some cool stuff! But I don't want to know how much Watts the 890 eats up. Maybe in winter, there's no additional heating necessary to keep the house warm.

    But it doesn't matter, since direct SNA frames are not involved.

    This doesn't make sense to me. You recently stated "I want to use the
    2901 as a translation device between EE and 802.2 SNA on Ethernet."

    So, how are direct SNA frames not involved? Or are you saying that they aren't involved on the Gigabit Adapter?

    Yes, because the Gbit adapter just transfers EE which in reality is UDP over IP.

    It seems to me like you have the following:

    IBM i w/ EE --- Gigabit Adapter --- EE encapsulated SNA --- 2901 w/
    SNASw --- SNA on Ethernet --- 2613 --- Token Ring --- SNA.

    Please extend with "9401-150 via 2724 Token Ring IOA". For the rest: Correct. Sorry if I've been ambigous.

    The 150 not incorporates a 2723 (10M Ethernet IOA) to connect to the same physical Ethernet segment as the 2613. New layout:

    IBM i w/ EE --- Gigabit Adapter --- EE encapsulated SNA --- 2901 w/
    SNASw --- SNA on Ethernet --- 9401-150 with 2723.

    Where did I go wrong?

    So far, nowhere.

    I wonder if I'm going to be looking at a 3600 for some of the previously mentioned routing. (I think 2600 is fixed at one NM while some 3600s
    can take multiple.)

    Yes, you're right. But honestly, how many interfaces do you need? I'm content with the three of the 2613: NM-1FE to the "backbone", onboard TR for the sole ring in the house, onboard 10M Ethernet for the LocalTalk to Ethernet Bridge.

    (Connecting the bridge to the backbone ethernet segment reglarly made the bridge crash. After connecting it to a dedicated port on the 2613 with only AppleTalk configured, the problem has vanished. Maybe the box struggled with too many broadcast ethernet frames to handle.)

    The *only* reason to use a bigger pile of steel is the availability of SNAsw and AppleTalk/IPX/DECNET/IPv6 functionality in one image.

    I'm trying to unpack things and learn vicariously through your efforts.

    I'm glad to being your mentor, then. ;-)

    I hope you don't mind.

    Not at all! In fact, I'm happy to share knowledge with some enhusiasm if the other side is truely interested. I've done Linux courses for trainees at my former employment. Trainees were required to attend and a lot of them had no real interest. That was no good experience.

    So, are you using the (Remote) Source Route Bridging to craft (source
    route) SNA (802.2 LLC w/ SNAP) frames that come out of the SNASw and
    then get Route Bridged via the 2613?

    Yes and no. I had used RSRB functionality to create a connection between two 150's and their sites already networked with a VPN, with the aid of Virtual Token Ring Interfaces and Source Route Bridging. Mine over true Token Ring
    and the other one via 802.2 Ethernet. No SNAsw involved. That came later, when the 8203 arrived and I needed to dig into the EE thing.

    Somehow I was not aware that (R)SRB applied to Ethernet too.

    It can't. Ethernet can be used as a direct transport for RSRB. Or IP. Ethernet without doesn't stress the router's CPU that much, compared to IP.

    The peer router needs to have at least one Virtual Token Ring Interface to
    use as one port for SNAsw. There has to be a destination Ring, not Ethernet.

    For some reason I thought it only applied to Token Ring. Maybe because that's the only context I've ever heard it discussed in.

    No, you're perfectly right. The sole reason seems to be that Token Ring Bridging usually is source routed and packets get RIF headers added and
    removed as they trespass the bridged rings. Ethernet has no equivalent of source routing on the MAC layer, thus no RIF and thus cannot make use of SRB. You *can* bridge between Ethernet and Token Ring transparently, though
    (bridge irb in IOS). With your valid comment about maximum frame sizes.

    Interestingly, the Token Ring Implementation in Linux (they killed not long ago) doesn't either know about RIFs or had bugs. It wasn't possible to make
    two boxes talk IP to each other via two Token Rings connected through a source route bridge. I wonder if the IP implementation on IBM i (or Netware) could do better. Sigh. Another idea to try out somewhen.

    I'm not sure. I think that code haven't been touched in ages and also
    testing could have been somewhat limited, for whatever reason. Maybe
    some scenarios I tried out were just uncommon.
    I'm of the opinion that a LOT of people only stuck with a few of the
    common known to work solutions and never really tried to make the
    systems do what they advertise they can do.

    You made a point. Anyway, I really hope nobody can hear my evil laugh when I finally manage to open a TAC for some SNA issues I encountered.

    Wasn't there a governmental mandate that computer systems be "Open" and
    able to communicate with other "Open" systems? As in "Open Systems Interconnection"?

    I really don't know, even if I think I can recall something. Since I'm located in Germany, maybe this passed me by unnoticed and I remember wrong.

    After reading the message I'm replying to, I wonder if the OSA gets it's
    name from the same "Open Systems" mentality.

    Maybe? It also can stem from "every computer company shows openness in some way, so we have to do also" - just a marketing fart, in other words.

    So, yes, it was a kludge but a less ugly one compared what we're facing
    today in enterprise networking.
    I'm not sure /which/ particular kludge you're referring to.

    Must... not... recall why we have network bridges, actually. It makes me
    scream in agony. Said in more calm words: Thanks, short-sighted DEC guys! Bridges are a kludge for "oh, our management protocol isn't routable".
    Spanning tree is a kludge against "build a loop over a network bridge and you're doomed". Cisco's portfast is a kludge against spanning tree checks causing DHCP timeouts for client ports. And so on. We're sitting on top of a card house and the ground is shaking...

    And still, I can't see a lightweight, address-saving-friendly solution for proper host isolation when running multiple VMs in the same IP segment. PPPoE and MAC filters come to mind but PPP can be a real CPU hog when transferring over high bandwidth links.

    Oops. Sorry, this is really off-topic.

    How many different ways do we need to solve the same or very similar problems.

    Better: How many different and crude ways to solve a problem which would have been much easier to solve on a higher layer.

    I'm familiar with Ivan's work and periodically read his blog. I
    occasionally listen to Packet Pushers too. LOTS of good information.
    Much of it over my head and out of the realm of what I need or want to know.

    Similarily here: Much of it way over my head but just knowing stuff already helped
    me to prevent some stuff he mentioned as being "bad". Stretched Vlans come to mind.

    The only other protocol hybridization that I was aware of was Novell's TCP/IPX & UDP/IPX solution, and I think Apple has a TCP/DDP solution.

    Are you talking about running true TCP or UDP above IPX?

    Apple used a technique called MacIP to encapsulate IP datagrams in DDP. Fortunately, Cisco decided to implement the server side in IOS. Nice!

    To get on-topic again: Did you know that IBM once build LocalTalk cards (SPD) for the AS/400? And at least for V3Rsomething there was a PTF bringing the AppleTalk network stack to OS/400! Documents I find say that this solution
    even provided console capability!

    The SNA-Part of that software ran on a separate 68000 CPU on the Token
    Ring/Serial/Coax NuBus Card for these old Macs.
    Please clarify, was the Coax the coax that 3270 terminals used? Or was
    it Ethernet (10Base2)?

    Same coax as for attaching 3270 terminals. I don't know more details, though.
    I have such a card which additionally has a DB-15 port for Twinax! I was
    highly disappointed to learn that SNA.ps doesn't support that Twinax-Port.

    What I've learned from a friend is that it was common for Apple's & Macs to use serial as a daisy chain network.

    Yes, you're talking about what was called LocalTalk eventually.

    ... After thinking more, I'm now wondering if the serial was more like
    the serial for SDLC.

    Perfect hit. :-) Apple Hardware designers decided to not use just a dumb UART for serial ports but a complete serial communications controller chip, the
    8530 or 8350. I always confuse these: One is SCSI, one is the SCC. The SCC has built-in support for handling SDLC frames in hardware. Funny in some way,
    since SDLC was AFAIK only ever used with IBM midrange and big iron (and compatible) stuff over serial lines.

    LocalTalk defines a hardware transceiver box utilizing CSMA/CA and SDLC frames for basic communication over a common bus. On top came DDP. Common speed is 230.4 kb/s but since transfers occur in bursts, real world performance is lower.

    As good as this reads, all early and a lot of later lower cost models made the user experience bad mouse pointer stuttering issues (because while the OS was communicating with the SCC, interrupts had to be disabled or something like that). Since the early OS didn't incorporate multitasking, that wasn't a big deal, though. Starting with Apple utilizing PowerPC CPUs in their Macs, that problem was entirely gone. Yes, Macs had LocalTalk support for a long time
    into the 1990's, together with Onboard Ethernet.

    Was this card meant to be used as a gateway for a network of Apples / Macs?

    Yes. Macs.

    Or was it meant as an interface for the computer that it was in? Much like the 3270 cards that you could get for PCs.

    Since the gateway was a background task, the gateway Mac could be also used as a workstation. Socket2Socket-AppleTalk-Communication didn't leave the physical machine, though.

    Details here: <https://kb.pocnet.net>, search for SNA. Direct link not possible, since tin doesn't accept the "bullet" char. I guess you know how to use google translator ;-)

    Aside: *Open* Database Connectivity. (Is this a case of everything
    looks like an "Open" nail while I'm holding an "Open" hammer?)

    I bet it is. See my comment above.

    In a way it is. But SNAsw can do more than EE. EE is a transport
    facility. SNAsw can be seen as an (APPC) session router: It
    terminates a LU-LU session from one node and forwards that session
    to the destination PU. Roughly, it's a bit like a TCP proxy (as found
    in Xinetd).
    I like the TCP proxy analogy. That makes sense.

    Yes. In the end, there's only so many ways to build something network'ish. Often is's sufficient to have a table to translate IBM network terms into what we know from common platforms and IP.

    I dabbled with 10Base2. I did get my hands on a 10Base5 segment with taps and transceivers. I just need AUI cables. Some, but not much, NetWare.
    Most of my interest in NetWare has been in the last five years, as I've been doing more retro-computing.

    "What's that water pipe doing in here?" - "That's my network backbone!"

    For years I kept a meter 10BASE5 cable but since it wasn't more than "look at this impressing thing!" I threw it away eventually.

    Besides, 10BASE2 = Cheapernet.

    There's no real compat to classical mainframe MVS.
    It may largely be a perceived need being leveraged as a marketing ploy.

    If course! Selling a few Mainframes with hurtingly zOS-Lics *and* a few POWER boxes with hurtingly expensive IBM i lics brings in more money than just selling one of these to a maybe slightly larger customer base.

    I was referring to what ran on the 360 also ran on the 370 also ran on
    the 390 also ran on the z.

    Sorry for the misunderstanding! Yes, I'm aware of that.

    WAY TOO MANY people equate the physical size of the machine with
    capability.

    I thought that was a 1990's or earlier misconception. Is this still true?

    If I'm thinking of the correct thing, a file with defined fields in it,
    sort of tangentially like objects in OO programming; I think that
    (Open)VMS may have had something similar. But I'm not (yet) aware of anything like that on the mainframe.

    Let me put it like that: Physical files on IBM i are declared to the OS on field level, so every part can utilize that definition to do the right thing without you needing to read an entire record and split the fields yourself.

    It *is* possible to create a physical file which exposes just a row of data to the OS and lets you do the chopping into fields. These can't be used in SQL or other programs but just with that one what does the chopping.

    On MVS, AFAIK, you can *only* create such files (with manual chopping into fields), but of different types which define how individual records can be accessed in a file. I hope, I got this one right.

    Source Physical Files (for text and source code) have a fixed structure with more than just one "database field" for actually containing records. At creation time, you *can* supply a maximum line length (text line, not
    record!), though. The editor (SEU, feels a *lot* like that one in RFE but SEU has about 10% of functionality of the RFE editor) refuses to open database physical files and opens only those with the SRC-PF flag.

    Would you please elaborate on what you mean by multiple filesystems?

    Allow me to redirect you to here: <https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_72/ifs/rzaaxfsknow.htm>

    The very first OS/400 releases (and thus the S/38 CPF, I guess) knew only
    about what's called QSYS.LIB today. There was no filesystem "root", there were just Libraries and Objects, much as there's no concept of a "root" in MVS.
    Even today, the majority of native IBM i (CL) commands just operate with library and object name. They don't know about the concept of filesystems.

    It's also not the same as mountpoints/partitions. All filesystems share the available hard disk space, each filesystem "knows" if blocks are occpied by something else than an entry in it's own filesystem housekeeping facility.

    Okay, I lied. In a way: Not all FS' a common pool of disk blocks. QOPT, QFileSvr.400, UDFS and maybe others are indeed separate.

    With passing time, often QSYS.LIB degrades to contain the OS and database
    files and much of the other stuff is in / or /QOpenSys. Owing to the fact that IBM i has an AIX runtime environment called PASE. More and more OSS is ported by IBM and others to there and thus more and more bugs will begin to plague that plaform, because this development increases the speed of the slowly spinning wheel of "innovation". That is: Frequency of bug fixes is increased, etc.

    :wq! PoC

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to poc@pocnet.net on Sat Dec 7 00:16:51 2019
    On 12/6/19 10:27 AM, poc@pocnet.net wrote:
    AFAIR yes. To sound more official, Novell called their IPX-only
    framing 802.3 but in fact, it isn't the official 802.3.

    Yep.

    Maybe, I'm, too.

    As I think about our discussion I'm realizing that IEEE 802.3 is 802.3
    with 802.2 LLC. My understanding is that all 802 networks are supposed
    to use 802.2 LLC, but that TCP/IP and IPX/SPX are the only protocols
    (that I'm aware of) that don't use the 802.2 LLC by default.

    So, with that in mind, IEEE 802.3 would also include 802.2 LLC.

    I wonder how many people have been confused by Novell's use of 802.3 "raw".

    Honestly, I don't know which frame formats are defined for Token
    Ring at all.

    The only two that I'm aware of are 802.2 LLC and 802.2 LLC w/ SNAP.
    It's really a question of is the SNAP header used or not.

    Unfortunately ESXi doesn't provide virtual Token Ring NICs. What
    a shame!

    I'm not aware of any hypervisor or emulator that provides virtual Token
    Ring NICs.

    Hmm. Honestly, I never thought about that. Using Linux, Cisco, Solaris, MacTCP, OpenVMS, OS/400, OS X (to name a few), it just works.

    My understanding is that once retroactively IEEE acknowledged Ethernet
    II for TCP/IP, the world adopted it wholesale. Prior to that, we end up
    with things using a mixture of Ethernet II and 802.2 w/ SNAP.

    The only think I had to cope with frame formats was Netware.

    I knew that AIX had an option in the "en" and "et" network interfaces.

    I recently learned about OS/2's support of IEEE 802.3, read: 802.2 LLC
    w/ SNAP.

    For IP, I configured Ethernet II because I read that this one is
    "standard" for IP. I can't recall the source for that claim,
    though. Beware, it's ancient knowledge, I'm repeating here.

    My experience agrees that TCP/IP on Ethernet uses Ethernet II frames in
    the VAST majority of the cases. The EXCEPTIONALLY FEW times that it
    means 802.2 LLC w/ SNAP are in very specific situations, like my P/390-E.

    Because of that difference in maximum MTUs, I'm reluctant to bridge
    in favor of routing. If it's possible, though.

    Fair enough.

    Though routing will just end up fragmenting the packet (presuming Don't Fragment is not set to one) or returning an error stating that
    fragmentation is needed (in the event that Don't Fragment is set to one).

    Huh! This seems strange to me, Why would IBM do that?

    I think it has to do with IBM following the IEEE guidelines stating that
    802 networks should use the 802.2 LLC frame format. I've since read
    that other vendors did the same thing.

    Thanks for implicitly confirming that EthII is the normal way to go.

    You're welcome.

    To throw in even more confusion, IBM i line descriptions have
    configurable SSAP values: 04 for SNA, C8 for HPR and 12 and AA for
    "non sna". This setting is essentially the same for TR and Ethernet.

    That makes sense to me. Those are the LSAP (SSAP & DSAP) values for
    802.2 LLC, which would be the same for all 802 networks.

    Reading https://en.wikipedia.org/wiki/IEEE_802.2, it seems that 0xAA
    defines the addition of a SNAP header ("Ethertype"), 0x4 is SNA
    path control. No more matches.

    My understanding is that LSAP of 0xAA indicates that a SNAP header is
    used in addition to the 802.2 LLC frame.

    I haven't found out what stuff is transferred in the SNAP prepended
    packets on IBM i, though.

    I'm sure it's documented somewhere. But good luck finding it in the sea
    of documentation that IBM has.

    https://en.wikipedia.org/wiki/Ethernet_frame sheds some light. Maybe
    I confused 802.2 frame format with the 802.3 ethernet working group
    and also the 802.3 "dumb" format used by Netware.

    See my comments above about IEEE 802.3 implying 802.2 LLC frame.

    I'm starting to think that IEEE 802.3 in any context not involving
    NetWare means that it's an Ethernet (802.3) network following IEEE
    standards, which means 802.2 LLC frame format.

    Thanks for the hint. Yes, I searched and found a nw4-idle NLM which
    runs on 3.12. This breaks the cpu usage display on monitor.nlm, though
    and altough I never did precise measurements, I feel that transfers
    are slower with cpuidle. Maybe due to the cooperative multitasking
    scheme the server.exe kernel supports.

    You're welcome.

    I think that nw?-idle.nlm basically creates a loop that would take any
    free cycles and causes the CPU to do a HALT in them. Thus saving CPU.

    I'm not really surprised that it could inadvertently interfere with performance.

    You're welcome. I love to inspire people. :-D

    As do I.

    ATM…

    I have to confess, I needed to re-read your statement a few times to see
    if you were referring to Asynchronous Transfer Mode or At The Moment. I decided that you meant At The Moment.

    We have been talking about eccentricities of networking, which means
    that Asynchronous Transfer Mode is not that far out of scope.

    I can't prove it, I never measured but it feels screens appear a tiny
    but faster compared to tn5250 directly to the 150.

    Depending on the CPU speed of the ESXi server and the AS/400, I'm not
    all that surprised. From the AS/400's side, I wonder if SNA might be
    faster than TN5250. — I listened to a Terminal Talk (mainframe
    podcast) episode on Communications Server for OS/390 talking about how
    slow early TCP/IP stacks from IBM were. — Given that OS/400 V4… was
    from the late '90s or early 2000s, I wouldn't be surprised if the CS on
    OS/400 V4… might be slow for TN5250 connections. Especially if the CPU
    in your AS/400 is considerably slower than the CPU in your ESXi server.

    I could see how MS-SNA Server might be able to do the TN5250 to SNA 5250 conversion faster than OS/400 could.

    It's just a thought.

    Even if I'm wrong, the "why do you do that" can be answered almost
    anytime with "because I can".

    Or "because I want to".

    Let's say: It's of great help especially for any flavor of DOS on
    PCs. I never found enough patience to get a whole IP-with-NetBIOS
    running on DOS for directly accessing Samba shares.

    I've not used TCP/IP with — what I call — Windows for Workgroups Add-On
    for MS-DOS in a LONG time. Even then it was for TCP/IP applications and
    not file sharing. I would be more likely to use NetBEUI for file
    sharing than try to get NetBIOS over TCP/IP to work on a DOS PC.

    Aside: I've come to the conclusion that NetBIOS is the API that rides
    on multiple transports and that NetBEUI is the traditional transport.

    Netware is a good compromise, since it also can talk FTP and even
    NFS if one want's to do that.

    Are you referring to an FTP server running on a NetWare server or
    something else?

    I think I was vaguely aware that NetWare could be an NFS server.

    SNAP.

    Okay. Thank you for sharing.

    I'm curious, do you have a specific reason for using SNAP vs 802.2 LLC?

    Nice! Never played with that and want to postpone until I start to
    seriously tinker with VMS.

    :-)

    Btw., a few years ago I was thinking about adapting inetd to
    additionally support not just IP (and maybe IPv6) mit also AppleTalk
    sockets. I have a "Helios Terminal" application somewhere which would
    have been put to some use by that. After considering that afterwards,
    I'd probably started to crave for an FTP client for AppleTalk on old
    Macs, I tried to forget about that whole thing.

    I've occasionally wondered about such things. Then I remember that
    there probably won't be any clients that I don't create. Seeing as how
    I'm wanting to play with, and learn about, old software that does exist,
    I end up sticking with what exists.

    That being said, I do have a special use case where I'd like a protocol
    that I can use to carry SSH traffic between machines. I'd prefer it to
    be able to be routed. My motivation is to use protocol isolation to
    hard contain IPv4 and IPv6 into an isolated VM network. (Somewhat of a
    light grey hat desire to play with viruses in a sandbox that they can't
    get out of.)

    At the moment, I'm sort of thinking about 802.2 LLC, possibly with SNAP,
    -or- X.25.

    I'd like to be able to use SSH. Thankfully SSH doesn't really care what
    the underlying transport is, as long as it can get a reliable 8-bit
    clean data stream. So, I think it sort of lends itself to other
    protocols that I can create a simple client and server which are 8-bit
    clean.

    As sure as I type this, I wonder if I could get DECnet to do it. Have a
    dual protocol host with IPv4 and DECnet, route through a DECnet only intermediary, and another IPv4 & DECnet host on the other side. — I
    can do this on Linux, which is my current preferred platform.

    Might draw considerable power and create more noise than possible
    otherwise. But would be really cool!

    That's a possibility.

    The box that I'm using for my P/390-E is drawing < 175 W. But that's considerably more than the 40 W that the 3660 or 17 W that the 2613 draw.

    Remember: If you're only into IP, no problem. If you want to support
    more protocols:

    At the moment, my short list is:

    · IPv4
    · IPv6 is desired, but not required
    · IPX
    · DECnet
    · SNA
    · NetBEUI
    · DDP
    · I'd like to get Banyan VINES running

    I'm not sure if there once was an IOS image supporting SNA *and*
    desktop protocols. [...] Cisco Feature Navigator says, adventerprise
    *with* SNAsw images were available for 28[125]1, 38[24]5, 7200 and
    7301 routers (12.4(24)T8). 12.4(15)T14 additionally was available for
    2600XM and 2691 as well as 3660. AFAIR that one was the last image
    before Cisco decided to kick AppleTalk support from their entire IOS
    code base.

    2600XM or a 2691 or a 3660 have been on my list to keep an eye out for
    for a while.

    Epiphany: I have a 2811 that is unused. It has two FE NICs in it. I
    wonder if I can get a Token Ring NM that will work in it. I further
    wonder if I could get a WIC-1E to connect to my 10Base5 via a transceiver.

    Because (I think) I can. / Because I want to.

    SNAP is almost the same as 802.2.

    That's because SNAP is an extension of 802.2. ;-)

    Thanks for clarifying. I wasn't really aware.

    You're welcome.

    How did you set up ssh transport?

    I'm using TaylorUUCP (no known relation) and I have custom port entries
    for the remote system:

    port remoteSystem
    type pipe
    command /usr/bin/ssh remoteSystem.FQDN /usr/sbin/uucico

    My sys entry looks like this:

    system remoteSystem
    call-login remoteSystem
    called-login remoteSystem
    port remoteSystem

    The crux of the technique is using the ssh command in the port file.

    I do have to become the UUCP user and sys to the remote system one time
    to populate the ~/.ssh/known_hosts file. (Or populate it some other way.)

    I'm using per-host-pair specific SSH keys for authentication. The ~/.ssh/authorized_keys file forces the command to be /usr/sbin/uucico.

    I think the security is acceptably good.

    I was reading about that and found a lot of people put considerable
    effort to first creating a TCP tunnel with and ssh connection and
    then run uucp over tcp through that tunnel.

    That sounds like a lot of work and like it would be subject to race
    conditions or IP in use blocking errors.

    Since I know that UUCP can also be used with stdin/stdout, there's no
    need to pre-establish a ssh session. Just create a new port definition
    type "pipe" in port and there you go.

    Yep.

    https://kb.pocnet.net/wiki/UUCP-Mail-News-FAQ

    I'll save that to look at in more detail later.

    I think you can guess stuff without need to translate from German.

    The config file entries are in a language that I can understand. I also
    have read more than a few articles via Google Translate.

    Hah! Same here. Sometimes I'm using UUCP to actually copy files when
    a source can't reach the destination directly with ssh (scp).

    Yep.

    UUCP (read: store-and-forward) networks don't need end-to-end
    connectivity. IMHO this is one of the things that makes them great.

    The fact that I can send files / email / news / remote command execution
    across them is all that much better.

    Aside: Have you heard about HNET? @bmoshix (Twitter) is
    re-establishing BITNET. Because it's There. / Because he can. /
    Because he wants to. }:-) I think it uses NJE, but I suspect that RJE
    can probably be made to work.

    Hm. It helped me to understand what NJE does. But yes, after thinking a
    bit more, I'm also somewhat confused. Maybe N is not only for network
    but also for new? I *guess* that RJE is a kludge to misuse a terminal
    line for remote job entry while NJE utilizes network protocols more
    directly and eliminates the terminal line stuff.

    I should inquire of cctalk subscribers.

    I know that something like that exists. AFAIK it's not yet incorporated
    into TK4- and while it's nice to have a way to load stuff directly into
    a DS via FTP, there is still the emulated card reader which does about
    the same. More slow and with some preparation necessary, though. ;-)

    I'd like to see if I can get SNA (?) to work on MVS 3.8j in Hercules.
    (Or better, as a VM guest on my P/390-E.)

    The interesting part starts when it comes to network an old machine
    (OS release, to be precise) who doesn't know about EE to a newer
    machine who's hardware doesn't support SNA on 802.2 but runs an OS
    release with EE.

    Like the situation you are in.

    That's what I want to accomplish with my Cisco gear in the long
    run. Earlier, there has been a second 150 at a friends location
    but somehow he's not using it anymore, so no need create a more-complex-than-necessary scenario with bridging.

    Can you ""route things through one machine to get to the others?

    I guess if you could talk to one old machine via Token Ring or Ethernet,
    you could talk to all of them.

    Is there any sort of serial networking that is common between the
    machines? SDLC / BiSync / etc.

    You're probably thinking about Netware for SAA? ;-)

    I did spend about 10 minutes doing some initial research about it.

    I'll have to do some more in depth research and start looking for a copy
    of it.

    until you've actually climbed these mountains. I didn't.

    Wikipedia's SNA article is on my short list to read. I think that will
    give me a good starting point. I'm sure it will give me more things
    that I want to look up and learn about.

    Yes. Btw., a very special way of copy protection, since source code
    isn't available and binaries are for 390 instruction set.

    Yep.

    Though I think (virtual) machines that can run S/390 code are more
    prevalent than 3745s or 3746s to run their code. So, CCL might have
    made it easier to find more places to run the proprietary code.

    Perfectly valid reason. For me, I'd add:
    - Less electrical power needed,
    - much easier to handle than anything LPAR on anyhing IBM. :-)

    Agreed.

    Ethernet or Token Ring. Sorry if I was too unspecific. I'm
    not sure that exactly Hercules supports. Looking at this one: <https://hercules-390.github.io/html/herctcp.html> it seems, it's
    not a real Ethernet Adapter.

    It's not an OSA, if that's what you mean.

    Having read that page before, a number of times, and re-reading parts of
    it now, I see some of the exact same things that I read about with my
    P/390-E.

    The LAN Channel Station 3172 is channel attached to the mainframe via a
    virtual 3088 Multisystem Channel Communication Unit.

    As I type this, I wonder if the 3088 MCCU is a channel (bus & tag)
    counterpart to ESCON & FICON directors.

    Since I never tried to run Linux for z on Hercules, I'm really out
    of knowledge here.

    I don't think any of that page is for Linux on z on Hercules. I think
    it's Hercules on Linux or Windows.

    More reading here: <https://github.com/hercules-390/hyperion/wiki/Network-access-for-operating-systems-running-on-Hercules>

    Ya.

    Unfortunately neither of the pages go into what the LCS is nor what the
    OSA is, much less how they differ from OS/390's point of view.

    Now *that* is some cool stuff! But I don't want to know how much
    Watts the 890 eats up.

    It's a lot.

    Please extend with "9401-150 via 2724 Token Ring IOA". For the rest:
    Correct. Sorry if I've been ambigous.

    9406 running IBM i w/ EE --- Gigabit Adapter --- EE encapsulated SNA ---
    2901 w/ SNASw --- SNA on Ethernet --- 2613 --- Token Ring --- SNA ---
    2724 Token Ring IOA --- 9401 running IBM i w/o EE

    Correct?

    The 150 not incorporates a 2723 (10M Ethernet IOA) to connect to the
    same physical Ethernet segment as the 2613. New layout:

    Is that "not incorporates" or "now incorporates"?

    IBM i w/ EE --- Gigabit Adapter --- EE encapsulated SNA --- 2901 w/
    SNASw --- SNA on Ethernet --- 9401-150 with 2723.

    If you have the 2723 (Ethernet IOA), why are you trying to get the 2724
    (Token Ring IOA) to work? To get 16 Mbps instead of 10 Mbps?

    Aside: I find the 2723 & 2724 IOAs being PCI NICs to be entertaining.

    So far, nowhere.

    :-)

    Yes, you're right. But honestly, how many interfaces do you need?

    I don't /need/ anything 3600 / 2600 / 2800 any more than I need a hole
    in my head.

    I /want/ the following interfaces:

    · Token Ring
    · 10Base{T,2,5} to connect my Thicknet segment to
    · 100BaseT (or better) to connect to my main network. (100 because I
    want to have full 16 Mbps Token Ring.)
    · WIC-1T
    · WIC-1DSU-T1

    Because I can. / Because I want to. }:-)

    I'm content with the three of the 2613: NM-1FE to the "backbone",
    onboard TR for the sole ring in the house, onboard 10M Ethernet for
    the LocalTalk to Ethernet Bridge.

    ACK

    (Connecting the bridge to the backbone ethernet segment reglarly made
    the bridge crash. After connecting it to a dedicated port on the
    2613 with only AppleTalk configured, the problem has vanished. Maybe
    the box struggled with too many broadcast ethernet frames to handle.)

    Possibly.

    The *only* reason to use a bigger pile of steel is the availability
    of SNAsw and AppleTalk/IPX/DECNET/IPv6 functionality in one image.

    ACK

    I would sort of like to play with FDDI and other legacy networking
    typologies. (Hence why I have a 10Base5 segment.) For some reason
    ARCnet is calling to me.

    I'm glad to being your mentor, then. ;-)

    Thank you.

    Not at all! In fact, I'm happy to share knowledge with some enhusiasm
    if the other side is truely interested.

    I COMPLETELY understand. (See below.)

    I've done Linux courses for trainees at my former employment.
    Trainees were required to attend and a lot of them had no real
    interest. That was no good experience.

    I've done similar. I find that trainees that are engaged, eager to
    learn are a LOT easier to convey knowledge to. Those that aren't make
    me want to ask why we are wasting each others time.

    Yes and no. I had used RSRB functionality to create a connection
    between two 150's and their sites already networked with a VPN,
    with the aid of Virtual Token Ring Interfaces and Source Route
    Bridging.

    Okay. I sort of understand, but I need to spend more time thinking
    about it.

    Mine over true Token Ring and the other one via 802.2 Ethernet. No
    SNAsw involved. That came later, when the 8203 arrived and I needed
    to dig into the EE thing.

    Okay.

    It can't. Ethernet can be used as a direct transport for RSRB. Or
    IP. Ethernet without doesn't stress the router's CPU that much,
    compared to IP.

    ACK

    The peer router needs to have at least one Virtual Token Ring Interface
    to use as one port for SNAsw. There has to be a destination Ring,
    not Ethernet.

    Okay.

    No, you're perfectly right. The sole reason seems to be that Token
    Ring Bridging usually is source routed and packets get RIF headers
    added and removed as they trespass the bridged rings. Ethernet has
    no equivalent of source routing on the MAC layer, thus no RIF and
    thus cannot make use of SRB. You *can* bridge between Ethernet and
    Token Ring transparently, though (bridge irb in IOS). With your valid
    comment about maximum frame sizes.

    I'm intrigued at the idea of bridging Token Ring and Ethernet via
    Integrated Routing and Bridging.

    I think I used IRB years ago on a DSL line using RFC 1483 bridging.

    (While confirming the RFC number, I saw references for AAL5SNAP. Which
    now means more to me than it did years ago.)

    ... further down the rabbit hole ...

    ATM Adaptation Layer 5 prepends bridged frames with 802.2 LLC headers.
    It seems as if OSI directly uses LLC and non-OSI uses SNAP.

    Interestingly, the Token Ring Implementation in Linux (they killed
    not long ago) doesn't either know about RIFs or had bugs.

    Ya. I think it was pulled out in 3.5 or 3.6. I'm fairly certain that
    it was in 3.4. (I went looking within the last year, but it's too late
    at night for me to remember.)

    It wasn't possible to make two boxes talk IP to each other via two
    Token Rings connected through a source route bridge.

    Hum. That sort of surprises me. But not completely. I think much of
    the Linux Token Ring stuff was only ever tested on individual rings and
    never used SRB.

    I wonder if the IP implementation on IBM i (or Netware) could do
    better. Sigh. Another idea to try out somewhen.

    I don't know about IBM i. I would bet quite a bit of money that NetWare
    got it correct. Or at least what was considered correct at the time.

    I personally consider NetWare to be the routing Swiss Army Knife of the
    OS world. I think that Cisco (and maybe Juniper) is the routing Swiss
    Army Knife of the router world.

    You made a point. Anyway, I really hope nobody can hear my evil laugh
    when I finally manage to open a TAC for some SNA issues I encountered.

    What's the fun in denying them the chill running down their spine? }:-)

    I really don't know, even if I think I can recall something. Since
    I'm located in Germany, maybe this passed me by unnoticed and I
    remember wrong.

    I think it was a U.S. Government mandate for computer manufacturers in
    the '90s.

    Maybe? It also can stem from "every computer company shows openness
    in some way, so we have to do also" - just a marketing fart, in
    other words.

    I think the "Open" aspect of the government mandate was that multiple
    vendors needed to have a common standard to allow them to interoperate
    with each other.

    Unix System Services became known as Open MVS. The "oshell" TSO command
    runs the parameters to the oshell command as a command / parameters in
    USS / OMVS.

    My understanding is that "Open" was what we would now call a "buzz word"
    that many things wanted to have / needed to have / were mandated to have.

    Must... not... recall why we have network bridges, actually. It makes
    me scream in agony. Said in more calm words: Thanks, short-sighted
    DEC guys! Bridges are a kludge for "oh, our management protocol isn't routable". Spanning tree is a kludge against "build a loop over a
    network bridge and you're doomed". Cisco's portfast is a kludge against spanning tree checks causing DHCP timeouts for client ports. And so
    on. We're sitting on top of a card house and the ground is shaking...

    LOL

    #truth

    Things are only getting worse.

    And still, I can't see a lightweight, address-saving-friendly solution
    for proper host isolation when running multiple VMs in the same IP
    segment. PPPoE and MAC filters come to mind but PPP can be a real
    CPU hog when transferring over high bandwidth links.

    Oh … Linux has some options. MAC-VLAN and IP-VLAN come to mind.
    Particularly in the mode that prevents the virtual interfaces from being
    able to talk to each other without going through an external switch.
    Ouch! This makes my head hurt.

    I question why we need more isolation than two physical systems plugged
    into the same LAN would have.

    Oops. Sorry, this is really off-topic.

    True.

    But it's an interesting topic.

    Better: How many different and crude ways to solve a problem which
    would have been much easier to solve on a higher layer.

    It depends who you ask. Too many and not enough at the same time.

    Similarily here: Much of it way over my head but just knowing
    stuff already helped me to prevent some stuff he mentioned as being
    "bad". Stretched Vlans come to mind.

    Ya. Trying to extend a Layer 2 Broadcast Domain across data centers is
    "bad". Yet people want to do it all the time.

    Are you talking about running true TCP or UDP above IPX?

    I don't know precisely how true the TCP or UDP are. But, yes, Novell
    has an option to replace the (lower part of?) Winsock with a modified
    version that will transport things across IPX. It is a feature of the
    Novell NetWare Client 32 for Windows 9x. It was meant as a way to allow
    an IPX network to provide connectivity for TCP (and UDP?) applications
    without needing to institute IP on the LAN. One of the things they
    touted was IPX addressing is a LOT easier than IP addressing. Some of
    this is also from early DHCP adoption days.

    Apple used a technique called MacIP to encapsulate IP datagrams in DDP.

    Ya. I think I've heard it by some different names.

    MacTCP (control panel) was the IP over DDP.
    Open Transport was DDP over IP.

    There's that "Open" again. And again with something to be interoperable
    with other systems.

    Fortunately, Cisco decided to implement the server side in IOS. Nice!

    Interesting.

    I'll have to check this out.

    To get on-topic again: Did you know that IBM once build LocalTalk cards
    (SPD) for the AS/400?

    No, I did not.

    And at least for V3Rsomething there was a PTF bringing the AppleTalk
    network stack to OS/400! Documents I find say that this solution even provided console capability!

    Very interesting!

    I have herd tell of IBM building a 386 / 486 / Pentium computer that
    went into an AS/400 much like an IOA. The idea was to allow a low power
    PC to be in the AS/400 foot print for multi-OS compatibility. Somewhat
    the same idea of my P/390-E allowing OS/390 to run in a PC chassis.

    Same coax as for attaching 3270 terminals. I don't know more details,
    though.

    Interesting.

    So the Token Ring, Serial (SDLC), and Coax are all methods to connect to
    IBM networking technologies.

    I have such a card which additionally has a DB-15 port for Twinax!

    Are you sure that the DB-15 was for Twinax? (I ask having seen either
    DB-9 or DB-15, I don't remember which, pigtails with two twinax connectors.)

    Or is there a chance that it's an Ethernet AUI port?

    I can see how it would have connectivity to Ethernet and Twinax.

    I was highly disappointed to learn that SNA.ps doesn't support that Twinax-Port.

    Is there a different file that does?

    Or why would a card exist that doesn't have software to support one of
    its features?

    Yes, you're talking about what was called LocalTalk eventually.

    Ya. LocalTalk <-> AppleTalk can be somewhat nebulous. The common
    definition that I hear is that LocalTalk os the physical layer(s) and
    AppleTalk is the protocol(s) that ran on top. AppleTalk migrated to
    Ethernet too.

    Perfect hit. :-) Apple Hardware designers decided to not use just
    a dumb UART for serial ports but a complete serial communications
    controller chip, the 8530 or 8350. I always confuse these: One is
    SCSI, one is the SCC. The SCC has built-in support for handling SDLC
    frames in hardware. Funny in some way, since SDLC was AFAIK only
    ever used with IBM midrange and big iron (and compatible) stuff over
    serial lines.

    I'm sure there was a reason for having the serial port.

    LocalTalk defines a hardware transceiver box utilizing CSMA/CA and
    SDLC frames for basic communication over a common bus. On top came
    DDP. Common speed is 230.4 kb/s but since transfers occur in bursts,
    real world performance is lower.

    That sounds familiar.

    A good friend of mine that does (did) a lot with Apples and Macs states
    that the 230 kbps was really the bandwidth between the CPU and the SCC.
    Half of it was towards one hardware port and the other half was
    towards the other hardware port.

    Supposedly there were ways to aggregate them, but it was extremely atypical.

    As good as this reads, all early and a lot of later lower cost
    models made the user experience bad mouse pointer stuttering issues
    (because while the OS was communicating with the SCC, interrupts had
    to be disabled or something like that). Since the early OS didn't
    incorporate multitasking, that wasn't a big deal, though. Starting
    with Apple utilizing PowerPC CPUs in their Macs, that problem was
    entirely gone. Yes, Macs had LocalTalk support for a long time into
    the 1990's, together with Onboard Ethernet.

    Yep.

    According to my friend, booting over LocalTalk was supported very early on.

    Yes. Macs.

    So it functioned as something like MS-SNA Server and / or Novell's SAA.

    Since the gateway was a background task, the gateway Mac could be
    also used as a workstation. Socket2Socket-AppleTalk-Communication
    didn't leave the physical machine, though.

    Details here: <https://kb.pocnet.net>, search for SNA. Direct link
    not possible, since tin doesn't accept the "bullet" char. I guess
    you know how to use google translator ;-)

    :-)

    "What's that water pipe doing in here?" - "That's my network backbone!"

    LOL

    Besides, 10BASE2 = Cheapernet.

    Yep. But (purportedly) 10Base5 had a better propagation delay than
    10Base2, which had a better propagation delay than 10BaseT.

    I thought that was a 1990's or earlier misconception. Is this still
    true?

    I think there are still some people that believe it.

    Though cell phones and tablets vs 5–10 year old desktops / notebooks
    seem to be showing people that size is not king.

    Allow me to redirect you to here: <https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_72/ifs/rzaaxfsknow.htm>

    Thank you for the link.

    This really sounds like file system support / drivers in the Linux kernel.

    QNTC sounds like SMB / CIFS / SMB2 client.

    I think Integrated xSeries Server (IXS) is the PC board that I was
    talking about.

    The very first OS/400 releases (and thus the S/38 CPF, I guess) knew
    only about what's called QSYS.LIB today. There was no filesystem
    "root", there were just Libraries and Objects, much as there's no
    concept of a "root" in MVS. Even today, the majority of native IBM i
    (CL) commands just operate with library and object name. They don't
    know about the concept of filesystems.

    Okay.

    Question: What is the significance of the "Q" in front of a number of
    things? I see it in the file systems and I seem to remember "qsysopr".

    It's also not the same as mountpoints/partitions. All filesystems
    share the available hard disk space, each filesystem "knows" if blocks
    are occpied by something else than an entry in it's own filesystem housekeeping facility.

    Okay.

    Okay, I lied. In a way: Not all FS' a common pool of disk blocks. QOPT, QFileSvr.400, UDFS and maybe others are indeed separate.

    Fair.

    Let's call it a simplification for educational purposes.

    With passing time, often QSYS.LIB degrades to contain the OS and
    database files and much of the other stuff is in / or /QOpenSys. Owing
    to the fact that IBM i has an AIX runtime environment called PASE. More
    and more OSS is ported by IBM and others to there and thus more and
    more bugs will begin to plague that plaform, because this development increases the speed of the slowly spinning wheel of "innovation". That
    is: Frequency of bug fixes is increased, etc.

    Yep.

    More and more platforms are gaining better and better support for OSS.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to Grant Taylor on Sat Dec 7 23:09:18 2019
    First of all: Is your email address valid? I sent you one and it got delivered to somewhere, saw no bounce. I wrote to you, had this answer in usenet meanwhile but none via mail. May I ask you to have a look?


    Grant Taylor <gtaylor@tnetconsulting.net> wrote:

    As I think about our discussion I'm realizing that IEEE 802.3 is 802.3
    with 802.2 LLC. My understanding is that all 802 networks are supposed
    to use 802.2 LLC, but that TCP/IP and IPX/SPX are the only protocols
    (that I'm aware of) that don't use the 802.2 LLC by default.

    I've come to the same conclusion. With a quirk: Since an unknown version of Netware, the default frame type was changed from Novell-dumb-802.3 to true 802.2 (with LLC). Can't recall where I read that. Could be that this change was between 3.11 and 3.12, since these were the ones I was using back then.

    I wonder how many people have been confused by Novell's use of 802.3 "raw".

    A *lot* of.

    Honestly, I don't know which frame formats are defined for Token
    Ring at all.
    The only two that I'm aware of are 802.2 LLC and 802.2 LLC w/ SNAP.
    It's really a question of is the SNAP header used or not.

    Makes sense to me. Thanks!

    Unfortunately ESXi doesn't provide virtual Token Ring NICs. What
    a shame!
    I'm not aware of any hypervisor or emulator that provides virtual Token
    Ring NICs.

    I know. Even more shame on them! Once that could have been the network of the future! Wait. Sorry, had a flashback into 1992.

    My understanding is that once retroactively IEEE acknowledged Ethernet
    II for TCP/IP, the world adopted it wholesale. Prior to that, we end up
    with things using a mixture of Ethernet II and 802.2 w/ SNAP.

    Again, makes sense.

    The only think I had to cope with frame formats was Netware.
    I knew that AIX had an option in the "en" and "et" network interfaces.

    I didn't tinker with AIX yet. People say it feels like unix but somehow strange and different.

    Though routing will just end up fragmenting the packet (presuming Don't Fragment is not set to one) or returning an error stating that
    fragmentation is needed (in the event that Don't Fragment is set to one).

    Yes, you're right. But fragmenting or sending an error back is *way* better than silently dropping a too large frame at the bridge and stuff mysteriously fails sometimes.

    I think it has to do with IBM following the IEEE guidelines stating that
    802 networks should use the 802.2 LLC frame format. I've since read
    that other vendors did the same thing.

    Hm. I remember that the IEEE approved IBM Token Ring *afterwards* IBM had the specs finished. Maybe that was only valid for 4M? Can't prove that out of the box.

    I haven't found out what stuff is transferred in the SNAP prepended
    packets on IBM i, though.
    I'm sure it's documented somewhere. But good luck finding it in the sea
    of documentation that IBM has.

    Ah, you got the same problem, I see!

    I'm starting to think that IEEE 802.3 in any context not involving
    NetWare means that it's an Ethernet (802.3) network following IEEE
    standards, which means 802.2 LLC frame format.

    I agree.

    I think that nw?-idle.nlm basically creates a loop that would take any
    free cycles and causes the CPU to do a HALT in them. Thus saving CPU.

    I'm not really surprised that it could inadvertently interfere with performance.

    Seems so. I'm not getting much more than a 10M NIC will transfer by FTP.

    I have to confess, I needed to re-read your statement a few times to see
    if you were referring to Asynchronous Transfer Mode or At The Moment. I decided that you meant At The Moment.

    We have been talking about eccentricities of networking, which means
    that Asynchronous Transfer Mode is not that far out of scope.

    Sorry for ambiguity. Yes, you're perfectly right.

    Hmm. I never had to do with ATM beyond a thin layer of "PVC 1/30" in early Cisco gear with integrated DSL Modems.

    I can't prove it, I never measured but it feels screens appear a tiny
    but faster compared to tn5250 directly to the 150.
    Depending on the CPU speed of the ESXi server and the AS/400, I'm not
    all that surprised.

    The 150 has something similar to a PPC 603 with in between 80 ... 150 MHz. The ESXi is running on an AMD Turion II N54L with 2,1 GHz.

    From the AS/400's side, I wonder if SNA might be faster than TN5250.

    Let me put it this way: Doing an FTP transfer over the 10M NIC in that 150 yields about 800 KBytes/s and pushes the CPU to around 90% usage. It's not really faster when doing the same via Token Ring.

    Transferring a file via SNADST via Token Ring yields a CPU load of about 30%. Since the transfer is like UUCP not direcly visible, I can't reliably deduct a transfer rate. Hitting refresh on the WRKACTJOB screen too often also creates considerable CPU load which might influence the transfer speed.

    I didn't manage to prepare a huge SNA transfer between two faster boxes in my basement yet (a 9406-800 and a 9406-S20) connected via 100M NICs to a common segment.

    Given that OS/400 V4 was from the late '90s or early 2000s, I wouldn't be surprised if the CS on OS/400 V4 might be slow for TN5250 connections.

    We're talking of a really tiny fraction of a second. :-) Maybe it's the
    reason, maybe not.

    Especially if the CPU in your AS/400 is considerably slower than the CPU in your ESXi server.

    It is.

    I could see how MS-SNA Server might be able to do the TN5250 to SNA 5250 conversion faster than OS/400 could.

    It's just a thought.

    But a perfectly valid one, to me.

    Even if I'm wrong, the "why do you do that" can be answered almost
    anytime with "because I can".
    Or "because I want to".

    I disagree. If you want to do something and can't, it will not happen. Seen from the opposite side: "Because I can" together with the fruitfully done something includes "because I want to". Putting aside external factors like other people pushing you, that is.

    Aside: I've come to the conclusion that NetBIOS is the API that rides
    on multiple transports and that NetBEUI is the traditional transport.

    That's also my understanding. Available transports were NetBEUI (NetBIOS Frames), IP and IPX.

    Netware is a good compromise, since it also can talk FTP and even
    NFS if one want's to do that.
    Are you referring to an FTP server running on a NetWare server

    Yes.

    I think I was vaguely aware that NetWare could be an NFS server.

    Yes, you needed to get the Netware for NFS addon product. Wasn't very stable, at least not with my early tries with Linux as NFS client. Sometimes, the connection got stuck. Dunno what I did to recover that condition. Maybe needed to reboot the Linux box, maybe also Netware.

    I'm curious, do you have a specific reason for using SNAP vs 802.2 LLC?

    Nothing more than a gut feeling that SNAP might be a good choice because the SNAP header extension provides precisely what's in the packet.

    Then I remember that there probably won't be any clients that I don't
    create.

    A similar challenge like to answer "Why do you have so many old computers?
    What do you actualy do with them?"

    In fact, I have just two platforms I have a true killer application for to
    make these old boxes really useful to me. First are Macs. I love FreeHand 3.1 above anything else for drawing circuit diagrams.
    See https://www.radiomuseum.org/r/telefunken_opal_iii.html for an example.

    And the 150 got important after I realised how easy and cool it is to create small things to show and edit data. Most people probably would have utilized Excel for that. I did some lists of old electronics magazines I own, but especially an inventory solution for my radio tube collection. Slowly as I dedicate time and brain capacity to it, there are more and more features like equivalent types, pinouts and maybe more data besides already included
    filament specs.

    What startet with paper and pencil when I was about 12, grew into an Excel sheet which in turn wandered into a MySQL table and is now in a physical file on my 150. That data has gone a loooong way.

    And if anyone points to my O2, I can truly say that I sometimes use Photoshop
    3 on that. But if they point to the Sun Ultra 1 I can only shrug. No killer
    app yet.

    That being said, I do have a special use case where I'd like a protocol
    that I can use to carry SSH traffic between machines. I'd prefer it to
    be able to be routed. My motivation is to use protocol isolation to
    hard contain IPv4 and IPv6 into an isolated VM network. (Somewhat of a
    light grey hat desire to play with viruses in a sandbox that they can't
    get out of.)

    I see. Interesting challenge!

    At the moment, I'm sort of thinking about 802.2 LLC, possibly with SNAP,
    -or- X.25.

    Brrrr. I never managed to get into X.25 on Cisco gear. Maybe that's because I don't have proper endpoints.

    As sure as I type this, I wonder if I could get DECnet to do it. Have a
    dual protocol host with IPv4 and DECnet, route through a DECnet only intermediary, and another IPv4 & DECnet host on the other side. I
    can do this on Linux, which is my current preferred platform.

    Yes, as long as DECNET support is still in there (which means, someone takes care of it). Good luck and happy coding!

    The box that I'm using for my P/390-E is drawing < 175 W. But that's considerably more than the 40 W that the 3660 or 17 W that the 2613 draw.

    Yes, that's true. On the other hand, the P/390-E already draws power when you want to tinker with zOS, so routing on that box seems to me a logical step.

    At the moment, my short list is:

    * IPv4
    * IPv6 is desired, but not required
    * IPX
    * DECnet
    * SNA
    * NetBEUI
    * DDP
    * I'd like to get Banyan VINES running

    That's a lot. :-) I'm keeping to IPv4, IPv6 (German Telekom already provides
    me with a /56), IPX, SNA and AppleTalk/DDP.

    Banyan VINES support in Cisco gear is to be found only in very ancient image releases.

    Epiphany: I have a 2811 that is unused. It has two FE NICs in it. I
    wonder if I can get a Token Ring NM that will work in it.

    I tested an NM-1R1E2W in a 2801 a while ago and boot messages indicated it as unsupported. There were no additional interfaces. So I don't know if a 2811 would support it: The images are different (c2801-advsomething vs. 2800nm-advsomething), so there's a certain chance.

    I further wonder if I could get a WIC-1E to connect to my 10Base5 via a transceiver.

    Nope. The only (ancient) WIC-1ENET were designed specifically for some Cisco 172x series boxes and they simply don't run anywhere else. Beleive me, I
    tried. :-) A friend of mine says, that's maybe because the 172x utilize a PPC based SOC called PowerQUICC and the WICs need this QUICC-Support to function. In other words, they lack circuitry to be to true standalone NICs.

    Additionally, the WIC-1ENET just have 10BASE-T Ports.

    Look out for NMs with Ethernet. They most often have a proper AUI connector.

    Because (I think) I can. / Because I want to.

    You'll receive no objections from me.

    How did you set up ssh transport?
    I'm using TaylorUUCP (no known relation) and I have custom port entries
    for the remote system:

    Hah! Someone else who uses his brain!

    I think the security is acceptably good.

    Since this is exactly the same thing I do, I agree. :-)

    I was reading about that and found a lot of people put considerable
    effort to first creating a TCP tunnel with and ssh connection and
    then run uucp over tcp through that tunnel.
    That sounds like a lot of work and like it would be subject to race conditions or IP in use blocking errors.

    Yes. I think that's people completely forgot that UUCP usually ran directly on modem or serial lines. Now since everything's tcp, maybe they only saw this as a feasible way to encrypt UUCP traffic.

    UUCP (read: store-and-forward) networks don't need end-to-end
    connectivity. IMHO this is one of the things that makes them great.

    Yes. And I remember, I really *have* a workflow running over UUCP. When I use my script to add a new zone to my master DNS, config-replication to the
    slaves is done via UUCP. It works like a charm, so I simply forgot a about
    it, in a way. :-)

    Yes, I could have done that with ssh and call a remote script. I didn't. Because I can. And because it runs asynchronous, so I don't need to wait until all slaves are configured before continuing with registration process.

    Aside: Have you heard about HNET? @bmoshix (Twitter) is
    re-establishing BITNET. Because it's There. / Because he can. /
    Because he wants to. }:-) I think it uses NJE, but I suspect that RJE
    can probably be made to work.

    Nope, I wasn't aware. In fact, I know BITNET but I need to refresh my
    knowledge a bit on the net. Pun intended.

    I was also reading somewhere that RSCS was used as some kind of chatting facility. As I read about it, there comes BITNET as a link! And there it is!

    "Bitnet's NJE (Network Job Entry) network protocols, called RSCS..." I found the missing link! I understood RSCS after the first read some years ago to be something similar to UUCP, also.

    I wonder how inter-node-communication for NJE will take place in our modern world.

    I had concluded a while ago that RJE needs a dedicated line, Bisync or whatever. Since I found no easy way to get that attached to Hercules, I lost interest. On the other side, I know that Cisco IOS has some facilities to encapsulate certain serial traffic into IP or even modify protocols (AFAIR
    it's possible to convert a serial attached host talking SNA over SDLC to come out of the Router as a 802.2 LLC node).

    I know that something like that exists. AFAIK it's not yet incorporated
    into TK4- and while it's nice to have a way to load stuff directly into
    a DS via FTP, there is still the emulated card reader which does about
    the same. More slow and with some preparation necessary, though. ;-)
    I'd like to see if I can get SNA (?) to work on MVS 3.8j in Hercules.
    (Or better, as a VM guest on my P/390-E.)

    You aren't alone in search of that particular holy grail.

    A while ago I had a mail exchange with J?rgen Winkelmann, the maintainer of TK4- and he told me that there has been some effort to implement the functionality of a 3703 or 3705 (can't remember) with the accompanying (but
    not freely available) NCP into Hercules. Still, SNA is tied to VTAM within MVS and I think that even *if* there'll be a chance to pull a loose thread out of MVS via a 370x to be able to talk SNA over something else than hercules-internal lines to terminals, it's still the "old", mainframe-centric, hierarchial SNA, not APPN and thus I guess, there's no chance to make it talk EE. Thus, more work remains to be done to get SNA SDLC frames to 802.2 LLC.

    I really can't guess if there are enough capable enthusiasts to do all that labor for just "because I can". It's a small group of people running MVS or
    zOS or OS/400 at home in more than one instance to make networking these something nice to have. It's already possible to emulate a CTCA to build a loosely coupled cluster picking batch jobs from a common JES2 spool and I'm
    not sure how many people already play with it regularly.

    As I think about that, I'm wondering which protocol is running within this
    CTCA tunnel, but I fear it's not SNA but just machine-made channel programs.

    The interesting part starts when it comes to network an old machine
    (OS release, to be precise) who doesn't know about EE to a newer
    machine who's hardware doesn't support SNA on 802.2 but runs an OS
    release with EE.
    Like the situation you are in.

    Exactly. And it basically works but since I can't do a proper name resolution, I'm stuck at the moment.i

    Maybe I need to dig deeper into the differences about up- and downstream
    nodes. Cisco IOS has very few configuration parameters and does most things automatic. But it's possible to make an APPN Node attach to IOS as a
    dynamic (not defined in IOS config) way, and as a configured peer. Then I also can set a preferred netword node (which is supposed to know about all names).
    I was hoping that since IOS is a router OS, the SNA implementation there is always a Network Node with name resolution capabilities.

    [...]

    I think I solved the problem. Sometimes it really helps to muse about things
    to someone else and make your brain run full speed in a background task. Or maybe as batch job. ~giggle~ So, thanks for listening!

    In the general (SNA) network attributes of IBM i, you can set a network node server (something which acts as mDNS in a way, amongst other things) manually. I had the intention that if left blank, it will be negotiated with each PU
    when intially connecting. I'm wrong. In a way.

    After configuring the V7 box (connected via EE to the cisco router) to utilize the cisco router's SNAsw facility as a neighboring network node server (parameter NETSERVER in chg/dspneta on IBM i), the 150 can sucessfully APING the 8203 and vice versa.

    After re-reading the help text for the NETSERVER parameter, I have the intention that the mentioned negotiation takes place *only* if the local network id and the NN's network ID match. And the 150/cisco SNAsw *have* different NETIDs than the V7 box.

    Excurse: The LCLNETID is a way to logically group SNA APPN nodes. Putting SNA nodes into a common group also influences the flow of alert messages (See
    Alert support PDF). In a way it's like the concept of a Zone in AppleTalk. (Difference: Zones are defined on Routers only while every APPN node can have it's own NETID.)

    After changing the NETSERVER parameter again to *ANY (host part) but with the network name of "my" bunch of AS/400's (which is the same as the Cisco
    Router's LCLNETID), name resolution still works. It certainly didn't work before, even if I supplied the "FQDN" to do APING.

    Therefore I conclude, there has to be a NETSERVER entry for every existing NETID of APPN peers in an End Node.

    What remains as tbd is to again review documentation about Alerts, since the 8203 now thinks, it must send alerts to the "true" NN (not the Cisco Router)
    in my LCLNETID group. Minor thing, since I administer all of these but when tying machines of different companies together, it certainly will raise discussions between admins.

    Also, if I change the configuration of the EE endpoint to Network Node
    instead of End Node, the whole thing should also work out of the box.

    [...]

    Nope. Now I'm confused. More than usual, that is.

    And, hooray, doing an APING with 1500 byte packets to see if the "MTU" issue
    is gone made the 2901 crash. :-) Another one I wanna throw at TAC!

    %SYS-3-OVERRUN: Block overrun at 2575E9C8 (red zone 00000000)
    -Traceback= 30012E94z 35085D00z 35081A20z 35097F8Cz 35094D1Cz 3509482Cz 3508AD00z 3508AE40z 3508AF80z 34F835A4z 34F65B24z 30032B5Cz 30032B40z

    That's what I want to accomplish with my Cisco gear in the long
    run. Earlier, there has been a second 150 at a friends location
    but somehow he's not using it anymore, so no need create a
    more-complex-than-necessary scenario with bridging.
    Can you ""route things through one machine to get to the others?

    That's how SNA works anyway, but on the session layer, not on the network
    layer as we know it from AppleTalk, IP, IPX, IPv6 and others.

    I guess if you could talk to one old machine via Token Ring or Ethernet,
    you could talk to all of them.

    Yes and no, see above.

    Is there any sort of serial networking that is common between the
    machines? SDLC / BiSync / etc.

    SDLC but since the 8203 is about 50km north of here, this isn't an option.

    Though I think (virtual) machines that can run S/390 code are more
    prevalent than 3745s or 3746s to run their code. So, CCL might have
    made it easier to find more places to run the proprietary code.

    True.

    Ethernet or Token Ring. Sorry if I was too unspecific. I'm
    not sure that exactly Hercules supports. Looking at this one:
    <https://hercules-390.github.io/html/herctcp.html> it seems, it's
    not a real Ethernet Adapter.
    It's not an OSA, if that's what you mean.

    Yes. Again I mixed things up. Sorry!

    Having read that page before, a number of times, and re-reading parts of
    it now, I see some of the exact same things that I read about with my P/390-E.

    It's nice feeling if stuff makes more sense after reviewing, isn't it?

    The LAN Channel Station 3172 is channel attached to the mainframe via a virtual 3088 Multisystem Channel Communication Unit.

    As I type this, I wonder if the 3088 MCCU is a channel (bus & tag) counterpart to ESCON & FICON directors.

    This is all mystery to me. :-)

    Since I never tried to run Linux for z on Hercules, I'm really out
    of knowledge here.
    I don't think any of that page is for Linux on z on Hercules. I think
    it's Hercules on Linux or Windows.

    Sorry for not being precise, again. Linux would be my choice to propery "see" and learn about attached hardware in a way which I know.

    Unfortunately neither of the pages go into what the LCS is nor what the
    OSA is, much less how they differ from OS/390's point of view.

    I fear there are just two ways to find out:
    - Ask the devs,
    - Read the source.

    Now *that* is some cool stuff! But I don't want to know how much
    Watts the 890 eats up.
    It's a lot.

    4 digits? Or less?

    Please extend with "9401-150 via 2724 Token Ring IOA". For the rest:
    Correct. Sorry if I've been ambigous.

    9406 running IBM i w/ EE --- Gigabit Adapter --- EE encapsulated SNA ---
    2901 w/ SNASw --- SNA on Ethernet --- 2613 --- Token Ring --- SNA ---
    2724 Token Ring IOA --- 9401 running IBM i w/o EE

    Correct?

    Not 9406 but 8203-E4A. Not "just" 9401 but 9401-150. Than it's 100% correct. :-) 9406 was a huge class of machines.

    The E4A with Power6 can be bought (used condition) for very cheap. Unfortunately, these draw about 400W (with 4 CPUs and 5 15k disks). And
    they're not exactly quiet, even if running in the basement.

    There also was a 9401-P0[23], a so called "portable" AS/400. Rumor says,
    mostly used by sales guys to lure Bosses into buying a big AS/400, because, look, I show you in just one hour how to create your first tiny business application.

    Unfortunately, V4 doesn't run on these. I'm not sure how earlier versions lack stuff I'm used to today.

    The 150 not incorporates a 2723 (10M Ethernet IOA) to connect to the
    same physical Ethernet segment as the 2613. New layout:
    Is that "not incorporates" or "now incorporates"?

    Sorry, typo. Should be "now". As much as I enjoy this discussion, it takes looong time to answer properly. Maybe I should cease to try to answer in one go.

    IBM i w/ EE --- Gigabit Adapter --- EE encapsulated SNA --- 2901 w/
    SNASw --- SNA on Ethernet --- 9401-150 with 2723.
    If you have the 2723 (Ethernet IOA), why are you trying to get the 2724 (Token Ring IOA) to work? To get 16 Mbps instead of 10 Mbps?

    Exactly.

    Aside: I find the 2723 & 2724 IOAs being PCI NICs to be entertaining.

    Yes. Both run fine in Linux. The 2723 is just an AMD PCNet-32 Chip and the
    2724 is by looking at it identical to the IBM Olympic based PCI cards. Yet, something in some ROM must be different, because putting a "normal" Olympic card in makes OS/400 complain that the IOA has troubles and doesn't work.

    Another case of "apply magic pixie dust to get more revenue because customers are forced to buy our overpriced stuff."

    I simply don't have the skills to understand the differences of both card's
    ROM images. Too much binary babble. :-)

    Yes, you're right. But honestly, how many interfaces do you need?
    I don't /need/ anything 3600 / 2600 / 2800 any more than I need a hole
    in my head.

    Sorry for being dumb. Of yourse you're perfectly right! :-D

    I /want/ the following interfaces:

    * Token Ring
    * 10Base{T,2,5} to connect my Thicknet segment to
    * 100BaseT (or better) to connect to my main network.
    (100 because I want to have full 16 Mbps Token Ring.)

    I'd recommend a 3640. It's relatively easy to add resistors so fans spin less fast and thus make less noise without the box to overheat. At least, it draws around 25W. So, at most 25W heat will be generated.

    * WIC-1T

    Nice playthings. Did you know that the corresponding cable to RS-232 will give you a true RS-232 with *two* independent Rx/Tx lines (plus accompanying handshake and whatnot).

    * WIC-1DSU-T1

    Interesting. What do you want to connect to that?

    Because I can. / Because I want to. }:-)

    Again, I will not object. :-)

    I would sort of like to play with FDDI and other legacy networking typologies. (Hence why I have a 10Base5 segment.)

    Similarl here. But I'm content with "just" 10BASE2.

    For some reason ARCnet is calling to me.

    I had some ISA cards a loooong time ago but learned that I needed cabling with 96 Ohms (?) instead of 50, I got rid of them. Duh!

    No, you're perfectly right. The sole reason seems to be that Token
    Ring Bridging usually is source routed and packets get RIF headers
    added and removed as they trespass the bridged rings. Ethernet has
    no equivalent of source routing on the MAC layer, thus no RIF and
    thus cannot make use of SRB. You *can* bridge between Ethernet and
    Token Ring transparently, though (bridge irb in IOS). With your valid
    comment about maximum frame sizes.
    I'm intrigued at the idea of bridging Token Ring and Ethernet via
    Integrated Routing and Bridging.

    To me it seems boring: It's the same config and behavior as if bridging
    just ethernet. :-) Okay, you can have a lot of fun to make TR nodes generate packets with less-equal-than 1500 bytes.

    (While confirming the RFC number, I saw references for AAL5SNAP. Which
    now means more to me than it did years ago.)
    ... further down the rabbit hole ...

    See above for a similar comment.

    ATM Adaptation Layer 5 prepends bridged frames with 802.2 LLC headers.
    It seems as if OSI directly uses LLC and non-OSI uses SNAP.

    Hm. AppleTalk is OSI derieved, IP not. Do you refer to this kind of OSI/non-OSI?

    Ya. I think it was pulled out in 3.5 or 3.6. I'm fairly certain that
    it was in 3.4. (I went looking within the last year, but it's too late
    at night for me to remember.)

    I remember that with Debian 8, TR support was gone. No further details.

    It wasn't possible to make two boxes talk IP to each other via two
    Token Rings connected through a source route bridge.
    Hum. That sort of surprises me. But not completely. I think much of
    the Linux Token Ring stuff was only ever tested on individual rings and
    never used SRB.

    Yes. I think I was one of the few people on earth to be crazy enough to even bother testing.

    I wonder if the IP implementation on IBM i (or Netware) could do
    better. Sigh. Another idea to try out somewhen.
    I don't know about IBM i. I would bet quite a bit of money that NetWare
    got it correct. Or at least what was considered correct at the time.

    I wouldn't bet against you, since I think alike. Again.

    I personally consider NetWare to be the routing Swiss Army Knife of the
    OS world. I think that Cisco (and maybe Juniper) is the routing Swiss
    Army Knife of the router world.

    True. But for Cisco, mostly older gear, only.

    You made a point. Anyway, I really hope nobody can hear my evil laugh
    when I finally manage to open a TAC for some SNA issues I encountered.
    What's the fun in denying them the chill running down their spine? }:-)

    Maybe they'll refuse to handle the request because of apparent cruelty against employees. :->

    Maybe? It also can stem from "every computer company shows openness
    in some way, so we have to do also" - just a marketing fart, in
    other words.
    I think the "Open" aspect of the government mandate was that multiple
    vendors needed to have a common standard to allow them to interoperate
    with each other.

    Sounds reasonable.

    My understanding is that "Open" was what we would now call a "buzz word"
    that many things wanted to have / needed to have / were mandated to have.

    I agree.

    And still, I can't see a lightweight, address-saving-friendly solution
    for proper host isolation when running multiple VMs in the same IP
    segment. PPPoE and MAC filters come to mind but PPP can be a real
    CPU hog when transferring over high bandwidth links.
    Oh Linux has some options. MAC-VLAN and IP-VLAN come to mind.

    These aren't IP-saving. I'd need to give every machine it's own /30. Three addresses per host wasted. Thus I'm wishing for a true point to point protocol but with less cpu impact compared to ppp. At least thats my understanding of the the stuff you mentioned.

    I question why we need more isolation than two physical systems plugged
    into the same LAN would have.

    Each host shall not talk to each other directly, so I can group hosts into a
    L3 segment to save IP addresses and have security. Talking must be done always trough the gateway to enforce packet filtering rules.

    Each host is "untrusted". It's fairly easy to do MAC spoofing to attract traffic. Even if communications to the outside world most likely will be lost by then, because MAC collisions shall not happen. Dunno how to enforce that within a VMWare vSwitch, though.

    I think, we truely need something independent of (emulated) ethernet.
    Something like a logical NIC which does only support IP and IPv6, but not anyhing 802.3. Sadly, other protocols are irrelevant today. These should be logically linked outside of the guest OS in a point to point fashion to some kind of concentrator as dialin servers were in the 1990's. That would enable a true p2p config, no broadcast, no network, no IP wasting, no MAC spoofing, no IP spoofing (if done right), no laughable 1500-bytes-max-frame, and probably more. I really wonder which huge pile of kludges large virtual root server providers stacked to prevent customers to attack each other intentionally or unintentionally (because one of these had security holes and now has a nifty backdoor).

    Better: How many different and crude ways to solve a problem which
    would have been much easier to solve on a higher layer.
    It depends who you ask. Too many and not enough at the same time.

    That's so true. But doesn't that apply to other topics also. Hear other's opinions but make your own mind?

    Ya. Trying to extend a Layer 2 Broadcast Domain across data centers is "bad". Yet people want to do it all the time.

    Yes, because it's easier than to do it with L3. And it *is* easier to
    initially set up but if things go wrong (which could be by own fault but must not necessarily) you'll have a lot of fun to clean up the resulting mess.

    Are you talking about running true TCP or UDP above IPX?
    I don't know precisely how true the TCP or UDP are. But, yes, Novell
    has an option to replace the (lower part of?) Winsock with a modified
    version that will transport things across IPX.

    That's the most strange thing I heard about in years!

    It is a feature of the Novell NetWare Client 32 for Windows 9x. It was
    meant as a way to allow an IPX network to provide connectivity for TCP (and UDP?) applications without needing to institute IP on the LAN. One of the things they touted was IPX addressing is a LOT easier than IP addressing.

    This almost certainly needed a rewrite of code for applications, right? MAC addresses for hosts plus IPX network numbers are completely different to IPv4 addresses and netmasks.

    Since the Network Number in IPX was already 32 Bit, this solution *could* have prevented the need for IPv6 in the first place! ;-D

    MacTCP (control panel) was the IP over DDP.
    Open Transport was DDP over IP.

    Nope. :-)

    MacTCP provided an IP stack and proprietary API to Mac Applications. Open Transport was a complete rework to integrate AppleTalk and IP under the
    STREAMS API, also as PPC native code. AFAIR the only other company using STREAMS was Novell with their Netware.

    On a side note, The Open Transport IP implementation has problems with Window

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to poc@pocnet.net on Sat Dec 7 23:56:05 2019
    On 12/7/19 4:09 PM, poc@pocnet.net wrote:
    First of all: Is your email address valid? I sent you one and it got delivered to somewhere, saw no bounce. I wrote to you, had this answer
    in usenet meanwhile but none via mail. May I ask you to have a look?

    Yes, it is valid.

    Yes, I received your email.

    I'm sorry for not replying sooner. It was late last night when I
    finished my reply to the newsgroup and I was helping my wife with things
    today. I have since replied to your email.

    I'm sorry for the confusion I caused.

    I've come to the same conclusion. With a quirk: Since an unknown
    version of Netware, the default frame type was changed from
    Novell-dumb-802.3 to true 802.2 (with LLC). Can't recall where I
    read that. Could be that this change was between 3.11 and 3.12,
    since these were the ones I was using back then.

    I don't know what version the change was introduced in.

    The Application Note that I linked to previously has a date of September
    1st, 1993. So I'm guessing that the change was shortly before that.

    Link - Migrating Ethernet Frame Types from 802.3 Raw to IEEE 802.2
    - https://support.novell.com/techcenter/articles/ana19930905.html

    That AppNote references another AppNote that I want to read. I suspect
    it's related to the change.

    Link - Communication Basics and Open Data-Link Interface Technology
    - https://support.novell.com/techcenter/articles/ana19921103.html

    A *lot* of.

    Yep.

    I'm going to try to retrain myself to think of the following two options
    for 802.3.

    · (Novell) 802.3 (Raw) for IPX
    · (IEEE) 802.3 for 802.3 Ethernet frames with 802.2 LLC.

    Makes sense to me. Thanks!

    You're welcome.

    I know. Even more shame on them! Once that could have been the network
    of the future! Wait. Sorry, had a flashback into 1992.

    LOL

    Did you see / hear about the FCoTR joke that Ivan Pepelnjak and co were
    having fun with a few years ago?

    Have you seen LGR's OS/2 spoof video?

    https://youtu.be/wQdK9owqVd0

    I didn't tinker with AIX yet. People say it feels like unix but
    somehow strange and different.

    AIX is technically a Unix. It's even got rights to the name with the
    capital U.

    But it is different. It's IBM's take on a Unix. Think IBM nomenclature
    for things and command naming habits. There are quite a few things
    about it that are different than Solaris or Linux or *BSD. But it is
    very much a unix.

    Yes, you're right. But fragmenting or sending an error back is *way*
    better than silently dropping a too large frame at the bridge and
    stuff mysteriously fails sometimes.

    I completely agree!

    For some reason I assumed that the bridge would send an error back. But
    that may just be a naive assumption.

    Hm. I remember that the IEEE approved IBM Token Ring *afterwards*
    IBM had the specs finished. Maybe that was only valid for 4M? Can't
    prove that out of the box.

    I'm guessing that any ambiguity was with 4 Mbps Token Ring. Any
    decisions therein would have been carried forward to 16 Mbps / 100 Mbps
    / 1 Gbps.

    Aside: I don't think 1 Gbps Token Ring ever made it out of the lab.

    Seems so. I'm not getting much more than a 10M NIC will transfer
    by FTP.

    What do you get when nw4-idle.nlm is unloaded? Do you see closer to 16
    Mbps?

    Sorry for ambiguity. Yes, you're perfectly right.

    Don't be. I found it entertaining.

    Hmm. I never had to do with ATM beyond a thin layer of "PVC 1/30"
    in early Cisco gear with integrated DSL Modems.

    I've not done much. I wanted to do more. I had equipment to do so
    before a cross country move caused me to down size. #0outOf10 #wouldNotRecommend #woudlNotDownsizeAgain :-(

    I've played with ATM in GNS3. I had a small network of four ATM
    switches (emulated by GNS3) and four or eight virtual Cisco routers. It
    was interesting and entertaining.

    I've also done similar with Frame Relay and X.25.

    The 150 has something similar to a PPC 603 with in between 80 ... 150
    MHz. The ESXi is running on an AMD Turion II N54L with 2,1 GHz.

    That's just a little bit of difference in speed.

    Let me put it this way: Doing an FTP transfer over the 10M NIC in
    that 150 yields about 800 KBytes/s and pushes the CPU to around 90%
    usage. It's not really faster when doing the same via Token Ring.

    Okay.

    Transferring a file via SNADST via Token Ring yields a CPU load of
    about 30%. Since the transfer is like UUCP not direcly visible,
    I can't reliably deduct a transfer rate. Hitting refresh on the
    WRKACTJOB screen too often also creates considerable CPU load which
    might influence the transfer speed.

    SNADST? Is that possibly SNADEST, a parameter to FLOPTS?

    WRKACTJOB I'm guessing Work Active Jobs - Googling. Yep.

    I didn't manage to prepare a huge SNA transfer between two faster
    boxes in my basement yet (a 9406-800 and a 9406-S20) connected via
    100M NICs to a common segment.

    The 9406-S20 looks quite similar to the AS/400 that I was around in '00.

    We're talking of a really tiny fraction of a second. :-) Maybe it's
    the reason, maybe not.

    Agreed.

    I disagree. If you want to do something and can't, it will not
    happen. Seen from the opposite side: "Because I can" together with
    the fruitfully done something includes "because I want to". Putting
    aside external factors like other people pushing you, that is.

    ~chuckle~

    Duly noted.

    That's also my understanding. Available transports were NetBEUI
    (NetBIOS Frames), IP and IPX.

    I'm glad to know that someone else agrees with my understanding of
    NetBIOS vs NetBEUI.

    The name has been a form of contention in some of the circles that I've traveled in the path.

    Yes, you needed to get the Netware for NFS addon product. Wasn't
    very stable, at least not with my early tries with Linux as NFS
    client. Sometimes, the connection got stuck. Dunno what I did to
    recover that condition. Maybe needed to reboot the Linux box, maybe
    also Netware.

    Crossing product families always has interesting side effects.

    Nothing more than a gut feeling that SNAP might be a good choice
    because the SNAP header extension provides precisely what's in
    the packet.

    Okay. Thank you for sharing.

    A similar challenge like to answer "Why do you have so many old
    computers? What do you actualy do with them?"

    I play with them.

    I learn things that I didn't know.

    I also liken them to old cars or boats or other common (expensive)
    collectible things.

    In fact, I have just two platforms I have a true killer application
    for to make these old boxes really useful to me. First are Macs. I
    love FreeHand 3.1 above anything else for drawing circuit diagrams.
    See https://www.radiomuseum.org/r/telefunken_opal_iii.html for
    an example.

    Nice diagram.

    And the 150 got important after I realised how easy and cool it is to
    create small things to show and edit data. Most people probably would
    have utilized Excel for that. I did some lists of old electronics
    magazines I own, but especially an inventory solution for my radio
    tube collection. Slowly as I dedicate time and brain capacity to it,
    there are more and more features like equivalent types, pinouts and
    maybe more data besides already included filament specs.

    :-)

    You're using one hobby to support / organize another hobby. I like it!

    What startet with paper and pencil when I was about 12, grew into an
    Excel sheet which in turn wandered into a MySQL table and is now in
    a physical file on my 150. That data has gone a loooong way.

    I get it. I have data that I want to make easy to access. Thus far,
    I've been doing it on web page on my server.

    And if anyone points to my O2, I can truly say that I sometimes use
    Photoshop 3 on that. But if they point to the Sun Ultra 1 I can only
    shrug. No killer app yet.

    This is where the "I want to" comes into play. ;-)

    I see. Interesting challenge!

    Yep.

    Brrrr. I never managed to get into X.25 on Cisco gear. Maybe that's
    because I don't have proper endpoints.

    Fair.

    I like playing with old networking technologies and making them do
    things that others say they can't do.

    Yes, as long as DECNET support is still in there (which means,
    someone takes care of it). Good luck and happy coding!

    Thank you.

    Yes, that's true. On the other hand, the P/390-E already draws power
    when you want to tinker with zOS, so routing on that box seems to me
    a logical step.

    The main reason that I've not done the routing on that box yet is
    because of hardware limitations. I have three PCI slots and one dual
    port NIC. OS/2 and OS/390 need their own NIC. I'm not aware of
    anything like Linux's vEth links for OS/2. So, I'm looking at the
    possibility of getting a quad port NIC and a short cable between a
    couple of the ports, one for OS/390 and the other for OS/2 to act as the router. - But, that might interfere with my SNA.

    As I type this, I am pontificating the following:

    1) OS/2 TCP/IP w/ Ethernet II & SNA w/ 802.2 to the LAN.
    2) OS/2 TCP/IP w/ IEEE 802.3 (802.2 LLC w/ SNAP) to OS/390.
    3) OS/390 TCP/IP w/ IEEE 802.3 (802.2 LLC w/ SNAP) to OS/2.
    4) OS/390 SNA w/ 802.2 to the LAN.

    It would be a slightly more complex configuration on that host, but it
    would still use the same number of LAN connections. It would also
    remove the need for the separate solution to route between TCP/IP w/
    IEEE 802.3 (802.2 LLC w/ SNAP) and TCP/IP w/ Ethernet II.

    That's a lot. :-) I'm keeping to IPv4, IPv6 (German Telekom already
    provides me with a /56), IPX, SNA and AppleTalk/DDP.

    Sadly, few residential ISPs provide IPv6 in the USA. There are some
    notable exceptions. But that means that the people that care use a
    tunnel of some sort, likely from Hurricane Electric.

    Banyan VINES support in Cisco gear is to be found only in very ancient
    image releases.

    Banyan VINES is … in a word … /OLD/.

    I tested an NM-1R1E2W in a 2801 a while ago and boot messages
    indicated it as unsupported. There were no additional interfaces. So
    I don't know if a 2811 would support it: The images are different (c2801-advsomething vs. 2800nm-advsomething), so there's a certain
    chance.

    Hum.

    Nope. The only (ancient) WIC-1ENET were designed specifically for
    some Cisco 172x series boxes and they simply don't run anywhere
    else. Beleive me, I tried. :-) A friend of mine says, that's maybe
    because the 172x utilize a PPC based SOC called PowerQUICC and the
    WICs need this QUICC-Support to function. In other words, they lack circuitry to be to true standalone NICs.

    Ah.

    That makes sense.

    Additionally, the WIC-1ENET just have 10BASE-T Ports.

    Ya. I'd have to have an external 10BaseT to AUI adapter. Going the
    opposite way that they normally do.

    Look out for NMs with Ethernet. They most often have a proper AUI
    connector.

    Yep.

    You'll receive no objections from me.

    ~chuckle~

    Hah! Someone else who uses his brain!

    I try.

    I like to learn what others are doing. My intention is to learn
    something better than what I'm doing. At the very least a different way
    to do it.

    Since this is exactly the same thing I do, I agree. :-)

    Yes. I think that's people completely forgot that UUCP usually ran
    directly on modem or serial lines. Now since everything's tcp, maybe
    they only saw this as a feasible way to encrypt UUCP traffic.

    ¯\_(ツ)_/¯

    There's always VPNs of one variety or another. }:-)

    Yes. And I remember, I really *have* a workflow running over UUCP. When
    I use my script to add a new zone to my master DNS, config-replication
    to the slaves is done via UUCP. It works like a charm, so I simply
    forgot a about it, in a way. :-)

    Nice!

    Have you seen BIND's Catalog Zone feature?

    Yes, I could have done that with ssh and call a remote script. I
    didn't. Because I can. And because it runs asynchronous, so I don't
    need to wait until all slaves are configured before continuing with registration process.

    Agreed.

    Nope, I wasn't aware. In fact, I know BITNET but I need to refresh
    my knowledge a bit on the net. Pun intended.

    I was also reading somewhere that RSCS was used as some kind of
    chatting facility. As I read about it, there comes BITNET as a
    link! And there it is!

    Yep.

    My understanding is that VM used RSCS to be able to send messages back
    and forth between users. BITNET took that capability to work between
    systems. Including through a network of systems thanks to
    store-and-forward networking.

    "Bitnet's NJE (Network Job Entry) network protocols, called RSCS..." I
    found the missing link! I understood RSCS after the first read some
    years ago to be something similar to UUCP, also.

    I wonder how inter-node-communication for NJE will take place in our
    modern world.

    SNA and / or TCP/IP

    I had concluded a while ago that RJE needs a dedicated line, Bisync or whatever. Since I found no easy way to get that attached to Hercules,
    I lost interest. On the other side, I know that Cisco IOS has some
    facilities to encapsulate certain serial traffic into IP or even
    modify protocols (AFAIR it's possible to convert a serial attached host talking SNA over SDLC to come out of the Router as a 802.2 LLC node).

    Agreed. I think some of that is how HNET is working.

    @bmoshix has indicated that they are relying on a feature of the
    Hercules emulator to do some of the TCP/IP interfacing & translation so
    that VM sees it as a terminal or an SNA connection. I think.

    You aren't alone in search of that particular holy grail.

    A while ago I had a mail exchange with J?rgen Winkelmann, the
    maintainer of TK4- and he told me that there has been some effort to implement the functionality of a 3703 or 3705 (can't remember) with
    the accompanying (but not freely available) NCP into Hercules.

    I wouldn't give up hope.

    The MVS community has produce KICS and a REXX for MVS. Both completely independent creations that provide the comparable functionality.

    There are some determined people that have made some impressive solutions.

    Still, SNA is tied to VTAM within MVS and I think that even *if*
    there'll be a chance to pull a loose thread out of MVS via a 370x to
    be able to talk SNA over something else than hercules-internal lines
    to terminals, it's still the "old", mainframe-centric, hierarchial SNA,
    not APPN

    And what's the problem with that?

    thus I guess, there's no chance to make it talk EE.

    Seeing as how it doesn't have a robust TCP/IP stack, I think EE on MVS
    3.8j is not going to happen.

    But does EE actually /need/ to be on MVS 3.8j? Or can EE talk to a
    Cisco running SNASw and let it convert to traditional SNA?

    Or is my ignorance of SNA showing? Can EE+SNASw not be used to talk to
    an old hierarchical SNA that doesn't support APPN?

    Thus, more work remains to be done to get SNA SDLC frames to 802.2 LLC.

    I feel like that has probably been done. Or at least pertinent parts of
    that.

    There are people that have 3172s / 3174s ? talking to /Hercules/ via
    TN3270 for the purpose of driving real 3270 terminals. I don't
    understand enough to know where the SNA vs SDLC etc stop and start.

    I really can't guess if there are enough capable enthusiasts to do
    all that labor for just "because I can". It's a small group of people
    running MVS or zOS or OS/400 at home in more than one instance to
    make networking these something nice to have. It's already possible
    to emulate a CTCA to build a loosely coupled cluster picking batch
    jobs from a common JES2 spool and I'm not sure how many people already
    play with it regularly.

    I think there's more than you may realize.

    The fact that IBM is not making it easy in any way shape or form to
    break into mainframes for students or hobbyists is causing people to do
    more with ancient MVS 3.8j.

    Look at KICS and REXX on MVS 3.8j. ;-)

    As I think about that, I'm wondering which protocol is running within
    this CTCA tunnel, but I fear it's not SNA but just machine-made
    channel programs.

    I suspect it's CCW programs.

    I think it's the 3172s / 3174s / 3745s / 3746s / et al. that do some of
    the translation from CCW to SNA.

    Though, as I understand it, VTAM (BTAM / TCAM) do need to know about the
    SNA endpoints. So there has to be more to it than just the channel
    attached controllers.

    Exactly. And it basically works but since I can't do a proper name resolution, I'm stuck at the moment.i

    Maybe I need to dig deeper into the differences about up- and
    downstream nodes. Cisco IOS has very few configuration parameters
    and does most things automatic. But it's possible to make an APPN
    Node attach to IOS as a dynamic (not defined in IOS config) way, and
    as a configured peer. Then I also can set a preferred netword node
    (which is supposed to know about all names). I was hoping that since
    IOS is a router OS, the SNA implementation there is always a Network
    Node with name resolution capabilities.

    You seem tenacious enough to figure it out.

    I'd love to learn about your journey as you do.

    I think I solved the problem.

    Cool!

    Sometimes it really helps to muse about things to someone else and
    make your brain run full speed in a background task. Or maybe as
    batch job. ~giggle~ So, thanks for listening!

    I *COMPLETELY* /get/ it. I've been in your shoes so many times.

    You're welcome. I'm glad that my curiosity helped you.

    In the general (SNA) network attributes of IBM i, you can set a network
    node server (something which acts as mDNS in a way, amongst other
    things) manually. I had the intention that if left blank, it will be negotiated with each PU when intially connecting. I'm wrong. In a way.

    Okay. That makes sense.

    After configuring the V7 box (connected via EE to the cisco router)
    to utilize the cisco router's SNAsw facility as a neighboring network
    node server (parameter NETSERVER in chg/dspneta on IBM i), the 150
    can sucessfully APING the 8203 and vice versa.

    Yay!!! \o/

    So if I understand you correctly, the core part of the solution was hard setting (or nailing a setting one way) to use the SNASw on the Cisco as
    the Network Node Server?

    Sort of functionally like making sure that all systems are using the
    same WINS server (with broadcasts disabled or unrouted).

    Aside: I wonder just how much overlap there is between SNA's NNS and
    NetBIOS's WINS. — I think it's better for my health if I don't
    pontificate that question.

    After re-reading the help text for the NETSERVER parameter, I have
    the intention that the mentioned negotiation takes place *only* if
    the local network id and the NN's network ID match. And the 150/cisco
    SNAsw *have* different NETIDs than the V7 box.

    Sort of like why you /need/ a WINS server when NetBIOS over TCP/IP
    (a.k.a. NBT) are on different subnets. Broadcasts / auto-discovery
    doesn't work in the non-directly-connected configurations.

    Excurse: The LCLNETID is a way to logically group SNA APPN
    nodes. Putting SNA nodes into a common group also influences the
    flow of alert messages (See Alert support PDF). In a way it's like
    the concept of a Zone in AppleTalk. (Difference: Zones are defined
    on Routers only while every APPN node can have it's own NETID.)

    Why do NetBIOS "work groups" / "domains" come to mind? ;-)

    After changing the NETSERVER parameter again to *ANY (host part) but
    with the network name of "my" bunch of AS/400's (which is the same as
    the Cisco Router's LCLNETID), name resolution still works. It certainly didn't work before, even if I supplied the "FQDN" to do APING.

    Therefore I conclude, there has to be a NETSERVER entry for every
    existing NETID of APPN peers in an End Node.

    That doesn't surprise me.

    It seems sort of like telling dynamic routing protocols which networks
    they should advertise to neighbors. Defining what is in scope and
    assuming that anything undefined is out of scope.

    What remains as tbd is to again review documentation about Alerts,
    since the 8203 now thinks, it must send alerts to the "true" NN (not
    the Cisco Router) in my LCLNETID group. Minor thing, since I administer
    all of these but when tying machines of different companies together,
    it certainly will raise discussions between admins.

    Yep.

    It sounds like you are talking about AS/400 / IBM i alerts much like
    I've talked about building a hierarchy of DNS / proxy / SMTP / MQ(TT) /
    etc. servers and controlling what information passes through different administrative boundaries. Networking at the application layer.

    Also, if I change the configuration of the EE endpoint to Network Node instead of End Node, the whole thing should also work out of the box.

    :-)

    Nope. Now I'm confused. More than usual, that is.

    ~chuckle~

    Confusion is a precursor state to enlightenment.

    And, hooray, doing an APING with 1500 byte packets to see if the
    "MTU" issue is gone made the 2901 crash. :-) Another one I wanna
    throw at TAC!

    %SYS-3-OVERRUN: Block overrun at 2575E9C8 (red zone 00000000)
    -Traceback= 30012E94z 35085D00z 35081A20z 35097F8Cz 35094D1Cz 3509482Cz 3508AD00z 3508AE40z 3508AF80z 34F835A4z 34F65B24z 30032B5Cz 30032B40z

    LOL

    That's how SNA works anyway, but on the session layer, not on the
    network layer as we know it from AppleTalk, IP, IPX, IPv6 and others.

    ACK

    That's what I was referring to by networking at the application layer.

    Much like UUCP ""networking host-to-host-to-host at the application layer.

    Yes and no, see above.

    SDLC but since the 8203 is about 50km north of here, this isn't
    an option.

    Ah! But there is. SDLC into a Cisco that converts things to IP to send
    50 km to another Cisco that converts IP back to SDLC which is connected
    to the local system.

    Do for SDLC what EE does for SNA.

    It's nice feeling if stuff makes more sense after reviewing, isn't it?

    Yep.

    I fear there are just two ways to find out:
    - Ask the devs,
    - Read the source.

    Yep.

    4 digits? Or less?

    I don't know.

    I tried to glean some information from @faultywarrior's Twitter feed,
    but I'm not getting anything of value.

    Not 9406 but 8203-E4A.

    I took a stab at the model numbers I've seen mentioned in this thread.

    Not "just" 9401 but 9401-150.

    Fair.

    I elided the -150 to save a few characters and because I didn't have the
    type numbers for the 9406.

    Than it's 100% correct. :-)

    :-)

    9406 was a huge class of machines.

    ACK

    The E4A with Power6 can be bought (used condition) for very cheap. Unfortunately, these draw about 400W (with 4 CPUs and 5 15k disks). And they're not exactly quiet, even if running in the basement.

    Fair.

    Did any AS/400 / iSeries use SAN instead of DASD (term?)

    There also was a 9401-P0[23], a so called "portable" AS/400. Rumor
    says, mostly used by sales guys to lure Bosses into buying a big
    AS/400, because, look, I show you in just one hour how to create your
    first tiny business application.

    Interesting.

    Unfortunately, V4 doesn't run on these. I'm not sure how earlier
    versions lack stuff I'm used to today.

    :-/

    Sorry, typo. Should be "now".

    That's what I figured and how I read the statement.

    As much as I enjoy this discussion, it takes looong time to answer
    properly.

    Yep. That's why your email went unanswered until this evening.

    Good conversations deserve good responses. I'm also having to look some
    things up as I go along. Thus additional rabbit holes for me.

    Maybe I should cease to try to answer in one go.

    Some of my replies have been over the course of a number of hours and
    across meals.

    Exactly.

    That's why I wanted a 100 Mbps link to the router that I connect the 16
    Mbps Token Ring into.

    The 10Base5 can be downstream of the Token Ring, but not upstream.

    Yes. Both run fine in Linux. The 2723 is just an AMD PCNet-32 Chip

    I am not at all surprised.

    and the 2724 is by looking at it identical to the IBM Olympic based
    PCI cards. Yet, something in some ROM must be different, because
    putting a "normal" Olympic card in makes OS/400 complain that the
    IOA has troubles and doesn't work.

    This doesn't surprise me either.

    Another case of "apply magic pixie dust to get more revenue because
    customers are forced to buy our overpriced stuff."

    No comment.

    I simply don't have the skills to understand the differences of both
    card's ROM images. Too much binary babble. :-)

    Agreed.

    Sorry for being dumb. Of yourse you're perfectly right! :-D

    I'd recommend a 3640. It's relatively easy to add resistors so fans
    spin less fast and thus make less noise without the box to overheat. At least, it draws around 25W. So, at most 25W heat will be generated.

    Thank you for the pointer.

    Nice playthings. Did you know that the corresponding cable to RS-232
    will give you a true RS-232 with *two* independent Rx/Tx lines (plus accompanying handshake and whatnot).

    Are you talking about the cable with the HD-60 (?) connector on one end breaking out to two RS-232s on the other end? (I'm presuming you are.)
    I'm not at all surprised.

    My understanding is that the HD-60 connector was specifically chosen so
    that different cables could be used for different connections.

    I know that there is one to a V.35 and one that is a cross over
    (DTE/DCE) between two WIC-1Ts.

    Interesting. What do you want to connect to that?

    I want to put a T1 / PRI card in a Linux box and play with things.

    If I get one with voice capabilities, I can get Asterisk (et al.) to do
    some interesting things.

    I know that I can do Frame Relay across it. I don't know if ATM will go
    across it or not. (I'm not holding my breath for ATM.)

    Add an ATM OC3 module to the list.

    Again, I will not object. :-)

    Similarl here. But I'm content with "just" 10BASE2.

    Fair.

    I'm particularly interested in FDDI because some older computers /
    servers had 100 Mbps FDDI when the other networking options were 10 Mbps Ethernet. So FDDI actually gets more bandwidth into and out of the
    machines. }:-)

    I had some ISA cards a loooong time ago but learned that I needed
    cabling with 96 Ohms (?) instead of 50, I got rid of them. Duh!

    Ya. The proper coax makes a difference.

    Initial looking says that it needs to be 93 Ω RG-62.

    I frequently get RG-58 for 10Base2 and RG-59 for cable TV mixed up.

    To me it seems boring: It's the same config and behavior as if bridging
    just ethernet. :-)

    Fair.

    I sort of want to try it so that I can say that I've done it.

    I'll leave this here:

    Link - IBM PS/2 Model 50 and the IBM Network Bridge Program
    - https://youtu.be/eHylz96t45Y

    Okay, you can have a lot of fun to make TR nodes generate packets
    with less-equal-than 1500 bytes.

    Ya.... That will be problematic.

    Hm. AppleTalk is OSI derieved, IP not. Do you refer to this kind
    of OSI/non-OSI?

    Sorry for being ambiguous. I was referring to the actual OSI protocol
    suite, as in something very close to DECnet Phase V.

    AppleTalk would be non-OSI in this context.

    I remember that with Debian 8, TR support was gone. No further details.

    Token Ring was pulled out of the Linux kernel at version 3.5. The story
    that I read was that the Token Ring code was making it difficult to
    maintain other more important code. It might have been actually
    blocking the new code because of conflicts. So rather than updating the
    old Token Ring code, they decided to remove it.

    Yes. I think I was one of the few people on earth to be crazy enough
    to even bother testing.

    I may have to try it at some point.

    I wouldn't bet against you, since I think alike. Again.

    :-)

    True. But for Cisco, mostly older gear, only.

    I've stared at many a listing for a Cisco 4000 or 4500 router.

    I had a 7500 once upon a time. But it went a way years ago.

    Maybe they'll refuse to handle the request because of apparent cruelty against employees. :->

    :-)

    These aren't IP-saving. I'd need to give every machine it's own
    /30. Three addresses per host wasted. Thus I'm wishing for a true
    point to point protocol but with less cpu impact compared to ppp. At
    least thats my understanding of the the stuff you mentioned.

    Have you considered a /31?

    My understanding is that MAC-VLAN and IP-VLAN create virtual interfaces
    that are connected to the underlying physical NIC. Much like if you had multiple physical NICs.

    I've achieved a similar effect by putting a physical NIC into a bridge
    (brctl) with one end of a vEth pair and the other end in the Network
    Namespace.

    Each host shall not talk to each other directly, so I can group hosts
    into a L3 segment to save IP addresses and have security. Talking must
    be done always trough the gateway to enforce packet filtering rules.

    Each host is "untrusted". It's fairly easy to do MAC spoofing to
    attract traffic. Even if communications to the outside world most
    likely will be lost by then, because MAC collisions shall not
    happen. Dunno how to enforce that within a VMWare vSwitch, though.

    I understand the what. I just don't understand the why.

    Why are we after more security between VMs / containers than we would
    have between physical machines on the same switch?

    To me, each machine / VM / container should have it's own filtering to
    protect itself against other systems, even on the local ""LAN.

    I think, we truely need something independent of (emulated) ethernet. Something like a logical NIC which does only support IP and IPv6, but
    not anyhing 802.3. Sadly, other protocols are irrelevant today.

    TUN (L3 IP) interfaces come to mind.

    These should be logically linked outside of the guest OS in a point
    to point fashion to some kind of concentrator as dialin servers were
    in the 1990's.

    Take a look at Open vSwitch and what it calls internal interfaces.
    (Internal interfaces are poorly named and are very similar to a vEth
    pair, but with one end hard wired into OvS.) That will provide the
    ""physical network. You can then use OpenFlow to filter what sort of
    traffic is allowed to cross each of the internal interfaces.

    That would enable a true p2p config, no broadcast, no network,
    no IP wasting, no MAC spoofing, no IP spoofing (if done right),
    no laughable 1500-bytes-max-frame, and probably more.

    Why oh why is RFC 1483 based DSL coming to mind? IPs could be assigned
    to / routed to individual PVCs which shared a common loopback. Thus
    addressing both security and IP conservation.

    OvS w/ OpenFlow can easily do this too.

    I really wonder which huge pile of kludges large virtual root
    server providers stacked to prevent customers to attack each other intentionally or unintentionally (because one of these had security
    holes and now has a nifty backdoor).

    I don't think they do prevent the attacks. At least not any more than a
    Co-Lo provider protects one customer from another customer on the shared Ethernet switch.

    Yes, because it's easier than to do it with L3. And it *is* easier to initially set up but if things go wrong (which could be by own fault
    but must not necessarily) you'll have a lot of fun to clean up the
    resulting mess.

    Yep.

    I think that SDN (OpenFlow) has the technical capability to change
    things. At least in that it's possible to make it appear as if there is
    an L2 connection when in fact it's a routed network in between doing
    some special magic.

    I think that EVPN plays in this space too.

    That's the most strange thing I heard about in years!

    Is it conceptually any different than carrying TCP or UDP on top of DDP?
    Or AnyNet carrying IP / IPX on top of traditional SNA?

    This almost certainly needed a rewrite of code for applications,
    right?

    Nope.

    Bog standard TCP/IP applications on Windows 98 work perfectly fine
    across IPX without changing the applications in any way.

    Remember that the applications use Winsock as their TCP/IP stack. This
    feature replaces Winsock with a different version that does TCP/IPX and UDP/IPX.

    The new Novell Winsock varient provides the same APIs for the programs.
    They are just fulfilled via IPX instead of IP.

    MAC addresses for hosts plus IPX network numbers are completely

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to Grant Taylor on Thu Dec 12 14:54:28 2019
    Sorry I'm too dumb to use tin properly. :-) So I sent a half-written article and don't know how to cancel that one.

    Grant Taylor <gtaylor@tnetconsulting.net> wrote:

    I'm sorry for not replying sooner. It was late last night when I finished my reply to the newsgroup and I was helping my wife with things today.
    I'm sorry for the confusion I caused.

    Just to be complete: No worries. I was just wondering.

    Did you see / hear about the FCoTR joke that Ivan Pepelnjak and co were having fun with a few years ago?

    No. Do you have a reference at hand?

    Have you seen LGR's OS/2 spoof video?
    https://youtu.be/wQdK9owqVd0

    Nope, but thanks. Neat!

    I didn't tinker with AIX yet. People say it feels like unix but
    somehow strange and different.
    AIX is technically a Unix. It's even got rights to the name with the
    capital U.

    :-)

    But it is different. It's IBM's take on a Unix. Think IBM nomenclature
    for things and command naming habits. There are quite a few things
    about it that are different than Solaris or Linux or *BSD. But it is
    very much a unix.

    That sums up pretty much what I've heard so far, yes.

    Yes, you're right. But fragmenting or sending an error back is *way*
    better than silently dropping a too large frame at the bridge and
    stuff mysteriously fails sometimes.

    I completely agree!

    For some reason I assumed that the bridge would send an error back. But
    that may just be a naive assumption.

    AFAIK there's no mechanism to send back an error on L2. ICMP could but that's L3.

    Seems so. I'm not getting much more than a 10M NIC will transfer
    by FTP.
    What do you get when nw4-idle.nlm is unloaded? Do you see closer to 16
    Mbps?

    Will test that at a later point in time.

    Transferring a file via SNADST via Token Ring yields a CPU load of
    about 30%. Since the transfer is like UUCP not direcly visible,
    I can't reliably deduct a transfer rate. Hitting refresh on the
    WRKACTJOB screen too often also creates considerable CPU load which
    might influence the transfer speed.
    SNADST? Is that possibly SNADEST, a parameter to FLOPTS?

    No, it's SNA distribution services. Another store-and-forward thing, almost like UUCP. https://en.wikipedia.org/wiki/SNADS

    That's also my understanding. Available transports were NetBEUI
    (NetBIOS Frames), IP and IPX.
    I'm glad to know that someone else agrees with my understanding of
    NetBIOS vs NetBEUI.

    I must confess that I learned about the differences about last year, when I was having yet another 200-tab-session with Wikipedia. :-)

    A similar challenge like to answer "Why do you have so many old
    computers? What do you actualy do with them?"

    I play with them.

    I learn things that I didn't know.

    I also liken them to old cars or boats or other common (expensive) collectible things.

    Good points!

    See https://www.radiomuseum.org/r/telefunken_opal_iii.html for
    an example.
    Nice diagram.

    Thanks. European style drawing. ;-)

    You're using one hobby to support / organize another hobby. I like it!

    Just realizing that as you name it. Thanks!

    I have data that I want to make easy to access. Thus far, I've been doing it on web page on my server.

    Also a possibility. If you're fluent in COBOL, you might go for KICKS. Docs are there, example programs, too. AFAIR there are even Hooks for C! But from RTFM
    I guess it's still way more complicated compared to do the same on the AS/400.

    I like playing with old networking technologies and making them do things that others say they can't do.

    That could have been stated by me, also.

    That's a lot. :-) I'm keeping to IPv4, IPv6 (German Telekom already
    provides me with a /56), IPX, SNA and AppleTalk/DDP.
    Sadly, few residential ISPs provide IPv6 in the USA.

    I'm astonished in a way. I had the impression that the chicken-egg problem was finally solved by reality kicking in when IANA was handing out it's last IPv4 block.

    There are some notable exceptions. But that means that the people that care use a tunnel of some sort, likely from Hurricane Electric.

    Which means: If you care, you can use IPv6. If you don't, you're stuck with IPv4. That is a proved solution. Until somewhen in the future when certain services on servers will maybe available only via IPv6.

    Rumor says, the adoption of IPv6 could have been sped up by large amounts if there had been free porn available through IPv6-only connected servers. ;-)

    Have you seen BIND's Catalog Zone feature?

    Not until now. That's definitely something I should have a closer look into! Thanks for the pointer!

    My understanding is that VM used RSCS to be able to send messages back and forth between users. BITNET took that capability to work between systems. Including through a network of systems thanks to store-and-forward networking.

    That's also my conclusion.

    Agreed. I think some of that is how HNET is working.

    @bmoshix has indicated that they are relying on a feature of the
    Hercules emulator to do some of the TCP/IP interfacing & translation so
    that VM sees it as a terminal or an SNA connection. I think.

    I had a look at the mentioned Video and was surprised that I did not stumble over that one much earlier. I was watching the most interesting moshix vids over the couse of this year, because I like how he explains stuff and also his attitude of not preparing and doing right away to show possible mishaps and
    how to deal with them.

    Apparently, they're just doing a long range connection via IP, looking to RSCS like a CTC-Connection.

    I digged a bit deeper into that particular hole and found:

    <https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa300/rjechp.htm>

    zOS supports RJE via SNA. Also there are some explanations about NJE in the index tree to the left. Eventually, everything is fed to JES2 so maybe other Hercules facilities could be exploited.

    <https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=DD&subtype=SM&htmlfid=877/ENUS5722-CM1>

    OS/400 also can utilize SNA transport for RJE. Thus I searched for the documentation collection @IBM for the RJE facility in OS/400 and found it.
    Have yet to read. And try out if SNA over LLC support for RJE is also in V4.

    Also, there has been some effort to create a SNA stack for Linux. I don't know yet how well it works or how complete the coding is. It hasn't been touched in years. But maybe it could help to establish a LU-LU connection from OS/400 to Linux SNA which in turn could be given a facility to connect to TCP ports
    (from Hercules) to overcome the limitation of Hercules and the free MVS cannot utilize SNA beyond internal VTAM.

    <https://www.ibm.com/support/pages/configuring-remote-job-entry-rje-over-enterprise-extender-hpr-over-ip>

    Quick Overview how to configure RJE (over EE, if that matters in any way).

    I get the impression that if it's possible to attach to the SNA facilities in VM (if there are any in the early and "freely" available versions) from outside, the AS/400 *maybe* could participate in RSCS based message
    forwarding.

    But honestly, before digging into the next deep rabbit hole (VM), I'd opt to get more used to MVS first.

    I've also gleaned the term BSC equivalence in the RJE-Manual of OS/400. And I somehow remember SNAsw enabled Cisco IOS to also support BSC in a way. If this encap/dcap facility is transparent, it *could* be possible to network Hercules with MVS 3.8j through a simulated BSC line, connecting to the Cisco router via TCP, which in turn re-encapsulates the traffic to a serial line (WIC-1T?) connected to a serial interface on an AS/400 which has a BSC line description for that particular interface.

    A *very* tempting thing to try out right away but I fear that once started, I couldn't stop until I have proof that it either runs. Or to learn that it's
    not possible to get it running without some code modifications in Hercules. Would eat too much time, right now.

    The MVS community has produce KICS and a REXX for MVS. Both completely independent creations that provide the comparable functionality.

    There are some determined people that have made some impressive solutions.

    Hm, maybe you're right. We'll see. I'd like to contribute but my skills are low, thus my motivation is lacking. Add the always prevalent tightness on free time.

    Still, SNA is tied to VTAM within MVS and I think that even *if*
    there'll be a chance to pull a loose thread out of MVS via a 370x to
    be able to talk SNA over something else than hercules-internal lines
    to terminals, it's still the "old", mainframe-centric, hierarchial SNA,
    not APPN
    And what's the problem with that?

    That APPN and hierarchical SNA share the name and have some common concepts
    but they can't talk to each other without some kind of translation facility.

    thus I guess, there's no chance to make it talk EE.
    Seeing as how it doesn't have a robust TCP/IP stack, I think EE on MVS
    3.8j is not going to happen.

    True.

    But does EE actually /need/ to be on MVS 3.8j?

    No.

    Or can EE talk to a Cisco running SNASw and let it convert to traditional SNA?

    Yes, if there'd be a way to connect VTAM to Ethernet, to get a connection from SNAsw to VTAM in the host. Basically.

    Or is my ignorance of SNA showing? Can EE+SNASw not be used to talk to
    an old hierarchical SNA that doesn't support APPN?

    I never tested it but since Cisco claims broad SNA support, I guess it's supposed to work.

    Thus, more work remains to be done to get SNA SDLC frames to 802.2 LLC.
    I feel like that has probably been done. Or at least pertinent parts of that.

    Hm. As far as I know there are two ways to achieve that:
    - Modern zOS can utilize given hardware in an emulated zSeries to do so,
    - MVS 3.8j lacks software facilities for talking SNA (VTAM) to that mentioned
    emulated hardware (whatever it is called). To achieve this connection on the
    real 360 hardware, one could use a communications controller.

    To my understanding, the emulated 3xxx-with-NCP (in parts) in Hercules 4 is a possible start to have that functionality by extending code to the features of a full-blown communications controller. Honestly, I don't know if I'm mixing
    up things here. I'm much better with AS/400.

    There are people that have 3172s / 3174s ? talking to /Hercules/ via
    TN3270 for the purpose of driving real 3270 terminals. I don't
    understand enough to know where the SNA vs SDLC etc stop and start.

    Same here. I think, the terminals are connected via Coax or serial/SDLC to the comm controller, which is configured to forward data via tn3270 over ethernet to an IP address. Roughly what the BOSCom Twinax Controller II does in the
    5250 world.

    The fact that IBM is not making it easy in any way shape or form to
    break into mainframes for students or hobbyists is causing people to do
    more with ancient MVS 3.8j.

    I think so, also. And I'm very appaled that IBM is constantly ignoring AS/400 hobbyists around the world, leaving not many ways to have an own AS/400
    running without any lic problems.

    DEC did it right by offering one-year licenses without cost to hobbyists. Licensing prohibits commercial exploitation. This hapit survived the ackquisition by Compaq and subsequently to HP(E).

    Look at KICS and REXX on MVS 3.8j. ;-)

    Right. But to my understanding KICKS started as a commercial product. Or there has been a free and a commercial version.

    I have REXX on my list of stuff to put onto my install. :-) Since I'm still struggling with all the necessary steps to do so, I didn't take time yet.

    Did you know that REXX is available on the AS/400 also?

    I think it's the 3172s / 3174s / 3745s / 3746s / et al. that do some of
    the translation from CCW to SNA.

    That's what I meant above. :-)

    Though, as I understand it, VTAM (BTAM / TCAM) do need to know about the
    SNA endpoints. So there has to be more to it than just the channel
    attached controllers.

    Many questions, few answers. Maybe here'd be the wrong place to ask also.

    You seem tenacious enough to figure it out.

    How do you know? ;-)

    So if I understand you correctly, the core part of the solution was hard setting (or nailing a setting one way) to use the SNASw on the Cisco as
    the Network Node Server?

    Yes.

    Sort of functionally like making sure that all systems are using the
    same WINS server (with broadcasts disabled or unrouted).

    Sort of, yes.

    Aside: I wonder just how much overlap there is between SNA's NNS and NetBIOS's WINS. I think it's better for my health if I don't pontificate that question.

    Again, there's just so many basic ways to find a solution to a problem.

    After re-reading the help text for the NETSERVER parameter, I have
    the intention that the mentioned negotiation takes place *only* if
    the local network id and the NN's network ID match. And the 150/cisco
    SNAsw *have* different NETIDs than the V7 box.
    Sort of like why you /need/ a WINS server when NetBIOS over TCP/IP
    (a.k.a. NBT) are on different subnets. Broadcasts / auto-discovery
    doesn't work in the non-directly-connected configurations.

    Sort of, yes. Your comparision itches somehow but I can't put my finger on the exact spot right now. ;-)

    Excurse: The LCLNETID is a way to logically group SNA APPN
    nodes. Putting SNA nodes into a common group also influences the
    flow of alert messages (See Alert support PDF). In a way it's like
    the concept of a Zone in AppleTalk. (Difference: Zones are defined
    on Routers only while every APPN node can have it's own NETID.)
    Why do NetBIOS "work groups" / "domains" come to mind? ;-)

    Because you're used to that concept? ;-)

    After changing the NETSERVER parameter again to *ANY (host part) but
    with the network name of "my" bunch of AS/400's (which is the same as
    the Cisco Router's LCLNETID), name resolution still works. It certainly
    didn't work before, even if I supplied the "FQDN" to do APING.

    Therefore I conclude, there has to be a NETSERVER entry for every
    existing NETID of APPN peers in an End Node.

    That doesn't surprise me.

    It seems sort of like telling dynamic routing protocols which networks
    they should advertise to neighbors. Defining what is in scope and
    assuming that anything undefined is out of scope.

    I think, there's more behind the scenes than just that. The alert bejavior makes me guess so.

    It sounds like you are talking about AS/400 / IBM i alerts much like
    I've talked about building a hierarchy of DNS / proxy / SMTP / MQ(TT) /
    etc. servers and controlling what information passes through different administrative boundaries. Networking at the application layer.

    Yes. Because of the session layer routing, SNA is usually doing.

    Nope. Now I'm confused. More than usual, that is.

    ~chuckle~

    Confusion is a precursor state to enlightenment.

    However, I chose to do a save point in this particular level of that apparent text adventure, to shift focus to other levels. :-)

    Much like UUCP ""networking host-to-host-to-host at the application layer.

    Yes. Note that earlier, there has been no "network" as in Ethernet or Token Ring or the like. Usually, there have been just point to point links via
    serial ports and SDLC. This said to support your UUCP claim.

    Ah! But there is. SDLC into a Cisco that converts things to IP to send
    50 km to another Cisco that converts IP back to SDLC which is connected
    to the local system.

    Since I don't have proper hardware in the 8203 (no SDLC compatible serial ports), that's only a viable way with investment in hardware. Before I do
    that, I'll try to solve the issue just with software.

    Did any AS/400 / iSeries use SAN instead of DASD (term?)

    Yes, newer boxes can utilize FC connections to IBM SANs which support the necessary additional SCSI commands and block size stuff.

    That's why I wanted a 100 Mbps link to the router that I connect the 16
    Mbps Token Ring into.

    Perfectly valid desire.

    Nice playthings. Did you know that the corresponding cable to RS-232
    will give you a true RS-232 with *two* independent Rx/Tx lines (plus
    accompanying handshake and whatnot).
    Are you talking about the cable with the HD-60 (?) connector on one end breaking out to two RS-232s on the other end? (I'm presuming you are.)
    I'm not at all surprised.

    HD-60: Yes. But no, there are no two connectors on the other end but one
    DB-25.

    My understanding is that the HD-60 connector was specifically chosen so
    that different cables could be used for different connections.

    Yes. Likewise, IBM also had special connectors on PCI serial IOAs to support different attachments.

    I know that there is one to a V.35 and one that is a cross over
    (DTE/DCE) between two WIC-1Ts.

    There are more:
    - X.21, iused in the early 2000's mostly with external adapters to 2 Mbit/s T
    or E 30-channel ISDN-alike lines. I've also seen ancient directional radio
    equipment with X.21 ports.
    - V.35 as you already observed,
    - RS-232.

    I'm not aware about that crossover-thing but I guess you're talking about the X.21 cables. I have both variants (DCE and DTE) of these which indeed support back to back connections by just plugging everything together.

    Interesting. What do you want to connect to that?
    I want to put a T1 / PRI card in a Linux box and play with things.

    I see. Have fun, then! Somewhen. :-)

    If I get one with voice capabilities, I can get Asterisk (et al.) to do
    some interesting things.

    Beware that there's a difference between data-only and voice capable cards in the Cisco world. I didn't take time yet to learn the true technical
    differences yet.

    Additionally, to support Voice, you need additional hardware providing DSPs.

    I know that I can do Frame Relay across it. I don't know if ATM will go across it or not. (I'm not holding my breath for ATM.)
    Add an ATM OC3 module to the list.

    I see. FR is just a protocol extension to support multiple independent
    channels over serial lines. It smells familiar to ATM with it's concept of PVCs.

    In the early 2000's at my previous employer, we had an OC3-Connection to an
    ISP via coax cable to a DSU and from there to a HSSI NP in a Cisco 4700. Yes, old box even back then but despite that, it performed extremely well. CPI load was never in excess of 50%, even when there was a lot of traffic.

    I'm particularly interested in FDDI because some older computers /
    servers had 100 Mbps FDDI when the other networking options were 10 Mbps Ethernet. So FDDI actually gets more bandwidth into and out of the
    machines. }:-)

    Yap. Since it was very expensive back then and thus rarely found in the wild, today it's hard to find anything interesting in that area, though.

    I had some ISA cards a loooong time ago but learned that I needed
    cabling with 96 Ohms (?) instead of 50, I got rid of them. Duh!

    Ya. The proper coax makes a difference.

    Initial looking says that it needs to be 93 Ohms RG-62.

    Hah! I totally mixed up :-)

    I frequently get RG-58 for 10Base2 and RG-59 for cable TV mixed up.

    I've ceased to reference cables by RG-something. Cheapernet or 10BASE-2 is a precise description for 50 Ohms cables with BNC connectors.

    TV Antenna cables were 60 Ohms in the 1950's until somewhen in the 1970's. Afterwards there were just 75 Ohms everywhere. Usually, I refer to that as
    TV antenna cables which is also unambiguous enough to me.

    Link - IBM PS/2 Model 50 and the IBM Network Bridge Program
    - https://youtu.be/eHylz96t45Y

    Thanks for sharing. What a cute CRT! Now I want one of those, IBM labelled.
    :-)

    I've stared at many a listing for a Cisco 4000 or 4500 router.
    I had a 7500 once upon a time. But it went a way years ago.

    If these weren't so big, I'd opt to go for one. :-) Because I find their architectural innards very interesting. In general I'd urge you to read
    "Inside Cisco IOS Software Architecture". Despite the title, it also has a
    good deal of hardware stuff. It's a bit older but as long as stock IOS (no XR or XE) is running on the router, the concepts are still valid up to the 2900 series.

    The 4700 was interesting because it had a separate memory module for packet buffers. This prevented a certain degree of competition of NICs and the CPU competing for the Bus to RAM.

    These aren't IP-saving. I'd need to give every machine it's own
    /30. Three addresses per host wasted. Thus I'm wishing for a true
    point to point protocol but with less cpu impact compared to ppp. At
    least thats my understanding of the the stuff you mentioned.
    Have you considered a /31?

    No. I never tried if that actually works and how the segment is coping by having an apparent IP conflict between Broadcast and Host address. And it's still an 2:1 loss for IP addresses. Thus I'd still prefer a true Point to
    Point protocol with no underlying point to multpoint architecture.

    My understanding is that MAC-VLAN and IP-VLAN create virtual interfaces
    that are connected to the underlying physical NIC. Much like if you had multiple physical NICs.

    I've achieved a similar effect by putting a physical NIC into a bridge (brctl) with one end of a vEth pair and the other end in the Network Namespace.

    I'll look into that later. I suspect that your proposal still needs configuration done on the end user machine, which can be fucked up and thus is considered untrusted by me. But thanks for the pointers, anyway!

    I understand the what. I just don't understand the why.

    Enforcing security by not sharing physical network media.

    Why are we after more security between VMs / containers than we would
    have between physical machines on the same switch?

    On a physical switch with physical end user machines connected, I'd do a "switchport protected" and have a good deal of my desired functionality.
    VMware vSwitch doesn't know about that. Given the fact that vSwitch and physical uplink into the hardare based switching infrastructure are
    effectively separate control plane domains, it's simply not possible to solve this problem with the given Hardware/Software combination (ESXi vSwitch, Cisco Catalyst).

    I'd love to have some kind of true "stacking" of a physical switch to the vSwitch(es). Part of that is possible with Cisco Nexus and distributed vSwitches, as I heard. Didn't take time to verify to which degree that would help, though.

    To me, each machine / VM / container should have it's own filtering to protect itself against other systems, even on the local ""LAN.

    Yes. But since I consider machines from customers (with root access) as untrusted, a local firewall to restrict outgoing stuff is mostly superflous. Additionally, with every other host, I'd have to add more and more rules to
    all hosts to allow specific connectivity (SMTP, http, ...).

    I think, we truely need something independent of (emulated) ethernet.
    Something like a logical NIC which does only support IP and IPv6, but
    not anyhing 802.3. Sadly, other protocols are irrelevant today.
    TUN (L3 IP) interfaces come to mind.

    Since these also need to be configured *inside* the VM, my objection that the customer can fuck up the network segment the TUNs are bundled into, is still there.

    Yes, I could create a seaparate Vlan with RFC-1918-addresses for each VM and use the L3-Tunnel to create internet connectivity. Doesn't scale well and sounds more like a workaround than a solution.

    If the emulated serial ports on VMs didn't have a speed limit to ancient 115200, I'd really opt for PPP over emulated serial links. No ARP, no
    flooding, no problems.

    These should be logically linked outside of the guest OS in a point
    to point fashion to some kind of concentrator as dialin servers were
    in the 1990's.
    Take a look at Open vSwitch and what it calls internal interfaces.

    Is this in any way compatible with ESXi? I guess, no. And, it's still a
    switch, I still have the same issues with possible MAC spoofing and ARP flooding.

    That would enable a true p2p config, no broadcast, no network,
    no IP wasting, no MAC spoofing, no IP spoofing (if done right),
    no laughable 1500-bytes-max-frame, and probably more.
    Why oh why is RFC 1483 based DSL coming to mind? IPs could be assigned
    to / routed to individual PVCs which shared a common loopback. Thus addressing both security and IP conservation.

    You seem to get behind my thinking. :-)

    I really wonder which huge pile of kludges large virtual root
    server providers stacked to prevent customers to attack each other
    intentionally or unintentionally (because one of these had security
    holes and now has a nifty backdoor).
    I don't think they do prevent the attacks.

    Which is bad habit. The RIPE lately created a map showing distribution of
    rogue nodes participating in DDOS-Attacks (flooding). Surprisingly, first
    place in the list goes to the USA.

    At least not any more than a Co-Lo provider protects one customer from another customer on the shared Ethernet switch.

    See? That's why I want to do better. :-)

    I think that SDN (OpenFlow) has the technical capability to change
    things. At least in that it's possible to make it appear as if there is
    an L2 connection when in fact it's a routed network in between doing
    some special magic.

    No. Even if you bridge an L2-Domain over an L3-Channel, it's still a
    L2-Domain. Inherent issues of L2 are a) ARP flooding to "find" unknown nodes by blindly shouting and b) the impossibility to aggregate "routing" information. Every single node (MAC address) is exactly one entry in the "routing" table. Forwarding-Table, that is. To be precise.

    This creates ambiguity about which node is supposed to be where. Compare that to IP addressing, where nodes are grouped through the netmask feature and thus are tightly coupled to the local network segment.

    If you insist to have IP mobility (address of a node must stay the same, no matter which DC runs that VM), you need stretched L2-Domains
    Or emulate the DECNET way of Networking: Every end node participates in Routing. The NIC's DECNET address is meaningless and just needed to have connectivity. The true node address used to access the node's services is a loopback address. Since the loopback address is injected into the routing protocol, the node can be reached everywhere, no matter in which of the geographically separated data centers it resides. No need to have stretched L2-Domains, every DC can utilize it's own network segment to be unabigous
    about addressing each node.

    This again is a rabbit hole in itself, because as you fall down, you see *so many* details to consider, that scenario is probably too complex to be reliable, resonably resistent agains attacks from "inside" and foolproof at
    the same time.

    Currently, I'm not aware of an easy solution. At least as easy to handle as a streched L2-Domain. As long as it works and all measures have been taken to prevent split brain sutuations to the greatest extent possible.

    That's the most strange thing I heard about in years!
    Is it conceptually any different than carrying TCP or UDP on top of DDP?
    Or AnyNet carrying IP / IPX on top of traditional SNA?

    No. But at least I'm used to AnyNet in old OS/400 releases. ;-)

    Bog standard TCP/IP applications on Windows 98 work perfectly fine
    across IPX without changing the applications in any way.

    Okay, let's say, you want to open an FTP connection to a remote host via that facility. What do you enter in the host field of that graphical FTP client program? A name? If yes, what resolves that name to an IPX address? And if not, may I just enter an IPX-Address into that field?

    What about some applications whose devs thought, it's a nice thing to hard
    code periods every fourth column? How to enter an IPX address there?

    MAC addresses for hosts plus IPX network numbers are completely
    different to IPv4 addresses and netmasks.
    MAC addresses are exactly the same. Nothing at L2 changes.

    Yes. But applications utilizing IP usually never deal with MAC addresses.

    Yes, IPX addresses are completely different from IP addresses. But that doesn't matter.

    Sure? See above.

    It doesn't matter because the IPX packet is from the local IPX address
    to the remote IPX address of the gateway running on the NetWare server
    that does the opposite.

    You're way too deep into details. :-) I hope I could clarify my questioning above.

    It's conceptually very similar to IP over SNA via AnyNet.

    Not really: AnyNet is an encapsultion mechanism. What you describe is the complete replacement of the L3 protocol with another. Just like IPv6 vs. IPv4.

    MacTCP provided an IP stack and proprietary API to Mac
    Applications. Open Transport was a complete rework to integrate
    AppleTalk and IP under the STREAMS API, also as PPC native code. AFAIR
    the only other company using STREAMS was Novell with their Netware.
    I may have the names wrong. But I know that the IP support the predated
    Open Transport was on top of DDP.

    Optionally, it was. But MacTCP could utilize an Ethernet NIC to send and receive Ethernet II frames as usual. You *could* utilize that encapsulation also on Ethernet, since AppleTalk also runs on Ethernet.

    The very same functionality is offered by Open Transport.

    On a side note, The Open Transport IP implementation has problems with
    Window Scaling. Uploads to current Linux's will be painfully slow,
    single-digit KBytes/s range, even over 100M Ethernet. If you disable
    window scaling in /proc (or /sys?), it's fast again, but everything
    else will be slow. Or if you put a Cisco ASA in between to delete
    the WScale-Option while the TCP handshake takes place.
    I wonder if there is an IPTables target to (conditionally) disable
    window scaling (for specific IPs)

    Interesting remark! Why did this idea never occur to me?

    Just had aa quick glance over iptables-extensions(8) and saw that it's
    possible to match by --tcp-option and can alter packets with either Target SYNPROXY, Option --wscale, or Target TCPOPTSTRIP, --strip-options.

    I'll definitely check this out, thanks!

    You just made my PIX 506E useless. ;-)

    I have a Pentium Overdrive Board (2850) with the accompanying board
    with S3 graphics chip and other peripheral support. It was hard to
    get hand on a breakout cable to actually see what's going on on the
    PC side (VGA, PS/2 Keyboard and Mouse, Serial and Parallel Port).

    Nice!

    I'm not surprised that the breakout cable was difficult to find.

    Yes. And because I can, I documented the pinout. https://kb.pocnet.net/wiki/AS/400_FSIOP_Kabel

    So it's at least once to be found in the internet. If one is desperate enough, one can acquire connectors and cable and do it himself.

    Though, it's my understanding that X.25 was largely used as a long
    distance serial interface or to transport other protocols. I'd think
    that the gateway machine would gateway more common protocols.

    I don't know yet. Also on my list to try out, maybe together with connecting OS/400 via serial port and Macs with Cisco gear. Don't know what to run on top of X.25. AFAIR, it also has been used as simple terminal data transport facility. Sadly, X.25 support in current Linux has been shrinked to just AX.25 a long time ago.

    DB-15, M or F depends on what's to be connected on the other side. A
    distinction I don't understand.
    Is the M or F on the DB-15 or the Twinax connector?

    DB-15.

    And now I'm again learning that there was even more highly interesting
    stuff. CL/1 server vor MVS/TSO! MacAPPC! It seems that the latter
    is part of the API stuff for SNA.ps. And MacDFT, which seems to be
    the other Application to talk to the Coax/Twinax-Card.
    I'm sort of surprised to learn that Coax / Twinax connected terminals
    were Distributed Function Terminal. I thought DFTs were a completely different class, more akin to ASCII terminals. I could easily have the
    wrong understanding.


    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to Grant Taylor on Thu Dec 12 14:52:03 2019
    Grant Taylor <gtaylor@tnetconsulting.net> wrote:

    I'm sorry for not replying sooner. It was late last night when I finished my reply to the newsgroup and I was helping my wife with things today.
    I'm sorry for the confusion I caused.

    Just to be complete: No worries. I was just wondering.

    Did you see / hear about the FCoTR joke that Ivan Pepelnjak and co were having fun with a few years ago?

    No. Do you have a reference at hand?

    Have you seen LGR's OS/2 spoof video?
    https://youtu.be/wQdK9owqVd0

    Nope, but thanks. Neat!

    I didn't tinker with AIX yet. People say it feels like unix but
    somehow strange and different.
    AIX is technically a Unix. It's even got rights to the name with the
    capital U.

    :-)

    But it is different. It's IBM's take on a Unix. Think IBM nomenclature
    for things and command naming habits. There are quite a few things
    about it that are different than Solaris or Linux or *BSD. But it is
    very much a unix.

    That sums up pretty much what I've heard so far, yes.

    Yes, you're right. But fragmenting or sending an error back is *way*
    better than silently dropping a too large frame at the bridge and
    stuff mysteriously fails sometimes.

    I completely agree!

    For some reason I assumed that the bridge would send an error back. But
    that may just be a naive assumption.

    AFAIK there's no mechanism to send back an error on L2. ICMP could but that's L3.

    Seems so. I'm not getting much more than a 10M NIC will transfer
    by FTP.
    What do you get when nw4-idle.nlm is unloaded? Do you see closer to 16
    Mbps?

    FIXME: Benchmark

    Transferring a file via SNADST via Token Ring yields a CPU load of
    about 30%. Since the transfer is like UUCP not direcly visible,
    I can't reliably deduct a transfer rate. Hitting refresh on the
    WRKACTJOB screen too often also creates considerable CPU load which
    might influence the transfer speed.
    SNADST? Is that possibly SNADEST, a parameter to FLOPTS?

    No, it's SNA distribution services. Another store-and-forward thing, almost like UUCP. https://en.wikipedia.org/wiki/SNADS

    That's also my understanding. Available transports were NetBEUI
    (NetBIOS Frames), IP and IPX.
    I'm glad to know that someone else agrees with my understanding of
    NetBIOS vs NetBEUI.

    I must confess that I learned about the differences about last year, when I was having yet another 200-tab-session with Wikipedia. :-)

    A similar challenge like to answer "Why do you have so many old
    computers? What do you actualy do with them?"

    I play with them.

    I learn things that I didn't know.

    I also liken them to old cars or boats or other common (expensive) collectible things.

    Good points!

    See https://www.radiomuseum.org/r/telefunken_opal_iii.html for
    an example.
    Nice diagram.

    Thanks. European style drawing. ;-)

    You're using one hobby to support / organize another hobby. I like it!

    Just realizing that as you name it. Thanks!

    I have data that I want to make easy to access. Thus far, I've been doing it on web page on my server.

    Also a possibility. If you're fluent in COBOL, you might go for KICKS. Docs are there, example programs, too. AFAIR there are even Hooks for C! But from RTFM
    I guess it's still way more complicated compared to do the same on the AS/400.

    I like playing with old networking technologies and making them do things that others say they can't do.

    That could have been stated by me, also.

    That's a lot. :-) I'm keeping to IPv4, IPv6 (German Telekom already
    provides me with a /56), IPX, SNA and AppleTalk/DDP.
    Sadly, few residential ISPs provide IPv6 in the USA.

    I'm astonished in a way. I had the impression that the chicken-egg problem was finally solved by reality kicking in when IANA was handing out it's last IPv4 block.

    There are some notable exceptions. But that means that the people that care use a tunnel of some sort, likely from Hurricane Electric.

    Which means: If you care, you can use IPv6. If you don't, you're stuck with IPv4. That is a proved solution. Until somewhen in the future when certain services on servers will maybe available only via IPv6.

    Rumor says, the adoption of IPv6 could have been sped up by large amounts if there had been free porn available through IPv6-only connected servers. ;-)

    Yes. And I remember, I really *have* a workflow running over UUCP. When
    I use my script to add a new zone to my master DNS, config-replication
    to the slaves is done via UUCP. It works like a charm, so I simply
    forgot a about it, in a way. :-)

    Nice!

    Have you seen BIND's Catalog Zone feature?

    Yes, I could have done that with ssh and call a remote script. I
    didn't. Because I can. And because it runs asynchronous, so I don't
    need to wait until all slaves are configured before continuing with
    registration process.

    Agreed.

    Nope, I wasn't aware. In fact, I know BITNET but I need to refresh
    my knowledge a bit on the net. Pun intended.

    I was also reading somewhere that RSCS was used as some kind of
    chatting facility. As I read about it, there comes BITNET as a
    link! And there it is!

    Yep.

    My understanding is that VM used RSCS to be able to send messages back
    and forth between users. BITNET took that capability to work between systems. Including through a network of systems thanks to
    store-and-forward networking.

    "Bitnet's NJE (Network Job Entry) network protocols, called RSCS..." I
    found the missing link! I understood RSCS after the first read some
    years ago to be something similar to UUCP, also.

    I wonder how inter-node-communication for NJE will take place in our
    modern world.

    SNA and / or TCP/IP

    I had concluded a while ago that RJE needs a dedicated line, Bisync or
    whatever. Since I found no easy way to get that attached to Hercules,
    I lost interest. On the other side, I know that Cisco IOS has some
    facilities to encapsulate certain serial traffic into IP or even
    modify protocols (AFAIR it's possible to convert a serial attached host
    talking SNA over SDLC to come out of the Router as a 802.2 LLC node).

    Agreed. I think some of that is how HNET is working.

    @bmoshix has indicated that they are relying on a feature of the
    Hercules emulator to do some of the TCP/IP interfacing & translation so
    that VM sees it as a terminal or an SNA connection. I think.

    You aren't alone in search of that particular holy grail.

    A while ago I had a mail exchange with J?rgen Winkelmann, the
    maintainer of TK4- and he told me that there has been some effort to
    implement the functionality of a 3703 or 3705 (can't remember) with
    the accompanying (but not freely available) NCP into Hercules.

    I wouldn't give up hope.

    The MVS community has produce KICS and a REXX for MVS. Both completely independent creations that provide the comparable functionality.

    There are some determined people that have made some impressive solutions.

    Still, SNA is tied to VTAM within MVS and I think that even *if*
    there'll be a chance to pull a loose thread out of MVS via a 370x to
    be able to talk SNA over something else than hercules-internal lines
    to terminals, it's still the "old", mainframe-centric, hierarchial SNA,
    not APPN

    And what's the problem with that?

    thus I guess, there's no chance to make it talk EE.

    Seeing as how it doesn't have a robust TCP/IP stack, I think EE on MVS
    3.8j is not going to happen.

    But does EE actually /need/ to be on MVS 3.8j? Or can EE talk to a
    Cisco running SNASw and let it convert to traditional SNA?

    Or is my ignorance of SNA showing? Can EE+SNASw not be used to talk to
    an old hierarchical SNA that doesn't support APPN?

    Thus, more work remains to be done to get SNA SDLC frames to 802.2 LLC.

    I feel like that has probably been done. Or at least pertinent parts of that.

    There are people that have 3172s / 3174s ? talking to /Hercules/ via
    TN3270 for the purpose of driving real 3270 terminals. I don't
    understand enough to know where the SNA vs SDLC etc stop and start.

    I really can't guess if there are enough capable enthusiasts to do
    all that labor for just "because I can". It's a small group of people
    running MVS or zOS or OS/400 at home in more than one instance to
    make networking these something nice to have. It's already possible
    to emulate a CTCA to build a loosely coupled cluster picking batch
    jobs from a common JES2 spool and I'm not sure how many people already
    play with it regularly.

    I think there's more than you may realize.

    The fact that IBM is not making it easy in any way shape or form to
    break into mainframes for students or hobbyists is causing people to do
    more with ancient MVS 3.8j.

    Look at KICS and REXX on MVS 3.8j. ;-)

    As I think about that, I'm wondering which protocol is running within
    this CTCA tunnel, but I fear it's not SNA but just machine-made
    channel programs.

    I suspect it's CCW programs.

    I think it's the 3172s / 3174s / 3745s / 3746s / et al. that do some of
    the translation from CCW to SNA.

    Though, as I understand it, VTAM (BTAM / TCAM) do need to know about the
    SNA endpoints. So there has to be more to it than just the channel
    attached controllers.

    Exactly. And it basically works but since I can't do a proper name
    resolution, I'm stuck at the moment.i

    Maybe I need to dig deeper into the differences about up- and
    downstream nodes. Cisco IOS has very few configuration parameters
    and does most things automatic. But it's possible to make an APPN
    Node attach to IOS as a dynamic (not defined in IOS config) way, and
    as a configured peer. Then I also can set a preferred netword node
    (which is supposed to know about all names). I was hoping that since
    IOS is a router OS, the SNA implementation there is always a Network
    Node with name resolution capabilities.

    You seem tenacious enough to figure it out.

    I'd love to learn about your journey as you do.

    I think I solved the problem.

    Cool!

    Sometimes it really helps to muse about things to someone else and
    make your brain run full speed in a background task. Or maybe as
    batch job. ~giggle~ So, thanks for listening!

    I *COMPLETELY* /get/ it. I've been in your shoes so many times.

    You're welcome. I'm glad that my curiosity helped you.

    In the general (SNA) network attributes of IBM i, you can set a network
    node server (something which acts as mDNS in a way, amongst other
    things) manually. I had the intention that if left blank, it will be
    negotiated with each PU when intially connecting. I'm wrong. In a way.

    Okay. That makes sense.

    After configuring the V7 box (connected via EE to the cisco router)
    to utilize the cisco router's SNAsw facility as a neighboring network
    node server (parameter NETSERVER in chg/dspneta on IBM i), the 150
    can sucessfully APING the 8203 and vice versa.

    Yay!!! \o/

    So if I understand you correctly, the core part of the solution was hard setting (or nailing a setting one way) to use the SNASw on the Cisco as
    the Network Node Server?

    Sort of functionally like making sure that all systems are using the
    same WINS server (with broadcasts disabled or unrouted).

    Aside: I wonder just how much overlap there is between SNA's NNS and NetBIOS's WINS. ??? I think it's better for my health if I don't pontificate that question.

    After re-reading the help text for the NETSERVER parameter, I have
    the intention that the mentioned negotiation takes place *only* if
    the local network id and the NN's network ID match. And the 150/cisco
    SNAsw *have* different NETIDs than the V7 box.

    Sort of like why you /need/ a WINS server when NetBIOS over TCP/IP
    (a.k.a. NBT) are on different subnets. Broadcasts / auto-discovery
    doesn't work in the non-directly-connected configurations.

    Excurse: The LCLNETID is a way to logically group SNA APPN
    nodes. Putting SNA nodes into a common group also influences the
    flow of alert messages (See Alert support PDF). In a way it's like
    the concept of a Zone in AppleTalk. (Difference: Zones are defined
    on Routers only while every APPN node can have it's own NETID.)

    Why do NetBIOS "work groups" / "domains" come to mind? ;-)

    After changing the NETSERVER parameter again to *ANY (host part) but
    with the network name of "my" bunch of AS/400's (which is the same as
    the Cisco Router's LCLNETID), name resolution still works. It certainly
    didn't work before, even if I supplied the "FQDN" to do APING.

    Therefore I conclude, there has to be a NETSERVER entry for every
    existing NETID of APPN peers in an End Node.

    That doesn't surprise me.

    It seems sort of like telling dynamic routing protocols which networks
    they should advertise to neighbors. Defining what is in scope and
    assuming that anything undefined is out of scope.

    What remains as tbd is to again review documentation about Alerts,
    since the 8203 now thinks, it must send alerts to the "true" NN (not
    the Cisco Router) in my LCLNETID group. Minor thing, since I administer
    all of these but when tying machines of different companies together,
    it certainly will raise discussions between admins.

    Yep.

    It sounds like you are talking about AS/400 / IBM i alerts much like
    I've talked about building a hierarchy of DNS / proxy / SMTP / MQ(TT) /
    etc. servers and controlling what information passes through different administrative boundaries. Networking at the application layer.

    Also, if I change the configuration of the EE endpoint to Network Node
    instead of End Node, the whole thing should also work out of the box.

    :-)

    Nope. Now I'm confused. More than usual, that is.

    ~chuckle~

    Confusion is a precursor state to enlightenment.

    And, hooray, doing an APING with 1500 byte packets to see if the
    "MTU" issue is gone made the 2901 crash. :-) Another one I wanna
    throw at TAC!

    %SYS-3-OVERRUN: Block overrun at 2575E9C8 (red zone 00000000)
    -Traceback= 30012E94z 35085D00z 35081A20z 35097F8Cz 35094D1Cz 3509482Cz
    3508AD00z 3508AE40z 3508AF80z 34F835A4z 34F65B24z 30032B5Cz 30032B40z

    LOL

    That's how SNA works anyway, but on the session layer, not on the
    network layer as we know it from AppleTalk, IP, IPX, IPv6 and others.

    ACK

    That's what I was referring to by networking at the application layer.

    Much like UUCP ""networking host-to-host-to-host at the application layer.

    Yes and no, see above.

    SDLC but since the 8203 is about 50km north of here, this isn't
    an option.

    Ah! But there is. SDLC into a Cisco that converts things to IP to send
    50 km to another Cisco that converts IP back to SDLC which is connected
    to the local system.

    Do for SDLC what EE does for SNA.

    It's nice feeling if stuff makes more sense after reviewing, isn't it?

    Yep.

    I fear there are just two ways to find out:
    - Ask the devs,
    - Read the source.

    Yep.

    4 digits? Or less?

    I don't know.

    I tried to glean some information from @faultywarrior's Twitter feed,
    but I'm not getting anything of value.

    Not 9406 but 8203-E4A.

    I took a stab at the model numbers I've seen mentioned in this thread.

    Not "just" 9401 but 9401-150.

    Fair.

    I elided the -150 to save a few characters and because I didn't have the
    type numbers for the 9406.

    Than it's 100% correct. :-)

    :-)

    9406 was a huge class of machines.

    ACK

    The E4A with Power6 can be bought (used condition) for very cheap.
    Unfortunately, these draw about 400W (with 4 CPUs and 5 15k disks). And
    they're not exactly quiet, even if running in the basement.

    Fair.

    Did any AS/400 / iSeries use SAN instead of DASD (term?)

    There also was a 9401-P0[23], a so called "portable" AS/400. Rumor
    says, mostly used by sales guys to lure Bosses into buying a big
    AS/400, because, look, I show you in just one hour how to create your
    first tiny business application.

    Interesting.

    Unfortunately, V4 doesn't run on these. I'm not sure how earlier
    versions lack stuff I'm used to today.

    :-/

    Sorry, typo. Should be "now".

    That's what I figured and how I read the statement.

    As much as I enjoy this discussion, it takes looong time to answer
    properly.

    Yep. That's why your email went unanswered until this evening.

    Good conversations deserve good responses. I'm also having to look some things up as I go along. Thus additional rabbit holes for me.

    Maybe I should cease to try to answer in one go.

    Some of my replies have been over the course of a number of hours and
    across meals.

    Exactly.

    That's why I wanted a 100 Mbps link to the router that I connect the 16
    Mbps Token Ring into.

    The 10Base5 can be downstream of the Token Ring, but not upstream.

    Yes. Both run fine in Linux. The 2723 is just an AMD PCNet-32 Chip

    I am not at all surprised.

    and the 2724 is by looking at it identical to the IBM Olympic based
    PCI cards. Yet, something in some ROM must be different, because
    putting a "normal" Olympic card in makes OS/400 complain that the
    IOA has troubles and doesn't work.

    This doesn't surprise me either.

    Another case of "apply magic pixie dust to get more revenue because
    customers are forced to buy our overpriced stuff."

    No comment.

    I simply don't have the skills to understand the differences of both
    card's ROM images. Too much binary babble. :-)

    Agreed.

    Sorry for being dumb. Of yourse you're perfectly right! :-D

    I'd recommend a 3640. It's relatively easy to add resistors so fans
    spin less fast and thus make less noise without the box to overheat. At
    least, it draws around 25W. So, at most 25W heat will be generated.

    Thank you for the pointer.

    Nice playthings. Did you know that the corresponding cable to RS-232
    will give you a true RS-232 with *two* independent Rx/Tx lines (plus
    accompanying handshake and whatnot).

    Are you talking about the cable with the HD-60 (?) connector on one end breaking out to two RS-232s on the other end? (I'm presuming you are.)
    I'm not at all surprised.

    My understanding is that the HD-60 connector was specifically chosen so
    that different cables could be used for different connections.

    I know that there is one to a V.35 and one that is a cross over
    (DTE/DCE) between two WIC-1Ts.

    Interesting. What do you want to connect to that?

    I want to put a T1 / PRI card in a Linux box and play with things.

    If I get one with voice capabilities, I can get Asterisk (et al.) to do
    some interesting things.

    I know that I can do Frame Relay across it. I don't know if ATM will go across it or not. (I'm not holding my breath for ATM.)

    Add an ATM OC3 module to the list.

    Again, I will not object. :-)

    Similarl here. But I'm content with "just" 10BASE2.

    Fair.

    I'm particularly interested in FDDI because some older computers /
    servers had 100 Mbps FDDI when the other networking options were 10 Mbps Ethernet. So FDDI actually gets more bandwidth into and out of the
    machines. }:-)

    I had some ISA cards a loooong time ago but learned that I needed
    cabling with 96 Ohms (?) instead of 50, I got rid of them. Duh!

    Ya. The proper coax makes a difference.

    Initial looking says that it needs to be 93 ?? RG-62.

    I frequently get RG-58 for 10Base2 and RG-59 for cable TV mixed up.

    To me it seems boring: It's the same config and behavior as if bridging
    just ethernet. :-)

    Fair.

    I sort of want to try it so that I can say that I've done it.

    I'll leave this here:

    Link - IBM PS/2 Model 50 and the IBM Network Bridge Program
    - https://youtu.be/eHylz96t45Y

    Okay, you can have a lot of fun to make TR nodes generate packets
    with less-equal-than 1500 bytes.

    Ya.... That will be problematic.

    Hm. AppleTalk is OSI derieved, IP not. Do you refer to this kind
    of OSI/non-OSI?

    Sorry for being ambiguous. I was referring to the actual OSI protocol
    suite, as in something very close to DECnet Phase V.

    AppleTalk would be non-OSI in this context.

    I remember that with Debian 8, TR support was gone. No further details.

    Token Ring was pulled out of the Linux kernel at version 3.5. The story
    that I read was that the Token Ring code was making it difficult to
    maintain other more important code. It might have been actually
    blocking the new code because of conflicts. So rather than updating the
    old Token Ring code, they decided to remove it.

    Yes. I think I was one of the few people on earth to be crazy enough
    to even bother testing.

    I may have to try it at some point.

    I wouldn't bet against you, since I think alike. Again.

    :-)

    True. But for Cisco, mostly older gear, only.

    I've stared at many a listing for a Cisco 4000 or 4500 router.

    I had a 7500 once upon a time. But it went a way years ago.

    Maybe they'll refuse to handle the request because of apparent cruelty
    against employees. :->

    :-)

    These aren't IP-saving. I'd need to give every machine it's own
    /30. Three addresses per host wasted. Thus I'm wishing for a true
    point to point protocol but with less cpu impact compared to ppp. At
    least thats my understanding of the the stuff you mentioned.

    Have you considered a /31?

    My understanding is that MAC-VLAN and IP-VLAN create virtual interfaces
    that are connected to the underlying physical NIC. Much like if you had multiple physical NICs.

    I've achieved a similar effect by putting a physical NIC into a bridge (brctl) with one end of a vEth pair and the other end in the Network Namespace.

    Each host shall not talk to each other directly, so I can group hosts
    into a L3 segment to save IP addresses and have security. Talking must
    be done always trough the gateway to enforce packet filtering rules.

    Each host is "untrusted". It's fairly easy to do MAC spoofing to
    attract traffic. Even if communications to the outside world most
    likely will be lost by then, because MAC collisions shall not
    happen. Dunno how to enforce that within a VMWare vSwitch, though.

    I understand the what. I just don't understand the why.

    Why are we after more security between VMs / containers than we would
    have between physical machines on the same switch?

    To me, each machine / VM / container should have it's own filtering to protect itself against other systems, even on the local ""LAN.

    I think, we truely need something independent of (emulated) ethernet.
    Something like a logical NIC which does only support IP and IPv6, but
    not anyhing 802.3. Sadly, other protocols are irrelevant today.

    TUN (L3 IP) interfaces come to mind.

    These should be logically linked outside of the guest OS in a point
    to point fashion to some kind of concentrator as dialin servers were
    in the 1990's.

    Take a look at Open vSwitch and what it calls internal interfaces.
    (Internal interfaces are poorly named and are very similar to a vEth
    pair, but with one end hard wired into OvS.) That will provide the ""physical network. You can then use OpenFlow to filter what sort of
    traffic is allowed to cross each of the internal interfaces.

    That would enable a true p2p config, no broadcast, no network,
    no IP wasting, no MAC spoofing, no IP spoofing (if done right),
    no laughable 1500-bytes-max-frame, and probably more.

    Why oh why is RFC 1483 based DSL coming to mind? IPs could be assigned
    to / routed to individual PVCs which shared a common loopback. Thus addressing both security and IP conservation.

    OvS w/ OpenFlow can easily do this too.

    I really wonder which huge pile of kludges large virtual root
    server providers stacked to prevent customers to attack each other
    intentionally or unintentionally (because one of these had security
    holes and now has a nifty backdoor).

    I don't think they do prevent the attacks. At least not any more than a Co-Lo provider protects one customer from another customer on the shared Ethernet switch.

    Yes, because it's easier than to do it with L3. And it *is* easier to
    initially set up but if things go wrong (which could be by own fault
    but must not necessarily) you'll have a lot of fun to clean up the
    resulting mess.

    Yep.

    I think that SDN (OpenFlow) has the technical capability to change
    things. At least in that it's possible to make it appear as if there is
    an L2 connection when in fact it's a routed network in between doing
    some special magic.

    I think that EVPN plays in this space too.

    That's the most strange thing I heard about in years!

    Is it conceptually any different than carrying TCP or UDP on top of DDP?
    Or AnyNet carrying IP / IPX on top of traditional SNA?

    This almost certainly needed a rewrite of code for applications,
    right?

    Nope.

    Bog standard TCP/IP applications on Windows 98 work perfectly fine
    across IPX without changing the applications in any way.

    Remember that the applications use Winsock as their TCP/IP stack. This feature replaces Winsock with a different version that does TCP/IPX and UDP/IPX.

    The new Novell Winsock varient provides the same APIs for the programs.
    They are just fulfilled via IPX instead of IP.

    MAC addresses for hosts plus IPX network numbers are completely
    different to IPv4 addresses and netmasks.

    MAC addresses are exactly the same. Nothing at L2 changes.

    Yes, IPX addresses are completely different from IP addresses. But that doesn't matter.

    It doesn't matter because the IPX packet is from the local IPX address
    to the remote IPX address of the gateway running on the NetWare server
    that does the opposite.

    So it goes from APIs that think TCP/IP to a Novell Winsock stack using
    the local IPX address to a remote IPX address where the corresponding
    gateway receives the IPX packet, extracts the TCP or UDP portion and
    then sends it out as traditional TCP/IP or UDP/IP.

    It's conceptually very similar to IP over SNA via AnyNet.

    Since the Network Number in IPX was already 32 Bit, this solution
    *could* have prevented the need for IPv6 in the first place! ;-D

    Ya. I've wondered what would have happened if IPX had won instead of IP.

    Nope. :-)

    MacTCP provided an IP stack and proprietary API to Mac
    Applications. Open Transport was a complete rework to integrate
    AppleTalk and IP under the STREAMS API, also as PPC native code. AFAIR
    the only other company using STREAMS was Novell with their Netware.

    I may have the names wrong. But I know that the IP support the predated
    Open Transport was on top of DDP.

    On a side note, The Open Transport IP implementation has problems with
    Window Scaling. Uploads to current Linux's will be painfully slow,
    single-digit KBytes/s range, even over 100M Ethernet. If you disable
    window scaling in /proc (or /sys?), it's fast again, but everything
    else will be slow. Or if you put a Cisco ASA in between to delete
    the WScale-Option while the TCP handshake takes place.

    I wonder if there is an IPTables target to (conditionally) disable
    window scaling (for specific IPs)

    I have a Pentium Overdrive Board (2850) with the accompanying board
    with S3 graphics chip and other peripheral support. It was hard to
    get hand on a breakout cable to actually see what's going on on the
    PC side (VGA, PS/2 Keyboard and Mouse, Serial and Parallel Port).

    Nice!

    I'm not surprised that the breakout cable was difficult to find.

    Those are the types of accessories that get lost in the shuffle, despite people holding onto the bigger components.

    Yes. The Coax/Twinax-Card was special in the way that it couldn't be
    used with standard AppleTalk and MacTCP.

    I'm not at all surprised.

    The serial card could be used as standard serial ports but also for
    X.25 and SDLC. I have Mac X.25 server but I didn't take time to have
    a closer look at it. I think, it's also a network central gateway to
    provide X.25 services to other Macs via AppleTalk.

    Nice.

    Though, it's my understanding that X.25 was largely used as a long
    distance serial interface or to transport other protocols. I'd think
    that the gateway machine would gateway more common protocols.

    The Token Ring Card could be used with AppleTalk and MacTCP but it is
    painfully slow. I measured about 200 KBytes/s FTP on a reasonably fast
    Mac IIfx with not much difference when put into a PowerMac 7100. A
    PowerMac 7500 in the same ring with a PCI NIC sucked 1,5 MB/s per
    FTP from the same server.

    Yes. The card is called "Apple Coax/Twinax Card"

    Thank you for thee confirmation.

    DB-15, M or F depends on what's to be connected on the other side. A
    distinction I don't understand.

    Is the M or F on the DB-15 or the Twinax connector?

    My understanding is the difference is simply a matter of which gender connector you're working with. If you have a couple long runs of Twinax
    with M connectors, it would connect to the F connectors on the breakout cable. Conversely, if you wanted to come directly out of said breakout
    cable into another machine, you'd need the M connector on that breakout cable. So it has to do with pick the cable with the gender that you
    need so that you don't need adapters.

    Maybe you confuse DB-9 with Token Ring?

    Well, Token Ring does use a DB-9 (more properly DE-9), as in a 9 pin d-sub-shell, connector. Token Ring has F DB-9 connector (or RJ-45) on
    card. Serial uses a M DB-9 connector (or M DB-25).

    And now I'm again learning that there was even more highly interesting
    stuff. CL/1 server vor MVS/TSO! MacAPPC! It seems that the latter
    is part of the API stuff for SNA.ps. And MacDFT, which seems to be
    the other Application to talk to the Coax/Twinax-Card.

    I'm sort of surprised to learn that Coax / Twinax connected terminals
    were Distributed Function Terminal. I thought DFTs were a completely different class, more akin to ASCII terminals. I could easily have the
    wrong understanding.

    Nope.

    ACK

    I'm not sure.

    Because the software support maybe was once planned, but never
    released.

    *facepalm*

    A bit similar to the splendid Mac IIfx. The first Mac to incorporate
    true DMA for SCSI transfers. Unfortunately, stock MacOS never made
    use of that capability. A/UX did, rumor says.

    A/UX. That's something I've never messed with.

    Yap. Early documentation referred to what we now know as LocalTalk as
    "Apple Bus". Maybe someone decided it was too technical and renamed
    it AppleTalk to sound more friendly.

    Likely.

    <This> will allow your Apple computers to talk to each other.

    Not only Ethernet. Afterwards, Apple needed to clarify that Ambiguity
    and called AppleTalk different depending on which media: EtherTalk,
    TokenTalk, FDDITalk. Ah, yes, and LocalTalk.

    I didn't know about TokenTalk or FDDITalk. I vaguely remember hearing
    about EtherTalk.

    Did you know that almost every internal HP-Print Server for Ethernet
    supported AppleTalk, IPX and IP but the Token Ring variants supported
    just IPX and IP.

    I agree that most of the older ones supported more protocols.

    I think that some of them had DLC support too.

    And, in case you ever need to configure the IPX part of those Print
    Servers, you really don't need JetAdmin. JetAdmin just configures
    SNMP over IPX transport. You can set the same parameters via SNMP

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to poc@pocnet.net on Thu Dec 12 22:56:24 2019
    On 12/12/19 7:54 AM, poc@pocnet.net wrote:
    Sorry I'm too dumb to use tin properly. :-) So I sent a half-written
    article and don't know how to cancel that one.

    It happens.

    No. Do you have a reference at hand?

    Fibre Channel over Token Ring.

    Fibre Channel over Ethernet, a.k.a. FCoE, was a big thing at the time.

    Nope, but thanks. Neat!

    You're welcome.

    AFAIK there's no mechanism to send back an error on L2. ICMP could
    but that's L3.

    I think I was thinking something like BPDUs, akin to "Explorer Frames".
    (I think that's the proper term.)

    No, it's SNA distribution services. Another store-and-forward thing,
    almost like UUCP. https://en.wikipedia.org/wiki/SNADS

    Thank you for the link.

    I must confess that I learned about the differences about last year,

    To be honest, I had really thought that NetBEUI was a Microsoft(ism)
    with the name and that it was all NetBIOS. It wasn't until
    conversations with someone in the last year that I had the epiphany
    about NetBEUI being NetBIOS over 802.2 LLC and NetBIOS (in the common
    sense of the protocol) was NetBIOS over TCP, a.k.a. NBT.

    As I type this out, I wonder what NBT would look like over Token Ring.
    It would be NetBIOS over TCP on 802.2 LLC w/ SNAP. When NetBEUI would
    be NetBIOS over 802.2 LLC. I feel like there is an overhead ~>
    performance impact. ¯\_(ツ)_/¯

    when I was having yet another 200-tab-session with Wikipedia. :-)

    You have those too?

    Also a possibility. If you're fluent in COBOL, you might go for
    KICKS. Docs are there, example programs, too. AFAIR there are even
    Hooks for C! But from RTFM I guess it's still way more complicated
    compared to do the same on the AS/400.

    I'm still so new to IBM hardware & operating systems beyond x86 that I'm
    not yet ready to commit data to them.

    I'm astonished in a way. I had the impression that the chicken-egg
    problem was finally solved by reality kicking in when IANA was handing
    out it's last IPv4 block.

    None of the ISPs in my home town offer native IPv6. I'm not aware of
    any change since I left 4+ years ago.

    My municipal ISP doesn't even have IPv6 on their roadmap yet.

    Which means: If you care, you can use IPv6. If you don't, you're stuck
    with IPv4. That is a proved solution. Until somewhen in the future
    when certain services on servers will maybe available only via IPv6.

    Yep.

    Rumor says, the adoption of IPv6 could have been sped up by large
    amounts if there had been free porn available through IPv6-only
    connected servers. ;-)

    ~chuckle~

    The rumor is probably true.

    Not until now. That's definitely something I should have a closer
    look into! Thanks for the pointer!

    You're welcome.

    I had a look at the mentioned Video and was surprised that I did not
    stumble over that one much earlier. I was watching the most interesting moshix vids over the couse of this year, because I like how he explains
    stuff and also his attitude of not preparing and doing right away to
    show possible mishaps and how to deal with them.

    Agreed. I've found Moshix to be very approachable. I've exchanged
    emails with him privately and periodically interact with him on Twitter.

    Apparently, they're just doing a long range connection via IP,
    looking to RSCS like a CTC-Connection.

    That is my understanding.

    I thought that some of the remote connections were Hercules specific.
    But I think that Moshix has a zPDT in the mix. So there has to be
    something non-Hercules about it too.

    I digged a bit deeper into that particular hole and found:

    I've not yet dug into the particulars. But I want to and will reference
    the links that you provided.

    OS/400 also can utilize SNA transport for RJE. Thus I searched for
    the documentation collection @IBM for the RJE facility in OS/400 and
    found it. Have yet to read. And try out if SNA over LLC support
    for RJE is also in V4.

    :-)

    Also, there has been some effort to create a SNA stack for Linux. I
    don't know yet how well it works or how complete the coding is. It
    hasn't been touched in years. But maybe it could help to establish
    a LU-LU connection from OS/400 to Linux SNA which in turn could be
    given a facility to connect to TCP ports (from Hercules) to overcome
    the limitation of Hercules and the free MVS cannot utilize SNA beyond internal VTAM.

    I don't think the SNA stack in Linux was ever really completed. I think
    there was an early effort that was SNA and 802.2 LLC combined, with
    independent parallel effort for generic 802.2 LLC. So SNA sort of broke
    off to use the independent and more complete 802.2 LLC.

    I get the impression that if it's possible to attach to the SNA
    facilities in VM (if there are any in the early and "freely" available versions) from outside, the AS/400 *maybe* could participate in RSCS
    based message forwarding.

    I believe that I've heard that there is RSCS support in the last free
    version of VM/370, but that it does not support the capability that is required. I could easily be wrong about that.

    But honestly, before digging into the next deep rabbit hole (VM),
    I'd opt to get more used to MVS first.

    :-)

    I've also gleaned the term BSC equivalence in the RJE-Manual of
    OS/400. And I somehow remember SNAsw enabled Cisco IOS to also
    support BSC in a way. If this encap/dcap facility is transparent,
    it *could* be possible to network Hercules with MVS 3.8j through a
    simulated BSC line, connecting to the Cisco router via TCP, which
    in turn re-encapsulates the traffic to a serial line (WIC-1T?)
    connected to a serial interface on an AS/400 which has a BSC line
    description for that particular interface.

    I don't know. Maybe. But I feel like there are a lot of things that
    need to go the correct way.

    A *very* tempting thing to try out right away but I fear that once
    started, I couldn't stop until I have proof that it either runs. Or
    to learn that it's not possible to get it running without some code modifications in Hercules. Would eat too much time, right now.

    :-)

    Hm, maybe you're right. We'll see. I'd like to contribute but
    my skills are low, thus my motivation is lacking. Add the always
    prevalent tightness on free time.

    I've found the Hercules-390 mailing list* to be fairly welcoming.

    * The Hercules-390 mailing list was on Yahoo Groups, which is closing.
    As such they are moving to groups.io.

    That APPN and hierarchical SNA share the name and have some common
    concepts but they can't talk to each other without some kind of
    translation facility.

    Ah. So like IPv4 and IPv6.

    Yes, if there'd be a way to connect VTAM to Ethernet, to get a
    connection from SNAsw to VTAM in the host. Basically.

    I've not seen any documentation / tutorials for this. But I am actively looking for ways to do this. Hence some of the conversations that we've
    had about DLSw and SNASw (EE).

    I never tested it but since Cisco claims broad SNA support, I guess
    it's supposed to work.

    Yep.

    Hm. As far as I know there are two ways to achieve that:
    - Modern zOS can utilize given hardware in an emulated zSeries to
    do so,
    - MVS 3.8j lacks software facilities for talking SNA (VTAM) to that
    mentioned emulated hardware (whatever it is called). To achieve this connection on the real 360 hardware, one could use a communications controller.

    Yep.

    Hercules has an LCS3172 (I think that's the correct number).

    To my understanding, the emulated 3xxx-with-NCP (in parts) in Hercules
    4 is a possible start to have that functionality by extending code
    to the features of a full-blown communications controller. Honestly,
    I don't know if I'm mixing up things here. I'm much better with AS/400.

    What your saying matches my understanding.

    I think part of the problem is that the NCP that ran on the 3xxx
    controllers is proprietary code and thus a LOT of work to replicate.

    I also think that there is not sufficient demand for this work effort.

    Same here. I think, the terminals are connected via Coax or serial/SDLC
    to the comm controller, which is configured to forward data via
    tn3270 over ethernet to an IP address. Roughly what the BOSCom Twinax Controller II does in the 5250 world.

    The thing that's important is that the TN3270 is terminating in
    Hercules, which translates things to the emulated host. Particularly
    when running OSs that don't have a TCP/IP stack.

    I think so, also. And I'm very appaled that IBM is constantly ignoring
    AS/400 hobbyists around the world, leaving not many ways to have an
    own AS/400 running without any lic problems.

    I'm not at all surprised.

    DEC did it right by offering one-year licenses without cost to
    hobbyists. Licensing prohibits commercial exploitation. This hapit
    survived the ackquisition by Compaq and subsequently to HP(E).

    Yep.

    We are still waiting to hear what VSI is going to do in the hobbyist space.

    Right. But to my understanding KICKS started as a commercial
    product. Or there has been a free and a commercial version.

    CICS is a commercial product. I believe that KICKS was created by the
    hobbyist community. I may be wrong.

    I have REXX on my list of stuff to put onto my install. :-) Since I'm
    still struggling with all the necessary steps to do so, I didn't take
    time yet.

    Did you know that REXX is available on the AS/400 also?

    I would be surprised if it is not.

    I thought REXX was available on all OSs that IBM sold anytime after 1980.

    How do you know? ;-)

    My opinion is. I don't /know/ for sure.

    I'm not aware about that crossover-thing but I guess you're talking
    about the X.21 cables.

    I'm talking about the HD-60 cables.

    I first saw them years ago as HD-60 to V.35 as DTE and DCE versions. So
    people would get one of each and connect them back to back to make a
    hard wired connection between two WIC-1Ts. This evolved to be just a
    cable with HD-60s on either end. I've seen them as about a foot long
    for use in lab to learn.

    Beware that there's a difference between data-only and voice capable
    cards in the Cisco world.

    Yep. I'm aware.

    I didn't take time yet to learn the true technical differences yet.

    I think it's firmware / licensing / capability to support the necessary
    codecs.

    I see. FR is just a protocol extension to support multiple independent channels over serial lines. It smells familiar to ATM with it's
    concept of PVCs.

    Yes, Frame Relay and ATM are conceptually quite similar. The biggest difference is the world they originated in. ATM was telephone. Frame
    Relay was computers / data / networking. Both independent solutions to
    many of the same problems.

    In the early 2000's at my previous employer, we had an OC3-Connection
    to an ISP via coax cable to a DSU and from there to a HSSI NP in a
    Cisco 4700. Yes, old box even back then but despite that, it performed extremely well. CPI load was never in excess of 50%, even when there
    was a lot of traffic.

    Hum. Coax (two BNCs?) sounds like a DS-3 to me. That should be about
    45 Mbps. Conversely an OC-3 was akin to a DS-5, or about 150 (?) Mbps.

    I thought HSSIs topped out around 45 Mbps too.

    Maybe I'm wrong.

    Yap. Since it was very expensive back then and thus rarely found in
    the wild, today it's hard to find anything interesting in that area,
    though.

    I periodically see FDDI equipment for sale on eBay. I've not priced
    anything.

    I've been told that you can get two Single Attached Station to talk to
    each other with a cross over cable.

    I /think/ that you can get more stations to talk to each other by taking
    the Tx on one system and connecting it to the Rx on another, repeat
    until you have a ring. Though this has NONE of the redundancy aspects
    that FDDI had. If any single station of this configuration is down, the
    entire ""ring is down.

    TV Antenna cables were 60 Ohms in the 1950's until somewhen in the
    1970's. Afterwards there were just 75 Ohms everywhere. Usually, I
    refer to that as TV antenna cables which is also unambiguous enough
    to me.

    I suspect that we transitioned from antenna coax to cable TV coax.

    Thanks for sharing. What a cute CRT! Now I want one of those,
    IBM labelled. :-)

    :-)

    No. I never tried if that actually works and how the segment is
    coping by having an apparent IP conflict between Broadcast and Host
    address.

    There shouldn't be any problem after the early 2000s.

    Link - RFC 3021 - Using 31-Bit Prefixes on IPv4 Point-to-Point Links
    - https://tools.ietf.org/html/rfc3021

    ;-)

    And it's still an 2:1 loss for IP addresses. Thus I'd still prefer
    a true Point to Point protocol with no underlying point to multpoint architecture.

    Fair.

    There's always unnumbered point-to-point links. I know that Linux and
    Cisco support this.

    Enforcing security by not sharing physical network media.

    Okay....

    Just about all of the multi-tenancy configurations that I can think of
    lack this security that you're after.

    Even with cable Internet connections, one customer on the node can
    communicate with other customers on the node.

    On a physical switch with physical end user machines connected,
    I'd do a "switchport protected" and have a good deal of my desired functionality.

    The key thing being "end user machines". You can know that end users
    don't need to talk to each other.

    Many ISPs and Co-Lo providers can't know that.

    VMware vSwitch doesn't know about that. Given the fact that vSwitch and physical uplink into the hardare based switching infrastructure are effectively separate control plane domains, it's simply not possible
    to solve this problem with the given Hardware/Software combination
    (ESXi vSwitch, Cisco Catalyst).

    I think Cisco had the Nexus 1000v. Maybe it helped with that.

    I'd love to have some kind of true "stacking" of a physical switch
    to the vSwitch(es). Part of that is possible with Cisco Nexus and
    distributed vSwitches, as I heard. Didn't take time to verify to
    which degree that would help, though.

    I'm not sure how the stacking forms a different interconnect than a
    really high speed Ethernet port.

    Yes. But since I consider machines from customers (with root access)
    as untrusted, a local firewall to restrict outgoing stuff is mostly superflous.

    I was thinking that the guest VMs would run their own firewall for
    /inbound/ protection. Just like I would want to run on a physical system.

    Additionally, with every other host, I'd have to add more and more
    rules to all hosts to allow specific connectivity (SMTP, http, ...).

    I think we're thinking two different things.

    Since these also need to be configured *inside* the VM, my objection
    that the customer can fuck up the network segment the TUNs are bundled
    into, is still there.

    I think it depends on the hypervisor and how it's configured.

    I'm fairly certain that some hypervisors can enforce MAC filtering for
    the VM. As in the VM can only originate as the known MAC and there's no
    way for it to actually receive anything but it's MAC and broadcast /
    unknown / multicast (a.k.a. B.U.M.) traffic.

    Yes, I could create a seaparate Vlan with RFC-1918-addresses for each
    VM and use the L3-Tunnel to create internet connectivity. Doesn't
    scale well and sounds more like a workaround than a solution.

    You can use a common L3 subnet and do filtering on L2 between the VLANs.

    If the emulated serial ports on VMs didn't have a speed limit to
    ancient 115200, I'd really opt for PPP over emulated serial links. No
    ARP, no flooding, no problems.

    If you're okay with PPP, then why not do PPPoE?

    Is this in any way compatible with ESXi? I guess, no.

    I don't know.

    And, it's still a switch, I still have the same issues with possible
    MAC spoofing and ARP flooding.

    Nope. That's where OpenFlow comes into play.

    Open vSwitch defaults to traditional L2 learning switch model. But you
    can easily change it with OpenFlow such that you fully program what
    flows are allowed. Flows can be many different things. But I think you
    would be most interested in:

    The following pair for each VM:
    · From the router's MAC to the VM's MAC
    · From the VM's MAC to the router's MAC
    Then an overall:
    · Block everything not previously allowed.

    You can actually program how OvS behaves and what it does.

    There are quite a few other things you can match on and actions that you
    can take.

    It's really quite impressive what you can do with OvS / OpenFlow.

    Which is bad habit. The RIPE lately created a map showing distribution
    of rogue nodes participating in DDOS-Attacks (flooding). Surprisingly,
    first place in the list goes to the USA.

    I'm not that surprised.

    See? That's why I want to do better. :-)

    I don't have a problem with what Co-Lo providers do.

    I protect my system (in the Co-Lo) from the Internet and other Co-Lo
    tenants.

    You might appreciate some restrictions that some Internet eXchanges
    place on their members.

    · One MAC address per port (it might even need to be known)
    · *ONLY* the following three Ethernet (II) frame types:
    · ARP
    · IPv4
    · IPv6

    Different IXs enforce that differently.

    No. Even if you bridge an L2-Domain over an L3-Channel, it's still
    a L2-Domain.

    Nope. OpenFlow changes that. (See above.)

    Inherent issues of L2 are
    a) ARP flooding to "find" unknown nodes by blindly shouting

    OpenFlow can mitigate this. It can intercept the ARP request and …
    · … send a pre-programmed ARP reply.
    · … send it to the OpenFlow controller and let it respond (or not).
    · … send it to a different machine meant to process ARP.

    Note how none of those require flooding / broadcasting the ARP request
    to the entire L2 broadcast domain.

    b) the impossibility to aggregate "routing" information. Every single
    node (MAC address) is exactly one entry in the "routing" table. Forwarding-Table, that is. To be precise.

    I agree with traditional switching / broadcast domains.

    I feel like OpenFlow might have the possibility to change this.
    Especially if the Co-Lo dictates what MAC address to use and slices MACs
    across racks / rows / DCs. All 22-xx-xx-xx-xx-xx goes to DC 22. All 22-11-xx-xx-xx-xx goes to row 11 in DC 22. All 22-11-88-xx-xx-xx goes
    to rack 88 in row 11 in DC 22. }:-)

    EVPN comes to mind too. I don't know much about it. But I think it
    /might/ help with this. Though even that is still going to contain
    entries for each MAC in some capacity somewhere. It's just likely not
    going to be anything like traditional L2 switching.

    This creates ambiguity about which node is supposed to be
    where. Compare that to IP addressing, where nodes are grouped through
    the netmask feature and thus are tightly coupled to the local network segment.

    See above. I think that SDN (OpenFlow, et al.) can address many of
    these concerns.

    If you insist to have IP mobility (address of a node must stay the
    same, no matter which DC runs that VM), you need stretched L2-Domains

    Nope.

    Bind that IP to a loopback / dummy IP in the guest VM and rely on
    routing protocols. }:-)

    Or emulate the DECNET way of Networking: Every end node participates
    in Routing. The NIC's DECNET address is meaningless and just needed
    to have connectivity. The true node address used to access the
    node's services is a loopback address.

    I've not heard about this before. Maybe it's a mode of using DECnet
    that I'm not aware of. Or perhaps a different phase of DECnet than I'm
    used to (IV).

    I'm used to the MAC address being intimately associated with the DECnet address. As in the MAC address gets changed to match what is declared
    by the DECnet address.

    Since the loopback address is injected into the routing protocol,
    the node can be reached everywhere, no matter in which of the
    geographically separated data centers it resides. No need to have
    stretched L2-Domains, every DC can utilize it's own network segment
    to be unabigous about addressing each node.

    I believe I completely understand the concept. See the comment above
    about IPs on loopback / dummy w/ routing protocols.

    This again is a rabbit hole in itself, because as you fall down,
    you see *so many* details to consider, that scenario is probably
    too complex to be reliable, resonably resistent agains attacks from
    "inside" and foolproof at the same time.

    I think this is one of the areas where OvS (OpenFlow) shine. You
    pre-program what flows are allowed. Anything else that's not allowed is
    a security violation and sets off an alert.

    You can literally program OvS to take the packet that doesn't match a pre-defined flow and send it to an OpenFlow controller, which can then
    know exactly what was sent and deal with it as a security incident.
    This is fairly easy in OpenFlow.

    Currently, I'm not aware of an easy solution. At least as easy to
    handle as a streched L2-Domain. As long as it works and all measures
    have been taken to prevent split brain sutuations to the greatest
    extent possible.

    I think it is completely related to how much work people are willing to
    put in up front.

    No. But at least I'm used to AnyNet in old OS/400 releases. ;-)

    Fair enough.

    Okay, let's say, you want to open an FTP connection to a remote
    host via that facility. What do you enter in the host field of that
    graphical FTP client program? A name? If yes, what resolves that name
    to an IPX address? And if not, may I just enter an IPX-Address into
    that field?

    All applications see names or IPv4 addresses.

    The lower portion of the Winsock stack removes the IP network layer
    protocol and substitutes the IPX network layer protocol and sends the
    packet to the pre-configured IPX address.

    Said IPX address removes the IPX network layer and puts a new IP layer
    under it when sending the packet out it's TCP/IP network connection.

    The applications still see names and IPs and are — to the best of my knowledge — unaware that the IP<->IPX<->IP transitions happened.

    What about some applications whose devs thought, it's a nice thing
    to hard code periods every fourth column?

    No problem.

    How to enter an IPX address there?

    They don't.

    The applications still think they are dealing with TCP/IP.

    Yes. But applications utilizing IP usually never deal with MAC
    addresses.

    Most applications using TCP/IP don't actually construct the TCP/IP
    packets themselves. Instead they ask the system's TCP/IP stack to do it
    for them.

    This is where the lie / magic comes into play.

    The applications make the same API calls to the modified Winsock. The
    modified Winsock still talks to the applications the same way that they
    are expecting. It's just that it, the modified Winsock, speaks IPX
    instead of IP.

    Sure? See above.

    Yes, I'm sure. See above.

    You're way too deep into details. :-) I hope I could clarify my
    questioning above.

    I don't think I am too deep. I think I'm where I need to be. I hope my description above helps.

    Not really: AnyNet is an encapsultion mechanism. What you describe
    is the complete replacement of the L3 protocol with another. Just
    like IPv6 vs. IPv4.

    I was not aware that AnyNet was an encapsulation.

    Yes, replacing the L3 protocol *is* what I'm talking about.

    Optionally, it was. But MacTCP could utilize an Ethernet NIC to send
    and receive Ethernet II frames as usual. You *could* utilize that encapsulation also on Ethernet, since AppleTalk also runs on Ethernet.

    The very same functionality is offered by Open Transport.

    I need to research some things to better explain.

    Interesting remark! Why did this idea never occur to me?

    ¯\_(ツ)_/¯

    Just had aa quick glance over iptables-extensions(8) and saw that
    it's possible to match by --tcp-option and can alter packets with
    either Target SYNPROXY, Option --wscale, or Target TCPOPTSTRIP, --strip-options.

    I'll definitely check this out, thanks!

    You're welcome.

    You just made my PIX 506E useless. ;-)

    Hum.

    Can you run Linux on it? Turn it into a LinPIX running IPTables. }:-)

    Yes. And because I can, I documented the pinout. https://kb.pocnet.net/wiki/AS/400_FSIOP_Kabel

    Thank you!

    So it's at least once to be found in the internet. If one is desperate enough, one can acquire connectors and cable and do it himself.

    Yep.

    You might reach out to Internet Archive and / or Bit Savers and see if
    they want to archive the information.

    I don't know yet. Also on my list to try out, maybe together with
    connecting OS/400 via serial port and Macs with Cisco gear. Don't know
    what to run on top of X.25. AFAIR, it also has been used as simple
    terminal data transport facility. Sadly, X.25 support in current
    Linux has been shrinked to just AX.25 a long time ago.

    I think that X.25 support is largely the same as it was 15+ years ago.
    I don't think support for it has been removed like support for Token
    Ring has. There's also the fact that you can run an old distro and / or kernel. }:-)

    I never heard of DFT before at all, so you're more an expert than
    me. :-)

    Ha! I'm HARDLY an expert. I'm simply an inquisitive idiot who
    struggles to learn things.

    Come on, that also happened with other companies. ;-)

    That doesn't mean that I can't be annoyed by it.

    I've a Mac IIci with A/UX 2 (feeling like System 6) and a IIfx with
    A/UX 3 installed, mimicking System 7. Nice is that if an application
    crashes, I could easily telnet to the host and kill the Mac OS task. No
    need to do a hard reset anymore. Drawback is that the Mac environment
    because of constant polling for new events creates a load of 1.

    Interesting.

    True. I also tried to find out if earler samba releases supported
    NBF but apparently, it never did. Just NBT.

    Okay.

    You're the second source to say that in a couple of months.

    That's possible. Maybe I need to find out which Ethertype field
    NBF used.

    I can get you a packet capture from Windows if you want. I think it's
    802.2 LLC. I want to say no SNAP option.

    Yet another thing to try out: Add 1 and 2 to the line description,
    vary off/on and see if I can connect to the NT4 VM.

    :-)

    Doesn't ring a bell here.

    It's a ham radio closing. Akin to have a good day.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From poc@pocnet.net@21:1/5 to Grant Taylor on Sat Dec 21 23:06:12 2019
    Grant Taylor <gtaylor@tnetconsulting.net> wrote:

    No. Do you have a reference at hand?
    Fibre Channel over Token Ring.

    I meant if you have a link to that joke.

    AFAIK there's no mechanism to send back an error on L2. ICMP could
    but that's L3.
    I think I was thinking something like BPDUs, akin to "Explorer Frames".
    (I think that's the proper term.)

    BPDUs essentially contain Spanning Tree protocol exchanges while Explorer Frames are a Token Ring only technique which works in a way like Spanning Tree but can cope with mutiple rings source-bridged together: It supports RIFs
    which Ethernet just hasn't.

    As I type this out, I wonder what NBT would look like over Token Ring.
    It would be NetBIOS over TCP on 802.2 LLC w/ SNAP. When NetBEUI would
    be NetBIOS over 802.2 LLC. I feel like there is an overhead ~>
    performance impact. \_(???)_/

    It never occurred to me to try that out. :-) If I ever get my 2850 IPCS
    back to a functional state, I'd add an IBM Token Ring board to see what's
    going on.

    How comes TCP into play while there's no IP involved?

    when I was having yet another 200-tab-session with Wikipedia. :-)
    You have those too?

    Yes. Apparently I'm not the only one "suffering" from that habit. :-)

    I thought that some of the remote connections were Hercules specific.

    Yes, the CTC-Connection is handled by Hercules as a TCP session, not by the Guest OS.

    I don't think the SNA stack in Linux was ever really completed.

    I think about the same. But it's possibly a foundation to build on. Dunno when I'd have the nerves to dig into that pile. :-)

    That APPN and hierarchical SNA share the name and have some common
    concepts but they can't talk to each other without some kind of
    translation facility.
    Ah. So like IPv4 and IPv6.

    Maybe, yes. I'm not fluent enough with SNA to know the gory details.

    Yes, if there'd be a way to connect VTAM to Ethernet, to get a
    connection from SNAsw to VTAM in the host. Basically.
    I've not seen any documentation / tutorials for this. But I am actively looking for ways to do this. Hence some of the conversations that we've
    had about DLSw and SNASw (EE).

    If you get any valuable input, please let me know.

    To my understanding, the emulated 3xxx-with-NCP (in parts) in Hercules
    4 is a possible start to have that functionality by extending code
    to the features of a full-blown communications controller. Honestly,
    I don't know if I'm mixing up things here. I'm much better with AS/400.

    What your saying matches my understanding.

    I think part of the problem is that the NCP that ran on the 3xxx
    controllers is proprietary code and thus a LOT of work to replicate.

    It is, indeed. As I understand, these CCs were channel-attached. The emulated 3xxx must be attached t a channel also, I think. That means, the basic work is done, and also some code mimcking the NCP.

    I also think that there is not sufficient demand for this work effort.

    These are also my doubts.

    Right. But to my understanding KICKS started as a commercial
    product. Or there has been a free and a commercial version.
    CICS is a commercial product. I believe that KICKS was created by the hobbyist community. I may be wrong.

    KICKS at least had commercial (aka: paid) support. There's some remains of these in READMEs and other documentation.

    I'm not aware about that crossover-thing but I guess you're talking
    about the X.21 cables.
    I'm talking about the HD-60 cables.

    Looked it up, and yes: These exit! Duh!

    In the early 2000's at my previous employer, we had an OC3-Connection
    to an ISP via coax cable to a DSU and from there to a HSSI NP in a
    Cisco 4700. Yes, old box even back then but despite that, it performed
    extremely well. CPI load was never in excess of 50%, even when there
    was a lot of traffic.
    Hum. Coax (two BNCs?) sounds like a DS-3 to me.

    Maybe that. I'm not really sure, memory is already blurry there.

    That should be about 45 Mbps. Conversely an OC-3 was akin to a DS-5, or about 150 (?) Mbps.

    We booked 30 at that time. Dunno what the other side did to enforce that.

    I /think/ that you can get more stations to talk to each other by taking
    the Tx on one system and connecting it to the Rx on another, repeat
    until you have a ring. Though this has NONE of the redundancy aspects
    that FDDI had. If any single station of this configuration is down, the entire ""ring is down.

    Yes, for a hobbyist purpose, that might just be sufficient. I also saw a
    funny adapter from that IBM Token Ring Clamps to two BNC ports. Maybe that was something similar: Make a Ring through Coax Cables but use Token Ring Protocol on it. :-)

    Link - RFC 3021 - Using 31-Bit Prefixes on IPv4 Point-to-Point Links
    - https://tools.ietf.org/html/rfc3021

    ;-)

    Thanks! Sounds interesting.

    There's always unnumbered point-to-point links. I know that Linux and
    Cisco support this.

    Yes but not on Ethernet, AFAIK. At least with Cisco IOS.

    On a physical switch with physical end user machines connected,
    I'd do a "switchport protected" and have a good deal of my desired
    functionality.
    The key thing being "end user machines". You can know that end users
    don't need to talk to each other.

    I don't know, in fact. But they *may* talk to each other, just not "directly", aka with Layer-2. They're supposed to talk through the whatever-connection to
    a central gateway/router/AC which lets them talk via Layer-3 only. And just
    the stuff I allow by access-lists. There's no difference if two independend customer's VMs talk to each other or some other host somewhere on the
    internet.

    Switchport protected enforces a similar scenario, eventhough it's on Layer2 only.

    Suddenly, VMCI comes to mind. Should dig into that a bit, maybe.

    There once was a discussion about using VMCI as transport for NFS. Apparently, VMware (as of ESXi 6.5) supports no direct VM-VM communications. Okay, no-go.

    I'd love to have some kind of true "stacking" of a physical switch
    to the vSwitch(es). Part of that is possible with Cisco Nexus and
    distributed vSwitches, as I heard. Didn't take time to verify to
    which degree that would help, though.
    I'm not sure how the stacking forms a different interconnect than a
    really high speed Ethernet port.

    I think of a stack as of an entity with a common management engine. Data must flow, obviously. :-)

    Yes. But since I consider machines from customers (with root access)
    as untrusted, a local firewall to restrict outgoing stuff is mostly
    superflous.
    I was thinking that the guest VMs would run their own firewall for
    /inbound/ protection. Just like I would want to run on a physical system.

    Yes. But that doesn't solve all Layer-2 issues if one VM were owned and abused for possible takeover of more machines in the same network segment. My case is that *if* something like that happens, it must not be possible for that VM to have an easier way to attack further nodes in the same network segment, even
    if their admins are dumb and lack basic hardening. There simply should not be
    a common network segment. At least not in any way visible to the guest OS in the VM.

    I'm fairly certain that some hypervisors can enforce MAC filtering for
    the VM. As in the VM can only originate as the known MAC and there's no
    way for it to actually receive anything but it's MAC and broadcast /
    unknown / multicast (a.k.a. B.U.M.) traffic.

    I'm stuck with Vmware ESXi here, because of many reasons. The probably most important ones are Experience and Boss considers anything else as inferior.

    Thanks for your elaborations on OpenFlow. I'll keep them in mind. Who knows, someday Vmware will awake from their Container-Hype and implement stuff which is really helping. Since OpenFlow doesn't apply to my situation, I took the opportunity to shorten this message.

    If the emulated serial ports on VMs didn't have a speed limit to
    ancient 115200, I'd really opt for PPP over emulated serial links. No
    ARP, no flooding, no problems.
    If you're okay with PPP, then why not do PPPoE?

    Again, common L2-Segment visible from within the VM.

    Is this in any way compatible with ESXi? I guess, no.
    I don't know.

    I read about it and as I understand, it's not.

    See? That's why I want to do better. :-)

    I don't have a problem with what Co-Lo providers do.

    I protect my system (in the Co-Lo) from the Internet and other Co-Lo
    tenants.

    There are numerous pseudo-admins who just want to put their Wordpress-Thing online and never care about it again. I definitely don't count you into this class of people. :-)

    Or emulate the DECNET way of Networking: Every end node participates
    in Routing. The NIC's DECNET address is meaningless and just needed
    to have connectivity. The true node address used to access the
    node's services is a loopback address.
    I've not heard about this before. Maybe it's a mode of using DECnet
    that I'm not aware of. Or perhaps a different phase of DECnet than I'm
    used to (IV).

    I never verified that claim myself but I trust Ivan Pepelnjak to know what
    he's talking about. :-)

    I'm used to the MAC address being intimately associated with the DECnet address. As in the MAC address gets changed to match what is declared
    by the DECnet address.

    That's also what I learned from my tinkering with OpenVMS in SimH. I didn't take my time to learn more about that, yet. OS/400 has more priority. ;-)

    All applications see names or IPv4 addresses.

    The lower portion of the Winsock stack removes the IP network layer
    protocol and substitutes the IPX network layer protocol and sends the
    packet to the pre-configured IPX address.

    Ah, so there must be some facility which translates IPv4 addresses to IPX addresses! That explains a lot!

    You're way too deep into details. :-) I hope I could clarify my
    questioning above.
    I don't think I am too deep. I think I'm where I need to be. I hope my description above helps.

    Yes, it did. Thanks for your patience!

    Not really: AnyNet is an encapsultion mechanism. What you describe
    is the complete replacement of the L3 protocol with another. Just
    like IPv6 vs. IPv4.

    I was not aware that AnyNet was an encapsulation.

    <https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/rzajt/rzajtcfg400toanynetpo.htm>

    Now I'm no longer sure. I'm fairly sure that AnyNet provided tunneling from
    any over any (thus anynet), Any meaning IP, SNA/APP[NC] and IPX.

    Since SNA is less OSI'ish in a way, maybe the SNA thing as seen from Anynet takes a different approach.

    You just made my PIX 506E useless. ;-)

    Hum.

    Can you run Linux on it? Turn it into a LinPIX running IPTables. }:-)

    LOL! 8 MB Flash, 16 or 32 MB RAM (can't remember). Any questions? ;-)
    Honestly, I don't see a point in running Linux on it, since it'd be just another Linux host.

    You might reach out to Internet Archive and / or Bit Savers and see if
    they want to archive the information.

    Good point!

    I never heard of DFT before at all, so you're more an expert than
    me. :-)
    Ha! I'm HARDLY an expert. I'm simply an inquisitive idiot who
    struggles to learn things.

    I'm no different then ;-)

    That's possible. Maybe I need to find out which Ethertype field
    NBF used.
    I can get you a packet capture from Windows if you want. I think it's
    802.2 LLC. I want to say no SNAP option.

    Thanks, but I have an NT4 VM for SNA server, so I can do it myself, if I want to really find out.

    :wq! PoC

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)