ISDN and Linux
Arthur Donkers
Although modems with speeds up to 56 Kb/s (kilobits per second) are widely available, the actual throughput speed is often much slower. This can be caused by inferior telephone lines that force modems to work on lower speeds or by ISPs that do not yet support the higher speeds. To make matters worse, these high-speed modems often support 56k in one direction only (typically in the download direction), so you cannot use these on a leased line to build a 56k link. Finally, at least in Europe, not all of these high-speed modems are approved by the local authorities, and sometimes do not even work properly with the existing POTS (Plain Old Telephone System).
Integrated Services Digital Network, or ISDN, is a viable high-speed alternative. It is widespread in Europe, especially here in the Netherlands. In this article I will show you how to connect a Linux machine to the Internet via ISDN.
Although modern modems are capable of high speeds, they do not always achieve their maximum data rate due to noisy telephone lines, faulty switches, and other external circumstances. Some modems will reduce their communications speed to accommodate poor line conditions. When these conditions improve, the modem will step up its speed.
Although raw speed is no longer a real issue with these modems, there are still a number of drawbacks to using them. The biggest disadvantage is the time required for two modems to establish a communications link. When one modem dials another, they start a negotiation phase to determine the maximum speed at which they can communicate. This negotiation phase can take up to 30 seconds to complete, especially if the modems are quite different and therefore must restart this phase. So if you were thinking of building a virtual leased link with analog modems, think again; the negotiation phase may cause a number of protocols to timeout before the link is established. (This applies even when you are using the modems in leased line mode, in which case they must negotiate their communication speed as well. They can, however, skip the actual dialing.) To solve these problems, you could use ISDN. Since ISDN is a digital communications channel, it does not suffer from the problems mentioned above.
There are three major ways of connecting a system to the Internet via ISDN: using a dedicated router, using an ISDN "modem," and using an ISDN card. One or more of these methods may not be applicable to your local situation, depending on hardware availability. In later sections, I will explain these methods and their respective advantages and disadvantages. But before delving into the connection specifics, I will cover some background information about ISDN techniques.
ISDN Overview A normal ISDN connection consists of a number of logical channels. There are two independent channels, the so-called B channels, available for communications. Each B channel offers a communication speed of 64 Kb/s (in Europe) or 56 Kb/s (in the U.S.). B channels are digital and therefore do not require negotiation of communications speed when establishing a link. A synchronous protocol is used for communicating over B channels. The communication can be digitized speech or video, or a traditional data session such as an Internet connection.
Next to these two B channels there is a D channel that is mainly used for control signaling. As such, it is not available to the user.
Although the synchronous protocol used for B-channel communications is standardized, you should be aware that the standardization is not global. Many countries have chosen their own standard. In Europe, most countries are now offering the Euro ISDN protocol (DSS1). Direct ISDN communication between Europe and the U.S. can be problematic, however.
On top of this synchronous protocol you can layer PPP (Point-to-Point Protocol) to carry network traffic from one point to another. Although PPP is used mainly for carrying the IP protocol, you can also use PPP to carry others, such as IPX/SPX. The PPP mechanism is protocol-neutral and PPP packets carry enough information so that their payload can be routed. Because of the synchronous nature of the ISDN protocol, you need to use PPP in synchronous mode as well. Depending on the solution you have chosen, this may be completely transparent to your Linux machine. Because of the previously mentioned restrictions, you cannot use SLIP (Serial Line IP) directly over an ISDN connection. You could tunnel SLIP through PPP, but that would not make much sense.
Using a Dedicated Router The first method of connecting to the Internet is by using a dedicated ISDN router. Most established firms have one or more of these routers available, such as models from Cisco Systems (http://www.cisco.com) and Ascend Communications, Inc. (http://www.ascend.com). While all routers can do the job, choosing which router is best is dictated primarily by your ISP. To prevent problems, it is best to use the same brand of router as your ISP. Although all routers use a form of SDLC or HDLC for inter-router communication, interoperability is not always what it should be.
Choosing a dedicated router is the most expensive option, but it is also the easiest to set up and administer. All of the ISDN and router configuration is done on the router, which normally has a dedicated user interface for this. Le Reseau's ISP offers the option of connecting to the Internet via ISDN, using an Ascend Pipeline router. The examples shown below are taken from that router.
All routers have similar basic features. They are equipped with a network interface (COAX, UTP, or both). This interface is used for the local network. You can connect one system to that network or a complete B class segment. The second interface of the router is the ISDN interface. This is connected to the ISDN interface of your local phone company. You must select the proper interface and protocol setting when configuring your router so it will be able to communicate over the ISDN interface.
Most routers are used in so-called un-numbered mode. This means that the ISDN interface is not assigned a separate IP address, but that it will use the IP address of the LAN interface. First, this saves your ISP a lot of IP addresses, and second, it makes configuring your router a bit easier. Figure 1 shows the main configuration screen of our Ascend router.
Ascend's Main Screen The eight windows on the right of the screen show you different status information (see Figure 1). The top-left window (number 10-100) shows you which of the B channels is active (designated by an asterisk). By looking at this window, you can verify whether or not your ISDN link is up.
The top-right window (number 00-200) shows you which of the sessions is active over the ISDN link. A session is related to a configuration entry (see Figure 2) in which you specify the phone number to call, the authentication information to use, and the different IP settings related to the session. The Ascend router allows you to specify different sessions; thus, you can use one router for different connections (e.g., to the Internet or the office). Depending on the remote system you want to contact, the router will select the appropriate session and call the related router at the other end. The current session that is active is called gn51. This session is also shown in window 20-100.
The fourth window, called gn51, shows you the quality of the connection (determined by the number of retries). For a properly working ISDN connection, this should always show you something like the window in Figure 1.
The 20-300 and 20-400 windows show you how many packets have been sent and received over the WAN (ISDN) and LAN interfaces.
The bottom two windows show you the hardware options of the router and other related information.
As can be seen from the configuration screen on the left side of Figure 1, PAP is used to authenticate this router at the ISP; Send Auth is set to PAP. Recv Auth is also set to PAP. The reason for this is simple: we use our ISDN connection as a virtual leased line. This means that whenever anyone on the Internet wants to connect to the reseau.nl domain, our ISP will call our Ascend router, authenticate itself with the Recv Passwd, then hang up. Our router will then call back automatically and establish the link. This process takes no longer than a few seconds. Figure 2 shows the main configuration for the gn51 session.
gn51 Session Configuration (For extensive details on configuring the session, refer to the Ascend Pipeline Router manual.) Most routers allow you to define filters on the network traffic that flows through your router. (Note: the new 5.0 software for the Ascend Pipeline allows for NAT, Native Address Translation. This means that the router will replace all internal addresses with the external address of the router before sending the data to the Internet. Whenever it receives an answer on a packet sent earlier, it will restore the original address and deliver the packet to the local network. This is also done by the IP Masquerading feature of newer Linux kernels). This can be a standard option (Cisco's IOS allows you to define access lists; Ascend allows you to define a maximum of twelve data filters). Some routers even have the option of adding firewall software to limit external access to your local network or system, which leads to the issue of security.
By adding your system to the Internet in the manner above, you are in effect connecting the complete local network, which is directly connected to the router, straight to the Internet. Consequently, you must use an officially approved network address, and you must protect your system from direct access. My advice is to always place a firewall between your router and your local network. A firewall will protect your internal network from prying eyes and will also allow you to freely choose an IP address range for your internal network. If your firewall supports application proxies or address masquerading, it will effectively hide these internal IP addresses. How to set up such a firewall is beyond the scope of this article. See "Building a Linux Firewall" in the June 1996 Sys Admin for more details.
A final word of warning: if you use this solution to get a virtual leased line, you must closely watch the costs. If you have considerable Internet traffic, it soon pays to migrate to a real leased line to connect to your ISP.
Using an ISDN "Modem" The second way of connecting to the Internet via ISDN is by using a so-called ISDN modem. (Since the communication is digital, the unit is not technically a modem.) This is the easiest way if you already use an analog modem and want to migrate to an ISDN solution. A number of vendors, including ZyXEL and Motorola, offer ISDN modems.
From the computer's point of view, these ISDN modems are used just like normal modems in that they support an extended version of the AT command set. Furthermore, most modems have one or more built-in A/B adapters, which means you can connect an analog modem, phone, or fax to the ISDN modem as well. The ISDN modem will arbitrate a B channel for the device that needs it. When even a 64 kbit (or 56 kbit) is not fast enough, an ISDN modem can add the second B channel to the active connection. This is called bundling, or MP+. Your provider must support this as well, since these two physically different connections are combined into one logical connection with the same IP address. The ZyXEL modem allows for automatic bundling and unbundling. You can specify, in a number of special registers, thresholds in throughput. Whenever the link goes over the bundling threshold, the modem will add the second B channel (if it is available) to the link. Whenever the thoughput drops below the unbundling threshold, it will deactivate one B channel (normally the one that was added). To prevent oscillations in bundling and unbundling, you can specify a time period for the throughput to be over or under the threshold before any action is taken.
We currently use a ZyXEL Elite i2864 to connect a remote office to our central office via ISDN. The ISDN modem is connected to a Linux machine that works as a router and demand dialing. Next, I will explain how you can use this modem to build your connection.
First, make sure you have a fast serial port with a built-in FIFO so it can sustain a 64 Kb/s (or 56 Kb/s) data rate. If you use channel bundling, you may have to use a dedicated port that can sustain a data rate of 128 Kb/s (or 112 Kb/s), so make sure you have a 16550A or better serial port controller. Next, make a proper modem cable that will allow you to make use of hardware flow control with RTS/CTS signals. Most modems are shipped with such a cable in the box, so that shouldn't be a problem.
If you have previously used a modem with your system, only slight adjustments are required. In the modem's settings, ensure that the modem uses synchronous PPP. In the ZyXEL modem you can force this by issuing the ATB40 command. The subsequent PPP connections (initiated by a ATDI dial command) will use synchronous PPP. Save all settings in the reset/power-on profile so that all of your original settings will remain intact the next time you reset the modem. It is always a good idea to begin a new session by resetting your modem with the ATZ command.
If you haven't previously used a modem with your system, you need to do a few things before you can start using the ISDN modem. First, make sure your kernel has PPP support. If you installed a "plain" kernel from a Red Hat or Caldera distribution, PPP support is provided as a loadable module that will be loaded into the kernel whenever it is needed. If you do not use one of these kernels, or have built a new one, you can check whether or not your kernel supports PPP by using the following command:
cat /proc/net/dev
The output should show something like:
[arthur@osiris arthur]$ cat /proc/net/dev
Inter-| Receive | Transmit
face |packets errs drop fifo frame|packets errs drop fifo colls carrier
lo: 8156 0 0 0 0 8156 0 0 0 0 0
tunl0: 0 0 0 0 0 0 0 0 0 0 0
tunl1: 0 0 0 0 0 0 0 0 0 0 0
eth0: 39378 0 0 0 0 13595 0 0 0 1 0
ippp0: 14597 0 0 0 0 10089 0 0 0 0 0
ppp0: 225 0 0 0 0 195 0 0 0 0 0
[arthur@osiris arthur]$
The ppp0 line shows that there is PPP support in the kernel. (The ippp0 device is related to the third and last method of connecting to the Internet. More on that in the next paragraph.)
If you do not have a ppp0 line, you need to add PPP support to your kernel. Change to the Linux source directory, then do a make config and answer Y (or M if you want a module version) when asked for PPP support. Install and boot this kernel, and you should have PPP support. Next, you need to configure PPP. This is done through a number of files, all of which are located in the /etc/ppp directory.
First, you need to write a chat script that will talk to your modem to build a connection. Do not forget to embed the necessary AT command to set your modem to synchronous PPP and other things so it will run at the optimum speed. Related to this chat script is the way you need to authenticate yourself at your provider. Most providers want you to use PAP or CHAP. The PAP and CHAP protocols are used to authenticate and identify users (or systems) that want to use a PPP connection. The PAP protocol resembles the classical user name/password combination. A user must specify a user name and password to identify himself. The CHAP protocol is different. It uses a sort of handshake to establish the identity of a user. During this handshake, a number of tokens are exchanged which should normally only be owned by the user. Some providers want you to use a (special kind of) user name and password. In this case, you need to extend the chat script below so it will also provide a user name and password. We use a PAP-based authentication, and use the chat script below to make contact.
ABORT "NO CARRIER"
ABORT BUSY
ABORT "NO DIALTONE"
ABORT ERROR
TIMEOUT 10
"" ATE0Q0B40S80.6=1
OK ATDI0505491119
TIMEOUT 120
CONNECT ""
This is a very simple chat script, and the two most important lines are the ATE and ATDI lines. The ATE line sets the modem (a ZyXEL) to synchronous PPP and the ATDI forces the modem to make a connection straight on the B channel. As you can see from this chat script, there is no user name or password provided. This chat script is called from a connect script that can be called by a user to build a connection (there is also another way, which I will demonstrate later). The pppconnect script is shown below.
#!/bin/sh
DEFAULTDEVICE=/dev/cua0
if [ "x$1" = "x" ]
then
DEVICE=$DEFAULTDEVICE
else
DEVICE="/dev/$1"
fi
/usr/sbin/pppd connect "/usr/sbin/chat -f /etc/ppp/pppchat.isdn" file
/etc/ppp/options.isdn $DEVICE 115200 :
This simply calls the chat script in order to have the modem dial your ISP.
The most important configuration files for PPP are the options files that tell PPP how to configure different options. pppd always reads the file called options, so if you specify another options file (as in the pppconnect script), it will still read the options file as well. Make sure that the options file contains only those options that are common to all the different configurations you use (in our case it is empty). The options.isdn file referenced in the pppconnect script contains the following settings:
lock
modem
crtscts
asyncmap 0
user arthur
remotename pppisdn
ipcp-accept-local
ipcp-accept-remote
defaultroute
These options are not specific to PPP over ISDN; they are also used for PPP over an analog modem. These options are all explained in the pppd manual page. The "user" option is used to establish the identity of the dialing side (us) when authenticating by using PAP. The "remotename" option is used to establish the identity of the dialed side (them). These two options determine which password is used from the pap-secrets file, shown below. I have replaced the actual passwords with # symbols.
# Secrets for authentication using PAP
# client server secret IP addresses
arthur posiris #######
arthur pppisdn #######
You have now configured everything to manually connect to the Internet. However, the "charm" of ISDN is that you can also quickly connect to the Internet by using diald, the demand dialing daemon. To be able to use diald you need both PPP support and SLIP support in your kernel. The SLIP support is used by diald to create a sl0 (slip) device on which it listens for networking packets. A default route is defined to the sl0 device and thus all networking packets destined for the Internet will arrive on that interface. diald will determine by means of its filter rules whether or not such a packet will open the connection. You can use the diald distribution's default rules. One word of caution: rule #21 does not open up the interface for traffic from one name server (your local name server) to a remote name server (your ISP's name server). This particular "feature" caused us a lot of grief before we realized what was happening.
diald compiles easily and can be found on major Linux sites such as http://unsite.unc.edu. The only thing you need to do is to make sure diald is started when your system boots, and that you have configured the main file, /etc/diald.conf, properly. You could start diald automatically from rc.local. An example of the diald.conf file (this actual file is not used in combination with the file shown above, but it will show you what is needed) is shown in Listing 2.
Using an ISDN Card The third way to connect a Linux machine to the Internet is by using a special ISDN card. However, this method has some limitations. As far as I know, the ISDN cards currently supported by Linux are European cards and are not available (nor do they work) in the U.S.
The description here is based on using the standard (not Plug-and-Play) version of a Teles S16.3 ISDN card. When using a Plug-and-Play card, you must take special precautions, which I will explain later. New Teles cards are available in the Plug-and-Play version only. While specific to the Teles S16.3 card, this discussion may be helpful in setting up ISDN cards from U.S. manufacturers as well.
You need to specially build your kernel to be able to use the Teles card; the drivers are not included in the kernel. You also need to enable synchronous PPP because the Linux kernel itself will handle most of the ISDN chores. Once you have built the kernel, you need to add some parameters to /etc/lilo.conf because the Teles card cannot be autodetected completely. Below is an example of these additions. You can add the line to the specific ISDN kernel entry or at the beginning where it is available to all kernels.
# Settings for the Teles 16.3 card (compiled into the kernel)
append="teles=0xd80,5,0,2,Teles"
This specific line will tell the kernel which Teles card is present in your system, and which protocol it will use (in this case protocol 2, EuroISDN). The last parameter is a symbolic name through which you need to refer the ISDN card later on. If you boot the new kernel, it will detect the Teles card and configure it properly.
Before you can start using the card you need a number of extra programs, all of which are included in the isdn4klinux package that is available via ftp.franken.de (indeed, in Germany). The three most important programs are telesctrl, for completing the configuration of your Teles card, isdnctrl, for configuring the ISDN interfaces, and ipppd, the ISDN version of the pppd. ipppd has built-in demand dialing, so you do not need a separate diald. These three programs are all called from the rc.isdn script I have adapted. They completely configure the ISDN interfaces and start the ipppd program. This script is shown in Listing 1.
As you can see in Listing 1, two daemons are started, one for dialing out and one for dialing in. This proved to be a problem with the Teles 16.3 card, but was solved by using a Plug-and-Play card and newer software. First, the ISDN interface is configured; it is assigned a local number and a number of protocol-specific settings. The outgoing interface is assigned a number to dial, and the incoming interface is limited to a number of predefined ISDN numbers (ISDN by default uses CLID and this information is used to identify the calling party).
Next, the network interfaces and appropriate routing entries are created. Finally, the ipppd programs are started; from that moment on, the ISDN connection can be used on demand.
As I mentioned earlier, the Teles cards are available only in the Plug-and-Play version. If you do not have an older version of the card, you can download the isapnp file from ftp.franken.de. isapnp contains files for manipulating Plug-and-Play cards. You'll also need to download a new ISDN driver for Linux called HiSAX. This is an improved version of the driver for the non-Plug-and-Play card and is available as a kernel patch (at least for the 2.0.29 kernel). So you first need to patch your kernel with this new driver. When you configure the kernel, make sure that you select the proper card and proper ISDN protocol. You'll then need to build the driver as a module since Plug-and-Play cards are configured in the final boot stage, and the modules can be loaded only after configuring the card.
You can configure the Plug-and-Play card with the isapnp utility. It reads its configuration from a file, e.g., /etc/isapnp.conf. This file contains a number of items such as I/O address and interrupt. Read the documentation carefully before you experimenting with this software.
After configuring the card, load the different ISDN modules. An example of this is shown in the rc.isdn script in Listing 1; currently, those lines are commented out.
Once you have loaded the modules you can configure the ISDN interfaces just as you did with the older cards. In my experience, however, this new software for the Plug-and-Play cards works more reliably that the older software.
Conclusion Connecting a Linux machine to the Internet via ISDN is no longer a problem. Several connection options are available, each of which has its own price tag, advantages, and disadvantages. The option that suits you best will depend on your needs and how often you want to connect to the Internet.
The electronic code distribution for this article includes two additional listings. diald.defs contains the protocol rules indicating which parts of a network packet should be looked at in the filters. standard.filter contains the filters. See www.samag.com for the code distribution.
|