===============================================================================
                    X-BONE 1.3 Frequently Asked Questions
                         http://www.isi.edu/xbone/  
                               xbone@isi.edu

                              $Revision: 1.5 $
                         $Date: 2000/10/10 17:22:25 $
===============================================================================

*** Note: This is a preliminary version of the X-Bone FAQ. A more extensive
          (and better organized) version will be updated at the X-Bone web
	  site: http://www.isi.edu/xbone.

> Why do we have to run "make" after installing XBone-1.3-1.rpm?
  > RPM is not interactive, and XBone needs a lot of user inputs to update
    the Perl code and configuration files for host & site specific info.

> Do we need to patch and/or recompile the kernel source code in i
  order to use XBone?
  > Not for XBone itself. In certain platforms (Linux & FreeBSD 3.4/5), you
    need to apply kernel patches (NIST Cerberus for Linux, KAME for FreeBSD)
    to enable IPsec support. But XBone itself requires only that you enable
    some standard kernel options:
    For FreeBSD:	pseuso-device gif 32	 # tunneling device
			MAX_GIF_NEST=2147483647  # enable recursive tunneling
			option IPSEC		 # enable kernel IPsec support
			option IPSEC_ESP	 # enable IPsec ESP support
    For Linux:		IP: tunneling <M>	 # enable IP-IP tunneling
			IP: IPsec     <M>	 # enable IPsec (NIST required)

> Can we disable DNS for XBone?
  > Yes, but only on a per-overlay basis. You can choose NOT to run a DNS name
    server for XBone, but you will have to uncheck the "Use DNS" box when
    creating overlays.

> What is DNS-RD? Why do we need it? Can it participate in overlays?
  > It's a special mode of the XBone Resource Daemon which updates the DNS
    records of the XBone name server. You only need to change the "Class" 
    entry in /etc/xbone/Xbone_daemon.conf to "dns", and run the xb-daemon
    as usual. This DNS-RD needs to run on the same host your DNS name server
    (named) is running.
  > The main function of DNS-RD is to update the zone files for the domain
    you specify (e.g. xbone.private) for overlay use, and then restart named.
  > DNS-RD will NOT participate in normal overlay operations.

> Can we disable the use of SSL (and the host/user X.509 certificates) in 
  XBone?
  > No, since X-Bone program WILL ALTER the existing network configurations
    (interfaces & routing tables) which requires root access to all the hosts
    participating in XBone operations.

> Can a Resource Daemon accept commands from multiple Overlay Managers?
  > Yes, but you need to include all OM hostnames in the "OverlayManagers"
    entry of /etc/xbone/Xbone_daemon.conf. Ex,
      OverlayManagers={ OM1.foo.edu, OM2.foo.edu, OM3.bar.edu }

> Can we run multiple Overlay Managers in the same network?
  > Yes, but you need to specify different IP address blocks on different
    OM's or there will be address conflicts between overlays. Please see
    the man page of OM (xb-overlay-manager(8)) for details on how to set
    IP address blocks for each OM in the command line.

> When I tried to create overlays, I got the following error message:
  "At this time, only ... topologies with 8 links or less are allowed..."
  > Currently, X-Bone can only assign overlays with Class C netmask. And the
    default subnet mask is 3 bits which leaves 5 bits for overlay links.
    Each overlay links consumes 4 addresses (2 tunnel endpoint addresses, one
    all 0's and one all 1's), hence the 8-link (32/4=8) limit.

> Can we run multiple instances of Resource Daemon on the same host?
  > No, but we are working on it.

> Can we visit a node more than once on the same overlays?
  > No, but it's on our TODO list. :)

> Can we use XBone without IPsec support?
  > Yes. On hosts without IPsec capability, you can still construct overlays
    but without IPsec support. In most cases, the daemon configuration file
    (/etc/xbone/Xbone_daemon.conf) generated during installation process or
    by running xb-config will detect automatically whether IPsec support is
    present and set the "OS" tag accordingly. Here's some example:
      Linux + NIST Cerberus IPsec => nist
      Linux without NIST	  => linux
      FreeBSD + Kame		  => kame
      FreeBSD 4.1+		  => kame
      FreeBSD 3.4/3.5/4.0	  => freebsd

> Wait, doesn't FreeBSD 4.0 have Kame IPsec integrated?
  > Yes, but the setkey(8) command doesn't work on 4.0. More specifically,
    spddelete is broken on 4.0.

> Can we run X-Bone with routing softwares like MRTd or GateD?
  > Currently, only MRTd on FreeBSD is supported by X-Bone. MRTd on Linux is
    in the debugging phase, and will be supported once we resolve the issues
    of using dynamic interfaces (tunl) with MRTd.
  > GateD is currently unsupported.

> Do we need to modify the configuration files for the routing software to
  use X-Bone?
  > No. X-Bone will add/delete routes through MRTd's socket interface. You
    don't need to manually add/delete routes for X-Bone.

> How do I know if an overlay is still up?
  > You can verify an active overlay through the following means:
    (1) X-Bone "Overlay Status Monitoring" page in the X-Bone main menu,
    (2) You can ping other hosts within the same overlays using "ping"
	command in any of the overlay hosts/routers,
    (3) You can use "traceroute" command within the overlay to check the
	overlay topology. 
    (*) Note that due to the mechanism used by traceroute, it only works in 
	overlays *WITHOUT* IPsec.
    (*) In some implementations of ping and traceroute, you need to use "-s"
	option to specify the source IP address to be the overlay address
	of the host for both ping and traceroute to work correctly.
    (4) Generally speaking, any software monitoring IP networks could be used
	to monitor overlays provided that the source IP addresses can be set
	to the overlay addresses.

> After I delete all X-Bone overlays, the physical addresses are left undeleted
  on some gif interfaces for FreeBSD platform, and also when I do "ip tun" on
  Linux platform. Is that normal? Why aren't those deleted?
  > On FreeBSD 3.x and 4.0 Release, there is no "gifconfig delete". So we have
    no choice but to leave the outer endpoint addresses there. But since the
    interface itself is down, it will be reuse when you create overlays later.
    FreeBSD 4.1.x and above have added "gifconfig delete" command, and X-Bone
    will test the availability of the command, and use it if available.
  > On Linux, we could have done "ip tun del" to delete all unused tunnel
    interfaces. But since MRTd have problems recognize the "recreated" tunnel
    interfaces, we choose not to do it in order to support MRTd.

> Where are the debugging information for X-Bone?
  > Both X-Bone OM and RD generate a lot of information on the terminal, the
    same info will also be written to /usr/tmp/Xbone.log.

> Where can I find info not listed here?
  (1) X-Bone web site: <http://www.isi.edu/xbone> (including a longer version
      of FAQ)
  (2) X-Bone documentation comes with this installation.
  (3) Email xbone@isi.edu.



