Hi Patrik,

Happy New Year.

Here are some comments based on my experience with OS/390 on TAPs.? I don't use EE, but APPN and Subarea SNA work, as well as TCPIP.? I do not run Hercules as root.

---8<--- /etc/network/interfaces ---8<---

auto eth1 tap0 tap1 br0

# Hercules OS/390: Port LAN Port
iface eth1 inet manual
up /sbin/ip link set dev $IFACE up

# Hercules OS/390: TAPs for Bridging.
iface tap0 inet manual
pre-up /sbin/ip tuntap add mode tap
up /sbin/ip link set dev $IFACE address 02:00:FE:DF:00:42
up /sbin/ip link set dev $IFACE up
post-down /sbin/ip link del dev $IFACE

iface tap1 inet manual
pre-up /sbin/ip tuntap add mode tap
up /sbin/ip link set dev $IFACE address 02:00:FE:DF:01:42
up /sbin/ip link set dev $IFACE up
post-down /sbin/ip link del dev $IFACE

# Bridge everything together and assign an IP address to the bridge.
iface br0 inet static
address 192.168.59.12
netmask 255.255.255.128
gateway 192.168.59.1
bridge_ports tap0 tap1 eth1

---8<---

I run the network manager now, but based on some old notes I had from before, I don't see any issues with your configuration.? It looks like mine did before converting over to NMCLI.? Since it's working for SNA, that seems a good indicator that it should be right.

Hercules configuration excerpt:

---8<---

0E40 LCS -e SNA tap0
0E42.2 LCS tap1

---8<---

Yep, looks like mine (except for the TAP names).
5ce.2 LCS tap0501??????????????????? # for Linux / TCPIP
5de LCS -e SNA tap0502?????????????? # for Linux / SNA/APPN
5ee LCS -e SNA tap0503?????????????? # for Linux / SNA/Subarea

Relevant configuration excerpts from TCPIP.PROFILE.TCPIP:

---8<---

; Required for EE
DEVICE IUTSAMEH MPCPTP
LINK LSAMEH MPCPTP IUTSAMEH

?DEVICE VIPA1??? Virtual 0???? ?
?LINK?? LVIPA1?? Virtual 0 VIPA1
?DEVICE IUTSAMEH MPCPTP??????? ?
?LINK?? LSAMEH?? MPCPTP IUTSAMEH
I have a VIPA in my config that you don't, but I can't see that affecting basic functionality.

DEVICE LCS1 LCS E42
LINK TAP1 ETHERNET 1 LCS1

Here's my config for the LCS.? I see you are specifying port 1 where I have 0, you might try switching that.
? DEVICE ENT0?? LCS??????? 5CE ?
? LINK?? EN0??? ETHERNET 0 ENT0

HOME
192.168.59.89 TAP1

Looks good.

PRIMARYINTERFACE TAP1

Same, same.

GATEWAY
;
; Direct Routes - Routes that are directly connected to my interfaces.
;
; Network First Hop Link Pkt Subnet Mask Subnet Value
; Class Hop Name Size (excl. Class!) (Remainder)

;The next commented line gives us an error:
;17.10.00 STC00043 EZZ0312I THE SUBNET MASK ON LINE 230 CONTAINS AN INCORRECT VALUE 0.0
;192.168 = TAP1 1492 0.0.255.128 0.0.59.0
192.168.59 = TAP1 1492 0


DEFAULTNET 192.168.59.1 TAP1 1492 0

I gave up trying to figure out IBM's GATEWAY format and went with BEGINROUTES/ENDROUTES.? It was just easier for me to look at and understand..
?BEGINROUTES??????????????????????????????????????????????????????? ?
; ROUTE Destination???? Subnet Mask???? First Hop?????? Link MTU Size
; ROUTE xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx EN0? MTU 1492
? ROUTE 192.168.1.0/24????????????????? =?????????????? EN0? MTU 1492
? ROUTE 10.0.0.0/8????????????????????? 192.168.1.21??? EN0? MTU 1492
? ROUTE 172.16.0.0/12?????????????????? 192.168.1.21??? EN0? MTU 1492
? ROUTE 192.168.0.0/16????????????????? 192.168.1.21??? EN0? MTU 1492
? ROUTE DEFAULT???????????????????????? 192.168.1.254?? EN0? MTU 1492
?ENDROUTES??????????????????????????????????????????????????????????

START LCS1
START IUTSAMEH

Yep, me too.

---8<---

So, I guess the only possible configuration issue I can see would be the port number on the LCS LINK statement.

Link starts without error:

17.55.46 STC00052 EZZ4314I INITIALIZATION COMPLETE FOR DEVICE LCS1, LINK TAP1

Yep
15.02.55 STC01703? EZZ4314I INITIALIZATION COMPLETE FOR DEVICE ENT0, LINK EN0

I can see the MAC addresses of all three bridged devices on the switch port:

sw-keller-1g#show mac address-table | incl Gi0/2$
1 0200.fedf.0043 DYNAMIC Gi0/2
1 0200.fedf.0143 DYNAMIC Gi0/2
1 7efc.3ef5.66ca DYNAMIC Gi0/2

I can see the MACs of the IP interface on OS/390 in the switch here.? I can ping to and from a VM/ESA image on a different switch port and I've got a Subarea SNA link up to it as well.

s3560a>show mac address-table | inc Fa0/3
?? 1??? 0200.0200.0000??? DYNAMIC???? Fa0/3? <-- Raspberry Pi bridge interface
?? 1??? 0205.0100.0001??? DYNAMIC???? Fa0/3? <-- OS/390 TCP/IP interface
s3560a>

Note that the TAP code automatically increments the MAC address given while configuring the interface by one. So, the host-local side of the TAP has 02:00:fe:df:01:42, but the guest-local side uses 02:00:fe:df:01:43!

Right.? I configured a .00 address in NMCLI and Hercules bumped it to .01 for OS/390.

I'll skip the traces for now.? If the config issue above doesn't answer this, hit me up and I'll take another run with traces.

FYI, to help understand the below output, my current set up is:

OS/390 ----- Raspberry Pi ----- Cisco 3560 ----- Raspberry Pi ----- VM/ESA

My OS/390 image (hostname JS05, 192.168.1.105) is running on a Raspberry Pi (Pi2, 192.168.1.2).? Pi2 is connected to switch port Fa0/3 on the 3560.? My VM/ESA image (JS01, 192.168.1.101) is running on Pi1, IP address 192.168.1.1.? It is connected to switch port Fa0/1 on the 3560.

The OS/390 interfaces have the following MAC addresses:
TCPIP - 02.03.01.00.00.01? (my TAP0501, equivalent to your TAP1)
APPN - 02.03.02.00.00.01 (not currently inuse)
Subarea - 02.03.03.00.00.01 (my TAP0503, your TAP0)

Looking at 192.168.59.10's local ARP table, I see that the MAC address from tap1 is visible after S TCPIP but is purged after a while:

# arp -an |fgrep 192.168.59.89
? (192.168.59.89) at 02:00:fe:df:01:43 [ether] on ens160

Looking at my host's arp table, I see my guest (OS/390).
jeff@Pi2:~ $ arp -an | fgrep 105
? (192.168.1.105) at 02:05:01:00:00:01 [ether] on br0

# arp -an |fgrep 192.168.59.89
? (192.168.59.89) at <incomplete> on ens160

Checking back a few minutes later shows it still acitve, so it didn't go away like yours did.
jeff@Pi2:~ $ arp -an | fgrep 105
? (192.168.1.105) at 02:05:01:00:00:01 [ether] on br0

Looking at the local ARP cache of OS/390 via OMVS netstat -R ALL command shows that it only knows about its own MAC address and nothing else:

MVS TCP/IP onetstat CS V2R10 TCPIP Name: TCPIP
Querying ARP cache for address 192.168.59.89
Link: TAP1 ETHERNET: 0200FEDF0143

Not so, here...
JEFF:/u/jeff: >onetstat -R ALL
MVS TCP/IP onetstat CS V2R10?????? TCPIP Name: TCPIP??????????? 16:44:32
Querying ARP cache for address 192.168.1.101 (JS01, the VM/ESA image)
Link: EN0?????????????? ETHERNET: 020101000001

Querying ARP cache for address 192.168.1.32 (my Windows workstation, where I telneted from)
Link: EN0?????????????? ETHERNET: 6805CA3AB46C

Querying ARP cache for address 192.168.1.105 (JS05, OS/390, self)
Link: EN0?????????????? ETHERNET: 020501000001

Querying ARP cache for address 192.168.1.254 (my default gateway and DNS server)
Link: EN0?????????????? ETHERNET: DC7FA4213C55

Questions:
- How can I set a static arp entry in OS390 V2R10 ADCD?

Sorry, I don't know.

- Is my GATEWAY configuration correct (sans assuming a /24 network instead of a /25)?

It looks right to me, but I've had issues with GATEWAY and moved on the BEGIN/ENDROUTE, so I may be missing something.

- Has anybody successfully established TCP/IP-Networking in a bridged environment as described above?

Yes.? All 4 of my Pis are configured this way.? A lot of my images don't support TCP (or some even, SNA), but those that do run like this.


Good luck, I hope you find your issue.? If that configuration issue in TCPIP's LINK statement doesn't fix it and you'd like me to run some traces, let me know.
Jeff