IPv6 alias masks/masks for routed aliases

Charles Sprickman spork at bway.net
Wed May 18 08:28:28 UTC 2011 

On Tue, 17 May 2011, Hiroki Sato wrote:

> Charles Sprickman <spork at bway.net> wrote
>  in <alpine.OSX.2.00.1105170300090.1983 at hotlap.nat.fasttrackmonkey.com>:
>
> sp> First, the easy one.  For IPv6 aliases, what is the proper subnet?
>
> Normally it is a /64.  See also Section 2.5.4 in RFC 4291.

My understanding was that a /64 was a common subnet since it's the minimum 
size required for host autoconfiguration.  What I'm really looking for is 
the FreeBSD-specific recommendation for configuring aliases - I understand 
that I'll probably have a /64 on the LAN, but when setting a netmask on a 
single IPv6 alias are the rules different than they are for IPv4?  So if 
I've got a lan block that's a /64 and I configure an alias on a FreeBSD 
host, do I give the alias the lan subnet (/64) or a host subnet (/128)? 
For IPv4, I believe that it should always be the host subnet (/32).

Which is proper on a FreeBSD host for IPv6?

> sp> And the second one, which is also probably easy.  We're going to move
> sp> at some point from a bunch of subnets on the same wire to having our
> sp> own router that gets our blocks routed to it.  At that point I'd like
> sp> to move to routing individual IPs (or small subnets) to each host
> sp> behind the router.
> sp>
> sp> For example, say we have the following routed to our router:
> sp>
> sp> 10.1.0.0/27
> sp> 10.2.0.0/27
> sp> 10.3.0.0/27
> sp>
> sp> All the hosts behind our router are in 10.1.0.0/27.  I want to send
> sp> some IPs from 10.2.0.0/27 and 10.3.0.0/27 to a host at 10.1.0.2, so I
> sp> do the equivalent of "ip route 10.2.0.0 255.255.255.248 10.1.0.2"
> sp> (cisco speak) on the router box.  How should the aliases on 10.1.0.2
> sp> be defined?  Should they all have /32 masks?  Should the first get a
> sp> /29 and the rest a /32?
> sp>
> sp> Is this even a valid config?  In reality, we have way more subnets,
> sp> totally non-contiguous, varying masks.  With VRRP on the provider's
> sp> side, we immediately lose 2 IPs from each subnet in our current setup,
> sp> plus the network and broadcast IPs.  I'm hoping that in a routed setup
> sp> I can regain not only the VRRP IPs but the top and bottom of each
> sp> subnet... Considering the scarcity of IPs these days, that would be a
> sp> big help.
>
> Well, I could not understand what you are trying... Is 10.1.0.2
> located on 10.1.0.0/27 and acting as another nexthop router?

It's on the 10.1.0.0/27 LAN, but it is not a gateway.  It's simply a host 
that will have additional space routed to it for services running on it 
that will be binding to these other IPs (ie: 10.2.0.2-12 or some such).

> If you want to split three subnets on a single wire into three subnets 
> on three wires, simply configuring three /27 addresses to each interface 
> on the router works.  If you want to route a part of the traffic from 
> specific addresses to a specific host, you can add a specific route for 
> the address range.

The current setup looks like this on the ISP side:

interface vlanxxx
ip address 10.1.0.0 255.255.255.224
ip address 10.2.0.0 255.255.255.240 secondary
ip address 10.3.0.0 255.255.255.248 secondary
ip address 10.4.0.0 255.255.255.224 secondary
ip address 10.5.0.0 255.255.255.240 secondary
ip address 10.6.0.0 255.255.255.240 secondary

Each of our hosts has an IP in the 10.1.0.0/27 subnet, and uses 10.1.0.1 
as the default gateway.

Most hosts additionally have aliases in the other subnets, ie:

ifconfig fxp0 alias 10.2.0.2 netmask 255.255.255.240 (first one gets the 
actual subnet)
ifconfig fxp0 alias 10.2.0.3 netmask 255.255.255.255 (subsequent get a 
host mask)

We are looking to add a pair of Free/OpenBSD boxes with CARP and have the 
ISP give us a /30 for the "WAN" side and then route all those subnets to 
our own "router".  We would then route individual IPs or small subnets (if 
contiguous makes sense) to our hosts behind the router.  Again, in Cisco 
speak:

interface fastethernet 0/1
ip address 10.1.0.1 255.255.255.224
!
ip route 10.2.0.3 255.255.255.255 10.1.0.2 
ip route 10.2.0.4 255.255.255.255 10.1.0.3
ip route 10.2.0.5 255.255.255.255 10.1.0.3 
ip route 10.2.0.6 255.255.255.255 10.1.0.4 
ip route 10.2.0.7 255.255.255.255 10.1.0.5 
ip route 10.3.0.1 255.255.255.255 10.1.0.5
ip route 10.3.0.2 255.255.255.255 10.1.0.5
(and so on)

On hosts 10.1.0.2-5, would they each get a /32 netmask on the associated 
alias?

Thanks,

Charles

> -- Hiroki
>

More information about the freebsd-net mailing list