Jails and IP Aliasing

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Jul 8 06:06:33 UTC 2008 

Jason Morgan wrote:
> On 2008.07.07 12:16:44, David Allen wrote:

>> # grep fxp0 /etc/rc.conf
>> ifconfig_fxp0="inet 10.0.1.2 netmask 0xffffff00"
>> ifconfig_fxp0_alias0="10.0.1.3 netmask 0xffffffff"
>> ifconfig_fxp0_alias1="10.0.1.4 netmask 0xffffffff"
>> ifconfig_fxp0_alias2="10.0.1.5 netmask 0xffffffff"
>>
>> My understanding from the handbook is that the mask should be set to all
>> ones if the alias is for an address that's part of the same network.  For
>> a different segment, it's the first alias that should be set to the real
>> netmask, with any additional aliases using a netmask of all ones.
>>
>> Granted, the broadcast addresses looks odd.  If I my programming skills
>> were better, I'd just read through the code and understand what's really
>> happening, but for now, I'm just taking the FreeBSD folks at their word at
>> following instructions.  That's a roundabout way of saying I think your
>> aliases are set up incorrectly.  ;-)
> 
> That it quite possible (I do notice the newer documentation calling
> for netmask 0xffffffff). But I have never had any trouble over the
> last three years so, you know how it is, if it ain't (too) broke ...

Using a /32 netmask for aliases in the same network as the primary
address used to be mandatory until sometime during the 6.x RELEASE
series.  It is still recommended in the various documentation, and
it does make it clear to the administrator which is the primary
address when looking at ifconfig output, when that distinction is
important[*].

Using the 'natural' netmask for the network the aliases are part of
has worked for several years: this seems to be what most new users
expect and it's familiar for users of other operating systems.  As
far as I know, there is no technical or performance reason to prefer
one style over the other -- just a matter of administrator preference.

	Cheers,

	Matthew

[*] ie. which is the source address used for connection /from/ the
server.  If all the aliases are used for jails, or all your software
is configured to bind to one or other of the addresses this doesn't
come into play.

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080708/965dab98/signature.pgp

More information about the freebsd-questions mailing list