From owner-freebsd-stable@FreeBSD.ORG Wed Sep 21 17:34:48 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 617C11065733 for ; Wed, 21 Sep 2011 17:34:48 +0000 (UTC) (envelope-from mandrews@bit0.com) Received: from magnum.bit0.com (magnum.bit0.com [IPv6:2604:e700:b0:1::200]) by mx1.freebsd.org (Postfix) with ESMTP id 222C78FC15 for ; Wed, 21 Sep 2011 17:34:48 +0000 (UTC) Received: from magnum.int.bit0.com (localhost [127.0.0.1]) by magnum.bit0.com (Postfix) with ESMTP id 6E53522723; Wed, 21 Sep 2011 13:34:47 -0400 (EDT) X-Virus-Scanned: amavisd-new at bit0.com Received: from magnum.bit0.com ([127.0.0.1]) by magnum.int.bit0.com (magnum.int.bit0.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSAM7wnkHgTF; Wed, 21 Sep 2011 13:34:45 -0400 (EDT) Received: from beast.int.bit0.com (beast.int.bit0.com [172.27.0.2]) by magnum.bit0.com (Postfix) with ESMTP; Wed, 21 Sep 2011 13:34:45 -0400 (EDT) Date: Wed, 21 Sep 2011 13:34:45 -0400 (EDT) From: Mike Andrews X-X-Sender: mandrews@beast.int.bit0.com To: Pete French In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Cc: freebsd-stable@freebsd.org, dmagda@ee.ryerson.ca Subject: Re: Usling vlan(4) without an actual lan behind it X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Sep 2011 17:34:48 -0000 On Mon, 19 Sep 2011, Pete French wrote: >> Does it specifically have to be a vlan(4), or can you perhaps add another >> address to lo(4), or perhaps create a "lo1" in addition to the "lo0"? > > It can be anything really - I was looking for a "generic" interface > I can configure with IP addresses. But adding real addresses to > loopback interfaces can cause problems can it not ? > > The issue I am trying to address is that I have a whole bunch of IPv6 > addresse on a /64, which are oly used as endpoints for a set of > websites - they don't exist on a real ethernet anywhere, and don't > need to. I just want them on an interface on a machine wwhen I can run > up a load balancer to listeon on those addresses and forward them to > the approrpiate actual machines serving the requests. Sounds like DSR-type load balancing (or in Linux LVS land, "DR" mode), where the load balancer just rewrites the target MAC address in the header instead of doing full-blown NAT or proxying. Putting the IP's on lo0 is the way to go here. We've been doing that for many, many years (well, months for v6, years for v4) and it works great. With the IP's on lo0, the load balancers are the only thing that can ARP (or NDP) for those addresses... which is what you'd want.