Date: Tue, 08 Jul 2008 07:06:15 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jason Morgan <jwm-freebsd-questions@sentinelchicken.net> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jails and IP Aliasing Message-ID: <487303D7.1090707@infracaninophile.co.uk> In-Reply-To: <20080707193318.GB96701@sentinelchicken.net> References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com> <20080707175440.GA95976@sentinelchicken.net> <2daa8b4e0807071216t7c5ef147obb794b3f67376334@mail.gmail.com> <20080707193318.GB96701@sentinelchicken.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD31BD26D61CE5F637980BF2E
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Jason Morgan wrote:
> On 2008.07.07 12:16:44, David Allen wrote:
>> # grep fxp0 /etc/rc.conf
>> ifconfig_fxp0=3D"inet 10.0.1.2 netmask 0xffffff00"
>> ifconfig_fxp0_alias0=3D"10.0.1.3 netmask 0xffffffff"
>> ifconfig_fxp0_alias1=3D"10.0.1.4 netmask 0xffffffff"
>> ifconfig_fxp0_alias2=3D"10.0.1.5 netmask 0xffffffff"
>>
>> My understanding from the handbook is that the mask should be set to a=
ll
>> ones if the alias is for an address that's part of the same network. =
For
>> a different segment, it's the first alias that should be set to the re=
al
>> netmask, with any additional aliases using a netmask of all ones.
>>
>> Granted, the broadcast addresses looks odd. If I my programming skill=
s
>> were better, I'd just read through the code and understand what's real=
ly
>> happening, but for now, I'm just taking the FreeBSD folks at their wor=
d at
>> following instructions. That's a roundabout way of saying I think you=
r
>> aliases are set up incorrectly. ;-)
>=20
> That it quite possible (I do notice the newer documentation calling
> for netmask 0xffffffff). But I have never had any trouble over the
> last three years so, you know how it is, if it ain't (too) broke ...
Using a /32 netmask for aliases in the same network as the primary
address used to be mandatory until sometime during the 6.x RELEASE
series. It is still recommended in the various documentation, and
it does make it clear to the administrator which is the primary
address when looking at ifconfig output, when that distinction is
important[*].
Using the 'natural' netmask for the network the aliases are part of
has worked for several years: this seems to be what most new users
expect and it's familiar for users of other operating systems. As
far as I know, there is no technical or performance reason to prefer
one style over the other -- just a matter of administrator preference.
Cheers,
Matthew
[*] ie. which is the source address used for connection /from/ the
server. If all the aliases are used for jails, or all your software
is configured to bind to one or other of the addresses this doesn't
come into play.
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigD31BD26D61CE5F637980BF2E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkhzA90ACgkQ8Mjk52CukIy4wQCZARi3cPIBkv9pRLfGNMNXdDvX
x2IAniah2dqtfNUdQF5EZIG4t10z/ODR
=ixlu
-----END PGP SIGNATURE-----
--------------enigD31BD26D61CE5F637980BF2E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?487303D7.1090707>