From owner-freebsd-questions@FreeBSD.ORG  Tue Jul  8 06:06:33 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B2311106566C
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Jul 2008 06:06:33 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 241FF8FC1E
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Jul 2008 06:06:32 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1])
	(authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id
	m6866Lrm019510; Tue, 8 Jul 2008 07:06:28 +0100 (BST)
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: Sendmail DKIM Filter v2.6.0 smtp.infracaninophile.co.uk m6866Lrm019510
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=infracaninophile.co.uk; s=200708; t=1215497188; bh=Z1aNloqWplwIRd
	jUYzJFCtlszuW76/BrlSSf4aKgDbo=; h=Message-ID:Date:From:MIME-Version:
	To:CC:Subject:References:In-Reply-To:Content-Type:Cc:Content-Type:
	Date:From:In-Reply-To:Message-ID:Mime-Version:References:To; z=Mes
	sage-ID:=20<487303D7.1090707@infracaninophile.co.uk>|Date:=20Tue,=2
	008=20Jul=202008=2007:06:15=20+0100|From:=20Matthew=20Seaman=20<m.s
	eaman@infracaninophile.co.uk>|Organization:=20Infracaninophile|User
	-Agent:=20Thunderbird=202.0.0.14=20(X11/20080607)|MIME-Version:=201
	.0|To:=20Jason=20Morgan=20<jwm-freebsd-questions@sentinelchicken.ne
	t>|CC:=20FreeBSD=20Questions=20<freebsd-questions@freebsd.org>|Subj
	ect:=20Re:=20Jails=20and=20IP=20Aliasing|References:=20<2daa8b4e080
	7070951u607ff031v98b5b96103fdab4@mail.gmail.com>=09<20080707175440.
	GA95976@sentinelchicken.net>=09<2daa8b4e0807071216t7c5ef147obb794b3
	f67376334@mail.gmail.com>=20<20080707193318.GB96701@sentinelchicken
	.net>|In-Reply-To:=20<20080707193318.GB96701@sentinelchicken.net>|X
	-Enigmail-Version:=200.95.6|Content-Type:=20multipart/signed=3B=20m
	icalg=3Dpgp-sha256=3B=0D=0A=20protocol=3D"application/pgp-signature
	"=3B=0D=0A=20boundary=3D"------------enigD31BD26D61CE5F637980BF2E";
	b=CJbFB4U8fI/FfpR96RYtG0latcKcg5IlY5RjCp0DmACcpVWe5oBfteAEt0efNFYO7
	6FiGDhwHWDvolYgmzBJTEsh+nFa7ba/o/bpkzpNuPazLMVF6oQ2QsC4+RJ8u5JLZhYo
	Xcf0qT1WR+52zA4m0DXnuJMhOXxGRKxnUj4zJ1c=
Message-ID: <487303D7.1090707@infracaninophile.co.uk>
Date: Tue, 08 Jul 2008 07:06:15 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Thunderbird 2.0.0.14 (X11/20080607)
MIME-Version: 1.0
To: Jason Morgan <jwm-freebsd-questions@sentinelchicken.net>
References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com>	<20080707175440.GA95976@sentinelchicken.net>	<2daa8b4e0807071216t7c5ef147obb794b3f67376334@mail.gmail.com>
	<20080707193318.GB96701@sentinelchicken.net>
In-Reply-To: <20080707193318.GB96701@sentinelchicken.net>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigD31BD26D61CE5F637980BF2E"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
	(smtp.infracaninophile.co.uk [IPv6:::1]);
	Tue, 08 Jul 2008 07:06:28 +0100 (BST)
X-Virus-Scanned: ClamAV 0.93.1/7661/Tue Jul 8 05:08:55 2008 on
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	happy-idiot-talk.infracaninophile.co.uk
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: Jails and IP Aliasing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2008 06:06:33 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD31BD26D61CE5F637980BF2E
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Jason Morgan wrote:
> On 2008.07.07 12:16:44, David Allen wrote:

>> # grep fxp0 /etc/rc.conf
>> ifconfig_fxp0=3D"inet 10.0.1.2 netmask 0xffffff00"
>> ifconfig_fxp0_alias0=3D"10.0.1.3 netmask 0xffffffff"
>> ifconfig_fxp0_alias1=3D"10.0.1.4 netmask 0xffffffff"
>> ifconfig_fxp0_alias2=3D"10.0.1.5 netmask 0xffffffff"
>>
>> My understanding from the handbook is that the mask should be set to a=
ll
>> ones if the alias is for an address that's part of the same network.  =
For
>> a different segment, it's the first alias that should be set to the re=
al
>> netmask, with any additional aliases using a netmask of all ones.
>>
>> Granted, the broadcast addresses looks odd.  If I my programming skill=
s
>> were better, I'd just read through the code and understand what's real=
ly
>> happening, but for now, I'm just taking the FreeBSD folks at their wor=
d at
>> following instructions.  That's a roundabout way of saying I think you=
r
>> aliases are set up incorrectly.  ;-)
>=20
> That it quite possible (I do notice the newer documentation calling
> for netmask 0xffffffff). But I have never had any trouble over the
> last three years so, you know how it is, if it ain't (too) broke ...

Using a /32 netmask for aliases in the same network as the primary
address used to be mandatory until sometime during the 6.x RELEASE
series.  It is still recommended in the various documentation, and
it does make it clear to the administrator which is the primary
address when looking at ifconfig output, when that distinction is
important[*].

Using the 'natural' netmask for the network the aliases are part of
has worked for several years: this seems to be what most new users
expect and it's familiar for users of other operating systems.  As
far as I know, there is no technical or performance reason to prefer
one style over the other -- just a matter of administrator preference.

	Cheers,

	Matthew

[*] ie. which is the source address used for connection /from/ the
server.  If all the aliases are used for jails, or all your software
is configured to bind to one or other of the addresses this doesn't
come into play.

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enigD31BD26D61CE5F637980BF2E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkhzA90ACgkQ8Mjk52CukIy4wQCZARi3cPIBkv9pRLfGNMNXdDvX
x2IAniah2dqtfNUdQF5EZIG4t10z/ODR
=ixlu
-----END PGP SIGNATURE-----

--------------enigD31BD26D61CE5F637980BF2E--