From owner-freebsd-net@FreeBSD.ORG Tue May 17 08:57:04 2011 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F98D106564A for ; Tue, 17 May 2011 08:57:04 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.vlsi.ee.noda.tus.ac.jp (sekine00.ee.noda.sut.ac.jp [133.31.107.40]) by mx1.freebsd.org (Postfix) with ESMTP id 276BB8FC0A for ; Tue, 17 May 2011 08:57:02 +0000 (UTC) Received: from alph.allbsd.org (p2237-ipbf904funabasi.chiba.ocn.ne.jp [122.26.37.237]) (user=hrs mech=DIGEST-MD5 bits=128) by mail.vlsi.ee.noda.tus.ac.jp (8.14.4/8.14.4) with ESMTP id p4H8ibhr059127 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 17 May 2011 17:44:48 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.allbsd.org (8.14.4/8.14.4) with ESMTP id p4H8iPlA099858; Tue, 17 May 2011 17:44:27 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Tue, 17 May 2011 17:43:13 +0900 (JST) Message-Id: <20110517.174313.868674729938461030.hrs@allbsd.org> To: spork@bway.net From: Hiroki Sato In-Reply-To: References: X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.3 on Emacs 23.1 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Tue_May_17_17_43_13_2011_264)--" Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5 (mail.vlsi.ee.noda.tus.ac.jp [133.31.107.40]); Tue, 17 May 2011 17:44:48 +0900 (JST) X-Spam-Status: No, score=6.1 required=14.0 tests=BAYES_50, CONTENT_TYPE_PRESENT, RCVD_IN_PBL, RCVD_IN_RP_RNBL, SPF_SOFTFAIL, X_MAILER_PRESENT autolearn=no version=3.3.1 X-Spam-Level: ****** X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.vlsi.ee.noda.tus.ac.jp Cc: freebsd-net@FreeBSD.org Subject: Re: IPv6 alias masks/masks for routed aliases X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2011 08:57:04 -0000 ----Security_Multipart(Tue_May_17_17_43_13_2011_264)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Charles Sprickman wrote in : sp> First, the easy one. For IPv6 aliases, what is the proper subnet? Normally it is a /64. See also Section 2.5.4 in RFC 4291. sp> And the second one, which is also probably easy. We're going to move sp> at some point from a bunch of subnets on the same wire to having our sp> own router that gets our blocks routed to it. At that point I'd like sp> to move to routing individual IPs (or small subnets) to each host sp> behind the router. sp> sp> For example, say we have the following routed to our router: sp> sp> 10.1.0.0/27 sp> 10.2.0.0/27 sp> 10.3.0.0/27 sp> sp> All the hosts behind our router are in 10.1.0.0/27. I want to send sp> some IPs from 10.2.0.0/27 and 10.3.0.0/27 to a host at 10.1.0.2, so I sp> do the equivalent of "ip route 10.2.0.0 255.255.255.248 10.1.0.2" sp> (cisco speak) on the router box. How should the aliases on 10.1.0.2 sp> be defined? Should they all have /32 masks? Should the first get a sp> /29 and the rest a /32? sp> sp> Is this even a valid config? In reality, we have way more subnets, sp> totally non-contiguous, varying masks. With VRRP on the provider's sp> side, we immediately lose 2 IPs from each subnet in our current setup, sp> plus the network and broadcast IPs. I'm hoping that in a routed setup sp> I can regain not only the VRRP IPs but the top and bottom of each sp> subnet... Considering the scarcity of IPs these days, that would be a sp> big help. Well, I could not understand what you are trying... Is 10.1.0.2 located on 10.1.0.0/27 and acting as another nexthop router? If you want to split three subnets on a single wire into three subnets on three wires, simply configuring three /27 addresses to each interface on the router works. If you want to route a part of the traffic from specific addresses to a specific host, you can add a specific route for the address range. -- Hiroki ----Security_Multipart(Tue_May_17_17_43_13_2011_264)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAk3SNSEACgkQTyzT2CeTzy13YwCeL++0lPWWuDi3aCQBWiyg9O31 7rQAoLqt0tweIZpRLw+JFwMWsK1G4jPU =L1ZE -----END PGP SIGNATURE----- ----Security_Multipart(Tue_May_17_17_43_13_2011_264)----