From owner-freebsd-stable@FreeBSD.ORG Mon Sep 19 12:45:25 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E9E6106566B for ; Mon, 19 Sep 2011 12:45:25 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from constantine.ingresso.co.uk (unknown [IPv6:2a02:b90:3000:1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 226AE8FC15 for ; Mon, 19 Sep 2011 12:45:25 +0000 (UTC) Received: from dilbert.london-internal.ingresso.co.uk ([10.64.50.6] helo=dilbert.ingresso.co.uk) by constantine.ingresso.co.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from ) id 1R5dDg-000OJ6-Bb; Mon, 19 Sep 2011 13:45:08 +0100 Received: from petefrench by dilbert.ingresso.co.uk with local (Exim 4.76 (FreeBSD)) (envelope-from ) id 1R5dDg-0006PI-Ai; Mon, 19 Sep 2011 13:45:08 +0100 To: dmagda@ee.ryerson.ca, petefrench@ingresso.co.uk In-Reply-To: <7ca46ab8ebfa08fccf7b95440bdf6cb6.squirrel@webmail.ee.ryerson.ca> Message-Id: From: Pete French Date: Mon, 19 Sep 2011 13:45:08 +0100 Cc: freebsd-stable@freebsd.org Subject: Re: Usling vlan(4) without an actual lan behind it X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2011 12:45:25 -0000 > Does it specifically have to be a vlan(4), or can you perhaps add another > address to lo(4), or perhaps create a "lo1" in addition to the "lo0"? It can be anything really - I was looking for a "generic" interface I can configure with IP addresses. But adding real addresses to loopback interfaces can cause problems can it not ? The issue I am trying to address is that I have a whole bunch of IPv6 addresse on a /64, which are oly used as endpoints for a set of websites - they don't exist on a real ethernet anywhere, and don't need to. I just want them on an interface on a machine wwhen I can run up a load balancer to listeon on those addresses and forward them to the approrpiate actual machines serving the requests. Currently I am using a range which is the same as the IPv6 - so they do exist on a real ethernet - but the nework interface there is CARP, and from the inside ndp can oly resolve the single initial carp address (I believe this is a known bug). So I want some interface on the firewall box, which is neither the outside, nor the inside, where I can hang a set of addresses on a different subnet. That way both sides will be able to see the addresses fine, and everything will work nicely. -pete.