On Tue, 17 May 2011, Hiroki Sato wrote:
Charles Sprickman <sp...@bway.net> wrote
in <alpine.osx.2.00.1105170300090.1...@hotlap.nat.fasttrackmonkey.com>:
sp> First, the easy one. For IPv6 aliases, what is the proper subnet?
Normally it is a /64. See also Section 2.5.4 in RFC 4291.
My understanding was that a /64 was a common subnet since it's the minimum
size required for host autoconfiguration. What I'm really looking for is
the FreeBSD-specific recommendation for configuring aliases - I understand
that I'll probably have a /64 on the LAN, but when setting a netmask on a
single IPv6 alias are the rules different than they are for IPv4? So if
I've got a lan block that's a /64 and I configure an alias on a FreeBSD
host, do I give the alias the lan subnet (/64) or a host subnet (/128)?
For IPv4, I believe that it should always be the host subnet (/32).
Which is proper on a FreeBSD host for IPv6?
sp> And the second one, which is also probably easy. We're going to move
sp> at some point from a bunch of subnets on the same wire to having our
sp> own router that gets our blocks routed to it. At that point I'd like
sp> to move to routing individual IPs (or small subnets) to each host
sp> behind the router.
sp>
sp> For example, say we have the following routed to our router:
sp>
sp> 10.1.0.0/27
sp> 10.2.0.0/27
sp> 10.3.0.0/27
sp>
sp> All the hosts behind our router are in 10.1.0.0/27. I want to send
sp> some IPs from 10.2.0.0/27 and 10.3.0.0/27 to a host at 10.1.0.2, so I
sp> do the equivalent of "ip route 10.2.0.0 255.255.255.248 10.1.0.2"
sp> (cisco speak) on the router box. How should the aliases on 10.1.0.2
sp> be defined? Should they all have /32 masks? Should the first get a
sp> /29 and the rest a /32?
sp>
sp> Is this even a valid config? In reality, we have way more subnets,
sp> totally non-contiguous, varying masks. With VRRP on the provider's
sp> side, we immediately lose 2 IPs from each subnet in our current setup,
sp> plus the network and broadcast IPs. I'm hoping that in a routed setup
sp> I can regain not only the VRRP IPs but the top and bottom of each
sp> subnet... Considering the scarcity of IPs these days, that would be a
sp> big help.
Well, I could not understand what you are trying... Is 10.1.0.2
located on 10.1.0.0/27 and acting as another nexthop router?
It's on the 10.1.0.0/27 LAN, but it is not a gateway. It's simply a host
that will have additional space routed to it for services running on it
that will be binding to these other IPs (ie: 10.2.0.2-12 or some such).
If you want to split three subnets on a single wire into three subnets
on three wires, simply configuring three /27 addresses to each interface
on the router works. If you want to route a part of the traffic from
specific addresses to a specific host, you can add a specific route for
the address range.
The current setup looks like this on the ISP side:
interface vlanxxx
ip address 10.1.0.0 255.255.255.224
ip address 10.2.0.0 255.255.255.240 secondary
ip address 10.3.0.0 255.255.255.248 secondary
ip address 10.4.0.0 255.255.255.224 secondary
ip address 10.5.0.0 255.255.255.240 secondary
ip address 10.6.0.0 255.255.255.240 secondary
Each of our hosts has an IP in the 10.1.0.0/27 subnet, and uses 10.1.0.1
as the default gateway.
Most hosts additionally have aliases in the other subnets, ie:
ifconfig fxp0 alias 10.2.0.2 netmask 255.255.255.240 (first one gets the
actual subnet)
ifconfig fxp0 alias 10.2.0.3 netmask 255.255.255.255 (subsequent get a
host mask)
We are looking to add a pair of Free/OpenBSD boxes with CARP and have the
ISP give us a /30 for the "WAN" side and then route all those subnets to
our own "router". We would then route individual IPs or small subnets (if
contiguous makes sense) to our hosts behind the router. Again, in Cisco
speak:
interface fastethernet 0/1
ip address 10.1.0.1 255.255.255.224
!
ip route 10.2.0.3 255.255.255.255 10.1.0.2
ip route 10.2.0.4 255.255.255.255 10.1.0.3
ip route 10.2.0.5 255.255.255.255 10.1.0.3
ip route 10.2.0.6 255.255.255.255 10.1.0.4
ip route 10.2.0.7 255.255.255.255 10.1.0.5
ip route 10.3.0.1 255.255.255.255 10.1.0.5
ip route 10.3.0.2 255.255.255.255 10.1.0.5
(and so on)
On hosts 10.1.0.2-5, would they each get a /32 netmask on the associated
alias?
Thanks,
Charles
-- Hiroki
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
