Aliases on vLan interfaces?

C

connchri

I have the following configuration:
Code: 
vlans_bge0="1 2 3"
ifconfig_bge0_1="inet 192.168.1.40/24 broadcast 192.168.1.255"
ifconfig_bge0_2="inet 192.168.2.45/24 broadcast 192.168.2.255"
ifconfig_bge0="UP"

Where I have configured a jail to use 192.168.2.45 on vlan2.

However, I would also like another jail to have access to the same vlan. I have only one physical NIC with a single port, hence the reliance on vlans and the likes. I have scoured the web and the ifconfig man pages, and I'm not getting answers, and I'm not sure where to go from here. Im I right in assuming I could create an alias of the "ifconfig_bge0_2" inferface and could end up with something like this:

Code: 
vlans_bge0="1 2 3"
ifconfig_bge0_1="inet 192.168.1.40/24 broadcast 192.168.1.255"
ifconfig_bge0_2="inet 192.168.2.45/24 broadcast 192.168.2.255"
ifconfig_bge0_2_alias0="inet 192.168.2.55/24 broadcast 192.168.2.255"
ifconfig_bge0="UP"

It is really just as simple as appending alias'n' in the case of a vlan interface? Then assigning that IP to the other jail (192.168.2.55)?

Right now, it would distrupt work and I'd like some thoughts on it before I go ahead and try this.
 
Alias IPs in the same subnet as an existing IP should be given a netmask of /32. Only the first IP added to an interface in a given subnet should have the "normal" netmask. (I believe they've "fixed" this in current releases, but i find it looks nicer using /32 for alias IPs.)

You also don't need the broadcast info. It's derived from the netmask.

And take a look at the ipv4_addrs syntax in /etc/default/rc.conf for an easier way to add multiple IPs to a single interface.
 
Thanks for this. You've replied to a few Q's I've posted up here.

Just a bit of background - I've always messed around with opensource software but never became proficient at it's use. Mainly because, well, GNU/Linux has captured the vast majority of interest. The issue I've always had is Linux Distro's are so fragmented and so different that it becomes nigh impossible, as a mear mortal with limited time, to become proficient with it without being side tracked or finding 3 million diffferent ways of doing the same thing and for it all to change fairly quickly again. FreeBSD solves that - it's constant, and it has good manuals, and it does what it says on the tin in a fairly consistant way. And I'm slowly filling out my own notebook on how to administer my own home server. So far I've got vLans running, zfs for snapshot and sending backups to external drives, jails for trusted and untrusted servers (got my nginx/php webserver, a mysql server, and my file server), and I'll soon tackle a mail server once my PTR record is updated. What a wonderful system. Albeit i've just shifted this over to a very underpowered Via Eden machine (it's quieter and cooler and isn't noticable by the other half).

Anyway, back to topic.

Alias IPs in the same subnet as an existing IP should be given a netmask of /32. Only the first IP added to an interface in a given subnet should have the "normal" netmask. (I believe they've "fixed" this in current releases, but i find it looks nicer using /32 for alias IPs.)
Click to expand...

Can you expand on that a little? What was the bug? Why should they only have /32 netmasks? And why would only the first IP have a normal netmask (I'm sucessfully using it in this case for two seperate jails to have access on the name vlan with their own seperate IP's).

Chris.
 
There are basically two main functions when assigning an IP to a system.

The first part is to assign the address to the system, so it responds to arp and accepts/processes packets addressed to it.

The second part, where the netmask comes in, is to add a ‘connected route’. Adding 192.168.0.1/24, will create a route for 192.168.0.0/24, via the interface the address is assigned to. This causes the system to try and deliver packets to any address on that network via arp/layer2 rather than sending them to a gateway router.

When adding additional addresses on the same network, you don’t need to create a route for the subnet as it’s already there, you just need the first bit. As such, it’s become a bit of a standard to just use a /32 mask for additional addresses on many systems.

I don’t know what the bug was though.
 
You must log in or register to reply here.
Back
Top