UNIXgod's guide to sane IP aliasing

[UNIXgod]

UNIXgod's guide to sane IP aliasing

For those who are not aware there is an alternative method to dealing with ip aliasing which can make your life easier and save hours of debugging and reconfiguration for larger setups.

Traditionally an alias would be setup via /etc/rc.conf with the syntax:

ifconfig_igb0_alias0="inet 10.50.50.100 netmask 0xffffffff" # dnscache
ifconfig_igb0_alias1="inet 10.50.50.101 netmask 0xffffffff" # tinydns
ifconfig_igb0_alias2="inet 10.50.50.122 netmask 0xffffffff" # httpd
ifconfig_igb0_alias3="inet 10.50.50.120 netmask 0xffffffff" # postfix
ifconfig_igb0_alias4="inet 10.50.50.130 netmask 0xffffffff" # postgres
ifconfig_igb0_alias5="inet 10.50.50.135 netmask 0xffffffff" # mysql

Though there is nothing wrong with this syntax form it suffers an issue where if a number is missing from some aliases may become stillborn such as:

ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"

in this case the alias3 and alias4 at the bottom would never be created because once the alias2 is created it will search for alias3 and when it's not found execution of ifconfig will stop at the first unsuccessful access.

In effort to deal with this issue the form has been depreciated though it is still heavily referenced in the handbook. The newer method is a bit easier to maintain.

The newer method is to create a file(s) in /etc named start_if.<interface>

/etc/start_if.<interface> is separate from rc.conf and <interface> refers to one of the interfaces you may have

If you would like to see the interfaces available on your system use this command to find out:

% ifconfig -l

An example of a /etc/start_if file would be this using igb() as an example:
/etc/start_if.igb3

#!/bin/sh
#/sbin/ifconfig $1 alias <public_ip> netmask 0xffffffff # jail<name>
/sbin/ifconfig $1 alias 10.50.50.100 netmask 0xffffffff # dnscache <djb>
/sbin/ifconfig $1 alias 10.50.50.103 netmask 0xffffffff # tinydns
/sbin/ifconfig $1 alias 10.50.50.118 netmask 0xffffffff # devel <sandbox>
/sbin/ifconfig $1 alias 10.50.50.120 netmask 0xffffffff # mail <postfix>
#/sbin/ifconfig $1 alias 10.50.50.122 netmask 0xffffffff # qmail <mail>
/sbin/ifconfig $1 alias 10.50.50.150 netmask 0xffffffff # mysql <5.1>
/sbin/ifconfig $1 alias 10.50.50.155 netmask 0xffffffff # PostgreSQL <8.4>
/sbin/ifconfig $1 alias 10.50.50.201 netmask 0xffffffff # httpd <apache-2.2>

Basically from an administration standpoint interfaces can be created and destroyed as well as tied into a single file read at boot without an extra step.

The $1 is optional and can be replaced by the interface name but allows a more portable syntax. if your working with many interfaces it may be simpler to use.

Also reordering and removing aliased will become less of an administrative nightmare in comparison to the legacy syntax.

note that the syntax above is also the same as the command line syntax for ifconfig()

Further examples and utilities will be explained in the second post.

 

[UNIXgod]

If one wished to remove many aliases utilizing the start_if. files sh facilities one can by simply negating the aliased to the file:

#!/bin/sh
#/sbin/ifconfig $1 alias <public_ip> netmask 0xffffffff # jail<name>
/sbin/ifconfig $1 [B]-alias[/B] 10.50.50.100 netmask 0xffffffff # dnscache <djb>
/sbin/ifconfig $1 [B]-alias[/B] 10.50.50.103 netmask 0xffffffff # tinydns
/sbin/ifconfig $1 alias 10.50.50.118 netmask 0xffffffff # devel <sandbox>
/sbin/ifconfig $1 alias 10.50.50.120 netmask 0xffffffff # mail <postfix>
#/sbin/ifconfig $1 alias 10.50.50.122 netmask 0xffffffff # qmail <mail>
/sbin/ifconfig $1 [B]-alias[/B] 10.50.50.150 netmask 0xffffffff # mysql <5.1>
/sbin/ifconfig $1 alias 10.50.50.155 netmask 0xffffffff # PostgreSQL <8.4>
/sbin/ifconfig $1 alias 10.50.50.201 netmask 0xffffffff # httpd <apache-2.2>

simply typing:
# sh /etc/start_if.igb3 igb3
will remove ip aliases with the comments mysql, tinydns, dnscache

also note that the #!/bin/sh is optional but may be considered cleaner. Since it is essentially a shell script one can potentially write conditionals to provide an even more exotic facility for their ip aliases.

with that one should also note the ability to use comments to remove full lines of syntax such as the line with the comment # qmail <mail>. This line is not executed at startup and is simply ignored. The use of comments may make a quick and dirty switch in some instances.

more to come....

 

[aragon]

The newer method is to create a file(s) in /etc named start_if.<interface>

AFAIK that method has existed since pre-4.x days. The latest method goes something like this:

ipv4_addrs_igb0="192.168.1.2/32 192.168.1.3/32 172.18.88.1/24"

Although I have only gleaned this from glancing at RC source... not tested it.

 

[UNIXgod]

AFAIK that method has existed since pre-4.x days.

You are correct the start_if method was implemented around 4.x. The handbook does not reflect it though. When I refer to newer I am referring to the alternative method. Nor is there a tutorial properly explaining the correct format. hence this tutorial.