Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!howland.reston.ans.net!news.sprintlink.net!news-stk-200.sprintlink.net!news.mathworks.com!newsfeed.internetmci.com!realtime.net!not-for-mail From: chip@unicom.com (Chip Rosenthal) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: ip aliases side effect Date: 18 Jun 1996 06:05:20 GMT Organization: Unicom Systems Development, Austin, TX Lines: 31 Message-ID: <4q5gv0$13c2@news3.realtime.net> References: <4pj1qs$7jr@news.resolink.com> <4pv0d8$84e@uriah.heep.sax.de> <4q2ngf$33t@egate.egate.net> NNTP-Posting-Host: garcon.unicom.com X-RTcode: 81a3ef2a31203275bac647ec [my experience mainly is with BSD/OS ... but I suspect it's mostly applicable] In article <4q2ngf$33t@egate.egate.net>, Paul Andersen <paul@egate.egate.net> wrote: >My question is how many can you run anywayz? The limit most people hit seems to be named. Rather than just bind a listening socket to INADDR_ANY, it binds one socket per address. If you run out of file descriptors before binding all the alias addresses, you lose. >: > Anybody know that is there any bad side effect on making ip aliases >: > for virtual host? I find the biggest problem with ip aliasing is that you can end up sending packets with unexpected source addresses. That is, out of all the addresses bound to the interface, precisely which one is chosen as _the_ source address to stick in the outbound packet? And how does it change if you do some on-line network configuration tweaks. This is a significant problem for UDP applications (c.f. the above issue with named) and packet filters. My solution is to bind the interface aliases to the loopback device, not the Ethernet NIC, and then proxy arp the alias address. Exception: if I'm creating an aliase to make a host live on multiple nets/subnets, then I keep the alias on the interface. -- Chip Rosenthal * troff programmer * <chip@unicom.com> "You realy need to read Canter&Siegal big time." <deh@fox.nstn.ca> in <4p0be9$j2f@news.nstn.ca>