Date: Sun, 26 May 2002 22:09:49 +0200 From: sthaug@nethelp.no To: Gerhard.Sittig@gmx.net Cc: stable@freebsd.org Subject: Re: 4.6-PRERELASE fxp alias woes Message-ID: <19769.1022443789@verdi.nethelp.no> In-Reply-To: Your message of "Sun, 26 May 2002 10:54:04 %2B0200" References: <20020526105404.Q1494@shell.gsinet.sittig.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Huh? I trust a computer to detect _that_ there are collisions. > > > But I'd *never* trust the machine to decide _which_ one of > > > multiple parameters is the wrong one. > > > > Very simple. Allow the same netmask as the primary address, *and* /32. > > Nothing else. Thus > > > > ifconfig_fxp0="inet 216.109.194.4 netmask 255.255.255.0" > > ifconfig_fxp0_alias0="inet 216.109.194.8 netmask 255.255.255.0" > > and > > ifconfig_fxp0="inet 216.109.194.4 netmask 255.255.255.0" > > ifconfig_fxp0_alias0="inet 216.109.194.8 netmask 255.255.255.255" > > > > would both be allowed. > > Well, right after sending my first reply I felt that I should > have put an example in it. :) Imagine the following setup: > > ifconfig_fxp0=" inet 192.168.20.120 netmask 255.255.255.0" > ifconfig_fxp0_alias0="inet 192.168.30.130 netmask 255.255.255.255" > > Of course a program can detect that these values "don't fit". But > how do you determine if the alias entry's address is wrong or the > netmask? Only an admin can, looking at the local topology. Not > even human spectators can decide which of the parameters needs > correction. *Why* should the program try to guess anything at all? Only if the configuration lines are in conflict should the program try to do something - otherwise it should assume that the values are correct. In this case, 192.168.20.120/24 as the primary address and 192.168.30.130/32 as an alias are perfectly fine. No conflict, no reason for ifconfig (or the kernel) to try to guess anything. > And since your above restriction doesn't solve any problem while > it prevents perfectly legal scenarios from working (like > > ifconfig_fxp0=" inet 192.168.20.120 netmask 255.255.255.0" > ifconfig_fxp0_alias0="inet 192.168.20.122 netmask 255.255.255.255" > ifconfig_fxp0_alias1="inet 172.16.120.130 netmask 255.255.0.0" > > ) it is to be rejected. :> How do the rules I proposed prevent this example? I wrote: > Very simple. Allow the same netmask as the primary address, *and* /32. > Nothing else. ... > For other subnets (not on the same subnet as the primary address): Let > the first alias decide the netmask, complain if further aliases within > the same subnet (as specified by the alias of the first netmask) use a > different netmask (but allow /32). 172.16.120.130/16 is not on the same subnet as 192.168.20.120/24, so there is no conflict. I'm perfectly willing to believe that these rules need to be refined. My main point is that this *can be done* in a consistent way - and that Cisco is one example which shows that it can indeed be done. And Cisco had had this at least since around 1990 (my first contact with Cisco IOS version 8.3). A further point is that having addresses on the same subnet all use the same netmask is more natural than using /32 for the aliases, if you've never used an alias before. Having to use /32 breaks POLA. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19769.1022443789>