Date: Thu, 19 May 2011 19:07:28 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: spork@bway.net Cc: freebsd-net@FreeBSD.org Subject: Re: IPv6 alias masks/masks for routed aliases Message-ID: <20110519.190728.881895202152708492.hrs@allbsd.org> In-Reply-To: <alpine.OSX.2.00.1105180359130.1983@hotlap.nat.fasttrackmonkey.com> References: <alpine.OSX.2.00.1105170300090.1983@hotlap.nat.fasttrackmonkey.com> <20110517.174313.868674729938461030.hrs@allbsd.org> <alpine.OSX.2.00.1105180359130.1983@hotlap.nat.fasttrackmonkey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Thu_May_19_19_07_28_2011_851)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Charles Sprickman <spork@bway.net> wrote
in <alpine.OSX.2.00.1105180359130.1983@hotlap.nat.fasttrackmonkey.com>:
sp> On Tue, 17 May 2011, Hiroki Sato wrote:
sp>
sp> > Charles Sprickman <spork@bway.net> wrote
sp> > in
sp> > <alpine.OSX.2.00.1105170300090.1983@hotlap.nat.fasttrackmonkey.com>:
sp> >
sp> > sp> First, the easy one. For IPv6 aliases, what is the proper subnet?
sp> >
sp> > Normally it is a /64. See also Section 2.5.4 in RFC 4291.
sp>
sp> My understanding was that a /64 was a common subnet since it's the
sp> minimum size required for host autoconfiguration. What I'm really
sp> looking for is the FreeBSD-specific recommendation for configuring
sp> aliases - I understand that I'll probably have a /64 on the LAN, but
sp> when setting a netmask on a single IPv6 alias are the rules different
sp> than they are for IPv4? So if I've got a lan block that's a /64 and I
sp> configure an alias on a FreeBSD host, do I give the alias the lan
sp> subnet (/64) or a host subnet (/128)? For IPv4, I believe that it
sp> should always be the host subnet (/32).
There is no FreeBSD-specific configuration. The recommendation is
/64 because various IPv6 specs assume /64 prefix length for a global
unicast address on a host and FreeBSD implementation supports
configuration of multiple /64 addresses on a single interface. There
is no reason to use /128 or ones longer than 64 while you can
configure a GUA with such a longer prefix.
sp> The current setup looks like this on the ISP side:
I am still not sure of the network topology. Something like this?
(ISP)
|
|10.[123456].0.0
(router)
|10.1.0.1/27
|
(hosts) 10.1.0.x/27
10.2.0.2/28
10.2.0.3/32
:
Hmm, I may misunderstand something. If this diagram is correct, I am
wondering why the router has 10.[123456].0.0 addresses on the WAN
side, not on the FE0/1 side. I feel like simply configuring
10.[123456].0.1 on the LAN side instead and an address on the ISP
side which can communicate ISP's router would work.
-- Hiroki
----Security_Multipart(Thu_May_19_19_07_28_2011_851)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (FreeBSD)
iEYEABECAAYFAk3U6+AACgkQTyzT2CeTzy3jjwCeMDX2uC40TapE4toeClSjGH2x
jt4An2pGqEIaSd+l2bv4c9O6B/p3KGTP
=MzT6
-----END PGP SIGNATURE-----
----Security_Multipart(Thu_May_19_19_07_28_2011_851)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110519.190728.881895202152708492.hrs>