Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!spool.mu.edu!daily-planet.execpc.com!news.sol.net!newspump.sol.net!uniserve!van-bc!unixg.ubc.ca!aurora.cs.athabascau.ca!sgigate.sgi.com!nntp.coast.net!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!news.ac.net!news.cais.net!jupiter.dnai.com!news
From: Karl Wiebe <karl@dnai.com>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: ip aliases side effect
Date: 19 Jun 1996 11:34:36 GMT
Organization: DNAI ( Direct Network Access )
Lines: 39
Message-ID: <4q8okc$89t@jupiter.dnai.com>
References: <4pj1qs$7jr@news.resolink.com> <4pv0d8$84e@uriah.heep.sax.de> <4q2ngf$33t@egate.egate.net> <4q5gv0$13c2@news3.realtime.net>
NNTP-Posting-Host: sol.dnai.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 1.1N (X11; I; SunOS 4.1.4 sun4m)
X-URL: news:4q5gv0$13c2@news3.realtime.net
chip@unicom.com (Chip Rosenthal) wrote:
>The limit most people hit seems to be named. Rather than just bind
>a listening socket to INADDR_ANY, it binds one socket per address.
>If you run out of file descriptors before binding all the alias
>addresses, you lose.
One way around this is to not run named on your webserver. Also, I think
the latest ( beta ) named can circumvent this behavior.
>>: > Anybody know that is there any bad side effect on making ip aliases
>>: > for virtual host?
>
>I find the biggest problem with ip aliasing is that you can end up
>sending packets with unexpected source addresses. That is, out of
>all the addresses bound to the interface, precisely which one is
>chosen as _the_ source address to stick in the outbound packet?
>And how does it change if you do some on-line network configuration
>tweaks. This is a significant problem for UDP applications (c.f.
>the above issue with named) and packet filters.
>
>My solution is to bind the interface aliases to the loopback device,
>not the Ethernet NIC, and then proxy arp the alias address.
>Exception: if I'm creating an aliase to make a host live on multiple
>nets/subnets, then I keep the alias on the interface.
I go a step farther: I ifconfig alias on extra loopback interfaces ( not lo0,
but lo1, etc. ) and avoid proxy-ARP completely.
Proxy-ARP seems to me like something that shouldn't be used when you can
avoid it. On a clean wire, it seems to work OK, but if you start adding
terminal servers to this same wire that are also doing proxy-ARP...
--Karl
--
== Karl Wiebe == karl@dnai.com ==
"Order is a form of repetition compulsion" --Freud
"Order is a form of repetition compulsion" --Freud
"Order is a form of repetition compulsion" --Freud