lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 May 2019 10:42:35 +0200
From:   Matthias May <matthias.may@...atec.com>
To:     "M. Buecher" <maddes+kernel@...des.net>, netdev@...r.kernel.org
Subject: Re: IP-Aliasing for IPv6?

On 14/05/2019 20:49, M. Buecher wrote:
> Preamble: I'm just a network hobbyist at home, so please bear with me if
> something in this mail is "stupid" from an expert's point of view.
> 
> According to the documentation [1] "IP-Aliasing" is an obsolete way to
> manage multiple IP[v4]-addresses/masks on an interface.
> For having multiple IP[v4]-addresses on an interface this is absolutely
> true.
> 
> For me "IP-Aliasing" is still a valid, good and easy way to "group" ip
> addresses to run multiple instances of the same service with different
> IPs via virtual interfaces on a single physical NIC.
> 
> Short story:
> I recently added IPv6 to my LAN setup and recognized that IP-Aliasing is
> not support by the kernel.
> Could IP-Aliasing support for IPv6 be added to the kernel?
> 
> Long story:
> I tried to find out how to do virtual network interfaces "The Right Way
> (tm)" nowadays.
> So I came across MACVLAN, IPVLAN and alike on the internet, mostly in
> conjunction with containers or VMs.
> But MACVLAN/IPVLAN do not provide the same usability as "IP-Aliasing",
> e.g. user needs to learn a lot about network infrastructre, sysctl
> settings, forwarding, etc.
> They also do not provide the same functionality, e.g. the virtual
> interfaces cannot reach their parent interface.
> 
> In my tests with MACVLAN (bridge)/IPVLAN (L2) pinging between parent and
> virtual devices with `ping -I <device> <target ip>` failed for IPv4 and
> IPV6.
> Pinging from outside MACVLAN worked fine for IPv4 but not IPv6, while
> IPVLAN failed also for pinging with IPv4 to the virtual interfaces.
> Pinging to outside only worked from the parent device.
> Unfortunately I could not find any source on the internet that describes
> how to setup MACVLAN/IPVLAN and their surroundings correctly for a
> single machine. It seems they are just used for containers and VMs.
> 
> If it is possible to setup MACVLAN/IPVLAN that they can reach and also
> can be reached from their parent device, other virtual devices and from
> outside, then please guide me to the right direction or provide links.
> Would be much appreciated.
> Otherwise I would like to see IP-Aliasing for IPv6.
> 
> Hope to stimulate further thoughts and thanks for reading
> Matthias "Maddes" Bücher
> 
> [1] https://www.kernel.org/doc/html/latest/networking/alias.html
> 

Hi
You might want to take a look at the "label" argument of ip when setting
an IP address.

BR
Matthias

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ