Why is it necessary to set a netmask of 255.255.255.255 for “alias” addresses in FreeBSD?

1

From FreeBSD handbook on the topic of virtual hosts:

For a given interface, there must be one address which correctly represents the network's netmask. Any other addresses which fall within this network must have a netmask of all 1s (expressed as either 255.255.255.255 or 0xffffffff).

Can anybody explain why this is the case?

networking
freebsd
alias
interface
asked on Server Fault Nov 8, 2010 by Eugene Yarmash • edited Nov 8, 2010 by Eugene Yarmash

3 Answers

4

This page contains a good explanation imho:

Since aliases are, in a sense, duplicate tags, the system needs to know whether the subnet represented by the tag is new, and this is indicated by the netmask. With a "normal" netmask, the system is told this is a new subnet, and it can then set up internal tables correctly. If the subnet is not new, the tables will get set up incorrectly if the netmask is "normal".

With a netmask of 255.255.255.255, the system knows this is a duplicate of an existing subnet, and therefore will assign the address as if it were assigned to the loopback interface, with the "point-to-point" mask.

Assigning a netmask of 255.255.255.0 will, in most cases, appear to work. However, the internal tables will not be set up correctly, and if the alias is removed, problems may ensue. This can be overcome by adding appropriate host routes when the alias is added, and removing the routes when the alias is removed. However, the system works correctly with the "point-to-point" netmask, and maintenance is easier.

answered on Server Fault Nov 8, 2010 by Eugene Yarmash
1

In fact you can set the netmask you think is useful.

But, if you change the netmask from /32 you will also need to set a route. If you follow the recommendation you can omit setting a route.

answered on Server Fault Nov 8, 2010 by pacey
-1

Well the FreeBSD manpage on ifconfig is not very helpful:

If the address is on the same subnet as the first network address for this interface, a non-conflicting netmask must be given. Usually 0xffffffff is most appropriate.

But what the above means is that a /32 mask makes this a specific network (The simplest network, a single host, is described by a /32 mask). Having the same netmask as the physical interface does not do any harm, as they are two interfaces on the same network.

Now imagine the alias having a mask that describes a superset network than that of the physical interface, e.g. the physical being 192.168.0.1/25 and the alias 192.168.0.2/24. Is 192.168.0.200 on the network and what does this mean for your alias interface?

answered on Server Fault Nov 8, 2010 by adamo

User contributions licensed under CC BY-SA 3.0