IP aliasing & telnet

[Srikanth Throvagunta]

A network interface on a Unix like Digital Unix or Solaris can be assigned
multiple IP addresses and the overloaded term IP aliasing is used to refer to it. I have heard
that an interface configured with multiple IP addresses under different subnets is known to cause
some problems. What, if any, are they? Has anyone experimented with such a setup?

Telnet runs off TCP port 23. There does not seem to be an option in telnet to specify a particular
interface address to use (when configured with IP aliasing). In a nutshell, telnet does not seem to
do a bind before a connect on the socket. Can anyone please spearhead the discussion?

- srikanth

I speak for myself.

[Yar Tikhiy]

Hello,

In comp.unix.internals Srikanth Throvagunta <sthr...@cisco.com> wrote:
> A network interface on a Unix like Digital Unix or Solaris
> can be assigned multiple IP addresses and the overloaded
> term IP aliasing is used to refer to it. I have heard

As for Solaris, you're slightly wrong. It does not use the aliasing
ideology. At least at the user side, there are so called "logical
interfaces" like le0:1 which are used to assign multiple addresses
to one physical interface. One logical interface can have only one address
(at least from the same address family)

> that an interface configured with multiple IP addresses under
> different subnets is known to cause
> some problems. What, if any, are they? Has anyone experimented
> with such a setup?

I never heard about such problems.

> Telnet runs off TCP port 23. There does not seem to be an option
> in telnet to specify a particular
> interface address to use (when configured with IP aliasing).
> In a nutshell, telnet does not seem to
> do a bind before a connect on the socket. Can anyone please
> spearhead the discussion?

Telnet does not run off TCP port 23. Telnetd does :-) Even more
correctly, it is inetd which knows about the ports and addresses,
and telnetd just uses stdin and stdout. Generally speaking,
a lot of modern standalone (i.e. which does not run from inetd)
server-side software can be configured to bind to a specific
IP address. Usual inetd cannot, but xinetd (a free advanced
replacement for inetd; it seems to be for BSD only, though) can.

SY, Yar

[Bruce J. Keeler]

Yar Tikhiy <y...@radio-msu.net> writes:
> Hello,
>
> In comp.unix.internals Srikanth Throvagunta <sthr...@cisco.com> wrote:
> > that an interface configured with multiple IP addresses under
> > different subnets is known to cause
> > some problems. What, if any, are they? Has anyone experimented
> > with such a setup?
>
> I never heard about such problems.

Nor I.

>
> > Telnet runs off TCP port 23. There does not seem to be an option
> > in telnet to specify a particular
> > interface address to use (when configured with IP aliasing).
> > In a nutshell, telnet does not seem to
> > do a bind before a connect on the socket. Can anyone please
> > spearhead the discussion?
>
> Telnet does not run off TCP port 23. Telnetd does :-) Even more
> correctly, it is inetd which knows about the ports and addresses,
> and telnetd just uses stdin and stdout. Generally speaking,
> a lot of modern standalone (i.e. which does not run from inetd)
> server-side software can be configured to bind to a specific
> IP address. Usual inetd cannot, but xinetd (a free advanced
> replacement for inetd; it seems to be for BSD only, though) can.
>
> SY, Yar

As I read the original question, he seems to be wondering how the system
chooses the source IP address when initiating an outbound connection.
The answer is that it will pick the one that corresponds to the subnet
it's going to. The only times that's ambiguous is when there is more
than one route to the destination, or when the aliased IP addresses are
on the same subnet. I can't imagine a case when either situation would
cause a problem.

If telnet provides no way to bind the client end of the connection, it's
probably because there's no need.

Bruce
--
Bruce J. Keeler | Someone: Just how fast is that RS6000 box?
bkee...@iwa.intel.dp.com |
UNIX, Perl, whatever you need. | Me: Well, I don't know what its terminal
I don't speak for Intel. | velocity is, but I'd sure love to find out!

[Srikanth Throvagunta]

/*
* I received the following help from todd in personal email to me.
* To be more explicit, one of the Unix boxes on the testbed panicks and I want to know
* if anyone has tried out this configuration. I don't think ipforwarding
* has any element to play. As for telnet, its client does not seem to have an explicit
* mechanism to use and send packets out an interface.
* - Srikanth
*/

-------------------------------------------------------

In article <355B4B97...@cisco.com> you write:
> A network interface on a Unix like Digital Unix or Solaris can be assigned
> multiple IP addresses and the overloaded term IP aliasing is used to

> refer to it. I have heard that an interface configured with multiple IP

> addresses under different subnets is known to cause some problems. What,
> if any, are they? Has anyone experimented with such a setup?

In general, it's not too common to run 2 IP subnets over the same piece of
ehernet. As far as 'known problems', though, the only thing I can think
of is that you have to make sure IP forwarding is turned off on the box,
or you have yourself a nice little loop because both interfaces 'see'
every packet.

> Telnet runs off TCP port 23. There does not seem to be an option in telnet
> to specify a particular interface address to use (when configured with
> IP aliasing). In a nutshell, telnet does not seem to do a bind before
> a connect on the socket. Can anyone please spearhead the discussion?

There's no need to bind() to a specific IP address for outgoing connections,
the kernel routing table takes care of making sure the packets go out the
proper interface. In the case of telnet, the source port number is also
not important, so no, it does not need to do a bind() before connect().

todd.

[Yar Tikhiy]

In comp.unix.internals Bruce J. Keeler <bkee...@iwa.dp.intel.com> wrote:

> As I read the original question, he seems to be wondering how the system
> chooses the source IP address when initiating an outbound connection.
> The answer is that it will pick the one that corresponds to the subnet
> it's going to. The only times that's ambiguous is when there is more
> than one route to the destination, or when the aliased IP addresses are
> on the same subnet. I can't imagine a case when either situation would
> cause a problem.

AFAIK, the case of two routes to the same dst is not relevant here,
because the IP output routine (e.g. BSD ip_output() ) is always told
only about one specific route. It has never to choose between two routes.
And it is ip_output() which sets the src address if it's INADDR_ANY.

In case of two aliases on the same subnet the system seems to choose
'logicaly first' one, e.g. the address of le0 on Solaris and the first
element of the interface address list on BSD.

> If telnet provides no way to bind the client end of the connection, it's
> probably because there's no need.

Yes, I also think there is no need of letting lusers mess with
source addresses :-) However, sometimes it is desirable to make
non-user-end apps like innfeed or Squid which do outgoing connections
use some specific source address. Of course, the apps just call
bind() before connect() to achieve the effect. I think they usually
set the port number to zero when calling bind() and let the system
choose it itself.

SY, Yar

[Srikanth Throvagunta]

What are the uses of IP aliasing?

One use I know of is to keep the system as webserving different homepages. Of course,
this needs tweaking the settings in named conf files:-) Are there any other practical uses?
If the kernel uses only the primary address, for outgoing IP packets, there does not seem to
be any real use from a source viewpoint. Can anyone please take up this issue and throw
some light.

- Srikanth.

-------------------------------------------------------------------

For him neither the rule of human nor the rule of divine will exist as an independent cause of natural events

[Srikanth Throvagunta]

[Barry Margolin]

In article <3560AEF9...@cisco.com>,

Srikanth Throvagunta <sthr...@cisco.com> wrote:
>What are the uses of IP aliasing?
>
>One use I know of is to keep the system as webserving different
>homepages. Of course,

That's the only common use. Very few systems supported IP aliasing before
web servers.

Eventually, people will stop using IP aliases to do this, as HTTP/1.1
supports a header (Host) that browser can send to tell the server what
hostname was in the URL. Netscape and IE have been doing this for a year,
but server operators are still using IP aliases for the benefit of old
browsers.

>this needs tweaking the settings in named conf files:-) Are there any
>other practical uses?

No, it only needs tweaking the settings in httpd conf files.

--
Barry Margolin, bar...@bbnplanet.com
GTE Internetworking, Powered by BBN, Cambridge, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.

[Jure Simsic]

Srikanth Throvagunta wrote:
>
> What are the uses of IP aliasing?
>
> One use I know of is to keep the system as webserving different homepages. Of course,

> this needs tweaking the settings in named conf files:-) Are there any other practical uses?

> If the kernel uses only the primary address, for outgoing IP packets, there does not seem to
> be any real use from a source viewpoint. Can anyone please take up this issue and throw
> some light.
>

What you're talking about here is just web site hosting - IP is the
same, you just assign aliases (different domain names)in the DNS. IP
aliasing means your box has several IPs which means several ethernet
interfaces. Useful for firewalling a subnet or gateways for one..

Jure
--
Jure Simsic
RCU, University of Ljubljana
Kardeljeva ploscad 17, 1000 Ljubljana, Slovenia
email: jure....@uni-lj.si webm...@uni-lj.si

[Kurt J. Lanza]

Jure Simsic wrote:
>
> Srikanth Throvagunta wrote:
> >
> > What are the uses of IP aliasing?
> >
> > One use I know of is to keep the system as webserving different homepages. Of course,
> > this needs tweaking the settings in named conf files:-) Are there any other practical uses?
> > If the kernel uses only the primary address, for outgoing IP packets, there does not seem to
> > be any real use from a source viewpoint. Can anyone please take up this issue and throw
> > some light.
> >
> What you're talking about here is just web site hosting - IP is the
> same, you just assign aliases (different domain names)in the DNS. IP
> aliasing means your box has several IPs which means several ethernet
> interfaces. Useful for firewalling a subnet or gateways for one..
>

Or, you have used the (unix) ifconfig command to cause the interface
to respond to packets addressed to more then one IP. This allows you
to serve several DNS names and distiguish between them. That is, by
running a separate server for each IP. IP is not always the same. For
instance, we have over 3000 IPs on one server (don't ask).

[Andrew Williams]

On Tue, 19 May 1998 19:12:52 +0200, Jure Simsic
<jure....@uni-lj.si> wrote:

>Srikanth Throvagunta wrote:
>>
>> What are the uses of IP aliasing?
>>
>> One use I know of is to keep the system as webserving different homepages. Of course,
>> this needs tweaking the settings in named conf files:-) Are there any other practical uses?
>> If the kernel uses only the primary address, for outgoing IP packets, there does not seem to
>> be any real use from a source viewpoint. Can anyone please take up this issue and throw
>> some light.

you can use the aliasing in sendmail and some ftp servers, but that's
still basically the same thing as web stuff. . . .

>What you're talking about here is just web site hosting - IP is the
>same, you just assign aliases (different domain names)in the DNS. IP
>aliasing means your box has several IPs which means several ethernet
>interfaces. Useful for firewalling a subnet or gateways for one..

no, IP aliasing does not require seperate physical interfaces. I am
running 50+ IP addressess off of a box with only 1 ethernet interface.

[Brian McCauley]

Srikanth Throvagunta <sthr...@cisco.com> writes:

> What are the uses of IP aliasing?

> One use I know of is to keep the system as webserving different
> homepages. Of course, this needs tweaking the settings in named conf
> files:-) Are there any other practical uses? If the kernel uses
> only the primary address, for outgoing IP packets, there does not
> seem to be any real use from a source viewpoint. Can anyone please
> take up this issue and throw some light.

The "proper" use of IP aliases is where a single physical LAN carries
more than on subnet - typically an internet subnet and an intranet
subnet (globally non-routable). An single interface can have an
address in each subnet and behave like 2 NICs on the same LAN. If the
kernel were only to use the primary address then obviously it is
broken in this context.

I don't know about other unicies but the Linux kernel has a compile
time option to determine if you want proper alias semantics or want to
save the small run-time overhead of implementing the proper semantics
and have the broken semantics.

--
\\ ( ) No Bullshit! | Email: B.A.Mc...@bham.ac.uk
. _\\__[oo from | Phones: +44 121 471 3789 (home)
.__/ \\ /\@ /~) /~[ /\/[ | +44 121 627 2173 (voice) 2175 (fax)
. l___\\ /~~) /~~[ / [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
# ll l\\ ~~~~ ~ ~ ~ ~ | http://wcl-l.bham.ac.uk/~bam/
###LL LL\\ (Brian McCauley) | Finger: b...@wcl-rs.bham.ac.uk

[Bjorn Borud]

[Srikanth Throvagunta <sthr...@cisco.com>]

|
| A network interface on a Unix like Digital Unix or Solaris can be
| assigned multiple IP addresses and the overloaded term IP aliasing
| is used to refer to it. I have heard that an interface configured
| with multiple IP addresses under different subnets is known to cause
| some problems. What, if any, are they? Has anyone experimented with
| such a setup?

a common problem for a machine with multiple IP adresses defined for a
single ethernet card is that the source adress for outgoing
connections are either allocated in what seems to be a round-robin
fashion (like Solaris) or the system picks one address as the default
source (like IRIX). (the way IRIX 5.3 picks an address seems pretty
random, but it does not pick the primary address in setups that I have
tried).

this could be avoided by using bind() and specify the desired source
address, but few applications that _should_ have this functionality
actually have it.

the problems experienced when the system assigns "random" source
addresses on connections have mainly to do with authentication and
related matters. I have experienced problems when trying to mount NFS
volumes from other machines, because the source address was something
else than the NFS server at the other end expected.

Sun has yet to provide me with a fix to make Solaris stop allocating
source adresses in a round robin fashion for connections that didn't
use bind() or used bind() with INADDR_ANY.

-Bjørn
--
Bjørn Borud <bo...@guardian.no> | "The Net interprets censorship
<URL:http://www.pvv.unit.no/~borud/> | as damage and routes around it."
UNIX person, one of "them" | - John Gilmore

[Barry Margolin]

In article <m2g1i3o...@lucifer.guardian.no>,

Bjorn Borud <bo...@guardian.no> wrote:
>the problems experienced when the system assigns "random" source
>addresses on connections have mainly to do with authentication and
>related matters. I have experienced problems when trying to mount NFS
>volumes from other machines, because the source address was something
>else than the NFS server at the other end expected.

I encountered a problem like this involving packet filters. We're an ISP,
and we manage routers connecting to customer LANs, and often set up
filters. We had installed a filter to allow FTP in to the customer's file
server, and also allow outbound connections from that address for use by
the data connection, but file transfers were still hanging. It turned out
that the machine had IP aliases, and the source address of the data
connection was one of the other addresses.

In this case the solution was simple: add all the alias addresses to the
filter.

[Srikanth Throv]

Jure Simsic wrote:

> Srikanth Throvagunta wrote:
> >
> > What are the uses of IP aliasing?
> >
> > One use I know of is to keep the system as webserving different homepages. Of course,
> > this needs tweaking the settings in named conf files:-) Are there any other practical uses?
> > If the kernel uses only the primary address, for outgoing IP packets, there does not seem to
> > be any real use from a source viewpoint. Can anyone please take up this issue and throw
> > some light.
> >

> What you're talking about here is just web site hosting - IP is the
> same, you just assign aliases (different domain names)in the DNS. IP
> aliasing means your box has several IPs which means several ethernet
> interfaces. Useful for firewalling a subnet or gateways for one..
>

> Jure
> --
> Jure Simsic
> RCU, University of Ljubljana
> Kardeljeva ploscad 17, 1000 Ljubljana, Slovenia
> email: jure....@uni-lj.si webm...@uni-lj.si

It is possible to run a web server (Apache) with a single IP address, but serving multiple domain
names. Apache calls this non-IP intensive virtual servers.... This needs playing with DNS on CNAME
entries.

If you configure the server with IP aliasing, a separate instance of Apache is running for each domain.
Apache calls this IP intensive virtual server. With HTTP Version 1.1. protocol, the browser can pass
the HTTP_HOST environment variable or something to achieve the same effect. More details can be
found at http://www.apache.org.

- Srikanth

[Mark Simon]

Another use of IP aliasing is for server failover, as in a Digital ASE
Cluster. Each server has a unique IP address and an alias IP for each
service it is running. The servers drop or add aliases when the stop and
start services.

Mark Simon MCI

Srikanth Throvagunta wrote in message <3560AEF9...@cisco.com>...

>What are the uses of IP aliasing?
>

>- Srikanth.

[T. Srikanth]

Hi,

Another use I learnt of IP aliasing is when you reorganize your hosts and systems
on your network. Before you switch services for maintenance, you may choose to use
IP aliasing.

Kudos
Srikanth

--
Fly with time http://www.cisco.com/jobs

[Michael Mansour]

We use ASE for this purpose described below, but with ip aliasing we do
another clever thing (we thing it's clever anyway). We assign an ip alias
address for our database clients to connect to (since they are not shown up
as actual users of Unix, only users / processes of a database server).

We then need to process nightly jobs which require our users are killed and
database servers brought down. When database servers are brought down, we
remove the alias clients access, thereby stopping them from accessing the
database (you may think it silly at first, since clients won't be able to
access a down database server anyway - but read on). After some nightly
maintenance occurs (tape backups etc) we bring the database servers back up,
but we don't want clients to immediately connect yet since we still do more
work on the servers before clients are on.

When we complete nightly events in total, we re-assign the alias thereby
allowing client connection to database servers which have been up for some
time.

Michael.