Usling vlan(4) without an actual lan behind it

Pete French petefrench at ingresso.co.uk
Mon Sep 19 12:45:25 UTC 2011


> Does it specifically have to be a vlan(4), or can you perhaps add another
> address to lo(4), or perhaps create a "lo1" in addition to the "lo0"?

It can be anything really - I was looking for a "generic" interface
I can configure with IP addresses. But adding real addresses to
loopback interfaces can cause problems can it not ?

The issue I am trying to address is that I have a whole bunch of IPv6
addresse on a /64, which are oly used as endpoints for a set of
websites - they don't exist on a real ethernet anywhere, and don't
need to. I just want them on an interface on a machine wwhen I can run
up a load balancer to listeon on those addresses and forward them to
the approrpiate actual machines serving the requests.

Currently I am using a range which is the same as the IPv6 - so
they do exist on a real ethernet - but the nework interface there
is CARP, and from the inside ndp can oly resolve the single initial
carp address (I believe this is a known bug). So I want some interface
on the firewall box, which is neither the outside, nor the inside, where I
can hang a set of addresses on a different subnet. That way both sides
will be able to see the addresses fine, and everything will work nicely.

-pete.


More information about the freebsd-stable mailing list