[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: SNAT using the same internal address multiple times
From:       Amos Jeffries <squid3 () treenet ! co ! nz>
Date:       2013-02-08 1:51:52
Message-ID: 51145A38.6020705 () treenet ! co ! nz
[Download RAW message or body]

On 8/02/2013 9:39 a.m., Alex Bligh wrote:
> On 7 Feb 2013, at 16:56, Jimmy Thrasibule wrote:
>
>> OK, the problem here is to keep your interface MAC address when sending
>> a packet. You have the `bonding` driver to group interface but I don't
>> think it permits such a thing as it is more for load-balancing.
> Towards the VM? It doesn't care about the originating MAC. The destination
> MAC should be in the neighbor table in the normal way.
>
>>> (*) = why on earth would I want to do this? Suppose you have a huge
>>> number of VMs which can live migrate between physical machines. Without
>>> this, IP addressing needs to be globally unique across all VMs
>>> across all physical machines. This is somewhat tedious.
>> But in any case, how would you set up your virtual machines as they need
>> an IP address?
> I could configure them statically. Actually what I'd do is use an extremely
> lightweight tiny DHCP server I have written that would simply answer with
> the same IP address for any query. Given they all have the same IP address,
> this seems satisfactory.
>

What I'd do is access them all individually using their automatic fe80:: 
internal MAC-based IPv6 address.
This address often works regardless of what global access IPv4 or IPv6 
address screwups have been done, allowing easy administrative fixes of 
said problems.

AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]