Re: virtual NICs
From: Lee Causier
Date: Wed Nov 16 2005 - 17:42:48 EST
Just a quick note..
iirc, virtual interfaces are necessary in order to configure multiple
IP addresses using "ifconfig", but if you use iproute2's tools you can
add any/all IPs to one interface (the original, eg eth0, br0, vlan0001
etc) with a command like "ip addr add 188.8.131.52/28 dev eth0" and then
all the addresses are considered equal; although ifconfig will only
list one of the IPs (it appears that it is restricted to
"understanding" only one IP per interface)
BSc Computer Science (Year 1)
On 11/16/05, Davy Durham <pubaddr2@xxxxxxxxxxxxxxx> wrote:
> First, thanks for the prompt response.
> linux-os (Dick Johnson) wrote:
> >Of course there is extra work! Any time something has to be checked
> >(filtered), there is the overhead of the filtering. In the case of
> >two or more IP addresses, the software has to perform an ARP on two
> >or more IPs. This means that it needs to "listen" for more queries.
> >Note that machines on Ethernet, communicate using their hardware-
> >addresses i.e., the "IEEE station address". But, the initial route
> >to the target machine needs to be set up by broadcasting an IP address,
> >thereby asking everybody on the LAN if the IP address belongs to them.
> >Hopefully only one machine answers. This sequence is called ARP
> >(address resolution protocol).
> My question was whether the one being defined to eth0 has an advantage
> over the one assigned to eth0:0 since one is real and one is virtual.
> My uninformed instinct told me to wonder if the NIC hardware itself
> somehow gets told to handle the IP assigned to eth0 and something in the
> linux software has to handle the IP assigned to eth0:0
> I realize that the machine will have to do more work total. But I
> wonder if it's any more work than if the server has two NICs with two
> different IPs.
> >Adding more IP addresses is like adding more machines as far as
> >the source (perhaps a router) is concerned. Adding more IP addresses
> >to a single host is sometimes necessary, but it is not without
> >cost. Basically, don't do it unless it's necessary.
> It's necessary because of the in-born inability for name based virtual
> hosting to be done over SSL (though I think this inability was
> unnecessary in that it could have been relaxed if just a little bit of
> unsecured data could be transmitted in the SSL header allowing the
> server to make some decision based on that clear data.. but that's
> another matter).
> Thanks again,
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/