{"id":62,"date":"2010-01-29T09:50:12","date_gmt":"2010-01-28T20:50:12","guid":{"rendered":"http:\/\/www.don.nz.net\/wordpress\/?p=62"},"modified":"2010-01-29T09:50:12","modified_gmt":"2010-01-28T20:50:12","slug":"broadcast-interface-addressing-considered-harmful","status":"publish","type":"post","link":"https:\/\/don.nz.net\/wordpress\/?p=62","title":{"rendered":"Broadcast Interface Addressing Considered Harmful"},"content":{"rendered":"<p>\t\t\t\tI hate IPv4 link broadcast interface (e.g. Ethernet) addressing semantics.\u00a0 To recap, if I have two boxes on each end of a point-to-point link (say between a gateway and an end host), we address as follows (for example):<\/p>\n<ul>\n<li>10.1.1.0: Network address (reserved)<\/li>\n<li>10.1.1.1: Host 1 (gateway)<\/li>\n<li>10.1.1.2: Host 2 (end host)<\/li>\n<li>10.1.1.3: Broadcast address.<\/li>\n<\/ul>\n<p>That&#8217;s four IP addresses, for a link to a single host.\u00a0 Hello?\u00a0 Haven&#8217;t you heard the news?\u00a0 IP addresses are running out!<\/p>\n<p>Some folks manage to get away with using \/31 masks, e.g.<\/p>\n<ul>\n<li>10.1.1.4: Host 1 (gateway)<\/li>\n<li>10.1.1.5: Host 2 (end host)<\/li>\n<\/ul>\n<p>which is just wrong.\u00a0 Better in terms of address usage (two addresses instead of four), but still just plain wrong. An you&#8217;re still wasting addresses.<\/p>\n<p>The PPP folks a long time ago figured that a session, particularly in client to concentrator type configurations, only needs one IP address. A &#8220;point to point&#8221; interface has a local address, and a remote address, of which only the remote address needs to be stuffed in the routing table.\u00a0 The local address can be the address of the concentrator, and doesn&#8217;t even need to be in the same subnet.<\/p>\n<p>So why can&#8217;t my Ethernet interfaces work the same way?<\/p>\n<p>A point to point link really doesn&#8217;t have broadcast semantics.\u00a0 Apart from stuff like DHCP, you never really need to broadcast &#8212; after all, our PPP friends don&#8217;t see a need for a &#8220;broadcast&#8221; address.<\/p>\n<p>Well, we decided we had to do something about this.\u00a0 The weapon of choice is NetGraph on FreeBSD.\u00a0 NetGraph basically provides a bunch of kernel modules that can be linked together.\u00a0 It&#8217;s been described as &#8220;network Lego&#8221;.\u00a0 I like it because it&#8217;s easy to slip new kernel modules into the network stack in a surprising number of places. This isn&#8217;t a NetGraph post, so I won&#8217;t spend more verbiage on it,but it&#8217;s way cool. <a href=\"http:\/\/www.google.com\/search?q=freebsd+netgraph\">Google it<\/a>.<\/p>\n<p>In a real point-to-point interface, both ends of the link know the semantics of the link.\u00a0 For Ethernet point-to-point addressing, we can still do this (and my code happily supports this configuration), but obviously both ends have to agree to do so. &#8220;Normal&#8221; clients won&#8217;t know what we&#8217;re up to, so we have to do this in such a way that we don&#8217;t upset their assumptions.<\/p>\n<p>So we cheat. And we lie. And worst of all,we do proxy ARP!<\/p>\n<p>What we do is tell our clients that they are on a \/24 network. Their IP address is, for example, 10.1.2.5\/24, and the gateway is 10.1.2.1. Any time we get a packet for 10.1.2.5, we&#8217;ll send it out that interface, doing ARP as normal to resolve the remote host&#8217;s MAC address.<\/p>\n<p>Going the other way, we answer ARP requests for any IP address in 10.1.2.0\/24, except 10.1.2.5, with our own MAC address.\u00a0 That means that if they ARP for 10.1.2.6, we&#8217;ll answer the ARP request, which directs that packet to us, where we can use our interior routes to route it correctly.\u00a0 In our world, two &#8220;adjacent&#8221; IP addresses could be on opposite sides of the network, or it could be on a different VLAN on the same interface.<\/p>\n<p>The result is one IP address per customer.\u00a0 We &#8220;waste&#8221; three addresses per 256, the network (.0), gateway (.1) and broadcast (.255), and we have to be a bit careful about what we do with the .1 address &#8212; it could appear on every router that is playing with that \/24.\u00a0 But we can give a user a single IP address, and put it anywhere in the network.<\/p>\n<p>We can actually have multiple IP addresses on the same interface; we do this by having the NetGraph module have a single Ethernet interface but multiple virtual point-to-point interfaces.\u00a0 So if we want to give someone two IP addresses, we can do that as two, not necessarily adjacent, \/32 addresses.\u00a0 We don&#8217;t answer ARPs for any of the assigned addresses, but do answer everything else. The module maintains a mapping of point-to-point interface to associated MAC address.\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I hate IPv4 link broadcast interface (e.g. Ethernet) addressing semantics.\u00a0 To recap, if I have two boxes on each end of a point-to-point link (say between a gateway and an end host), we address as follows (for example): 10.1.1.0: Network address (reserved) 10.1.1.1: Host 1 (gateway) 10.1.1.2: Host 2 (end host) 10.1.1.3: Broadcast address. That&#8217;s [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[8,11,16,20,22,24],"class_list":["post-62","post","type-post","status-publish","format-standard","hentry","category-pushing-packets","tag-arp","tag-broadband","tag-ethernet","tag-ipv4","tag-packets","tag-point-to-point-ethernet"],"_links":{"self":[{"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/62","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=62"}],"version-history":[{"count":0,"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/62\/revisions"}],"wp:attachment":[{"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/don.nz.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}