Configuring the same IP on multiple addresses

Configuring the same IP on multiple addresses

[Vlad Yasevich]

Hi All

Does anyone have a reason why Linux allows one to configure
the same IP or IPv6 address on multiple interfaces?

For IPv4, since linux implements a weak host model, assigning
duplicate addresses doesn't make any sense, since the addresses
really belong to the host and not the interface.

For IPv6, I can see allowing duplicate link-locals since that's
perfectly valid from the protocol perspective.  However, duplicate
globals are shouldn't be allows from the perspective of the address
architecture.

So, I am looking for technical reasons why this is permitted.

Thanks
-vlad

Re: Configuring the same IP on multiple addresses

[David Stevens]

netdev-owner@vger.kernel.org wrote on 10/29/2007 11:03:37 AM:

> So, I am looking for technical reasons why this is permitted.

Vlad,
        Is there a technical reason to disallow it? Rather than
anticipate all the possible uses for a machine, it's, of course,
generally better to restrict only the things you know can't
work, and allow everything else.

                                                        +-DLS

Re: Configuring the same IP on multiple addresses

[Vlad Yasevich]

David Stevens wrote:
> netdev-owner@vger.kernel.org wrote on 10/29/2007 11:03:37 AM:
> 
>> So, I am looking for technical reasons why this is permitted.
> 
> Vlad,
>         Is there a technical reason to disallow it? Rather than
> anticipate all the possible uses for a machine, it's, of course,
> generally better to restrict only the things you know can't
> work, and allow everything else.
> 
>                                                         +-DLS

For v4, not really, but it really confuses some people (and thus causes
me headaches ;-)

For v6, there are plenty of operational reasons to not allow this.  You really
turn unicast into anycast when you do this and there are special rules to
be followed.

-vlad

Re: Configuring the same IP on multiple addresses

[David Stevens]

> For v6, there are plenty of operational reasons to not allow this.  You 
really
> turn unicast into anycast when you do this and there are special rules 
to
> be followed.

        I don't see it that way. The only "problem" I can think of offhand
is that you can't use a multi-interface address to identify an interface
(for example, for multicasting) and get predictable results (it'll pick
the first one it finds with that address, in no particular order). But
you can still use interface indexes, which are unique.
        Anycast is used for multiple distinct hosts, which isn't an issue
on the same host. It's already true, as you pointed out, that you can
receive a packet for any local address on any interface, so allowing
multiple instances means you still match it as local. Which interface
you match it on usually isn't relevant, and when it is are exactly the
cases where using duplicates might be appropriate.
        I can see where it might be useful if you have policy
restrictions on some interfaces and want the particular address
to be both in and out of a set. But, I agree, it's generally more
trouble (for an administrator), but then administrators don't have
to assign the same address to multiple interfaces. 

                                                        +-DLS

Re: Configuring the same IP on multiple addresses

[David Miller]

From: Vlad Yasevich <vladislav.yasevich@hp.com>
Date: Mon, 29 Oct 2007 14:03:37 -0400

> So, I am looking for technical reasons why this is permitted.

I am looking for a technical reason why you find a need
to discover this feature and want the remove it :-)

Can you guys please just state upfront what virtualization
issue is made more difficult by features you want to remove?

That will make things go a lot more smoothly, thanks.

Re: Configuring the same IP on multiple addresses

[David Miller]

From: David Miller <davem@davemloft.net>
Date: Mon, 29 Oct 2007 15:25:59 -0700 (PDT)

> Can you guys please just state upfront what virtualization
> issue is made more difficult by features you want to remove?

Sorry, I mentioned "virtualization" because that's been the
largest majority of the cases being presented lately.

I suspect in your case it's some multicast or SCTP thing :-)

Re: Configuring the same IP on multiple addresses

[Brian Haley]

David Miller wrote:
> From: David Miller <davem@davemloft.net>
> Date: Mon, 29 Oct 2007 15:25:59 -0700 (PDT)
> 
>> Can you guys please just state upfront what virtualization
>> issue is made more difficult by features you want to remove?
> 
> Sorry, I mentioned "virtualization" because that's been the
> largest majority of the cases being presented lately.
> 
> I suspect in your case it's some multicast or SCTP thing :-)

It's actually neither in this case :)

We have customers migrating from BSD stacks to Linux.  They notice all 
the differences in the sockets API, sometimes even find bugs, and we fix 
them and send patches upstream.  They also do stupid things like 
duplicate address configurations on two interfaces in different subnets.

IPv6 was the curious one for us here since it falls into an RFC gray 
area - addresses are assigned to interfaces, not hosts (RFC 4291), but 
they should be tested for uniqueness before being assigned (RFC 4862). 
This address didn't pass the uniqueness test, although it did pass DAD 
because the links were different.  We couldn't find another OS for a 
host or router (including IOS) that allows this, hence the question.

Thanks, and sorry if it's just another waste of your time to explain it.

-Brian

Re: Configuring the same IP on multiple addresses

[Vlad Yasevich]

David Miller wrote:
> From: David Miller <davem@davemloft.net>
> Date: Mon, 29 Oct 2007 15:25:59 -0700 (PDT)
> 
>> Can you guys please just state upfront what virtualization
>> issue is made more difficult by features you want to remove?
> 
> Sorry, I mentioned "virtualization" because that's been the
> largest majority of the cases being presented lately.

Nope, not virtualization.

> 
> I suspect in your case it's some multicast or SCTP thing :-)
> 

Neither of these really either, although I should try to see how
SCTP behaves in this configuration.

As Brian said, a customer asked us a question, and we didn't know the
history.  No one is trying to remove functionality or features.
We'd just like to know the why, and the answer of "why not" doesn't
fly very well.

Although in the IPv6 case, there might be issues.

-vlad