SUMMARY: controlling source IP addresses ?

From: Pascal Grostabussiat <>
Date: Sat Nov 18 2006 - 07:55:23 EST

As for what the question was, see the end of this mail. Briefly I wanted 
to be able to control which source IP address an application would be 
using or seem like coming from while several IPs were configured on the 
NIC that the application was using on the server.

Many thanks to Aaron Lineberger, Dragos Stoichitescu, Andrew Mehlos, 
James Abendschan for their time and answer. They suggested using the 
"deprecated" flag with ifconfig. "man ifonfig" gives you:


         Marks the logical interface as  deprecated.  An  address
         associated  with a deprecated interface will not be used
         as source address for  outbound  packets  unless  either
         there  are no other addresses available on the interface
         or the application has bound to this address explicitly.
         The  status  display  shows DEPRECATED as part of flags.
         See INTERFACE FLAGS for information on  the  flags  sup-
         ported by ifconfig.

I thought about this since I am already using IPMP here and there, but 
unfortunately in my case setting deprecated on all other interfaces 
except the one I want would cause other potential problems in my Veritas 
cluster. So I cannot solve the issue with that feature and the only 
solution I came upon is to ask developers to add a parameter in their 
application so that, in case it is needed for some 
installation/configuration, then one can have the application to bind to 
a given IP number.

Again many thanks for you answer !


> Subject: controlling source IP addresses ?
> Hi all,
> I have already starting searching the net for that "issue" but since I am a
> bit short of time to investigate it I would appreciate if some of you
> already have solutions, ideas or pointers I could follow to speed up my
> investigation.
> I have a server with several NIC on Solaris 9. This NIC has several IPs, a
> primary IP set for example on ce0 and a few other IPs set on ce0:1,
> ce0:2 etc ... Those IPs except for the primary one are set dynamically when
> applications are brought up on the machine (I am using Veritas Cluster
> Server).
> The issue I have is that, from an external point of view, connections seem
> to be coming from one of those IPs, but not necessarily the same. 
> To be more specific, when a given application establishes connection to
> another service on another server, from that other server's perspective,
> requests seem to be coming for one of the IPs set on the remote NIC (ce0,
> ce0:1, ce0:2, ...) but that IP is not always the same from one connection to
> another over time.
> Question: is there anyway in Solaris (i.e. other than in the source
> application) to control that behavior and somehow make sure that connections
> always come from only one source IP (always the same) like for example from
> the primary IP set on a given NIC and not from the secondary IPs ? (ndd
> parameter ? ifconfig feature ? other ?)
> Many thanks in advance.
> /Pascal
sunmanagers mailing list
Received on Sat Nov 18 07:55:54 2006

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:03 EST