From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 28 Apr 2003 - 06:49:07 BST
On Thu, Apr 24, 2003 at 06:39:03PM -0400, Michael H. Warfield wrote:
> On Wed, Apr 02, 2003 at 09:02:58PM +0200, Herbert Poetzl wrote:
> > On Wed, Apr 02, 2003 at 09:07:37AM -0800, James Maxwell - Systems Administrator wrote:
> > > Is the vserver kernel capable of greater than 16 ips per vserver? I
> > > like to move about all my domains from 2 boxes to just one. The ip
> > > total for each box is 200. Or 400 domains. Is there a workaround?
>
> > as far as I remember, the limit is arbitrarily chosen
> > (some define or something within the kernel), so
> > it shouldn't be hard to change ...
>
> > there also was some discussion about a dynamic limit
> > (this might be an option too)
>
> > I'm just curious ...
> > why do you need so many ips for so few domains?
>
> I also have such a need. The need is for multiple addresses
> going to a common security context. In this particular case, building
> massive honeynets. At minimum, I need to assign 64 addresses to each
> security context. I'm doing that, currently, with VMware. I have some
> systems where a single interface has a /24 address space or larger
> assigned. The specific application where I'm applying vserver, I have
> a /20 (4096) addresses available on an interface and I'm distributing
> sets of 64 random IP addresses to sets of vservers and VMware engines
> for honeypots.
>
> I just slammed into this limit. Now I have to hunt down bogons
> in the sources to fix...
*sigh* no hunt, just change #define NB_IPV4ROOT 16
to the value you consider appropriate ..
>
> > the only situation where this would be required
> > is ssl per domain ...
>
> Your imagination is limited... The mind boggles at the possiblities.
> Any application where you would want more than 16 IP addresses on an
> interface could be extrapolated to more than 16 IP addresses in a vserver.
well, unfortunately I still can not imagine any good
(read useful) application, which would require more than
16 ip addresses on one interface ....
> > best,
> > Herbert
>
>
> > > James Maxwell
> > > Interwerx Communications Inc.
> > > V: 250 383-6178
> > > F: 250 383-6808
> > > C: 250 885-8203
> > > E: [1]support_at_interwerx.com
> > >
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system ([2]http://www.grisoft.com).
> > > Version: 6.0.465 / Virus Database: 263 - Release Date: 3/25/03
> > >
> > > References
> > >
> > > 1. mailto:support_at_interwerx.com
> > > 2. http://www.grisoft.com/
>
> Mike
> --
> Michael H. Warfield | (770) 985-6132 | mhw_at_WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!