Bug #229

Renumbering interfaces is painful via the web interface

Added by Dave Täht on Aug 16, 2011. Updated on Apr 21, 2012.
New High David Taht

Description

with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it’s hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.

I have a simple script that does 95% of the work that could be improved to also be accessible via luci “renumber/rename home network” - which would eliminate the tedium.

History

Updated by Jim Gettys on Aug 17, 2011.
Is this script in the build? Is it documented? For people to put a router into service for real, they had better not have to renumber their networks; it’s easier to fix a single router.
Updated by Jim Gettys on Sep 19, 2011.
Updated by Jim Gettys on Sep 21, 2011.
I just renumbered with the sed scripts in the wiki to 192.168.1.x, hoping I’d win. I lost.

I note that Default network numbering says that

1-30: secured area for other machines
33-65: secured area for wired

Here’s the thing: I did an informal poll of my Bell Labs co-workers I’m about to inflict CeroWrt on. About half of them have static, existing numbering plans.

In my personal case, my static addresses are all in the 1-30 range; I suspect that’s going to be common (or hope so, anyway).

So I suspect the two areas should be swapped to reduce the amount of renumbering required.

Updated by Dave Täht on Sep 21, 2011.
Exactly. I basically reserved the bottomost range for static ips. The other ranges are all dynamic (well, the firstmost
address in each range is excluded from dhcp’s dynamic lease assignment)

that said, this can be improved.

Updated by Dave Täht on Sep 21, 2011.
So, here’s an option:

we change to 172.30.42.1 as the base address of the router.

We use a /26 in this case, to give us 1-62 as valid ips.

We reserve 34-62 as dynamically addressed space.

This DOES mess up the dmz idea - where my ‘plan’ such as it was was to have the dmz on a different vlan.

Updated by Jim Gettys on Sep 21, 2011.
Well, right now, I can’t access 192.168.1.13 (or similar addresses). I doubt I’ll be the last.
My colleagues seem to all be using 192.168.1 addresses as their plan.

A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel… DMZ’s, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.

For now, I suspect KISS is in order.

Updated by David Taht on Sep 21, 2011.
That’s more or less my fault in the current design as I had several requests for
vlan support early on. And, I suspect, we’ll hav emore.

In your case.

change /etc/config/network to use a 255.255.255.192 netmask instead of 224
for the se00 device, change it to 192.168.1.1, and tell
/etc/config/dhcp to start
at 34 for that interface

as I described later in the bug

I’m going to bed

On Wed, Sep 21, 2011 at 5:06 PM, cerowrt@lists.bufferbloat.net wrote:
>
> Issue #229 has been updated by Jim Gettys.
>
>
> Well, right now, I can’t access 192.168.1.13 (or similar addresses).  I doubt I’ll be the last.
> My colleagues seem to all be using 192.168.1 addresses as their plan.
>
> A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel… DMZ’s, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.
>
> For now, I suspect KISS is in order.
>
> —————————————-
> Feature #229: Renumbering interfaces is painful via the web interface
> https://www.bufferbloat.net/issues/229 >
> Author: Dave Täht
> Status: New
> Priority: High
> Assignee: David Taht
> Category: UI
> Target version: 1st Public Cerowrt release
>
>
> with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it’s hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.
>
> I have a simple script that does 95% of the work that could be improved to also be accessible via luci “renumber/rename home network” - which would eliminate the tedium.
>
>

Updated by David Taht on Sep 21, 2011.
To clarify that slightly, what you did wrong (I think) - was put a new /27 up
in the 0-31 address space, with no router IP address for it. Due to it being a
/27 it can’t see any means of getting anywhere, so it goes boom.

to kind of keep the dmz idea alive, we COULD just do an alias for
se00:0 of 192.168.1.1
but that leads to all sorts of hassle on the same physical wire.

Ah, well, it can move to the end of the address space. Trust me, there
are many vlan freaks out there.

On Wed, Sep 21, 2011 at 5:24 PM, Dave Taht dave.taht@gmail.com wrote:
> That’s more or less my fault in the current design as I had several requests for
> vlan support early on. And, I suspect, we’ll hav emore.
>
> In your case.
>
> change /etc/config/network to use a 255.255.255.192 netmask instead of 224
> for the se00 device, change it to 192.168.1.1, and tell
> /etc/config/dhcp to start
> at 34 for that interface
>
> as I described later in the bug
>
> I’m going to bed
>
> On Wed, Sep 21, 2011 at 5:06 PM,  cerowrt@lists.bufferbloat.net wrote:
>>
>> Issue #229 has been updated by Jim Gettys.
>>
>>
>> Well, right now, I can’t access 192.168.1.13 (or similar addresses).  I doubt I’ll be the last.
>> My colleagues seem to all be using 192.168.1 addresses as their plan.
>>
>> A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel… DMZ’s, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.
>>
>> For now, I suspect KISS is in order.
>>
>> —————————————-
>> Feature #229: Renumbering interfaces is painful via the web interface
>> https://www.bufferbloat.net/issues/229 >>
>> Author: Dave Täht
>> Status: New
>> Priority: High
>> Assignee: David Taht
>> Category: UI
>> Target version: 1st Public Cerowrt release
>>
>>
>> with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it’s hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.
>>
>> I have a simple script that does 95% of the work that could be improved to also be accessible via luci “renumber/rename home network” - which would eliminate the tedium.
>>
>>

Updated by Jim Gettys on Sep 21, 2011.
David Taht wrote:
> To clarify that slightly, what you did wrong (I think) - was put a new /27 up
> in the 0-31 address space, with no router IP address for it. Due to it being a
> /27 it can’t see any means of getting anywhere, so it goes boom.
>
>

All I did was run the sed scripts from the wiki.

Updated by Dave Täht on Sep 21, 2011.
but then you had a .13 fixed ip address.

there is no address range for .13 that has a router ip on it.

Updated by Dave Täht on Apr 21, 2012.

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.

Cerowrt Project

News items
List of Wiki pages
List of bugs
RSS feed

Recent Updates

Jul 21, 2024 Wiki page
cake-autorate
Jul 21, 2024 Wiki page
What Can I Do About Bufferbloat?
Jul 21, 2024 Wiki page
Tests for Bufferbloat
Jul 1, 2024 Wiki page
RRUL Chart Explanation
Dec 3, 2022 Wiki page
Codel Wiki

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine

Sponsors

Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation
GoFundMe

Bufferbloat Related Projects

OpenWrt Project
Congestion Control Blog
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG
CeroWrt (where it all started)

Network Performance Related Resources


Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".