> It isn't hard to do it.  I implemented this in NetBSD 1.1 ages ago, and
> I did port the changes to 1.2, I believe.  We have about several boxes
> running about a thousand virtual servers each on them using this
> facility (Try adding a thousand individual host aliases and see how
> long it takes to ping the end one, and you'll see why I did this :-)

Yes, the latter is a large problem.  However, the quick hack of giving
an interface a power-of-two-sized chunk of addresses only really fixes
the 1000-virtual-servers problem, and still leaves that unfortunate
loop in ipintr() consuming gobs of CPU for other applications that require
configuring large numbers of local addresses.  The application I'm familiar
with that that suffers from this is when you try to use the box as a router
for a large number of relatively small bandwidth interfaces.  When you've
configured up your 150 addresses you discover you've dropped the forwarding
rate of the box to 20% of what it was formerly.

I believe the very best fix for all of this is to keep local addresses in
the main protocol routing table, and to always do a route lookup when a
packet arrives to determine whether the packet is locally destined or needs
to be forwarded (or dropped as the case may be).  This makes local address
recognition pretty much free when the box is a router (since most packets
don't match a local address you'll be doing the route lookup anyway, and
adding 200 local address routes to a 40,000 route table doesn't change the
average cost of a lookup significantly), and very fast when the box is a
host (a lookup in a 1,000 local address routing table should take 10 bit
tests and a compare).

This, however, is not a straight forward thing to do given the odd structure
of the kernel networking.  Second best might be to at least recognize that
the loop in ipintr() is actually doing a route lookup by doing a linear search
of the full set of local addresses, and replace it by a lookup in a more
appropriate data structure (i.e. a routing table just containing local
addresses).

Dennis Ferguson