An alias address is an IP address that is assigned to a specified network interface after the interface has been configured with an address. With multiple addresses, the second and subsequent addresses are referred to as aliases. When only a single address is assigned to an interface, it is not called an alias, regardless of how it was initially assigned.
In versions of Mac OS X and Mac OS X Server up through 10.1.1, alias addresses are not supported by any of the GUI, and so must be set up and maintained using startup scripts, or directly, using command-line tools. This HowTo deals with Mac OS X in general, and not with the Server product, so details may be slightly different for the latter. In particular, there may be existing mechanisms in the Server product to handle aliases which we will not touch upon here. Updates to this information are solicited.
The command used to manipulate network address configurations is ifconfig(8), and it is documented in a man page by that name (without the "(8)", which refers to the section of the manual containing the page).
There are two situations to handle when adding an alias, and they both deal with subnets as they exist on the interface in question, at the time the alias is added.
In this case, the alias address can be assigned with the netmask that goes with the new address.
For example, suppose there is a single address assigned to "en1", say, 192.168.32.25, and its netmask is 255.255.255.0 (this is sometimes written as 192.168.32.25/24; the 24 indicating 24 consecutive '1' bits in the netmask).
If the alias address is given to you (by the network admin, for example) as 192.168.64.25/24, then you would use the netmask 255.255.255.0. In this case, the new address is on a different subnet from the originaladdress (192.168.32.0 and 192.168.64.0). The following shows how to assign the alias.
ifconfig en1 inet 192.168.64.25 netmask 255.255.255.0 alias
Again, suppose there is a single address assigned to "en1", as above.
Let's also suppose that the network admin gives you 192.168.32.27/24 to use as an alias. Here, you should use the netmask 255.255.255.255. In this case, the new address is on the same subnet as the original address (192.168.32.0). The following shows how to assign the alias.
ifconfig en1 inet 192.168.32.27 netmask 255.255.255.255 alias
To go into a little more depth, for those with an urge to know, the choice of netmask is dictated by the way the system keeps track of "routes" internally. In order to correctly determine where to send a packet, interfaces are tagged with pairs of "address, netmask". Since aliases are, in a sense, duplicate tags, the system needs to know whether the subnet represented by the tag is new, and this is indicated by the netmask. With a "normal" netmask, the system is told this is a new subnet, and it can then set up internal tables correctly. If the subnet is not new, the tables will get set up incorrectly if the netmask is "normal".
With a netmask of 255.255.255.255, the system knows this is a duplicate of an existing subnet, and therefore will assign the address as if it were assigned to the loopback interface, with the "point-to-point" mask.
Using the values from Case 2, assigning a netmask of 255.255.255.0 will, in most cases, appear to work. However, the internal tables will not be set up correctly, and if the alias is removed, problems may ensue. This can be overcome by adding appropriate host routes when the alias is added, and removing the routes when the alias is removed. However, the system works correctly with the "point-to-point" netmask, and maintenance is easier.
If we add the alias with netmask 255.255.255.0, ifconfig will report an EXISTS error. This can be ignored, and the alias is successfully added. The error indicates that subnets match. At this point, the user must add a host route as follows:
route add -host 192.168.32.27 -interface 127.0.0.1
This will set up the routing tables in a way that keeps the system's tables correct. Removing the alias will require that you remove this route by hand, as well.
If an alias address (or indeed, any address) is to be removed from an interface, the ifconfig command is again used. If the address is an alias, the command is
ifconfig DEV inet IP.AD.DR.SS netmask NE.TM.AS.KK -alias
where DEV is the network device ("en1" in the above examples), and the IPaddress and netmask values match the values used to assign the alias.
If the address is not an alias (i.e., is the only IP address assigned), the form of the command is slightly different:
ifconfig DEV inet IP.AD.DR.SS netmask NE.TM.AS.KK delete
In Mac OS X 10.1.2, aliases are fully supported by the system. The GUI allows the creation of aliases which are stored in the network configuration database, and are installed on reboot.
Using the values from the example above, first, open the Network Preferences panel (e.g., from the item in the menu. Then duplicate the device for which you want to assign an alias, as described above, and configure it as you would any other port.
In particular, you should provide router and nameserver information so that if the original address is removed, the network will continue to function. If the alias resides on an existing subnet, you should duplicate the values for that original. If the subnet is new, you will have to provide at least a different router address, if you want the system to continue working with that subnet, once the original is removed.
Finally, select and drag the 'copy' to its desired position in the hierachy of ports, and "apply" the changes you've made.
Important: unlike the situation where you do this "by hand", the GUI support does not require the point-to-point netmask used in the case of common subnets. The system will actually do all the work involved in configuring in this case. Thus, you can assign the "correct" netmask when configuring an alias address in the GUI.
Until the release of Darwin 5.2, the user was on his own to support alias address assignment. It was easy to configure network devices with alias addresses, but the admin had to figure out precisely where to put the commands in the various startup scripts in order to get "persistence".
With Darwin 5.2, the system supports persistent alias address assignment, so you no longer have to go through the "find a place to put this script" dance.
Use iftab as you normally would, except that you add the 'alias' keyword to the entry for an alias address. At boot time, the system will install the desired alias addresses. As usual, the entry mimics the arguments to ifconfig:
en0 inet 192.168.32.27 netmask 255.255.255.0 alias
in all cases.
As in Mac OS X 10.1.2, the system handles the subnet issue by itself, installing routes as appropriate for the existing and new configuration information.