Re: arp-proxy

From: Baldur Gislason (baldur_at_foo.is)
Date: 11/17/05

  • Next message: Jeremie Le Hen: "Re: TCP inflight (was: Re: Poor Samba throughput on 6.0 (fwd))" 
    Date: Thu, 17 Nov 2005 17:35:35 +0000
To: Brian Candler <B.Candler@pobox.com>

    On Thu, Nov 17, 2005 at 04:27:48PM +0000, Brian Candler wrote:
    > On Thu, Nov 17, 2005 at 04:52:03PM +0100, Jon Otterholm wrote:
    > > Scenario#1:
    > > -I have a range of ip's, for example 215.10.10.0 - 215.10.10.255.
    > > -I want to distrubute theese ip's to my customers via DHCP.
    > > -They are all atached to me via a VLAN-trunk on a unique VID
    > > -I have 200+ customers.
    > >
    > > If I was to subnet these addresses so that all the sustomers would get
    > > their own IF (with an IP) in my router and their own IP I could create a
    > > bunch of /30-nets but each customer would take up 4 IP's (net, G/W,
    > > CustomerIP, Broadcast) - and that is a big vaste of IP's in my opinion.
    >
    > Albeit one that you can sensibly justify to a registry for your purpose.
    >
    > If you could get clients to run PPPoE, then you wouldn't need to allocate
    > any /30 subnets to the VLANs, and you could give each customer a single /32
    > IP (either statically or from a pool). Multiple customers could share a VLAN
    > which might be useful in future, e.g. if one VLAN serves a building with
    > multiple users.

    PPP has no home in a broadband network IMO. It's an ugly (telco) approach to things.
    An always-on connection shouldn't have a session based tunnel to make it work.

    >
    > > If I instead could create a pseudo bridge with a "mother if" acting as
    > > gateway, distrute IP's via DHCP (ISC?) I could reduce the number of IP's
    > > and administration when adding new customers.
    > >
    > > Anyone with a souloution or revelation?
    >
    > I think it's tricky, given the additional constraints you gave in your other
    > E-mails. In particular, you said that MAC address xx:xx:xx:xx:xx:xx which
    > originates on VLAN X must never appear as a source MAC address on any other
    > VLAN, because that would confuse the switching infrastructure which links
    > the bundle of VLANs to the customer sites. (i.e. the VLANs are not true
    > VLANs because they are not properly isolated from each other)
    >
    > Given DHCP, you're not statically assigning a particular IP or range of IPs
    > to a particular vlanN interface: so you can't "route add" to send traffic
    > for IP address x.x.x.x down VLAN Y. Hence you need to do dynamic bridging,
    > but with the MAC source address masquerading.
    >
    > Now, this is not the Linux proxy-arp solution described in the link you
    > gave; it's something very different. I'm not aware of any implementation of
    > this on any platform.

    I do know an implementation of this. Packetfront's ASR line of layer 3 switches
    does exactly this. It is a DHCP relay and ARP proxy, you can have multiple
    switches on the same distribution ring but it's all IP, using OSPF for
    managing the paths, no broadcast traffic makes it between different ports.
    These are specific switches designed for ethernet and fiber to the home networks.

    I think the routing approach in FreeBSD is brilliant, but it can be a little
    limiting in some aspects. It is a bit reluctant to break the rules of how
    routing is normally done.
    I have had situations where I wanted to make an ARP entry
    for a host that was not on a subnet I had configured on any interface (as in
    make a host route pointing to a mac address and a certain interface)
    I've also wanted to have multiple interfaces on the same physical network with
    different addresses on the same subnet.
    Now, these are both ugly hacks to which there are better approaches, but
    those approaches don't always apply.

    Baldur

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Jeremie Le Hen: "Re: TCP inflight (was: Re: Poor Samba throughput on 6.0 (fwd))"

    Relevant Pages

    • Re: Best solution to segment subnets
      ... Foundry Networks 2402CF switches awasome models, ... ADSL router ... multiple connected managed switches is configured for a separate VLAN. ...
      (microsoft.public.win2000.ras_routing)
    • Re: Single domain two IP subnets
      ... Only layer-3 switches do both. ... thus to move traffic from one VLAN to another is a ROUTING ... there are switches that do both. ... Layer-2 managed switch on each dependent subnet, ...
      (microsoft.public.win2000.dns)
    • Re: Best solution to segment subnets
      ... Subnet A 192.168.1.0 ... This is not a real easy problem if your ADSL router will only listen to 192.168.0.0/24. ... Each port on a managed layer-2 switch or multiple connected managed switches is configured for a separate VLAN. ...
      (microsoft.public.win2000.ras_routing)
    • Re: Many 802.1q tagged vlans, 1 Cisco 2621 router
      ... the router to allow any traffic no matter want tagged VLAN they are ... the same IP subnet, and likewise all hosts and VLANs talking to FE0/1 ... capable switches, but that is not a possibility right now. ...
      (comp.dcom.sys.cisco)
    • Re: spanning-tree gateway load balancing (STP & GLBP)
      ... p> Can someone tell me if having the same VLAN that spans multiple ... I have two interconnected distribution switches ... Each access layer switch has the same VLAN ...
      (comp.dcom.sys.cisco)