Date: Fri, 30 Jul 1999 00:35:37 -0400 (EDT) From: Bill Fumerola <billf@jade.chc-chimes.com> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Wes Peters <wes@softweyr.com>, net@FreeBSD.ORG Subject: Re: cvs commit: src/release/sysinstall tcpip.c Message-ID: <Pine.BSF.4.10.9907300032450.1569-100000@jade.chc-chimes.com> In-Reply-To: <199907300315.XAA15418@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Jul 1999, Garrett Wollman wrote: > Billf was suggesting that every host be in its own VLAN, which of > course would mean that it could not talk to anything else without the > intercession of a router interface, which in turn requires an IP > subnet of at least minimum (/30) size, which would waste 75% of one's > address space. I pointed out in response to Bill that, while our Lab > does in fact have oceans of globally-routeable address space, we could > not in practice give a /30 to each one of our four-thousand-someodd > machines because our switches support a maximum of 256 router > interfaces. Just to clarify, I was advocating this for servers that you really, really felt that had to be ultra-secure. I'm not as lucky as the wizards at MIT, I only have a /24 of globally routable space. Naturally, I don't use this in practice, I have a PIX and a lot of DMZ-type VLANs, and this has worked well for me. -- - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907300032450.1569-100000>