From owner-freebsd-net Thu Jul 29 22:35: 6 1999 Delivered-To: freebsd-net@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 64F2F14DD2 for ; Thu, 29 Jul 1999 22:34:55 -0700 (PDT) (envelope-from billf@jade.chc-chimes.com) Received: from localhost (billf@localhost) by jade.chc-chimes.com (8.9.3/8.9.3) with ESMTP id AAA01578; Fri, 30 Jul 1999 00:35:37 -0400 (EDT) (envelope-from billf@jade.chc-chimes.com) Date: Fri, 30 Jul 1999 00:35:37 -0400 (EDT) From: Bill Fumerola To: Garrett Wollman Cc: Wes Peters , net@FreeBSD.ORG Subject: Re: cvs commit: src/release/sysinstall tcpip.c In-Reply-To: <199907300315.XAA15418@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 29 Jul 1999, Garrett Wollman wrote: > Billf was suggesting that every host be in its own VLAN, which of > course would mean that it could not talk to anything else without the > intercession of a router interface, which in turn requires an IP > subnet of at least minimum (/30) size, which would waste 75% of one's > address space. I pointed out in response to Bill that, while our Lab > does in fact have oceans of globally-routeable address space, we could > not in practice give a /30 to each one of our four-thousand-someodd > machines because our switches support a maximum of 256 router > interfaces. Just to clarify, I was advocating this for servers that you really, really felt that had to be ultra-secure. I'm not as lucky as the wizards at MIT, I only have a /24 of globally routable space. Naturally, I don't use this in practice, I have a PIX and a lot of DMZ-type VLANs, and this has worked well for me. -- - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message