From owner-freebsd-net@FreeBSD.ORG Thu Nov 17 16:27:56 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBD3316A41F for ; Thu, 17 Nov 2005 16:27:56 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from orb.pobox.com (orb.pobox.com [207.8.226.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1772043D60 for ; Thu, 17 Nov 2005 16:27:52 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from orb (localhost [127.0.0.1]) by orb.pobox.com (Postfix) with ESMTP id 9D55D739; Thu, 17 Nov 2005 11:28:42 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by orb.sasl.smtp.pobox.com (Postfix) with ESMTP id 489C98C; Thu, 17 Nov 2005 11:28:40 -0500 (EST) Received: from brian by mappit.local.linnet.org with local (Exim 4.54 (FreeBSD)) id 1Ecmc0-0002Dc-Ln; Thu, 17 Nov 2005 16:27:48 +0000 Date: Thu, 17 Nov 2005 16:27:48 +0000 From: Brian Candler To: Jon Otterholm Message-ID: <20051117162748.GA8417@uk.tiscali.com> References: <1131541588.996.13.camel@localhost.localdomain> <20051110124903.GB67086@uk.tiscali.com> <1131629107.878.22.camel@localhost.localdomain> <20051117135738.GH5197@obiwan.tataz.chchile.org> <1132239963.819.18.camel@localhost.localdomain> <20051117152357.GA8209@uk.tiscali.com> <1132242723.819.45.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1132242723.819.45.camel@localhost.localdomain> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, Jeremie Le Hen Subject: Re: arp-proxy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 16:27:56 -0000 On Thu, Nov 17, 2005 at 04:52:03PM +0100, Jon Otterholm wrote: > Scenario#1: > -I have a range of ip's, for example 215.10.10.0 - 215.10.10.255. > -I want to distrubute theese ip's to my customers via DHCP. > -They are all atached to me via a VLAN-trunk on a unique VID > -I have 200+ customers. > > If I was to subnet these addresses so that all the sustomers would get > their own IF (with an IP) in my router and their own IP I could create a > bunch of /30-nets but each customer would take up 4 IP's (net, G/W, > CustomerIP, Broadcast) - and that is a big vaste of IP's in my opinion. Albeit one that you can sensibly justify to a registry for your purpose. If you could get clients to run PPPoE, then you wouldn't need to allocate any /30 subnets to the VLANs, and you could give each customer a single /32 IP (either statically or from a pool). Multiple customers could share a VLAN which might be useful in future, e.g. if one VLAN serves a building with multiple users. > If I instead could create a pseudo bridge with a "mother if" acting as > gateway, distrute IP's via DHCP (ISC?) I could reduce the number of IP's > and administration when adding new customers. > > Anyone with a souloution or revelation? I think it's tricky, given the additional constraints you gave in your other E-mails. In particular, you said that MAC address xx:xx:xx:xx:xx:xx which originates on VLAN X must never appear as a source MAC address on any other VLAN, because that would confuse the switching infrastructure which links the bundle of VLANs to the customer sites. (i.e. the VLANs are not true VLANs because they are not properly isolated from each other) Given DHCP, you're not statically assigning a particular IP or range of IPs to a particular vlanN interface: so you can't "route add" to send traffic for IP address x.x.x.x down VLAN Y. Hence you need to do dynamic bridging, but with the MAC source address masquerading. Now, this is not the Linux proxy-arp solution described in the link you gave; it's something very different. I'm not aware of any implementation of this on any platform. If you're happy to hack code, the best I can suggest is you start with ng_bridge and modify it to fit. Regards, Brian.