Date: Thu, 14 Oct 2010 15:16:06 +0200 From: Jerome Herman <jherman@dichotomia.fr> To: freebsd-questions@freebsd.org Subject: Re: Is it a good idea to use DHCP for point to point connections ? Message-ID: <4CB70296.8060508@dichotomia.fr> In-Reply-To: <AANLkTimEzhofZ=GzETWQg1NjzB0Sf53oBTU7SMf-0fgk@mail.gmail.com> References: <4CB5C9FE.90101@dichotomia.fr> <AANLkTimEzhofZ=GzETWQg1NjzB0Sf53oBTU7SMf-0fgk@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 13/10/2010 22:25, Elliot Finley a écrit : > we did this with DSL customers. But instead of using a unique gateway for > each Client, just use IP Unnumbered and proxy arp for your loopback > interface. > I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman > On Wed, Oct 13, 2010 at 9:02 AM, Jerome Herman<jherman@dichotomia.fr>wrote: > > >> Hello, >> >> Given the price (an tedious management) of layer 3 switches I was thinking >> about using modified DHCP to distribute addresses with a /32 netmask >> (255.255.255.255) >> >> The Idea : Create a cheap (and preferably not dirty) way to have client >> isolation, without creating tons of vlan. >> >> Pratictal overview : The DHCP server will be serving IP addresses and >> gateways with a /32 mask. >> Client1 would recieve IP adress of 241.0.0.1 with a netmask of >> 255.255.255.255 and a gateway of 240.0.0.1 >> Client2 would recieve IP adress of 241.0.0.2 with a netmask of >> 255.255.255.255 and a gateway of 240.0.0.2 >> Client3 would recieve IP adress of 241.0.0.3 with a netmask of >> 255.255.255.255 and a gateway of 240.0.0.3 >> etc. >> >> Of course the gateway will have to have as many IP as there are clients >> (Unless I am mistaken) >> >> The questions : >> - Is there something similar already existing ? It must not require any >> configuration on the client side other than activating DHCP. >> - Would this work ? I do not see why it would not, though I am a little >> anxious about having tens of point to point connections going to the same >> physical port. >> - I could not find anything forbidding it in RFC2131, but then again I >> might be wrong. Am I ? >> - One problem remains that is solved by vlan isolation but not by DHCP >> isolation : rogue DHCP servers. Any Idea to crush those ? >> >> I hope it is not inappropriate to post this on this list. But it is an >> interesting problem (I think). >> >> Jerome Herman >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CB70296.8060508>