Date: Thu, 14 Oct 2010 10:33:37 -0400 From: Nathan Vidican <nathan@vidican.com> To: Jerome Herman <jherman@dichotomia.fr> Cc: freebsd-questions@freebsd.org Subject: Re: Is it a good idea to use DHCP for point to point connections ? Message-ID: <AANLkTin1q1_%2B0ipoi8PpJer6kqwhF42a2tbtbSeOJpnL@mail.gmail.com> In-Reply-To: <4CB70296.8060508@dichotomia.fr> References: <4CB5C9FE.90101@dichotomia.fr> <AANLkTimEzhofZ=GzETWQg1NjzB0Sf53oBTU7SMf-0fgk@mail.gmail.com> <4CB70296.8060508@dichotomia.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 14, 2010 at 9:16 AM, Jerome Herman <jherman@dichotomia.fr>wrote= : > Le 13/10/2010 22:25, Elliot Finley a =E9crit : > > we did this with DSL customers. But instead of using a unique gateway f= or >> each Client, just use IP Unnumbered and proxy arp for your loopback >> interface. >> >> > I was about to say that this solution seemed extremely sensitive to > spoofing. But I figured out that my solution was not necessarily better. > Looks like I will have to go for hardware solution after all... > I am currently checking on Cisco private vlan system. But I am not a big > fan of Cisco (Well to be perfectly honest I love the hardware...). Does > anyone know of an alternative ? > > Jerome Herman > > > > On Wed, Oct 13, 2010 at 9:02 AM, Jerome Herman<jherman@dichotomia.fr >> >wrote: >> >> >>> Hello, >>> >>> Given the price (an tedious management) of layer 3 switches I was >>> thinking >>> about using modified DHCP to distribute addresses with a /32 netmask >>> (255.255.255.255) >>> >>> The Idea : Create a cheap (and preferably not dirty) way to have client >>> isolation, without creating tons of vlan. >>> >>> Pratictal overview : The DHCP server will be serving IP addresses and >>> gateways with a /32 mask. >>> Client1 would recieve IP adress of 241.0.0.1 with a netmask of >>> 255.255.255.255 and a gateway of 240.0.0.1 >>> Client2 would recieve IP adress of 241.0.0.2 with a netmask of >>> 255.255.255.255 and a gateway of 240.0.0.2 >>> Client3 would recieve IP adress of 241.0.0.3 with a netmask of >>> 255.255.255.255 and a gateway of 240.0.0.3 >>> etc. >>> >>> Of course the gateway will have to have as many IP as there are clients >>> (Unless I am mistaken) >>> >>> The questions : >>> - Is there something similar already existing ? It must not require any >>> configuration on the client side other than activating DHCP. >>> - Would this work ? I do not see why it would not, though I am a little >>> anxious about having tens of point to point connections going to the sa= me >>> physical port. >>> - I could not find anything forbidding it in RFC2131, but then again I >>> might be wrong. Am I ? >>> - One problem remains that is solved by vlan isolation but not by DHCP >>> isolation : rogue DHCP servers. Any Idea to crush those ? >>> >>> I hope it is not inappropriate to post this on this list. But it is an >>> interesting problem (I think). >>> >>> Jerome Herman >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to " >>> freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just = a thought, but might be a lot easier. -- Nathan Vidican nathan@vidican.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin1q1_%2B0ipoi8PpJer6kqwhF42a2tbtbSeOJpnL>