VLAN interfaces on FreeBSD; performance issues
danial_thom at yahoo.com
Tue Sep 13 08:23:21 PDT 2005
--- Charles Swiger <cswiger at mac.com> wrote:
> On Sep 12, 2005, at 11:49 AM, Sten Daniel
> Sørsdal wrote:
> >> The essence of multihoming is having two (or
> more) distinct NICs.
> > so if i had two vlan's with an ip on both.
> wouldnt this qualify it as
> > multihoming? would i somehow no longer need
> to configure the
> > computer as
> > though it was a multihomed?
> I don't fully understand the question you are
> asking. If you have
> one physical connection (one NIC, one Cat5
> cable), you can only
> connect to a single collision domain, even if
> you use VLANs (or set
> up IP aliases on different subnets, etc).
its not clear why Chuck keeps answering since he
clearly doesn't understand the question.
You can, of course, multihome with one nic, and
Spanning Tree and "collision domains" have
nothing to do with anything, simply by routing to
the correct router. The trick is your scheme for
determining the correct router. It makes little
difference if they are on the same wire or even
the same numbered network. If your routing table
says "route 10.1.1/24 to 126.96.36.199 and route
10.2.1/24 to 188.8.131.52" you're multi-homed on a
single wire. "Multi-homing" refers to having more
than one network egress (ie 2 or more upstream
providers) and the ability to "decide" which one
to send specific traffic to.
You're making a big mess of your network for
little reason, except perhaps to thwart the
competely incompetent. If you don't have servers
isolated they can sniff and learn whatever you're
doing, and if not and they know the numbering of
their wire they can learn the associated vlan tag
in about 200ms by trying every combination until
something works. If you want to secure the
IP-to-machine use a MAC-IP firewall enforcement,
which is less work and more effective than
renumbering your entire network with VLAN
Buying into Cisco's schemes are more about
locking you into using their equipment then
anything useful. That's one thing thats a
constant over time.
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the freebsd-questions