Is it a good idea to use DHCP for point to point connections ?
Jerome Herman
jherman at dichotomia.fr
Thu Oct 14 13:14:13 UTC 2010
Le 13/10/2010 22:25, Elliot Finley a écrit :
> we did this with DSL customers. But instead of using a unique gateway for
> each Client, just use IP Unnumbered and proxy arp for your loopback
> interface.
>
I was about to say that this solution seemed extremely sensitive to
spoofing. But I figured out that my solution was not necessarily better.
Looks like I will have to go for hardware solution after all...
I am currently checking on Cisco private vlan system. But I am not a big
fan of Cisco (Well to be perfectly honest I love the hardware...). Does
anyone know of an alternative ?
Jerome Herman
> On Wed, Oct 13, 2010 at 9:02 AM, Jerome Herman<jherman at dichotomia.fr>wrote:
>
>
>> Hello,
>>
>> Given the price (an tedious management) of layer 3 switches I was thinking
>> about using modified DHCP to distribute addresses with a /32 netmask
>> (255.255.255.255)
>>
>> The Idea : Create a cheap (and preferably not dirty) way to have client
>> isolation, without creating tons of vlan.
>>
>> Pratictal overview : The DHCP server will be serving IP addresses and
>> gateways with a /32 mask.
>> Client1 would recieve IP adress of 241.0.0.1 with a netmask of
>> 255.255.255.255 and a gateway of 240.0.0.1
>> Client2 would recieve IP adress of 241.0.0.2 with a netmask of
>> 255.255.255.255 and a gateway of 240.0.0.2
>> Client3 would recieve IP adress of 241.0.0.3 with a netmask of
>> 255.255.255.255 and a gateway of 240.0.0.3
>> etc.
>>
>> Of course the gateway will have to have as many IP as there are clients
>> (Unless I am mistaken)
>>
>> The questions :
>> - Is there something similar already existing ? It must not require any
>> configuration on the client side other than activating DHCP.
>> - Would this work ? I do not see why it would not, though I am a little
>> anxious about having tens of point to point connections going to the same
>> physical port.
>> - I could not find anything forbidding it in RFC2131, but then again I
>> might be wrong. Am I ?
>> - One problem remains that is solved by vlan isolation but not by DHCP
>> isolation : rogue DHCP servers. Any Idea to crush those ?
>>
>> I hope it is not inappropriate to post this on this list. But it is an
>> interesting problem (I think).
>>
>> Jerome Herman
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list