Is it a good idea to use DHCP for point to point connections ?

Nathan Vidican nathan at vidican.com
Thu Oct 14 14:33:40 UTC 2010


On Thu, Oct 14, 2010 at 9:16 AM, Jerome Herman <jherman at dichotomia.fr>wrote:

> Le 13/10/2010 22:25, Elliot Finley a écrit :
>
>  we did this with DSL customers.  But instead of using a unique gateway for
>> each Client, just use IP Unnumbered and proxy arp for your loopback
>> interface.
>>
>>
> I was about to say that this solution seemed extremely sensitive to
> spoofing. But I figured out that my solution was not necessarily better.
> Looks like I will have to go for hardware solution after all...
> I am currently checking on Cisco private vlan system. But I am not a big
> fan of Cisco (Well to be perfectly honest I love the hardware...). Does
> anyone know of an alternative ?
>
> Jerome Herman
>
>
>
>  On Wed, Oct 13, 2010 at 9:02 AM, Jerome Herman<jherman at dichotomia.fr
>> >wrote:
>>
>>
>>> Hello,
>>>
>>> Given the price (an tedious management) of layer 3 switches I was
>>> thinking
>>> about using modified DHCP to distribute addresses with a /32 netmask
>>> (255.255.255.255)
>>>
>>> The Idea : Create a cheap (and preferably not dirty) way to have client
>>> isolation, without creating tons of vlan.
>>>
>>> Pratictal overview : The DHCP server will be serving IP addresses and
>>> gateways with a /32 mask.
>>> Client1 would recieve IP adress of 241.0.0.1 with a netmask of
>>> 255.255.255.255 and a gateway of 240.0.0.1
>>> Client2 would recieve IP adress of 241.0.0.2 with a netmask of
>>> 255.255.255.255 and a gateway of 240.0.0.2
>>> Client3 would recieve IP adress of 241.0.0.3 with a netmask of
>>> 255.255.255.255 and a gateway of 240.0.0.3
>>> etc.
>>>
>>> Of course the gateway will have to have as many IP as there are clients
>>> (Unless I am mistaken)
>>>
>>> The questions :
>>> - Is there something similar already existing ? It must not require any
>>> configuration on the client side other than activating DHCP.
>>> - Would this work ? I do not see why it would not, though I am a little
>>> anxious about having tens of point to point connections going to the same
>>> physical port.
>>> - I could not find anything forbidding it in RFC2131, but then again I
>>> might be wrong. Am I ?
>>> - One problem remains that is solved by vlan isolation but not by DHCP
>>> isolation : rogue DHCP servers. Any Idea to crush those ?
>>>
>>> I hope it is not inappropriate to post this on this list. But it is an
>>> interesting problem (I think).
>>>
>>> Jerome Herman
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to "
>>> freebsd-questions-unsubscribe at freebsd.org"
>>>
>>>
>>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>


Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just a
thought, but might be a lot easier.

--
Nathan Vidican
nathan at vidican.com


More information about the freebsd-questions mailing list