Best practice for ptp/loopback numbering for "small" enterprise multihome setup

• Previous message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Next message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 26, 2021 at 1:42 PM Lukas Tribus <lukas at ltri.eu> wrote:
> In production, you may be able to troubleshoot this a few months from
> now, but how will the on-duty junior engineer handle this at 03 AM?

Hi Lukas,

In the network Vom describes, he is surely the only network engineer.
I would agree that it is not something anyone should try at scale --
the configuration complexity is higher than any ordinary network
architecture.

Vom's question was how to carve off some addresses without being stuck
at 1/2 the allocation as his maximum subnet size. At the sacrifice of
some complexity, it can be done. As described, you can even recapture
3 addresses that would normally be lost to you were you not attempting
to carve off addresses.


> What you are suggesting is to configure public IP address space that
> isn't yours, this should be a big nono.

That's one way of looking at it. Here's a different one: It is an
entirely legitimate network configuration to give your LAN a 0.0.0.0
netmask and rely on proxy arp to route off of it for non-local
addresses. Nobody does it this way, it's inefficient and gets very
complex when there's more than one router, but it in no way implies
configuring yourself address space which is not yours.


> At the very least you can't
> reach the public IP addresses 10.0.0.0 and 10.0.3.255 from the hosts,
> because they won't be sending ARP requests for subnet and broadcast
> addresses.

In the described configuration, those addresses are almost guaranteed
to be base addresses or broadcast addresses of someone else's network
which you wouldn't be able to reach or access anyway. There is a tiny
chance that someone else did the same thing you did or decided to use
a /32 route to capture and use those two addresses as unicast, but
you've a better chance of winning the lottery or being hit by
lightning than finding those two addresses in use.

Regards,
Bill Herrin



-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

• Previous message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Next message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]