Two subnets on one interface with no VLANs - Networking

This is a discussion on Two subnets on one interface with no VLANs - Networking ; Hi, I'm looking for input from anyone that has experience of running two subnets on one inteface. Eg: 172.16.1.1/24 and 10.10.10.1/24 both bound to one NIC via a layer 2 switch without using VLANs. Will it cause problems ? I ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Two subnets on one interface with no VLANs

  1. Two subnets on one interface with no VLANs

    Hi,

    I'm looking for input from anyone that has experience of running two
    subnets on one inteface.

    Eg:

    172.16.1.1/24 and 10.10.10.1/24 both bound to one NIC via a layer 2
    switch without using VLANs.

    Will it cause problems ? I can't find much online that's concrete.

    I'd appreciate any help,

    JR


  2. Re: Two subnets on one interface with no VLANs

    Jonathan Ross wrote:
    > I'm looking for input from anyone that has experience of running two
    > subnets on one inteface.
    >
    > Eg:
    >
    > 172.16.1.1/24 and 10.10.10.1/24 both bound to one NIC via a layer 2
    > switch without using VLANs.
    >
    > Will it cause problems ? I can't find much online that's concrete.


    Since you didn't ask how to do it, I assume you already know that.

    There are no inherent problems, though you need to make sure your IP
    routing topology makes sense. What kind of problems are you expecting?
    FWIW, all the switch cares about is the MAC address.

  3. Re: Two subnets on one interface with no VLANs

    Thanks, Allen. That's really helpful.

    It's a 2.6 kernel and I'm hoping source IPs won't ever be confused over
    UDP (apparently TCP contains enough info to avoid this).

    The single NIC will connect to two BGP speakers using Quagga through a
    layer 2 switch and use IP forwarding to its other NIC connected to
    another layer 2 switch running the advertised IP range.

    There will only be a small amount of traffic to one subnet (20kbps for
    BGP route updates) so I'm hoping it won't be a problem. It just seems
    intrinsically wrong without VLANs :-)

    JR


  4. Re: Two subnets on one interface with no VLANs

    Jonathan Ross wrote:
    > I'm looking for input from anyone that has experience of running two
    > subnets on one inteface.


    > Eg:


    > 172.16.1.1/24 and 10.10.10.1/24 both bound to one NIC via a layer 2
    > switch without using VLANs.


    > Will it cause problems ? I can't find much online that's concrete.


    The only "problem" is that you will not have traffic isolation between
    the two subnets. A system in one IP subnet will be able to use proxy
    ARP to communicate "directly" with a system in the other IP subnet
    without going through a router.

    Also, broadcasts/multicasts in the one subnet will be seen by all
    nodes in the broadcast domain, regardless of the IP subnet in which
    they reside.

    Whether any of that is a "problem" I suspect "will depend"

    rick jones
    --
    oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  5. Re: Two subnets on one interface with no VLANs

    That's much appreciated, Rick.

    I've turned off STP on the switch with the BGP Speakers. Is there
    anything in Linux terms that I can do to minimise potential issues ?

    I've already enabled this, it's Gentoo:

    /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

    from:

    http://www.gentoo.org/doc/en/securit...?part=1&chap=9

    Would logging spoofed, source routed and redirect packets be useful do
    you think ?

    My understanding covers this far (just :-)) but I'd rather not break
    anything horribly internally or upstream !

    JR


  6. Re: Two subnets on one interface with no VLANs

    Jonathan Ross wrote:
    > That's much appreciated, Rick.


    > I've turned off STP on the switch with the BGP Speakers. Is there
    > anything in Linux terms that I can do to minimise potential issues ?


    Unless you were enabling bridging code I don't think that STP would
    particularly care that you have multiple IP subnets on the same bit of
    wire. All that "layering" you know

    I don't know enough (anything really) about BGP to know if it uses
    broadcast or multicast and whether it would care if there were a node
    with two subnets on the same wire. I forget - is that dual-homed node
    also running BGP?

    > I've already enabled this, it's Gentoo:


    > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts


    I suppose that is useful, in a "try to hid" sort of way.

    > Would logging spoofed, source routed and redirect packets be useful
    > do you think ?


    I've no idea.

    rick jones
    --
    The computing industry isn't as much a game of "Follow The Leader" as
    it is one of "Ring Around the Rosy" or perhaps "Duck Duck Goose."
    - Rick Jones
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  7. Re: Two subnets on one interface with no VLANs


    > I don't know enough (anything really) about BGP to know if it uses
    > broadcast or multicast and whether it would care if there were a node
    > with two subnets on the same wire. I forget - is that dual-homed node
    > also running BGP?


    Morning Rick,

    >From what I can see BGP really only uses TCP because it needs to know

    that route UPDATES are received when routes from the table are
    withdrawn or added to its neighbors. It may possibly use UDP for the
    session keepalives ... I'll look into it

    Thanks for your input. Having found that some people don't suffer
    newbies or veterans on these forums gladly it's refreshing to find
    someone that is just quite happy to help ! I try my best to help in the
    same way too !

    :-)


+ Reply to Thread