Two subnets on one interface with no VLANs

Hi,

I'm looking for input from anyone that has experience of running two
subnets on one inteface.

Eg:

172.16.1.1/24 and 10.10.10.1/24 both bound to one NIC via a layer 2
switch without using VLANs.

Will it cause problems ? I can't find much online that's concrete.

I'd appreciate any help,

JR



Jonathan Ross

Jonathan Ross wrote:
> I'm looking for input from anyone that has experience of running two
> subnets on one inteface.
>
> Eg:
>
> 172.16.1.1/24 and 10.10.10.1/24 both bound to one NIC via a layer 2
> switch without using VLANs.
>
> Will it cause problems ? I can't find much online that's concrete.

Since you didn't ask how to do it, I assume you already know that.

There are no inherent problems, though you need to make sure your IP
routing topology makes sense. What kind of problems are you expecting?
FWIW, all the switch cares about is the MAC address.

Thanks, Allen. That's really helpful.

It's a 2.6 kernel and I'm hoping source IPs won't ever be confused over
UDP (apparently TCP contains enough info to avoid this).

The single NIC will connect to two BGP speakers using Quagga through a
layer 2 switch and use IP forwarding to its other NIC connected to
another layer 2 switch running the advertised IP range.

There will only be a small amount of traffic to one subnet (20kbps for
BGP route updates) so I'm hoping it won't be a problem. It just seems
intrinsically wrong without VLANs :-)

JR

Jonathan Ross <(E-Mail Removed)> wrote:
> I'm looking for input from anyone that has experience of running two
> subnets on one inteface.

> Eg:

> 172.16.1.1/24 and 10.10.10.1/24 both bound to one NIC via a layer 2
> switch without using VLANs.

> Will it cause problems ? I can't find much online that's concrete.

The only "problem" is that you will not have traffic isolation between
the two subnets. A system in one IP subnet will be able to use proxy
ARP to communicate "directly" with a system in the other IP subnet
without going through a router.

Also, broadcasts/multicasts in the one subnet will be seen by all
nodes in the broadcast domain, regardless of the IP subnet in which
they reside.

Whether any of that is a "problem" I suspect "will depend"

rick jones
--
oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

That's much appreciated, Rick.

I've turned off STP on the switch with the BGP Speakers. Is there
anything in Linux terms that I can do to minimise potential issues ?

I've already enabled this, it's Gentoo:

/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

from:

http://www.gentoo.org/doc/en/securit...?part=1&chap=9

Would logging spoofed, source routed and redirect packets be useful do
you think ?

My understanding covers this far (just :-)) but I'd rather not break
anything horribly internally or upstream !

JR

Jonathan Ross <(E-Mail Removed)> wrote:
> That's much appreciated, Rick.

> I've turned off STP on the switch with the BGP Speakers. Is there
> anything in Linux terms that I can do to minimise potential issues ?

Unless you were enabling bridging code I don't think that STP would
particularly care that you have multiple IP subnets on the same bit of
wire. All that "layering" you know

I don't know enough (anything really) about BGP to know if it uses
broadcast or multicast and whether it would care if there were a node
with two subnets on the same wire. I forget - is that dual-homed node
also running BGP?

> I've already enabled this, it's Gentoo:

> /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

I suppose that is useful, in a "try to hid" sort of way.

> Would logging spoofed, source routed and redirect packets be useful
> do you think ?

I've no idea.

rick jones
--
The computing industry isn't as much a game of "Follow The Leader" as
it is one of "Ring Around the Rosy" or perhaps "Duck Duck Goose."
- Rick Jones
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

> I don't know enough (anything really) about BGP to know if it uses
> broadcast or multicast and whether it would care if there were a node
> with two subnets on the same wire. I forget - is that dual-homed node
> also running BGP?

Morning Rick,

>From what I can see BGP really only uses TCP because it needs to know
that route UPDATES are received when routes from the table are
withdrawn or added to its neighbors. It may possibly use UDP for the
session keepalives ... I'll look into it

Thanks for your input. Having found that some people don't suffer
newbies or veterans on these forums gladly it's refreshing to find
someone that is just quite happy to help ! I try my best to help in the
same way too !

:-)