> dave@bfnet.com wrote:
> > I'm setting up a pair of failover servers on vanilla 2.2.5, and to that end I
> > want to use the following script:
> >
> > --------------------------------------------------------------------------------
> > #!/bin/sh
> >
> > /sbin/ifconfig eth0:1 207.168.228.79 broadcast 207.168.228.127 netmask 255.255.255.192 up
> > /sbin/arp -i eth0:1 -s 207.168.228.79 00:10:F3:01:11:24 netmask 255.255.255.192 pub
>
> I'm told that the wonderfully useful netmask-on-published-arp feature
> has disappeared.
>
> It seems that one of the Linux developpers (ANK?) said: "I think that
> you never need it, so I removed that feature. If you convince me that
> you need it, I'll put it back in". (I have this second-hand, so forgive
> me if I'm misrepresenting someone ;-)
No it was like:
"If you convince me that you need it, I'll implement it as a userspace
daemon". Longer term it is possible that all proxy arp (and RARP)
is moved into user space.
> Ok, So here I go....
>
> At the university we have accumulated about 100 machines in the
> group. At first we used bridges to keep out most of the unwanted
> traffic, but the broadcasts of the "rest" were using about 10% of our
> bandwidth. Bridges let those go through.
>
> So we decided to put in a (linux-)router. Now, ideally, we would
> partition the hosts into 4 separate IP ranges, and give each of them
> an IP address of the router to use as the default gateway. And we'd
> tell the "outside" world of our router. In practise however, we cannot
> change the configuration of the 100 machines at the same time, leading
> to a long down-time.
>
> Even worse, is the situation on the outside. There are over 2000
> computers there, that expect to find our 100 "directly on the
> ethernet". There is NO WAY that we can change the configuration on any
> of them. There is NO WAY that we can secure a range of IP addreses
> outside of the "on the local ethernet" range, so that we could route
> through the departemental "default" gateway.
>
> "inside" "outside"
> ______________
> about 100 | |
> computers total | linux |
> -------------------------| router | about 2000
> | | computers +
> | | the default
> -------------------------| | gateway.
> | |----------------
> | |
> -------------------------| |
> | |
> | |
> -------------------------| |
> | |
> |______________|
>
>
> As we ARE trying to move towards the situation where there is simple
> routing on the inside, we have published network-arps for the IP
> ranges that SHOULD be on one segment. However, the "exceptions to the
> rule" were inventoried at the installation time, and new machines are
> always assigned a "correct" IP number.
You mean the 2000 machines outside and the 100 machines inside are all
in the same network? If the 2000 machines are at least separated by a
router I would subnet your group's network, route through the linux
router and cut the machines over to the new netmask in a night or so
("been there, done that", on 80+ machines networks).
Sooner or later you'll have to go with a more hierarchical network
setup anyways, ARP hacks won't save you long.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/