Mailing List Archive

two interfaces one subnet
Hi,

This is a pretty moronic question, but I've been searching RFC's on-
and-off for a couple of weeks and can't find an answer. So I'm hoping
someone here will know it offhand.

I've been looking through RFC's trying to find a clear statement that
having two interfaces in the same subnet does not work, but can't find
it that statement anywhere.

The OS in this case is Linux. I know it can be done with clever
routing and prioritization and such, but this has to do with vanilla
config, just setting up two interfaces in one network.

I would be grateful for a pointer to such an RFC statement, assuming
it exists.

Thanks!

Chris
Re: two interfaces one subnet [ In reply to ]
On May 11, 2009, at 4:29 PM, Chris Meidinger wrote:

> This is a pretty moronic question, but I've been searching RFC's on-
> and-off for a couple of weeks and can't find an answer. So I'm
> hoping someone here will know it offhand.
>
> I've been looking through RFC's trying to find a clear statement
> that having two interfaces in the same subnet does not work, but
> can't find it that statement anywhere.
>
> The OS in this case is Linux. I know it can be done with clever
> routing and prioritization and such, but this has to do with vanilla
> config, just setting up two interfaces in one network.
>
> I would be grateful for a pointer to such an RFC statement, assuming
> it exists.

Why would an RFC prohibit this?

Most _implementations_ do, but as far as network "rules" in general it
is a valid configuration.

--
TTFN,
patrick
Re: two interfaces one subnet [ In reply to ]
On Mon, 11 May 2009, Chris Meidinger wrote:

> I've been looking through RFC's trying to find a clear statement that
> having two interfaces in the same subnet does not work, but can't find
> it that statement anywhere.

I don't know if it still works, but it did in Linux little over 10 years
back. Proxy-arp:ed all the IPs in the /27 in the /24 and everything was
fine (legacy reasons plus radiolink which I didn't want to run a lot of
broadcasts over). There are "legitimate" cases where you might want to do
this.

--
Mikael Abrahamsson email: swmike@swm.pp.se
Re: two interfaces one subnet [ In reply to ]
On 11.05.2009, at 22:34, Patrick W. Gilmore wrote:

> On May 11, 2009, at 4:29 PM, Chris Meidinger wrote:
>
>> I would be grateful for a pointer to such an RFC statement,
>> assuming it exists.
>
> Why would an RFC prohibit this?
>
> Most _implementations_ do, but as far as network "rules" in general
> it is a valid configuration.

That was essentially my conclusion as well: logically it can't work,
but I wasn't certain where it might be forbidden.

Thusly did I come to NANOG with the question, thinking smarter people
than I might know. If it's completely down to implementation, or
really to the interaction between TCP and underlying IP, then so be
it. I was hoping that I might just not have thought of the right place
to look.

On 11.05.2009, at 22:39, Mikael Abrahamsson wrote:

> On Mon, 11 May 2009, Chris Meidinger wrote:
>
>> I've been looking through RFC's trying to find a clear statement
>> that having two interfaces in the same subnet does not work, but
>> can't find it that statement anywhere.
>
> I don't know if it still works, but it did in Linux little over 10
> years back. Proxy-arp:ed all the IPs in the /27 in the /24 and
> everything was fine (legacy reasons plus radiolink which I didn't
> want to run a lot of broadcasts over). There are "legitimate" cases
> where you might want to do this.

Yes, I've gotten it to work as well as little as 10 days ago, but it's
not something that $random_customer should be doing as a matter of
practice.

Thus, again, my hope that I just wasn't thinking of the right place to
look to find an IETF recommendation against doing so.

Thanks for the input!

Chris
Re: two interfaces one subnet [ In reply to ]
On Mon, May 11, 2009 at 3:39 PM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:

> ... There are "legitimate" cases where you might want to do
> this.
>

NetApp filers consider this to be a legitimate configuration, even a
"supported and recommended one". If I understand the documentation
correctly, NetApp will (somehow) remember the physical interface a
request arrived on, and make sure to its send replies out same. It
sounds like a slight breakage of the expected behavior in order to
gain load-sharing for their multiple NICs attached to the same subnet.
IIRC, you can turn the feature off if it makes an issue.

--D
Re: two interfaces one subnet [ In reply to ]
What does two interfaces in one subnet mean?

Two NICs? Or virtual interfaces?



Mikael Abrahamsson wrote:
> On Mon, 11 May 2009, Chris Meidinger wrote:
>
>> I've been looking through RFC's trying to find a clear statement that
>> having two interfaces in the same subnet does not work, but can't find
>> it that statement anywhere.
>
> I don't know if it still works, but it did in Linux little over 10 years
> back. Proxy-arp:ed all the IPs in the /27 in the /24 and everything was
> fine (legacy reasons plus radiolink which I didn't want to run a lot of
> broadcasts over). There are "legitimate" cases where you might want to
> do this.
>
Re: two interfaces one subnet [ In reply to ]
On 11.05.2009, at 23:00, Charles Wyble wrote:

> What does two interfaces in one subnet mean?
>
> Two NICs? Or virtual interfaces?

Two NICs, as in physical interfaces.
Re: two interfaces one subnet [ In reply to ]
Unless you configure Layer 2 for two interfaces, it's not going to work.
It is invalid from networking principle.
If you have to send the traffic for host in same subnet you configured,
which interface it should send out ?
Basically it may create broadcast storm loop by putting two ip addresses
in same subnet in different interface.
It may be allowed from host-level, but from router equipment, I don't
think it was allowed at all.

Alex


Chris Meidinger wrote:
> Hi,
>
> This is a pretty moronic question, but I've been searching RFC's
> on-and-off for a couple of weeks and can't find an answer. So I'm
> hoping someone here will know it offhand.
>
> I've been looking through RFC's trying to find a clear statement that
> having two interfaces in the same subnet does not work, but can't find
> it that statement anywhere.
>
> The OS in this case is Linux. I know it can be done with clever
> routing and prioritization and such, but this has to do with vanilla
> config, just setting up two interfaces in one network.
>
> I would be grateful for a pointer to such an RFC statement, assuming
> it exists.
>
> Thanks!
>
> Chris
>
>
>
Re: two interfaces one subnet [ In reply to ]
Chris,

I work with iHDTV <http://ihdtv.org>, a project that sends uncompressed high
definition television (1.5 Gbps) as UDP over two 1 Gbps interfaces. If both
interfaces are on the same subnet, the OS sees the same router (gateway)
address on both interfaces, and the results are sub-optimal ... around 50%
packet loss.

Dave

On Mon, May 11, 2009 at 3:29 PM, Chris Meidinger <cmeidinger@sendmail.com>wrote:

> Hi,
>
> This is a pretty moronic question, but I've been searching RFC's on-and-off
> for a couple of weeks and can't find an answer. So I'm hoping someone here
> will know it offhand.
>
> I've been looking through RFC's trying to find a clear statement that
> having two interfaces in the same subnet does not work, but can't find it
> that statement anywhere.
>
> The OS in this case is Linux. I know it can be done with clever routing and
> prioritization and such, but this has to do with vanilla config, just
> setting up two interfaces in one network.
>
> I would be grateful for a pointer to such an RFC statement, assuming it
> exists.
>
> Thanks!
>
> Chris
>
>
Re: two interfaces one subnet [ In reply to ]
On 11.05.2009, at 23:19, Alex H. Ryu wrote:

> Unless you configure Layer 2 for two interfaces, it's not going to
> work.
> It is invalid from networking principle.
> If you have to send the traffic for host in same subnet you
> configured,
> which interface it should send out ?
> Basically it may create broadcast storm loop by putting two ip
> addresses
> in same subnet in different interface.
> It may be allowed from host-level, but from router equipment, I don't
> think it was allowed at all.

Alex, I _personally_ know that it's a problem. I was hoping for an RFC-
reference, or similar standards document, to show to customers to
convince them to stop trying to hack things to make it work.

Chris
Re: two interfaces one subnet [ In reply to ]
On Mon, May 11, 2009 at 2:22 PM, David Devereaux-Weber
<ddevereauxweber@gmail.com> wrote:
> Chris,
>
> I work with iHDTV <http://ihdtv.org>, a project that sends uncompressed high
> definition television (1.5 Gbps) as UDP over two 1 Gbps interfaces.  If both
> interfaces are on the same subnet, the OS sees the same router (gateway)
> address on both interfaces, and the results are sub-optimal ... around 50%
> packet loss.

packet loss is probably due to the network switch having to re-learn
the location of the MAC address constantly as it sees packets on two
or more ports with the same MAC address (think STP loops).

If your network stack and network device (switch) supports LACP, then
you can have multiple connections between a host and a network device.
That is a very easy way to increase capacity and add redundancy.

That is how all of our VMWare ESX 3.5i servers are connected.

Hector
Re: two interfaces one subnet [ In reply to ]
Chris Meidinger wrote:
> Hi,
>
> This is a pretty moronic question, but I've been searching RFC's
> on-and-off for a couple of weeks and can't find an answer. So I'm
> hoping someone here will know it offhand.
> I've been looking through RFC's trying to find a clear statement that
> having two interfaces in the same subnet does not work, but can't find
> it that statement anywhere.
> The OS in this case is Linux. I know it can be done with clever
> routing and prioritization and such, but this has to do with vanilla
> config, just setting up two interfaces in one network.
> I would be grateful for a pointer to such an RFC statement, assuming
> it exists.

If your goal is to achieve redundancy or to increase bandwidth, you can
bond the interfaces together - assuming that you have a switch / switch
stack that supports 802.3ad.

Then you could assign multiple IPs to the bonded interface without any
layer 3 messyness.

- Dan
Re: two interfaces one subnet [ In reply to ]
On 11.05.2009, at 23:31, Dan White wrote:

> Chris Meidinger wrote:
>> Hi,
>>
>> This is a pretty moronic question, but I've been searching RFC's on-
>> and-off for a couple of weeks and can't find an answer. So I'm
>> hoping someone here will know it offhand.
>> I've been looking through RFC's trying to find a clear statement
>> that having two interfaces in the same subnet does not work, but
>> can't find it that statement anywhere.
>> The OS in this case is Linux. I know it can be done with clever
>> routing and prioritization and such, but this has to do with
>> vanilla config, just setting up two interfaces in one network.
>> I would be grateful for a pointer to such an RFC statement,
>> assuming it exists.
>
> If your goal is to achieve redundancy or to increase bandwidth, you
> can bond the interfaces together - assuming that you have a switch /
> switch stack that supports 802.3ad.
>
> Then you could assign multiple IPs to the bonded interface without
> any layer 3 messyness.

I should have been clearer. The case in point is having two physical
interfaces, each with a unique IP, in the same subnet.

For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing like
bonding going on. The customers usually have the idea of running one
interface for administration and another for production (which is a
_good_ idea) but they want to do it in the same subnet (not such a
good idea...)

Chris
Re: two interfaces one subnet [ In reply to ]
:Hi,
:
:This is a pretty moronic question, but I've been searching RFC's on-
:and-off for a couple of weeks and can't find an answer. So I'm hoping
:someone here will know it offhand.
:
:I've been looking through RFC's trying to find a clear statement that
:having two interfaces in the same subnet does not work, but can't find
:it that statement anywhere.
:
:The OS in this case is Linux. I know it can be done with clever
:routing and prioritization and such, but this has to do with vanilla
:config, just setting up two interfaces in one network.
:
:I would be grateful for a pointer to such an RFC statement, assuming
:it exists.

RFC1122, Section 3.3.4.1 explicitly says this IS a legal config
from an IP perspective:

3.3.4 Local Multihoming

3.3.4.1 Introduction

A multihomed host has multiple IP addresses, which we may
think of as "logical interfaces". These logical interfaces
may be associated with one or more physical interfaces, and
these physical interfaces may be connected to the same or
different networks.

There are other considerations here -- OS, link-layer, etc.
Obviously, you want to do such things with care. But simply
from a "standards" perspective, it's ok. There are a lot of
hosts that historically didn't have enough RFC1122 compliance
to make such configurations problematic (e.g. section 3.3.1.2
and multiple default route support vs. old BSD IP stacks) but
that doesn't invalidate the standards.

--
Michael J. O'Connor mjo@dojo.mi.org
=--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"Pain has an element of blank." -Emily Dickinson
Re: two interfaces one subnet [ In reply to ]
On Mon, May 11, 2009 at 5:28 PM, Hector Herrera <hectorherrera@gmail.com> wrote:
> On Mon, May 11, 2009 at 2:22 PM, David Devereaux-Weber
> <ddevereauxweber@gmail.com> wrote:
>> ... both> interfaces are on the same subnet, the OS sees the same router (gateway)
>> address on both interfaces, and the results are sub-optimal ... around 50%
>> packet loss.
>
> packet loss is probably due to the network switch having to re-learn
> the location of the MAC address constantly as it sees packets on two
> or more ports with the same MAC address (think STP loops).

My understand of the scenario is: Two physical interfaces, each with
a unique IP address, in the same Ethernet broadcast domain, on the
same IP (sub)network.

If that's the case, the MAC address won't change. The cards stay
put. So a layer two switch will be none the wiser.

The reason this doesn't work (for most implementations) is that most
IP routers look only at the destination IP address, and keep no state.
(Here, I'm using "router" to include the routing engine built-in to
any full IP implementation, not just dedicated equipment from Cisco,
et. al.)

So we have a host with IP addresses A and B on the same subnet. A
packet comes in from some other host X. The application software does
whatever it does, and sends a response. The router looks at the
destination IP address X, and sees that it has two routes, A and B.

Depending on implementation, the router may send everything out the
first interface it finds in the routing table (e.g., use A and ignore
B), or round-robin between the two, or who-knows-what. Either way, if
the packet *from* X was addressed *to* B but the response comes back
from *A*, then host X is going to drop the packet as
invalid/irrelevant/etc.

With Linux, at least, you *can* use the routing policy database to
configure the kernel router to pay attention to more than just the
destination IP address. For example, you can have it look at the
source IP address (A or B), and route out the appropriate interface.
However, IIRC, this only works if the application software binds to
individual network interfaces. If the app software just listens for
anything (0.0.0.0), then the kernel gets to pick the source IP address
for any response.

I can post examples with gory details from our firewall, if anyone needs them.

-- Ben
Re: two interfaces one subnet [ In reply to ]
> Date: Mon, 11 May 2009 16:19:56 -0500
> From: "Alex H. Ryu" <r.hyunseog@ieee.org>
>
> Unless you configure Layer 2 for two interfaces, it's not going to work.
> It is invalid from networking principle.
> If you have to send the traffic for host in same subnet you configured,
> which interface it should send out ?
> Basically it may create broadcast storm loop by putting two ip addresses
> in same subnet in different interface.
> It may be allowed from host-level, but from router equipment, I don't
> think it was allowed at all.
>
> Alex


I am a bit baffled as to why people think:
1. It won't work
2. It is a bad thing to do if it would work

Neither is true. If it is two separate interfaces with two MAC
addresses, it will work fine IF one of the interfaces is configured with
a netmask of 255.255.255.255 (/32). Of course, you will have to add
routes for the second interface if you expect to source traffic from it,
but it really in not rare.

Many network devices are intended to be configured this way. NetApp was
mentioned, but it is not unique. Doing this is expressly covered in the
documentation for FreeBSD.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751


>
>
> Chris Meidinger wrote:
> > Hi,
> >
> > This is a pretty moronic question, but I've been searching RFC's
> > on-and-off for a couple of weeks and can't find an answer. So I'm
> > hoping someone here will know it offhand.
> >
> > I've been looking through RFC's trying to find a clear statement that
> > having two interfaces in the same subnet does not work, but can't find
> > it that statement anywhere.
> >
> > The OS in this case is Linux. I know it can be done with clever
> > routing and prioritization and such, but this has to do with vanilla
> > config, just setting up two interfaces in one network.
> >
> > I would be grateful for a pointer to such an RFC statement, assuming
> > it exists.
> >
> > Thanks!
> >
> > Chris
> >
> >
> >
>
>
RE: two interfaces one subnet [ In reply to ]
Hi Chris,

I remember this. I remember it in an early IP RFC, but couldn't find it in 10 minutes of searching. It had to do with intefaces cannot have overlapping address space. One of the IETF greybeards ought to know.

It's been a while since I was writing code with marked up rfc's in front of me...

Chris
Re: two interfaces one subnet [ In reply to ]
On May 11, 2009, at 5:19 PM, Alex H. Ryu wrote:

> Unless you configure Layer 2 for two interfaces, it's not going to
> work.

It can work. Of course it _may_ not, depending upon your
implementation, but then some implementations can't get a single
interface to work properly per subnet.


> It is invalid from networking principle.

You are confused, there is nothing invalid about the configuration.


> If you have to send the traffic for host in same subnet you
> configured,
> which interface it should send out ?

Pick an interface and send the packet. It's not rocket science. I
can come up with half a dozen algorithms off the top of my head while
typing the last sentence.


> Basically it may create broadcast storm loop by putting two ip
> addresses
> in same subnet in different interface.

That is an interesting statement. Could you explain how this can
happen without crafting an idiotic implementation spec (e.g. every
packet goes out both interfaces)?


> It may be allowed from host-level, but from router equipment, I don't
> think it was allowed at all.

Ever used HSRP / VRRP? Two interfaces in the same subnet. Works
fine. In fact, most people think it works _better_ than one interface
in the same subnet.

--
TTFN,
patrick
Re: two interfaces one subnet [ In reply to ]
On Mon, May 11, 2009 at 5:38 PM, Chris Meidinger
<cmeidinger@sendmail.com> wrote:
> For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing like
> bonding going on. The customers usually have the idea of running one
> interface for administration and another for production (which is a _good_
> idea) but they want to do it in the same subnet (not such a good idea...)

I just posted on this, but I didn't really address your original
question, so: I'm not aware of anything in the RFCs or other standards
which prohibits this. But then, I haven't gone looking, because...

It *can* be made to work in practice, for certain scenarios. For
example, if you're talking a web server, and you bind the "production"
site to 10.0.0.2 and the "administration" site to 10.0.0.1, and
configure policy routing (you said Linux, right?) to route
appropriately, it should work. It works because Apache can bind sites
to individual interfaces.

-- Ben
Re: two interfaces one subnet [ In reply to ]
On 11.05.2009, at 23:42, Kevin Oberman wrote:

>> Date: Mon, 11 May 2009 16:19:56 -0500
>> From: "Alex H. Ryu" <r.hyunseog@ieee.org>
>>
>> Unless you configure Layer 2 for two interfaces, it's not going to
>> work.
>> It is invalid from networking principle.
>> If you have to send the traffic for host in same subnet you
>> configured,
>> which interface it should send out ?
>> Basically it may create broadcast storm loop by putting two ip
>> addresses
>> in same subnet in different interface.
>> It may be allowed from host-level, but from router equipment, I don't
>> think it was allowed at all.
>>
>> Alex
>
>
> I am a bit baffled as to why people think:
> 1. It won't work
> 2. It is a bad thing to do if it would work
>
> Neither is true. If it is two separate interfaces with two MAC
> addresses, it will work fine IF one of the interfaces is configured
> with
> a netmask of 255.255.255.255 (/32). Of course, you will have to add
> routes for the second interface if you expect to source traffic from
> it,
> but it really in not rare.

This is, of course, how I've done it at times in the past. Routing
management can, however, become quite a pain over time.

The customer expectation is, naturally, that any traffic related to a
connection that comes in to the first interface should go back out
that interface, and anything related to a connection that came into
the second interface should go back out there. (All this without any
specific routing etc.)

I think we both know that that's not going to happen automagically.

Chris
Re: two interfaces one subnet [ In reply to ]
> From: Chris Meidinger <cmeidinger@sendmail.com>
> Date: Mon, 11 May 2009 23:38:30 +0200
>
> On 11.05.2009, at 23:31, Dan White wrote:
>
> > Chris Meidinger wrote:
> >> Hi,
> >>
> >> This is a pretty moronic question, but I've been searching RFC's on-
> >> and-off for a couple of weeks and can't find an answer. So I'm
> >> hoping someone here will know it offhand.
> >> I've been looking through RFC's trying to find a clear statement
> >> that having two interfaces in the same subnet does not work, but
> >> can't find it that statement anywhere.
> >> The OS in this case is Linux. I know it can be done with clever
> >> routing and prioritization and such, but this has to do with
> >> vanilla config, just setting up two interfaces in one network.
> >> I would be grateful for a pointer to such an RFC statement,
> >> assuming it exists.
> >
> > If your goal is to achieve redundancy or to increase bandwidth, you
> > can bond the interfaces together - assuming that you have a switch /
> > switch stack that supports 802.3ad.
> >
> > Then you could assign multiple IPs to the bonded interface without
> > any layer 3 messyness.
>
> I should have been clearer. The case in point is having two physical
> interfaces, each with a unique IP, in the same subnet.
>
> For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing like
> bonding going on. The customers usually have the idea of running one
> interface for administration and another for production (which is a
> _good_ idea) but they want to do it in the same subnet (not such a
> good idea...)

This will not work right. One interface can be 10.0.0.1/24, but any
added interfaces would need to be /32 (10.0.0.2/32).

What your customer wants can probably be done, but it is a really bad
idea. Put them in different subnets. If you need to, break off a /30
from the /24. (That is a bit messy as you meed to break the /24 into a
/25, a /26, a /27..., but it should work fine. Since the main interface
has to talk to ALL of the subnets, you will need to use one address from
each and that is pretty wasteful, but it should work.) Just really UGLY!

If only a part of the address space need be used, it gets easier and
less ugly. If a /25 will work, it's pretty much normal configuration on
both interfaces.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
RE: two interfaces one subnet [ In reply to ]
If it were me and had the requirement of having both NICs in the same L2
segment, but unique IP addresses, I'd assign a secondary IP address to
the Layer3 SVI on the upstream device, and give the 2nd NIC on the
server an IP on that secondary IP block.

Ken Matlock
Network Analyst
Exempla Healthcare
(303) 467-4671
matlockk@exempla.org
-----Original Message-----
From: Chris Meidinger [mailto:cmeidinger@sendmail.com]
Sent: Monday, May 11, 2009 3:39 PM
To: Dan White
Cc: nanog@nanog.org
Subject: Re: two interfaces one subnet

On 11.05.2009, at 23:31, Dan White wrote:

> Chris Meidinger wrote:
>> Hi,
>>
>> This is a pretty moronic question, but I've been searching RFC's on-
>> and-off for a couple of weeks and can't find an answer. So I'm
>> hoping someone here will know it offhand.
>> I've been looking through RFC's trying to find a clear statement
>> that having two interfaces in the same subnet does not work, but
>> can't find it that statement anywhere.
>> The OS in this case is Linux. I know it can be done with clever
>> routing and prioritization and such, but this has to do with
>> vanilla config, just setting up two interfaces in one network.
>> I would be grateful for a pointer to such an RFC statement,
>> assuming it exists.
>
> If your goal is to achieve redundancy or to increase bandwidth, you
> can bond the interfaces together - assuming that you have a switch /
> switch stack that supports 802.3ad.
>
> Then you could assign multiple IPs to the bonded interface without
> any layer 3 messyness.

I should have been clearer. The case in point is having two physical
interfaces, each with a unique IP, in the same subnet.

For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing like
bonding going on. The customers usually have the idea of running one
interface for administration and another for production (which is a
_good_ idea) but they want to do it in the same subnet (not such a
good idea...)

Chris
Re: two interfaces one subnet [ In reply to ]
On May 11, 2009, at 4:45 PM, Chris Meidinger wrote:
> On 11.05.2009, at 22:34, Patrick W. Gilmore wrote:
>
>> On May 11, 2009, at 4:29 PM, Chris Meidinger wrote:
>>
>>> I would be grateful for a pointer to such an RFC statement,
>>> assuming it exists.
>>
>> Why would an RFC prohibit this?
>>
>> Most _implementations_ do, but as far as network "rules" in general
>> it is a valid configuration.
>
> That was essentially my conclusion as well: logically it can't work,
> but I wasn't certain where it might be forbidden.

How did you read what I wrote and say what you said? I've read it
several times and I can't get from point A to point B. Did you do a
major typo or something?

I said it is valid. After saying you came to the same conclusion, you
then said "logically it can't work". Your statement not only
contradicts what I said, but contradicts the fact is has and does work.

Let me be clear: IT IS NOT FORBIDDEN. IT WORKS FINE.

--
TTFN,
patrick
Re: two interfaces one subnet [ In reply to ]
On 5/11/09 3:23 PM, Chris Meidinger wrote:
> On 11.05.2009, at 23:19, Alex H. Ryu wrote:
>
>> Unless you configure Layer 2 for two interfaces, it's not going to work.
>> It is invalid from networking principle.
>> If you have to send the traffic for host in same subnet you configured,
>> which interface it should send out ?
>> Basically it may create broadcast storm loop by putting two ip addresses
>> in same subnet in different interface.
>> It may be allowed from host-level, but from router equipment, I don't
>> think it was allowed at all.
>
> Alex, I _personally_ know that it's a problem. I was hoping for an
> RFC-reference, or similar standards document, to show to customers to
> convince them to stop trying to hack things to make it work.
>
> Chris
>

In Linux, I ran into the exact situation talked about in the link:
http://lwn.net/Articles/45373/


Basically, recent versions of Linux will respond to arp requests for IPs
on another interface on the receiving interface. Basically, you end up
with traffic going in/out of unexpected interfaces. I discovered my
iptables rules weren't quite working right and I couldn't get into one
of my boxen because the allow was set to eth0, and the packets were
coming in/out of eth1 even though the IP was bound to eth0.

One of the more interesting gotchas that had me stumped for hours before
I found out what was really going on.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
Re: two interfaces one subnet [ In reply to ]
On 11.05.2009, at 23:48, Ben Scott wrote:

> On Mon, May 11, 2009 at 5:38 PM, Chris Meidinger
> <cmeidinger@sendmail.com> wrote:
>> For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing
>> like
>> bonding going on. The customers usually have the idea of running one
>> interface for administration and another for production (which is a
>> _good_
>> idea) but they want to do it in the same subnet (not such a good
>> idea...)
>
> I just posted on this, but I didn't really address your original
> question, so: I'm not aware of anything in the RFCs or other standards
> which prohibits this. But then, I haven't gone looking, because...
>
> It *can* be made to work in practice, for certain scenarios. For
> example, if you're talking a web server, and you bind the "production"
> site to 10.0.0.2 and the "administration" site to 10.0.0.1, and
> configure policy routing (you said Linux, right?) to route
> appropriately, it should work. It works because Apache can bind sites
> to individual interfaces.

Just to restate here, for people who have been responding both
publicly and privately:

I know that *I* can make it work, and I know that *you* can make it
work. But I also know that it's not likely to stay working.

One day, down the road, something will break. Then, my poor support
team will spend days trying to diagnose the problem.

So I want to stop the customer from trying to force a round peg into a
square hole, and just use separate subnets for the different
interfaces. As someone said before, it's not rocket science.

Still though, thanks for all the input; it's really useful.

Chris

1 2 3  View All