lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m1tyankr6x.fsf@fess.ebiederm.org>
Date:	Fri, 15 Jul 2011 17:24:54 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Rémi Denis-Courmont <remi@...lab.net>
Cc:	Chris Friesen <cbf123@...l.usask.ca>, netdev@...r.kernel.org
Subject: Re: recommended way to support duplicate IP addresses on different VLANs?

"Rémi Denis-Courmont" <remi@...lab.net> writes:

> Le lundi 11 juillet 2011 17:58:14 Chris Friesen, vous avez écrit :
>> Hi all,
>> 
>> We've got a server that sits on multiple VLANs.  Each VLAN is segregated
>> and doesn't know about the others.  The IP address ranges in each of the
>> VLANs may overlap, and the server may be assigned the same IP address in
>> multiple VLANs.
>> 
>> We've got a messy solution now involving unique internal addresses and
>> NATing between those and the duplicate external addresses, but I'm
>> wondering if there is a cleaner way to handle this.
>> 
>> It seems like network namespaces would work, but it would require
>> multiple instances of our software which is a dealbreaker.
>> 
>> Is there any other way to deal with this scenario?
>
> Namespace file descriptors if/when they get accepted.

For reference.

The namespace file descriptor code is in 3.0.  setns is present in the
latest glibc.  And the iproute support is just finishing up.

What doesn't exist at the moment is a handy socketat library
function to make it a userspace program that uses multiple network
namespaces trivial.  But that is only a few lines of code.

It sounds like you don't need the full generality of network
namespaces but if you do the functionality is present.

Eric
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ