Discussion:
[Dnsmasq-discuss] Overlapping/duplicate subnets
S. M. Hossein Hamidi
2017-02-22 13:55:30 UTC
Permalink
Hi all,

I am new to dnsmasq and my mind is busy with a DHCP scenario that I would
like to consult with you before getting my hands dirty.

Suppose that we have several subnets which are behind a NAT device which
additionally acts as a DHCP relay agent. I know that using DHCP relay agent
information option, I can distinguish between different subnets. However,
the additional constraint is to use duplicate or overlapping subnets
instead of distinct subnets. Since, the traffic comes from each segment
goes through NAT, it wouldn't be any problem to use duplicate IP addresses,
knowing that each segment has its own autonomy.

So, may I know if can I exploit tagging feature of dnsmasq so that it can
handle separate potentially overlapping leases for each subnet?


Regards,
/dev/rob0
2017-02-22 15:07:20 UTC
Permalink
Post by S. M. Hossein Hamidi
I am new to dnsmasq and my mind is busy with a DHCP scenario that I
would like to consult with you before getting my hands dirty.
Suppose that we have several subnets which are behind a NAT device
which additionally acts as a DHCP relay agent. I know that using
DHCP relay agent information option, I can distinguish between
different subnets. However, the additional constraint is to use
duplicate or overlapping subnets instead of distinct subnets.
That is a very strange constraint. RFC 1918 is quite large enough;
it's not necessary to share your netblocks. And how will your NAT
device distinguish one segment with a shared netblock from another
segment using the same netblock?

Sounds like broken IP networking to me. Compliant IP stacks do
routing based on IP address blocks.
Post by S. M. Hossein Hamidi
Since, the traffic comes from each segment goes through NAT, it
wouldn't be any problem to use duplicate IP addresses, knowing
that each segment has its own autonomy.
But again, how does the NAT device do this?
Post by S. M. Hossein Hamidi
So, may I know if can I exploit tagging feature of dnsmasq so
that it can handle separate potentially overlapping leases for
each subnet?
I'm pretty sure this would not be possible in dnsmasq nor in ISC
dhcpd. Either one could do a single netblock shared among many
distinct segments, but each would only be able to give out any one
address to only one client.

But wait and see what Simon says. :)
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
S. M. Hossein Hamidi
2017-02-22 21:40:25 UTC
Permalink
Hi,

While it might seem weird, it is a valid scenario. There might be reasons
to let reusing IP addresses.

To answer your question about deployment of NAT devices, it shouldn't be
just a NAT device. Each LAN segment can have its own NAT gateway.

Regards,
Post by /dev/rob0
Post by S. M. Hossein Hamidi
I am new to dnsmasq and my mind is busy with a DHCP scenario that I
would like to consult with you before getting my hands dirty.
Suppose that we have several subnets which are behind a NAT device
which additionally acts as a DHCP relay agent. I know that using
DHCP relay agent information option, I can distinguish between
different subnets. However, the additional constraint is to use
duplicate or overlapping subnets instead of distinct subnets.
That is a very strange constraint. RFC 1918 is quite large enough;
it's not necessary to share your netblocks. And how will your NAT
device distinguish one segment with a shared netblock from another
segment using the same netblock?
Sounds like broken IP networking to me. Compliant IP stacks do
routing based on IP address blocks.
Post by S. M. Hossein Hamidi
Since, the traffic comes from each segment goes through NAT, it
wouldn't be any problem to use duplicate IP addresses, knowing
that each segment has its own autonomy.
But again, how does the NAT device do this?
Post by S. M. Hossein Hamidi
So, may I know if can I exploit tagging feature of dnsmasq so
that it can handle separate potentially overlapping leases for
each subnet?
I'm pretty sure this would not be possible in dnsmasq nor in ISC
dhcpd. Either one could do a single netblock shared among many
distinct segments, but each would only be able to give out any one
address to only one client.
But wait and see what Simon says. :)
--
http://rob0.nodns4.us/
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...