On 06/02/10 03:08, Al wrote:
> Hi James,
>
> For the general question (not related to my original post) of using one
> subnet on multiple VLANs, perhaps some extreme cases may exist. I have not
> researched any case myself but here is a quote from a book ("CCIE Routing and
> Switching Exam Certification Guide, Fourth Edition" by Denise Donohue, Rus
> Healy, Wendell Odom) that hints to this:
>
> "Also, although not typically done, you can design a network to use one
> subnet on multiple VLANs, and use routers with proxy ARP enabled to forward
> traffic between hosts in those VLANs."
>
> Just thought this may sound interesting to you. Here is also some related
> discussion: https://supportforums.cisco.com/message/3105884
>
> I was partially under the influence :) of the above sources when I posted my
> question.
There's not much in the way of proxy ARP support in OpenSolaris. It's
possible to set up manual ARP entries, but that's about it.
The replies on the thread you're citing should make it fairly clear that
it just doesn't work that way. The only case where I've seen proxy ARP
used semi-successfully is with overlapping subnets: for example, one
interface configured with subnet 10.1.1.0/24 and another with
10.1.0.0/16. These are also technically illegal, but if you decide that
you don't really care about much other than unicast, and if you can
somehow guarantee that the second, larger network never has nodes that
"belong" on the first, smaller one, you can make it work with proxy ARP.
The system would be required to receive ARP requests on the larger
network, and, if they're in the range specified for the smaller one,
reply on behalf of the smaller one, and then forward any data packets
between the two. From the point of view of hosts on the smaller
network, the rest of the nodes are all reachable through the local
system as a router.
There's nothing in OpenSolaris that will handle those ARP bits correctly
for you, and I would not expect that this sort of interface
configuration is ever deliberately tested. You might be able to set up
some sort of hack to make it work. But it's likely to have problems,
and I have a hard time seeing how it would be useful in any reasonably
well-designed IP network. "Just don't do that" seems like a simpler
answer to me.
--
James Carlson 42.703N 71.076W <carls...@workingcode.com>
_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org
