[Swan-dev] virutal-private [was: overlapping address pools]

D. Hugh Redelmeier hugh at mimosa.com
Tue Apr 22 00:58:03 EEST 2014

| From: D. Hugh Redelmeier <hugh at mimosa.com>
| Subject: Re: [Swan-dev] overlapping address pools

| When two subnets overlap, one contains the other (they can be the
| same, in which case they contain each other).  That's simpler than
| IP-address ranges that are used for addresspools.  Especially when
| considering more than two.

There are two virtual-private subnet lists: inclusive and exclusive.
An address is considered private if it is covered by at least one
subnet in the inclusive list and no subnet in the  exclusive list.

No consideration is given to overlap.

Is this reasonable?

It seems to me that the conventional test would be:

    What is the smallest subnet that includes the address in question?
    If it is in the inclusive set, the address is private.

Also, it would seem to be a mistake to have the same subnet appear
twice or more (either in the same or different lists).  This would be
a mistake in the lists.

More information about the Swan-dev mailing list