[Swan-dev] addresspool and handing out network/broadcast addresses

Paul Wouters paul at nohats.ca
Fri May 2 22:54:56 EEST 2014

On Fri, 2 May 2014, D. Hugh Redelmeier wrote:

> | I would suggest that if an addresspool is defined that includes
> | a.b.c.0/32 that we actually skip that address and not hand it out.
> |
> | And do the same with a.b.c.255/32
> Are you saying we don't live in a classless world?
> This is embarassing.

Yeah :/

> Do we have a way of knowing the whole local subnet?  If so, we might
> ban the top and bottom addresses of it (not the top and bottom of the
> addressrange).

a subnet (CIDR) is not an address range. I don't think we can infer
anything of an address range.

In some test cases this was also more complicated by having a remote
subnet= while also handing out 192.0.2.x/32 addresses.

> Or if we know the gateway (us), we might ban that.
> But banning ought to be: refuse the addresspool, not silently trim it.
> Don't work around idiots, educate them (convert them from being
> idiots).

I'd prefer to load addresspools, possibly log a warning. It might not
help some of the idiots in the world but I don't neccessarilly want to
inform all idiots at the expense of usability of what is probably going
to be very common configurations.

And if we allowed CIDR syntax, we per definition have this problem too,
eg: leftaddresspool= - you cannot really exclude it using
that syntax.


More information about the Swan-dev mailing list