[Swan-dev] addresspool and handing out network/broadcast addresses
D. Hugh Redelmeier
hugh at mimosa.com
Sat May 3 02:01:47 EEST 2014
| From: Paul Wouters <paul at nohats.ca>
| > Do we have a way of knowing the whole local subnet? If so, we might
| > ban the top and bottom addresses of it (not the top and bottom of the
| > addressrange).
|
| a subnet (CIDR) is not an address range. I don't think we can infer
| anything of an address range.
|
| In some test cases this was also more complicated by having a remote
| subnet=192.0.2.0/24 while also handing out 192.0.2.x/32 addresses.
No, not from the address-pool address range, but from the LAN we
ourselves are probably on. Which is likely a subnet. And likely we
know the IP address of various furniture within that subnet
- broadcast
- gateway
- local DNS server
- IP addresses given out by DHCP
- print server IP address
- addresses already occupied (based on ARP traffic)
- ...
How far do we wish to go down this rathole? I feel that what you've
suggested is either too far or not far enough. The question is: is it
(partly?) our responsability to get this right or the user's job?
Doing half the job is a bad idea.
| > Or if we know the gateway (us), we might ban that.
| >
| > But banning ought to be: refuse the addresspool, not silently trim it.
| >
| > Don't work around idiots, educate them (convert them from being
| > idiots).
|
| I'd prefer to load addresspools, possibly log a warning. It might not
| help some of the idiots in the world but I don't neccessarilly want to
| inform all idiots at the expense of usability of what is probably going
| to be very common configurations.
(It sure would be nice if the warnings were apparent to our users, but
that's another issue.)
If it is our job, why even have them specify an address-pool? We can
make it up ourself.
I'm against kludgy software full of heuristics that might break in too
many interesting ways.
Blocking 0.0.0.0/0.0.255.0 and 0.0.255.0/0.0.255.0 seems arbitrary.
Doesn't even work for my network, and I have a Class C.
| And if we allowed CIDR syntax, we per definition have this problem too,
| eg: leftaddresspool=192.0.2.0/24 - you cannot really exclude it using
| that syntax.
Sure. But we don't support CIDR syntax for an address-pool. Maybe
this is a good reason not to.
More information about the Swan-dev
mailing list