On Fri, Mar 26, 2021 at 1:42 PM Lukas Tribus <lukas@ltri.eu> wrote:
In production, you may be able to troubleshoot this a few months from now, but how will the on-duty junior engineer handle this at 03 AM?
Hi Lukas, In the network Vom describes, he is surely the only network engineer. I would agree that it is not something anyone should try at scale -- the configuration complexity is higher than any ordinary network architecture. Vom's question was how to carve off some addresses without being stuck at 1/2 the allocation as his maximum subnet size. At the sacrifice of some complexity, it can be done. As described, you can even recapture 3 addresses that would normally be lost to you were you not attempting to carve off addresses.
What you are suggesting is to configure public IP address space that isn't yours, this should be a big nono.
That's one way of looking at it. Here's a different one: It is an entirely legitimate network configuration to give your LAN a 0.0.0.0 netmask and rely on proxy arp to route off of it for non-local addresses. Nobody does it this way, it's inefficient and gets very complex when there's more than one router, but it in no way implies configuring yourself address space which is not yours.
At the very least you can't reach the public IP addresses 10.0.0.0 and 10.0.3.255 from the hosts, because they won't be sending ARP requests for subnet and broadcast addresses.
In the described configuration, those addresses are almost guaranteed to be base addresses or broadcast addresses of someone else's network which you wouldn't be able to reach or access anyway. There is a tiny chance that someone else did the same thing you did or decided to use a /32 route to capture and use those two addresses as unicast, but you've a better chance of winning the lottery or being hit by lightning than finding those two addresses in use. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/