use separate subnets for the different interfaces. As someone said before, it's not rocket science.
It can be a barrier to selling gear if you don't have multiple subnets easily available to you - which is a very big deal for vendors doing evals or for development teams doing staging. Almost never an issue in production, I agree. I worked on a product that had this "1 address for the service", "1 address for administration" concept as its recommended deployment. When the product was in testing or in pre-production the potential customer would sensibly want to set it up the same way it would be in production - with 2 interfaces, each with a different address. But then the prospect would tell our Sales Engineer that they had only one subnet available for testing and it would take weeks or months to remedy that. Half the time that subnet would be DHCP only. As a vendor, our motivation was to lubricate the eval and pre production stages so we could quickly move onto the next trial with a satisfied customer in our wake. We, eventually, supported it all quite smoothly taking into consideration the arp and src address interface selection methods noted elsewhere in this thread. It never posed complications interacting with anything external to our gear. As such, I don't think it is fair to characterize it as a square peg. related link how to configure Linux to do do src address based routing: http://www.linuxjournal.com/article/7291 .. though I agree bonding is a better answer to the motivation laid out in the article. final semi related thought - I have seen devices with an admin/production NIC split where the production (insecure) interface will packets accept all the way up the stack that are (IP.dst == adminIP) as long as you put the production mac as the destination on the packet. That kinda leads to a false sense of security just because they are on different subnets. Gear that doesn't have physically separate processors for control/admin and data/production has to work a lot harder to make sure those things stay separated. -- PenBay Networks VOIPRecorder - Record Calls Made with Vonage(tm) on Your Computer! www.penbaynetworks.com