On 04/07/13 02:34, David Lang wrote:
So, I had a couple of hours of solo driving tonight and started thinking
about this more.
Thinking about it, if your users are very mobile, I think it's probably
better to try and have everything bridged (tunneling things back and
forth is extra overhead.
But if you only have a few users moving between zones, shrinking the
bridged broadcast domain has value.
So then I started thinking what it would take to do this just with
normal Linux tools. when some proprietary tool has something useful, I
like to think about what it takes to do it for for free :-) and I think
just about all of it is available.
What I'm thinking is the following setup.
in each 'zone', you have a system that is your DHCP, gateway, etc box
for that zone (actually, you probably want this to be a HA pair)
setup each DHCP system to allocate IP addresses in a different subnet
with a different range. Then setup the DHCP systems to forward DNCP
renewal requests for the other ranges to the appropriate systems (this
is the part I'm not sure can be done with stock DHCP software)
Then setup tunnels from this box to the boxes in all the other zones.
Then for each zone, on the boxes for that zone, setup a bridge that has
tunnels to all the other systems, and an interface to the 'local' APs.
Use ANYCAST configuration techniques to configure the gateway IP for
this zone on the interface for the local APs, then on the far end of
each of the tunnels, setup that same ANYCAST IP, with it configured to
forward all traffic to that IP across the tunnel.
This way, a system will get a IP in the local zone, but if it moves to a
different zone, DHCP renewals will continue to work so that it keeps the
IP it has, and any traffic destined for the gateway will get picked up
by the local box and forwarded.
when the return traffic hits the gateway box, the bridging logic will
figure out if it should go out the local interface or over one of the
tunnels to the other systems
Does this sound like it would work?
Can stock DHCP software be configured to do this?
At this point, it is better to just have a campus wide WiFi VLAN.
You are already bridging the multiple zones. So, there isn't much
difference.
Now, if you had multiple zones, all using the same subnet. Then have
the router for the zone Masquerade NAT that zone to the normal network.
Have it also proxy the DHCP to a central server.
Now you have limited your broadcast domain and DHCP stays constant over
moves.
The shared subnet needs to be large enough to handle all devices on
campus. And you won't be able to establish connections to the devices,
just from them.
IPv6 is another story...
--
Mr. Flibble
King of the Potato People
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
