Layer 3 (IP) based switching for Linux? (Proxy-ARP??)

To:	netdev <netdev@xxxxxxxxxxx>
Subject:	Layer 3 (IP) based switching for Linux? (Proxy-ARP??)
From:	Ben Greear <greearb@xxxxxxxx>
Date:	Tue, 28 Dec 1999 08:21:23 -0700
Organization:	AG Communication Systems
Posted-date:	Tue, 28 Dec 1999 08:20:55 -0700 (MST)
Reply-to:	greearb@xxxxxxxx
Sender:	owner-netdev@xxxxxxxxxxx

I first sent this to the old .mx mailing list, which seems to
be defunct.  If you've already seen this, I appologize.  After
reading more in the intervening days, I am starting to think that
what I really want is Proxy-ARP.  However, I'm having a hard time
finding any info on how to set that up.  Here is my original
email:  (View in fixed-width font.)


I am trying to set up a network that looks something like this:

PC1 -------\
5.5.1.2/24  \__ eth0 |-------|
                     |       |             5.5.1.254/24
                ...  | Linux | eth2 ------ [ gateway ] ---- { internet }
                     |       |
PC2 ----------- eth1 |_______|
5.5.1.3/24


Instead of eth**, I'm going to be using my vlan code to have
lots of vlan interfaces, probably 100+, maybe 1000+, but for
sake of argument, the eth** should be identical in nature.

If the gateway idea is too wierd, then the dflt gateway could
reside on eth2 of the linux box.


The fun part is that I want to be able to 'firewall' the
interfaces coming from the PC's, mainly to restrict them to
a certain IP address (they are un-trusted, and could possible
be malicious.)  The IPs will be configured from user-space.

PC's should be able to talk to PC's as well, so the linux box
will have to do some (hopefully smart) switching at layer 2 (ie
ARP.)  It will also have to switch layer 3, because the gateway
will not want to route a pkt back down the wire, say from PC1 to
PC2.  At the same time, the bandwidth from the PCs to the Linux
box is limited, and should be optimized (the switch needs to
be smart.)  I believe static routes would work except in the case
of PC <-> PC communication?

Since the Linux box will be configured to know what IP's belong
where, it should *NOT* try to automatically learn the IP addresses.
However, if there is code that already does this, then I can
just block the out-going pkts with the firewalling rules, I hope.

So, does anyone know of any existing software that can do this,
or do I need to start hacking into kernel!!

Thanks!
Ben

--
Ben Greear        greearb@xxxxxxxx   Pager: 202-2717
(623) 581 4980    "More weight!" -- _The Crucible._
http://hydrogen:8080/home/greearb/public_html/index.html

<Prev in Thread]	Current Thread	[Next in Thread>
Layer 3 (IP) based switching for Linux? (Proxy-ARP??), Ben Greear <= Re: Layer 3 (IP) based switching for Linux? (Proxy-ARP??), William Stearns Re: Layer 3 (IP) based switching for Linux? (IT WORKS!!), Ben Greear Re: Layer 3 (IP) based switching for Linux? (Proxy-ARP??), Ralf Baechle Re: Layer 3 (IP) based switching for Linux? (Proxy-ARP??), Ben Greear

Previous by Date:	Re: [PATCH] skb field reservation v2.3.34, Andi Kleen
Next by Date:	Re: [PATCH] skb field reservation v2.3.34, kuznet
Previous by Thread:	[PATCH] skb field reservation v2.3.34, Rusty Russell
Next by Thread:	Re: Layer 3 (IP) based switching for Linux? (Proxy-ARP??), William Stearns
Indexes:	[Date] [Thread] [Top] [All Lists]