From owner-freebsd-questions@FreeBSD.ORG Tue Sep 13 15:23:21 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2A0B16A41F for ; Tue, 13 Sep 2005 15:23:21 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: from web33305.mail.mud.yahoo.com (web33305.mail.mud.yahoo.com [68.142.206.120]) by mx1.FreeBSD.org (Postfix) with SMTP id 50C1943D49 for ; Tue, 13 Sep 2005 15:23:21 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 27921 invoked by uid 60001); 13 Sep 2005 15:23:20 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=o0D8FBP9OSShT6PzfzGupmg1jrdBTi54Tt6vJm2+N9loePhywJ0xRJKyNU88aKnuajUs49NpJqaSZ1AGQ8Qvglr13V68mLcgJCy0IKWIN68veWDUYKCahWcz3P7dZLcdm9STPoQGo3nWUHkVYid/3HQyQWTjVmLBNHUuDAwhlrw= ; Message-ID: <20050913152320.27919.qmail@web33305.mail.mud.yahoo.com> Received: from [69.114.187.133] by web33305.mail.mud.yahoo.com via HTTP; Tue, 13 Sep 2005 08:23:20 PDT Date: Tue, 13 Sep 2005 08:23:20 -0700 (PDT) From: Danial Thom To: freebsd-questions@freebsd.org In-Reply-To: <8A38568B-D5B4-4EE7-AFB5-FF6C0D1285C6@mac.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: VLAN interfaces on FreeBSD; performance issues X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Sep 2005 15:23:21 -0000 --- Charles Swiger wrote: > On Sep 12, 2005, at 11:49 AM, Sten Daniel > Sørsdal wrote: > >> The essence of multihoming is having two (or > more) distinct NICs. > > > > so if i had two vlan's with an ip on both. > wouldnt this qualify it as > > multihoming? would i somehow no longer need > to configure the > > computer as > > though it was a multihomed? > > I don't fully understand the question you are > asking. If you have > one physical connection (one NIC, one Cat5 > cable), you can only > connect to a single collision domain, even if > you use VLANs (or set > up IP aliases on different subnets, etc). > > -- > -Chuck its not clear why Chuck keeps answering since he clearly doesn't understand the question. You can, of course, multihome with one nic, and Spanning Tree and "collision domains" have nothing to do with anything, simply by routing to the correct router. The trick is your scheme for determining the correct router. It makes little difference if they are on the same wire or even the same numbered network. If your routing table says "route 10.1.1/24 to 200.1.1.1 and route 10.2.1/24 to 200.1.1.2" you're multi-homed on a single wire. "Multi-homing" refers to having more than one network egress (ie 2 or more upstream providers) and the ability to "decide" which one to send specific traffic to. You're making a big mess of your network for little reason, except perhaps to thwart the competely incompetent. If you don't have servers isolated they can sniff and learn whatever you're doing, and if not and they know the numbering of their wire they can learn the associated vlan tag in about 200ms by trying every combination until something works. If you want to secure the IP-to-machine use a MAC-IP firewall enforcement, which is less work and more effective than renumbering your entire network with VLAN tagging. Buying into Cisco's schemes are more about locking you into using their equipment then anything useful. That's one thing thats a constant over time. Danial __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com