1

Related to my other questions:

Designing OSPF mesh network

Private and Public IPs in the same OSPF area

What is you opinion on having both the private ip subnets and the public ip subnets on the same vlan? (and thus removing the need for vlans at the access-layer, only needing two IP-addresses on the same interface of a certain host).

Consider the two situations to the left and right in this picture:

enter image description here

Community
  • 1
Peter
  • 406
  • 3
  • 16

2 Answers2

1

Having two IP's on a host on the same interface is never a good idea.

  1. When sending packets out which IP will be used as source ip ?
  2. What if 172.x is used for talking to the internet ?
  3. When using the wrong src/dst combination for local traffic it needs to hairpin through a l3/router.
  4. DHCP will not be a option any more, so only applicable to a very small setup.

A better/standard approach is to use private ip's 10/8, 172.16/12 for the host IP's, then on the upstream router do a 1 to 1 nat to the public IP, for outgoing and incoming traffic.

If you then ever change ISP and get new public IP's is simple to change them in one place.

Pieter
  • 1,437
  • 10
  • 14
0

Only ease of use deployment, no control over router, no separation

Use public ip's, (only public ip, no private ip) on hosts that need them. Statical configured.

Use private 172.x private IP's on the rest of the hosts.

The routing between public and private can then be done by a L3 switch.

Ask the provider that manages the router to only nat/hide the private IP's when they leave for the internet, but let the public ip's straight through.

Pieter
  • 1,437
  • 10
  • 14