[PLUG] Re: Red Hat routing follies

Michael C. Robinson michael at goose.robinson-west.com
Tue Oct 28 10:54:02 UTC 2003


On Tue, 2003-10-28 at 08:46, Felix Lee wrote:
> Russ Johnson <russj at dimstar.net>:
> > I believe the dhcp server could leave without incident, unless one of
> > the machines tries to get a new IP. 
> 
> but it becomes awkward to add a new machine to the network.  you
> need to transfer all the state from the old dhcp server to a new
> dhcp server, or else you have to force all the leases to expire
> and request new ones from the new server, which might hand out
> different ip addresses, which means any existing network
> connections will get broken.
> --

IP networking was designed with permanence in mind.  It's not a
networking protocol that was ever intended for random servers to
be elected out of any group of hosts.  Netware, I believe, doesn't
have addressing problems except for frame type issues.  For this
type of networking where it really is temporary, it makes more
sense to avoid server based protocols instead of butchering
them in my opinion.  In a small network of say six laptops that's
certainly temporary, why use dhcp and dns at all?  Is it that hard 
for people to learn what ip blocks to use where were talking only 
six laptops maybe getting configured?  As long as your not 
Internet connected, it really doesn't matter that much anyways 
assuming you don't try to use the special ip addresses.  You 
don't need name resolution necessarily for video games over 
ip either.  In a netbios over IP setup, the machines 
announce their existence to each other via broadcasting, 
though it's awfully chatty if you connect enough machines.  
For a small enough lan though, not having a central 
nameserver and assigning ip's manually is feasible.  
Only when the Internet is introduced does dns need 
to be used.

Thing is, this reminds me of Microsoft's everything 
plugged into everything mentality regardless of the 
outcome.  I'd prefer a lan game to have it's own 
protocol and not be interoperable with existing ip 
or Novell networking shares.  IP networks often use 
server side security, unplugging yourself from your 
server and hooking into the laptop of some stranger 
at an airport exposing shares that are normally 
only exposed to your hopefully trustworthy server 
is not a safe activity.  This is why gameboy and 
the like are so popular as these don't tend to 
have sensitive data on them.  Perhaps Linux's 
chroot capabilities are very useful here in 
that you could place whatever you need in
that contained jail for your connection to the 
stranger hopefully insulating other stuff on your 
system from harm.

I proprose fixing dhcp so that essentially you indicate
in your dhcp server either that it's authoritative for a 
certain network or that it's a client/backup of another.  
Have it when it's not master cache the leases of the 
master server.  In cases where two dhcp servers claim 
to be the master of the same network, have one turn 
off and the other switch to assigning out of a pool 
of standard non routable private addresses.

People use dynamic addresses a lot with dhcp, I don't.  I 
assign via dhcp, but I don't bother to do address pools.  I
use it to centrally link a mac address to a hostname and
then have dns deliver the ip number.  As long as people
don't try to use numbers instead of the names of their
machines to access them, I could start using dynamic 
addressing with the only trouble being getting the dns
updated.  There are ways to do this now, but I don't
feel that dns is secure enough to be using them yet.




A little off topic, why are ISP's including Opus now filtering
all ping requests from customers to anywhere routed through
their networks?  This seems to be a growing trend.  It's one
thing to say no ping flooding, but to not allow ping at all
just doesn't make sense as it takes away a troubleshooting 
tool commonly used to verify that there is network connectivity

    Michael C. Robinson




More information about the PLUG mailing list