/32 subnets on Ethernet via DHCP [closed]
Is it possible to assign to an ethernet host via DHCP a subnet mask of only the host itself, e.g. 192.168.1.123/32? Do common operating systems support this kind of configuration?
I'd like for the hosts to send all of their traffic to the router (and not directly to some other host on the same segment), but still for them to be able to communicate (so no "client isolation"); effectively creating a point-to-point link, but without any client-side configuration.
Update: My intention is to configure a home router running dd-wrt so that all the traffic has to pass through the IP stack on the router, so it can be filtered by some ipfilter rules. I'd hoped for a general solution, some standard way to implement point-to-point Ethernet connections that still can be automatically configured by DHCP for all commons operating systems.
Based on the responses so far, this doesn't seem to be that easy; I'll read some more about VLANs and then reconsider my plans.
First of all, in order to create point-to-point link, you need at least 4 addresses, so you'll have to use a /30 mask. For example: 192.168.1.0/30
- Network address: 192.168.1.0/30
- 1st point address: 192.168.1.1/30
- 2nd point address: 192.168.1.2/30
- Broadcast address: 192.168.1.3/30
You'll have to place each host on a different /30 subnet and implement inter-subnet routing on your gateway.
Edit: You don't write much about your infrastructure or the scalability you want to achieve with this configuration. I suppose your router supports the use of subinterfaces.
Also, no additional client-side configuration will be required if you use a DHCP server in order to distribute the addressing scheme.
Use of a /32 netmask (either set statically or provided over DHCP) is a common default configuration applied by cloud hosting providers for Linux virtual private servers.
Google Compute, Rackspace Cloud, CheapVPS, 1&1 and Strato do this for example.
The configuration has the benefit that it reduces East-West and broadcast traffic without requiring collateral, infrastructure IPs. It places certain requirements on the next hop "gateway" such as disablement of reverse path filtering to allow inter-VM traffic for devices on the same network segment or host to hairpin back out of the incoming interface.
A manual configuration for a Debian-flavour Linux host looks like this.
/etc/network/interfaces:
auto eth0
iface eth0 inet static
address 123.123.82.130
netmask 255.255.255.255
broadcast 123.123.82.130
up route add 123.123.92.171/32 dev eth0
up route add default gw 123.123.92.171
Google Compute instances assign the same configuration over DHCP by providing a static host route to the off-subnet gateway using Option 121
Support for such a configuration is dependant on a distribution's network scripts.
There is widespread support for this (e.g. NetworkManager) and such support is demonstrated by the following commit to the ubiquitous Dracut initramfs build tool:
https://github.com/haraldh/dracut/commit/99ccbc30dff9fa51dd3187dc10f8f632e5e54e4b
It is possible to assign everything, but I doubt this will work - especially with Windows clients. The common-sense-approach that works with Linux would go like this:
- configure the interface with the address and the correct subnetmask
- remove the local network route
- add an explicit route to the gateway via the interface
- add a default route via the gateway
It usually would require either manual configuration or scripting on the DHCP client side to do everything after 1.
You also should make sure your gateway is not going to send ICMP redirect messages to hosts - it usually would do this upon detecting that a host is trying to reach another host within the same network via the gateway (information is derived from the address/subnetmask combination of the router's local host-facing interface).