On 10/30/06, Christian Iseli <Christian.Iseli@xxxxxxxx> wrote:
On Sun, 29 Oct 2006 21:01:43 -0600, Dennis Gilmore wrote:
> 1-35 for Network appliances/devices nas, san, switches, kvms, etc.
> 36 - 169 for services i.e. xen guests and physical hosts when needed for
> example ppc builders
> 164-169 for existing boxes admin interfaces these would most likely be
> needed for a short term period
> 170-199 for admin interfaces drac, ALOM, etc
> 200 is a nat pool ip id like to have it moved to 250
> 201 - 219 for test systems
> 220-249 for physical xen hosts
> 250-254 for gateways to external networks
Wouldn't it be more secure to have the interfaces you put in 1-35 and
170-199 in a separate, unrouted network (10.x.x.x) that can only be
accessed from a couple admin machines having dual ethernet ports ?
That would also leave more room in the /24 net...
It's a bit more trouble to manage two networks, but not that much.
I think that was part of the idea that we could do this later on if we
wanted. For now I don't think we need such an architectural change.
-MIke
