New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to Efficiently Setup Network for Multi-tenant Environment
Hello,
Let's assume I have /24 IPv4 and I have some servers with different users. I want to give each server one or more IPs on demand. On the other hand, I don't want the users to add IP beyond the allocated one. Options I can imagine right now:
1- Create a VLAN for each user and set /30 (1 usable) /29 (5 usable) and so on on that VLAN. But this will sacrifice 3 IPs for each block. With IP v4 becoming increasingly scarce, I would like to avoid this option.
2- Lock IP with MAC address (Static ARP). But this will be a problem if the user uses virtualization where each VM has its own virtual MAC address.
Is there a better way to save on IP usage while ensuring each user doesn't setup an IP that is not allocated to him/her?
Comments
I've found that MAC based ACLs cause more issues than they're worth, as you said it can be a pita when it comes to virtualization.
Extended IP ACLs assigned to an interface work great though. Of course it depends on the switches you use whether or not you have these, and how many you have.
You'll save space by not using multiple gateways, and switch logs indicate which clients try to bind to IP space outside of their reservation.