[lug] networking question

[David L. Willson]

> You've got a couple issues here.  One being that the upper/lower 
sub-nets would be /30 not /28.

Oh, jeez. Yes, of course. I went the wrong way.

> What's the goal here?

I want to give my friends a whole OpenStack to play with. An OpenStack wants a routed public (at least public-seeming) network inside, among the many other demands it makes. I've done it with RFC-1918 networks, and it worked internally, but I really want it to work externally, someday, too. So, I asked my ISP if I can rent another subnet and put it behind a router of my own, and they said, "Nah, you can't." So, I looked at renting a subnet and a physical machine from logicweb, which would be similar to what I did at Delimiter until they became so horrible that I couldn't even with those guys anymore. But, the logicweb solution would be nearly $500/month between the subnet and machine, so that's also a "Nah, I can't." So, in desperation, I thought, "Maybe I can split my measly 16 addresses into two subnets." It wouldn't really work, though, now that I think about it, because OpenStack consumes addresses at about triple the rate I'd naively assume (i.e. nothing like 1 EIP to 1 IP, more like 1 EIP to 3 IPs). Short story very long and convoluted, I'm trying to do OpenStack for my learners and do it on the cheap.

> My first take would be to make it a private subnet behind the linux box 
> (say something from 172.16.X.X) and have it do NAT.  Otherwise you need 
> to do tricky things with virtual IPs, proxy ARPs as in:

> https://tldp.org/HOWTO/Proxy-ARP-Subnet/how.html

That is so out of my league. Several years ago, I might have been able to do a 1:1 range in a SonicWall, but that's about as deep as I ever went. Anything harder and I threw up my hands and called a vendor.