1

This may seem like an odd question, but I'm in a corporate network and VPNing in to Amazon's AWS, both of which use the same block of 10.0.0.0 addresses. Ultimately, there is no overlapping, but I can't set up static route tables to divide the two networks. I have dnsmasq configured to properly route DNS queries either to the Amazon DNS server or the internal DNS server, but I'd like the responses to be dumped as routes so that subsequent requests are served correctly. Any ideas on how to go about this?

EDIT: Let's say I have 2 adapters, TUN1 and ETH1. I also have two domains DOMAINA.COM and DOMAINB.COM. All request to *.DOMAINA.COM should be served through TUN1 and all requests to *.DOMAINB.COM should be served through ETH1. Both DOMAINA.COM and DOMAINB.COM addresses sit in the 10.0.0.0/24 block, but...

If I request SERVERA.DOMAINA.COM and it returns 10.1.1.5, I should also route 10.1.1.5 through TUN1. If I request SERVERB.DOMAINB.COM and it returns 10.1.1.6, 10.1.1.6 should route through ETH1.

Stefan Mai
  • 322
  • 2
  • 9
  • I think you may need to provide more detail here and maybe some examples of what you expect to happen. – Zoredache Oct 03 '11 at 23:46
  • @Zoredache, added a clarifying example. Does this make it a little more clear? – Stefan Mai Oct 03 '11 at 23:57
  • I don't have any experience actually setting one up, but you are looking for information on a stretch vLAN. Hopefully having that term will help your google-foo. – mrdenny Oct 04 '11 at 00:06

1 Answers1

2

If your example is accurate, and there's a 10.1.1.0/24 block on both sides, then you do have overlap. Routing uses numbers, not names, and that's a good thing for the internet.

Solution A (preferred): Fix the overlap.

Solution B: Put a NAT in place for the remote network, so that local devices see the remote devices as being in 10.1.2.0/24.

Solution C: Combine the broadcast domains with a layer 2 tunnel of some sort.

Solution D: Lots and lots of static /32 or slightly larger routes.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • Just to clarify, while the ranges overlap there is no specific instance that overlaps: ie IPs map one to one to machines. The NAT option is definitely something worth considering, thanks. – Stefan Mai Oct 04 '11 at 00:23
  • Leaving this open just in case there is a genius answer out that, but I'm satisfied with D. Currently I'm modifying the source to dnsmasq to enable it. I'll post the results, but it might be messy ;). – Stefan Mai Oct 04 '11 at 00:59
  • 1
    @StefanMai Now that sounds like fun. Let me know how it goes! – Shane Madden Oct 04 '11 at 01:00
  • I would pick a unused /24 in 192.168.0.0/16 and use it to map the other network's 10.x addresses as need. So from your network, 192.168.53.1 might NAT to 10.1.1.3 on the other network and 192.168.53.2 might NAT to 10.1.1.7 on the other network. Just add static NAT entries as needed. A PITA, but that's life in the IPv4 world. – David Schwartz Oct 04 '11 at 04:32