1

We have designed a device to be used as one device, but using ethernet ipv4 inside to communicate with internal not linux-based ipv4-speaking peripherals, juste like what we could do using pci or usb, for example. Now comes the problem that the external network interface must be able to accept any ipv4 address. How should we attribute ip addresses to the internal interface and peripherals ? There is one process that must be able to communicate with both the internal peripherals and the external world, thus speaking to both networks.

We already tried to bind the socket to our peripherals to a specific interface using SO_BINDTODEVICE, while using the 169.254.0.0 range for the internal peripherals, but as soon as our external interface also has an address in that range (with the zeroconf protocol), we do not receive the packets from our peripherals anymore.

I have already thought of alternative methods, using linux network namespaces or restricting the address range of the loopback interface to be able to use a part of the 127.0.0.0 network for our internal peripherals, but I am puzzled. Are there any pitfall with those methods, that we have not tried yet.

Philippe De Muyter
  • 159
  • 1
  • 4
  • 5
    Why are you not using IPv6? – Michael Hampton Aug 21 '16 at 22:05
  • 2
    Usually I would recommend you to request a block of unique addresses from your RIR, but all except Afrinic have run out of IPv4 addresses. If possible user IPv6 instead, and with ULA addresses you can just generate your own block. – Sander Steffann Aug 22 '16 at 07:15
  • Is there any reason you cannot use IPv4 private network addresses, like something from `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16`? – Tero Kilkanen Aug 22 '16 at 10:35
  • 1
    @TeroKilkanen Our customers must be able to use any 'public' or 'private' ipv4 address on the main interface, thus we may not use those addresses internally. – Philippe De Muyter Aug 24 '16 at 16:22
  • The netns solution is quite convoluted but should work OK. – ysdx Oct 23 '16 at 11:57

2 Answers2

3

You might consider using IPv6. IPv6 has link-local addresses which are perfect for your use case. They are scoped for a given link so there's no problem if two hosts on different links use the same IPv6 link-local address.

Community
  • 1
ysdx
  • 1,653
  • 12
  • 13
-1

It seems that the 100.64.0.0/10 addresses range is reserved for the usage that I need (as long as my product is not used in carrier-grade NAT scenarios). From wikipedia : "This address block [100.64.0.0/10] should not be used either on private networks or on the public Internet: it is intended only for use within the internal operations of carrier networks."

Philippe De Muyter
  • 159
  • 1
  • 4