On Thu, Sep 26, 2024 at 09:44:41PM +0200, Nicolas Goy wrote: > I might not have been clear enough, the 1.0.0.0/24 example is a public /24 > routable network, not a 10.0.0.0/8 network. > > What I want is to be able to use as much as this network as possible (here 2 > ip > per host) and allow firewall rules between hosts. The Ipv6 part is easier to > manage as I can spawn as many subnet as I want. > > And the reason is that the hosts are untrusted and must be firewalled between > them, so I need layer 2 isolation.
If the total number of hosts (virtual or physical) that each need that degree of isolation is equal to or insignificantly smaller than the number of routable addresses available, it is likely that the answer you are looking for involves * getting hold of whatever additional hardware that is required in order to make that customer satisfied that the degree of isolation is indeed achieved, and * doing NAT for whatever is to be isolated on a separate (physical or virtual) interface, each configured with a single one of the routable IPv4 addresses Also, my fee for agreeing to set up and maintain such a thing would be in the "if you need to ask the price, you can definitely not afford it" range. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
