User:Nakarti/Virtual Layered Networking

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Virtual Layered Networking is an undocumented networking procedure inspired by my experience with enterprise multi-network systems, VLAN and Private VLAN (PVLAN) technologies.

Procedure[edit]

In Linux, bring up your primary network interface, eth0 This should be your primary Internet-connected network, as the current scope of this work doesn't include routing. ifup eth0 This is normally already up. For example an Internet IP of 63.25.128.12

Next, bring up a virtual interface in the second network. This functions like a pseudo-VLAN because any machine on the same physical segment can access it if that machine uses an address within its range. ifconfig eth0:1 172.25.12.225 netmask 255.255.255.0 (No need to 'up' the virtual interface at this step)

Test both networks ping 63.25.128.1 ping 172.25.12.1

Purpose[edit]

The purpose of virtual layered networking is to merge access at specified parts of the network. For example: An Internet-facing web server that also accesses a local NAS NAS provides storage to a local-only home theatre PC and an Internet-accessing Update server An Internet-only PC for guest usage An administrative workstation with access to the Web, LAN, and a third network used to manage the cable modem that provides Internet

Virtual shared networks make sense when: Three such hosts (Webhost, NAS, Workstation) are virtual machines on a host with only one network interface, or only one network switch. (or router only supports LAN and Internet, etc.)

This configuration may cause problems on networks that explicitly support VLANs, due to the segmentation functions designed into those switches.

(The security through obscurity obtained here is only useful against bots and dumb users. Anybody with mediocre network skills and the intent to get into your hidden LAN will probably get in.)

References[edit]

External links[edit]