Comment on Issues with Immich
ShellMonkey@lemmy.socdojo.com 6 days agoWhile handy on a personal net, on a larger corporate net this isn’t practical and even adds a security risk. By having servers request leases you run the chance that someone gets into a segment, funds the ARP association for an IP/MAC combo and can take over a server’s spot simply by spoofing their own MAC to match at the time of lease renewal.
In the post above about setting a static address in two spots that in itself isn’t required either. So long as there are no duplicates you would just set the static address on the end device, then the network will sort it out with ARP ‘who has’ requests in local segments, or routing in the case of distinct subnets.
gray@pawb.social 6 days ago
Corporate nets use 802.1X authentication, risk of a DHCP hijack is very low.
As someone who works in large corporate networks, we absolutely don’t assign static IPs outside of core network gear, it’s impossible to manage a fleet of servers in this way with scaling in mind.
ShellMonkey@lemmy.socdojo.com 6 days ago
Indeed they do use 11x but it’s still a possibility to cause issues. It’s entirely possible to manage a fleet of IPs across a net but it takes a solid plan organization plan. My company is big on the acquiring companies game where IP overlaps are a perpetual challenge when merging sites in and you need a mess of snat/dnat conversions to keep routing from getting in a knot.