diff --git a/infra/infra-hosts.md b/infra/infra-hosts.md
index 9eb17e3..612f09d 100644
--- a/infra/infra-hosts.md
+++ b/infra/infra-hosts.md
@@ -37,6 +37,28 @@ tags: [infra, network, kr-zone, openwrt]
 > vault ns는 빈 상태로 ClusterIP 서비스(`vault-external`)만 잔존 — 실제 Vault 서버는 jp1 incus 컨테이너 (아래 "서비스 위치" 참조).
 
 게이트웨이: 두 독립 LoadBalancer 병렬 운영 — Traefik (MetalLB VIP 192.168.9.53, 메인 라우팅 14 HTTPRoute + 5 legacy IngressRoute) + APISIX (MetalLB VIP 192.168.9.50, 2026-03-25 축소 이후 `juiceshop.keepanker.cv` 1 route · chaitin-waf SafeLine 통합)
+
+### MetalLB IPAddressPool
+
+| 항목 | 값 |
+|---|---|
+| Pool | `default-pool`: **`192.168.9.50-192.168.9.99`** (50개, 2026-04-14 확장 전 `.50-.59`) |
+| L2Advertisement | `default` → default-pool |
+| 할당 전략 | autoAssign=true (별도 `metallb.universe.tf/loadBalancerIPs` annotation 미사용) |
+| DHCP 범위 | `192.168.9.100-249` (OpenWrt, 충돌 없음) |
+
+현재 할당 (2026-04-14):
+| IP | 서비스 |
+|----|--------|
+| .50 | apisix/apisix-gateway |
+| .51 | sshpiper/sshpiper |
+| .52 | teleport/teleport-cluster |
+| .53 | kube-system/traefik |
+| .54 | gitea/gitea-ssh |
+| .55 | sftpgo/sftpgo |
+| .56-.99 | **여유 44개** |
+
+확장 절차: `kubectl -n metallb-system patch ipaddresspool default-pool --type=merge -p '{"spec":{"addresses":["<range>"]}}'`.
 - Traefik DaemonSet, MetalLB LoadBalancer 192.168.9.53 + Gateway API
 - APISIX Deployment **replica 2**, MetalLB LoadBalancer 192.168.9.50, SafeLine WAF chaitin-waf 플러그인 연동, Admin API 수동 관리
 - APISIX etcd: K3s 내부 apisix-etcd StatefulSet 3 replicas, prefix `/apisix`