How to deliver Public IP to a client?

RouterOS General
1

Hello friends, I have a pool of IP / 29 and I want to give a client a unique IP address, but I do not want to use PPPoE, I want to do it by direct Ethernet, could you help me with the configuration please.

Currently this is my configuration in my central Routerboard

[BELITS@RB4011iGS+RM_R&M] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

1 ;;; WAN UFINET
138.186.23.166/30 138.186.23.164 ETH1

3 ;;; IP PUBLICA CLIENTE
181.78.15.250/29 181.78.15.248 ETH10

[BELITS17@RB4011iGS+RM_R&M] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 138.186.23.165 1
1 ADC 138.186.23.164/30 138.186.23.166 ETH1 0
2 ADC 181.78.15.248/29 181.78.15.250 ETH10 0


In my client this is the configuration:

[ANDALUCIA@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 10.10.10.1/24 10.10.10.0 ether2
1 181.78.15.251/29 181.78.15.248 ether1

[ANDALUCIA@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 181.78.15.250 1
1 ADC 10.10.10.0/24 10.10.10.1 ether2 0
2 ADC 181.78.15.248/29 181.78.15.251 ether1 0

My client currently has internet with output at IP address 181.78.15.251/29, but I want to deliver a single IP address other than / 29, how do I do it?

2

You can split the /29 into /30’s - but you’ll only be able to serve 2 customers that way with network and broadcast addresses.

You can kind of use /31’s very hackabout - but again still only 4 customers.

You can use a point-to-point protocol like PPPoE to establish it

You can use private addressing for the interconnect, then static route a /32 via the private address - will require a bit more work on their end to make sure outbound connections actually use that address (i.e. a proper src-nat entry if using NAT) but also means you could use the whole /29 safely, 1 IP to every customer.

This can break traceroutes etc though if that is important, but you could fix this with pref-source if really required.

3

Can you give me an example to deliver the IP addresses with / 32 mask? I know that with a / 29 mask I only have 5 IP addresses for the host

4

You give the client a private address, 172.16.0.14 and then route 181.78.15.251/32 to 172.16.0.14.



Why?

5

Where is this client, somewhere else or directly connected to the router?

6

Depending on the situation and config - it is possible that one of the routers will respond with the private addressing and if you are outside of that network, you won’t receive that reply as its not ‘routeable’ to you - its small, and just shows a blank spot within the traceroute (traceroute will still continue after it) but some people don’t like timeout lines in their traceroutes.

7

I ment why does OP want to deliver not using the /29

8

Ah ok.

Because it would be wasteful.

/29 has 8 addresses
1x Network
1x Broadcast
1x Gateway
= 5 Usable addresses

He would then need to bridge all customers to use same gateway assuming they’ll all connect to same router - or extend L2 to other sites/locations where other customers are plugging in - and employ split horizon or some other time of firewalling so theirs no neighbor discovery between them (good practise, not always required)

And ultimately miss out on supplying up to 3 customers with an address - and in current IPv4 times this can be quite a lot.

9

These are different, valid reasons, I am curious about the OP’s reasoning. Neighbor discovery, I would say is up to the customer though.. Cable ISP here uses /22 for the public IPs.