Public IP in Natted OSPF Network

Robinco · April 23, 2014, 5:14am

I am transitioning a switched/flat network to OSPF, diagram is below. We have seven tower sites with an MT router at each with a 10.0.x.0/24 between each tower. The APs at each tower site natted and on a 192.168.xxx.xxx private addresses in bridge mode. Client CPE’s are in router mode and provide a 192.168.2.x to the customer router. Got the above all working.

We have a /25 public set of IPs from our provider with for instance, the head router gateway set to 8.5.5.129 and a wan address of 8.5.5.130.

I need to be able to provide a single public IP to several clients in the network and a /29 to a few clients. They generally want to have the IP’s on their router, not 1:1 natted. I have googled and read and read and tried a few things but no luck.

Do I need to break the /25 into subnets and put on the wan interface?
Do I need to do any internal routing with subnets or does OSPF take care of this?
I think I have to put the CPE in bridge mode if the IP goes on a customer router but not sure how it is routed in/out.

Sorry for all the questions. ?

https://dl.dropboxusercontent.com/u/70384748/newnetworkdiagramsimplified.jpg

CelticComms · April 23, 2014, 11:34am

If the public range is routed to you you should be able to apply subnets from it within your routed network. If you run MPLS/VPLS you can deliver layer 2 service over the routed IP network and apply IPs/ranges as necessary. If redesigning try to achieve more separation among customer data, control data (e.g. routing) and management data (e.g. Telnet/SSH/Winbox).

Robinco · April 23, 2014, 1:12pm

To start out simple, if all customers are currently natted behind the head router ip of 8.5.5.130 and I need to provide a public ip to a client to add to their router, lets say I give them 8.5.5.131, how do I do this? The provider does have the /25 routed to our gateway.
This is what I am thinking but it doesn’t find it’s way in/out of the network.

Put the CPE in bridge mode.
Have the customer add 8.5.5.131 to their router wan with a gateway same as our gateway 8.5.5.129 and the same subnet mask as ours 255.255.255.128.
I don’t have our head router address/network 8.5.5.130/8.5.5.129 added to OSPF as I read I should do this to prevent the provider to be able to somehow join the OSPF area (although there is actually no risk of this) so this 8/5/5/129/25 network is not propogated through the OSPF area.
When I do this setup, the customer ip doesn’t connect.

I imagine this is simple to people here - first time for me. I’m happy to compensate somebody to help me walk through getting this setup and like Celtic mentioned, achieve separation between customer data and management data. This is a redesign so now is a perfect time.

Thanks in advance.

Robinco · April 23, 2014, 10:38pm

MT Moderator - I posted a reply early this morning (9+ hours ago) and it indicated it would have to be reviewed before posting. It’s been a long time…how long will it take?
Thanks,
Rob

CelticComms · April 24, 2014, 11:23am

If you now have OSPF running then using MPLS/VPLS is probably the best way forward for public IPs. Exactly how to achieve that depends on exactly what you want to provide to the customer. Use my contact email if you want to discuss options.

Robinco · April 24, 2014, 1:02pm

Celtic - Thanks for the guidance. I will read up on MPLS and do a little work before contacting you. Going through the MPLS MT MUM slides now and it looks like the way to go, and maybe the most efficient? Good stuff.

tomaskir · April 24, 2014, 2:46pm

If you havent checked it out yet, go over my MPLS presentation:
http://tiktube.com/video/KHhE3aEKdDoDEJmpIHJwFzJsDlIoFqoq=

Robinco · April 25, 2014, 12:56am

Thank you tomas, watching it now.