Routing question

lmacka · November 2, 2019, 9:07am

Hello

A customer has requested an unusual configuration and I’d like to run it by the community before agreeing.

He has requested a server with its IP allocated in a /30. He has also asked for 2 x /28 subnets allocated from /24s with different third octets. He wants each of his /28 subnets “routed” to his server for the purpose of assigning docker containers public IPs.
It was suggested that his server act as a router for both /28 subnets giving him access over IP allocation this way, however it was rejected. Instead he needs us to provide gateway IPs and route traffic to his server.

Something like this:

Subnet A: xxx.xxx.0.12/30
Router IP: xxx.xxx.0.13/30
Server IP: xxx.xxx.0.14/30

Subnet B: xxx.xxx.1.96/28
Router IP: xxx.xxx.1.97
/ip route add dst-address=0.0.0.0/0 gateway=xxx.xxx.0.14 pref-src=xxx.xxx.1.96/28

Subnet C: xxx.xxx.2.96/28
Router IP: xxx.xxx.2.97
/ip route add dst-address=0.0.0.0/0 gateway=xxx.xxx.0.14 pref-src=xxx.xxx.2.96/28

Would this work and if so, are there any inherent risks involved?

Thanks

Sob · November 2, 2019, 11:57am

I can’t see in your customer’s head, but if I requested routed subnets, I’d mean on your side:

/ip address
add address=xxx.xxx.0.13/30 interface=<to customer>
/ip route
add dst-address=xxx.xxx.1.96/28 gateway=xxx.xxx.0.14
add dst-address=xxx.xxx.2.96/28 gateway=xxx.xxx.0.14

On my router/server I’d have this as starting point:

/ip address
add address=xxx.xxx.0.14/30 interface=<to ISP>
/ip route
add dst-address=0.0.0.0/0 gateway=xxx.xxx.0.13

and xxx.xxx.1.96/28 and xxx.xxx.2.96/28 would be all mine and I could do anything with them. But I think that’s what you wrote:

If that’s not what customer wants, then the other way is to have all three subnets on your interface:

/ip address
add address=xxx.xxx.0.13/30 interface=<to customer>
add address=xxx.xxx.1.97/28 interface=<to customer>
add address=xxx.xxx.2.97/28 interface=<to customer>

and no routes would be necessary for that. Devices on their side would have to be bridged on the interface connected to you, they would get addresses from these subnets and use addresses on your router as gateway (based on the used subnet). But it’s not what routed subnet means.

Default routes pointed to customer’s server (as you posted) don’t make sense to me. If it was like this, they would “compete” with your default route to internet, i.e. it would break everything, and do nothing useful for the customer at the same time.

ingdaka · November 2, 2019, 4:30pm

As Sob has wrote you

/ip address
add address=xxx.xxx.0.13/30 interface=<to customer>
/ip route
add dst-address=xxx.xxx.1.96/28 gateway=xxx.xxx.0.14
add dst-address=xxx.xxx.2.96/28 gateway=xxx.xxx.0.14

This is the config from your part!
Client should take care of all his configurations!
I got this type of request form my clients every week, is not and unusual request, is an normal business request!